Tag: SELinux

Adding a disk for SElinux & virt

A short one this.

Add the directories, set the contexts and then restore the contexts.

Still working on disk /mnt/d500

 

Create the directories I want to use:

mkdir -p /mnt/d500/libvirt/images

 

Set the context for the libvirt directory:

semanage fcontext -a -t virt_var_lib_t "/mnt/d500/libvirt"

 

Set the context for the images directory:

semanage fcontext -a -t virt_image_t "/mnt/d500/libvirt(/.*)?"

 

Then write the contexts:

restorecon -R /mnt/d500/

Then check the contexts:

ls -lZd /mnt/d500/libvirt/images/

 


Zimbra Host Admin

Unlock an account:

zmprov ma admin@example.com  zimbraAccountStatus active

To modify selinux rules

policycoreutils-python is needed

To set up mail on a new port with SELinux semanage port -a -t smtp_port_t -p tcp 25000
to list existing smtp ports:
semanage port -l|grep smtp

To allow apache to send email when using SELinux:

semanage boolean -m –on httpd_can_sendmail

This will list all the SElinux type labels that have been associated with ports.
#/usr/sbin/semanage port -l

#/usr/sbin/semanage port -a -t ssh_port_t -p tcp 330

LDAP queries

ldapsearch -x -Z -v -H ‘ldap://zimbraserver.example.com’ -b ‘ou=people,dc=example,dc=com’  -D ‘uid=admin,ou=people,dc=example,dc=com’ -W

Locked status and error messages

1. Login as #root

2. Change to zimbra user#su zimbra

3. Copy this code $ vi /opt/zimbra/jetty-6.1.5/webapps/zimbra/WEB-INF/classes/messages/ZMsg.properties

4. Find this account.CHANGE_PASSWORD = Your password in no longer valid. Please choose a new password.
http://nguoiquynhon.blogspot.co.uk/2010_03_01_archive.html
Domain Masquerading

If you want mail from user@domain.com or user@zimbra.domain.com to appear to come from user@example.com, you can set the canonical address for the entire domain.

zmprov md domain.com zimbraMailCatchAllAddress @domain.com zimbraMailCatchAllCanonicalAddress @example.com
zmprov md zimbra.domain.com zimbraMailCatchAllAddress @zimbra.domain.com zimbraMailCatchAllCanonicalAddress @example.com

Change webmail port

su – zimbra
zmprov ms mail.yourdomain.com zimbraMailPort 8888
zmprov ms mail.yourdomain.com zimbraMailSSLPort 8889
zmcontrol stop ; zmcontrol start

Change ssh port
zmprov ms www.harkness.se zimbraRemoteManagementPort 22

Adding a delimiter to Postfix
zmprov mcf zimbraMtaRecipientDelimiter –

Creating a user alias

zmprov aaa accountname@domain.com aliasname@domain.com

Import a self-signed certificate allowing connection to imap etc.

keytool -import -file /tmp/certificate.txt -alias mail.example.com -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit

Fixing logger not starting
/opt/zimbra/libexec/zmsyslogsetup

Forwarding all mail for a particular domain to a new server
[zimbra@www ~]$ zmprov
prov> md lists2.example.com zimbraMailCatchAllAddress @mailinglists.example.com
prov> md lists2.example.com zimbraMailCatchAllForwardingAddress @mailinglists.example.com
prov> md lists2.example.com zimbraMailTransport smtp:mailman.example.com:25001
prov> quit

Changing Spam scores:
vi /opt/zimbra/conf/spamassassin/50_scores.cf

# make the Bayes scores unmutable (as discussed in bug 4505)
ifplugin Mail::SpamAssassin::Plugin::Bayes
score BAYES_00  0  0 -1.5   -1.9
score BAYES_05  0  0 -0.3   -0.5
score BAYES_20  0  0 -0.001 -0.001
score BAYES_40  0  0 -0.001 -0.001
score BAYES_50  0  0  3.0    1.8
score BAYES_60  0  0  3.5    2.5
score BAYES_80  0  0  4.7    4.0
score BAYES_95  0  0  6.2    6.0
score BAYES_99  0  0  9.8    9.5
endif

Filtering Spam
vi /opt/zimbra/conf/salocal.cf.in
uri VOUCHER4 /jeanpatrique.co.uk/
score VOUCHER4 40
uri VOUCHER3 /agency3.co.uk/
score VOUCHER3 20
uri VOUCHER1 /worldofvouchers.com/
score VOUCHER1 20
body UAESPAM /BroadcastUAE/i
score UAESPAM 20
body LOCAL_RULE    /jeanpatrique/
score LOCAL_RULE   30.5

Routing mail (example sending newdomain.com mail to primarydomain.co.uk)

Configuring transport tables to relay emails to a different mail server. In this example I am forwarding all emails for otherdomain.com to smtp.otherdomain.com . You can add as many transport maps as you need. All commands should be run as a user ‘zimbra’. After 5.0.9, postfix_transport_maps has been modified a bit, so we’ll show both ways.

$ zmlocalconfig   |grep -i postfix_transport_maps

This will show you the current transport maps file configuration:

postfix_transport_maps = ldap:/opt/zimbra/conf/ldap-transport.cf

or for Zimbra 5.0.9 and higher (including 6.0):

postfix_transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf

Create your transport file (owner/group-owner should be zimbra):

vi /opt/zimbra/postfix/conf/transportfile
otherdomain.com     :[smtp.otherdomain.com]

You can also add multiple transport maps, for example:

mydomain.com     :[mail.otherdomain.com]
mydomain.org     :[mail.otherdomain.com]
hisdomain.net    :[mail.otherdomain.com]

In this example all emails for 3 different domains will go to mail.otherdomain.com, so destination will be changed, while user name will remain as in original email address.

Convert the transport file into maptype database file:

$ postmap /opt/zimbra/postfix/conf/transportfile

The file transportfile.db will be created in this directory. Define the new transport file (original, not *.db one) BEFORE the default one. Run:

$ zmlocalconfig -e postfix_transport_maps=”hash:/opt/zimbra/postfix/conf/transportfile ldap:/opt/zimbra/conf/ldap-transport.cf”

Or for Zimbra 5.0.9 and higher:

$ zmlocalconfig -e postfix_transport_maps=”hash:/opt/zimbra/postfix/conf/transportfile proxy:ldap:/opt/zimbra/conf/ldap-transport.cf”

Finally, make sure that the relay_domains parameter in main.cf contains all domains handled by the server, whether locally or relayed elsewhere:

$ vi /opt/zimbra/postfix/conf/main.cf
relay_domains = otherdomain.com, mydomain.com, mydomain.org, hisdomain.net, locallyhandleddomain.com, localaliaseddomain.com

Restart Zimbra:

zmcontrol stop
zmcontrol start

Regenerating Keys

To regenerate the ssh keys, on all hosts (as the zimbra user):
zmsshkeygen

To deploy the keys, on all hosts (as the zimbra user):
zmupdateauthkeys
Verifying sshd configuration

The authentication method assumes that sshd on the mta is running on port 22, and that RSA Authentication is enabled. You can test the ssh command with:
ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM

Comments Off on Zimbra Host Admin more...

Add a disk

Add a disk to RHEL virt

Add the directories, set the contexts and then restore the contexts.

Working on disk that mounts to /mnt/d500

Create the directories I want to use:

mkdir -p /mnt/d500/libvirt/images

Set the context for the libvirt directory:

semanage fcontext -a -t virt_var_lib_t "/mnt/d500/libvirt"

Set the context for the images directory:

semanage fcontext -a -t virt_image_t "/mnt/d500/libvirt(/.*)?"

Then write the contexts:

restorecon -R /mnt/d500/

Then check the contexts:

ls -lZd /mnt/d500/libvirt/images/

 


Copyright © 1996-2013 Xander Harkness. All rights reserved.
iDream theme by Templates Next | Powered by WordPress
loading