You are on page 1of 46

Cont e nt s :: I s s ue 7 | Se pt e m be r 2007

Appl iance s and V irt ual iz at ion
Buil ding Se cure Pos t f ix SM TP Appl iance s Th is m ont h t h e col um n l ook s atbuil ding Pos t f ix w it h in t h e Se cure Appl iance St ack s ol ut ion us ing L inux From Scrat ch original l y de v el ope d in I s s ue 6. I ncl ude s Pos t f ix conf ig.

Dat abas e and St orage
DSPAM t o re duce s t orage re q uire m e nt s DSPAM is a pow e rf ul ant i-s pam s ol ut ion. De s igne d f or t h e e nt e rpris e , itis a h igh l y s cal abl e s ol ut ion. Com bine d w it h Cl am AVit can dras t ical l y re duce I Tst orage w as t e.

Se rv e r Side
Us ing Dov e cotf or im apd /pop3d Dov e cotis a l igh t w e igh t , s cal abl e and h igh pe rf orm ance s ol ut ion t h atprov ide s e ncrypt ed and une ncrypt e d im ap and pop3 s upport .

W e b Appl icat ions
W e b bas e d Em ail w it h RoundCube Th e RoundCube proj e ctprov ide s a m ode rn, AJAX bas e d w e bm ail s ol ut ion. RoundCube is e s s e nt ial l y a pow e rf ul , ye ts im pl e t o us e w e b bas e d im ap cl ie nt .I nt e grat e s w it h dov e cot .

I P Ne t w ork ing
De s igning Scal abl e SM TP Ne t w ork s SM TP is att he v e ry h e artofany Em ail s ol ut ion. Th is col um n l ook s atde s igning s cal abl e , m ul t i-s it e s ol ut ions us ing Pos t f ix f e at ure s s uch as re l ay re cipie nt s.

V oice and M ul t im e dia
V oice m ail :: Em ail I nt e grat ion Th e is s ue w oul d notprov ide a com pl et e s ol ut ion w it h outl ook ing atint e grat ing t he t wo m ain corporat e com m unicat ion s ys t ems. L e arn h ow t o int e grat e V oice m ail w it h Em ail .

M obil it y
M obil it yEm ail - Re pl acing O ut l ook M obil it yEm ail is an e s s e nt ial t ool f or any I T adm inis t rat or w h o ne e ds t o s upportW indow s cl ie nt s butdoe s notw antt o de al w it h t he h as s l e s ofO ut l ook . I s s ue 9 O pe n Source Publ is h ing Ev e r w onde r e xact l y h ow o3 m agaz ine is cons t ruct e d us ing j us tO pe n Source proj e ct s? Th is m ont hs f e at ure is s ue goe s s t raigh tt ot he h e artofo3 m agaz ine , l ook ing att h e proj e ct s w e us e on a dail y bas is - O pe n O f f ice , Scribus and Th e Gim p. Th e L inux de s k t op and h ardw are t h atw e us e t o cre at e e ach is s ue . Th is f e at ure is s ue w il l giv e you an ins ide l ook ath ow e ach art icl e is buil t , h ow t h e publ icat ion is t ype s e tand h ow you can us e t h os e t e ch niq ue s t o buil d your ow n corporat e docum e nt at ion, ne w s l et t e r or e v en your ow n m agaz ine .

Se curit y
Encrypt ing M ail Prot ocol s Em pl oye e s ne e d t o be abl e t o ge tt h e ir corporat e e m ail f rom anyw h e re . Us ing e ncrypt e d SM TP and e ncrypt edI M AP or PO P3 com pany-w ide can pre v e ntm is h aps .

Ne xtI s s ue
o3 m agaz ine :: page 4

/ * Com m e nt s */:: I s s ue 7 | Se pt e m be r 2007

Ent e rpris e Em ail Sys t e m s w it h FO SS
Th is m ont h , o3 m agaz ine l ook s atbuil ding s cal abl e e nt e rpris e grade e m ail s ol ut ions w it h f re e ope n s ource s of t w are . Th is is s ue prov ide s a w e l l rounde d and com pl et e s ol ut ion, f rom SM TP re l ays , Pos t f ix bas e d appl iance s , w e b m ail w it h RoundCube and e v e n Em ail /V oice m ail int e grat ion us ing As t e ris k . Joh n Bus w e l l (bus w e l l j @ o3m agaz ine .com ) Wel com e t o anot h e r is s ue ofo3 m agaz ine . Th e f ocus oft h is is s ue is Ent e rpris e Em ail s ol ut ions us ing Fre e and O pe n Source Sof t w are . Th e art icl e s h av e be e n s e l e ct ed and w rit t e n in s uch a m anne r t h att h e e nt ire is s ue s e rv e s as an e nd t o e nd guide . Whet h e r you are j us tl ook ing t o e nh ance an e xis t ing m ail s ys t e m , or pe rh aps com pl et el y re buil d a s ys t em f rom s crat ch , t h is is s ue is h ope f ul l y going t o prov e us e f ul t o you. Th e CI O and I T cons ul t ant s outt h e re w h o are int e re s t e d atre pl acing M icros of tExch ange butare n'tq uit e conf ide nte nough t o go al l t he w ay. Th e I P Ne t w ork ing and DSPAM art icl es in t h is is s ue prov ide s ol ut ions t h ate nabl e corporat ions t okeept h e ir e m pl oye e f acing Exch ange s e rv er . Th os e art icl e s de s cribe drop in s ol ut ions , w h e re pow e rf ul ope n s ource proj e ct s s uch as Pos t f ix and DSPAM can be pl ace d in f rontofExch ange t o prot e ct it . Th e Appl iance , I P Ne t w ork ing and Dat abas e art icl e s prov ide de t ail s f or SM TP bas e d s ol ut ions . W h il e t h e W e b Appl icat ions , Se rv er Side and M obil it y col um ns prov ide t h e us e r f acing I M AP , PO P3 s e rv e r and cl ie nts ide s ol ut ions . Th e proj e ctus e d f or t h e Web Appl icat ions art icl e is RoundCube , an AJAX pow e re d w e b bas e d im ap cl ie nt .Wel l w ort h ch e ck ing out . Th e s e curit y col um n l ook s ate ncrypt ing SM TP ,I M AP and PO P3. W h il e t he V oice and M ul t im e dia art icl e l ook s atint e grat ing V oice m ail and Em ail s ol ut ions . I tal s o brie f l y l ook s ata pow e rf ul re al -t im e ope n s ource s pe e ch re cognit ion s ys t e m . Enj oy t h e is s ue and l e av e f e e dback on t he f orum s ifyou ge ta ch ance . o3 m agaz ine ht t p:/ / w w w .o3m agaz ine .com M ayank Sh arm a Edit or in Ch ie f Spl ice d Ne t w ork s L L C Publ is h e r Joh n Bus w e l l Proj e ctM anage r Publ is h e r I nf orm at ion o3 m agaz ine is publ is h e d and dis t ribut e d by Spl ice d Ne t w ork s L L C. o3 m agaz ine is a t rade m ark ofSpl ice d Ne t w ork s L L C. Spl ice d Ne t w ork s is a re gis t e re d t rade m ark of Spl ice d Ne t w ork s L L C. Al l ot h e rt rade m ark s be l ong t ot h e ir re s pe ct iv e ow ne rs . Adv e rt is ing I nf orm at ion ht t p:/ / w w w .o3m agaz ine .com / adv e rt is e / Spe cial Th ank s Scribus De v el opm e ntT e am ht t p:/ / w w w .s cribus .ne t Th e Gim p De v el opm e ntT e am ht t p:/ / w w w .gim p.org Fe e dback Re ade rs can com m e nton o3 m agaz ine by v is it ing t h e o3 w e bs it e and cl ick ing on t he f orum s l ink att he t op ofe v e ry page . Dis t ribut ion in printand e l e ct ronic f orm is pe rm it t e d onl y ifunm odif ie d f rom it s original . Copyrigh t(c) 2007 Spl ice d Ne t w ork s L L C

o3 m agaz ine :: page 5

Appl iance and V M :: Se cure Pos t f ix

Buil ding Se cure Pos t f ix Appl iance s w /L FS
Pos t f ix is a pow e rf ul and s e cure M T A. M T A or M ail Trans f e r Age ntis a s e rv e rt h ath andl es t he de l iv e ry or re l aying ofEm ail . Pos t f ix s upport s SM TP as w e l l as L M TP . Th is art icl e l ook s atbuil ding Pos t f ix in a s e cure m anne r w it h in t he L inux F rom Scrat ch Appl iance St ack f ram e w ork . Th is is a f ram e w ork t h atw as f irs tint roduce d in I s s ue 6 ofo3 m agaz ine . Joh n Bus w e l l (bus w e l l j @ o3m agaz ine .com ) Th e l as tappl iance col um n l ook e d atbuil ding s im pl e s of t w are appl iance s w it h L inux From Scrat ch . I nt h is col um n, w e w il l us e t h e s am e approach and t h ats t ack t h atw e buil tin t he l as tis s ue , t o cre at e a s im pl e Pos t f ix s of t w are appl iance . Th e I BE (I nit ial Buil d Env ironm e nt ) st ack w il l be ne e de d f or t h is (de t ail ed ins t ruct ions in I s s ue 6). Buil ding t he appl iance is re l at iv el y e as y. Th e f irs ts t e p is t o dow nl oad t h e s ource f il es t h atare ne e de d, e nt e rt h e ch root , buil d and ins t al l t h e code . O nce t h atis done , t h e st ack is re ady t o go, and j us tne e ds s om e bas ic conf igurat ion. Ent e ring t he I BE Th e re are s cript s t o aut om at e t h e e nt ire proce s s av ail abl e on t h e Appl iance f ol de r on t h e s ubs cribe r s e rv ice s w e bs it e . Th is is l ink e d f rom t he L ogin l ink on t h e s ubs cribe page ofw w w .o3m agaz ine .com . Al s o m ak e s ure t o dow nl oad t h e pos t f ix s ource code int o / opt / ibe / t m p. Th e n t o e nt e rt h e ch root m anual l y, us e t he f ol l ow ing com m and: ch root/ opt / ibe / us r/ bin/ e nv -i \ H O M E=rootTERM =" $ TERM " PS1='\u:\w \$' \ PATH =/ bin:/ s bin:/ us r/ bin:/ us r/ s bin:/ st ack / com m on/ ssl / bin \ / bin/ bas h --l ogin Buil ding Pos t f ix Pos t f ix is a l it t l e m ore conv ol ut edt o buil d t h an s om e oft h e ot h e rs t ack s w e h av e l ook e d at . Th is is m ainl y due t ot he f actit s not a s im pl e m at t e r of./ conf igure & & m ak e & & m ak e ins t al l .I ns t e ad t h e re is a l it t l e bitof adj us t m e ntt h atne e ds t o be done . Th e ins t al l at ion ofpos t f ix w il l m at ch pre v ious st ack s , s o / st ack / pos t f ix w il l be t h e pat h w it h in t h e ch root . H ow e v er , ifyou'l l be f ol l ow ing t h e s cal abl e SM TP ne t w ork s art icl e in t h is is s ue , t h e n you w il l w antt o cre at e t wo dif f e re ntpos t f ix s t ack s . O ne f or re l ays and one f or core s e rv e rs . Th e re l ay w il l be t he f ocus oft h is art icl e.T o buil dt h e core s e rv er , or t o add TL S s upport , addit ional conf igurat ion m aybe re q uire d. Th e -DDEF opt ions be l ow are s im pl y m anual l y conf iguring e ach oft he dire ct ory l ocat ions and pat hs f rom t he t ypical pos t f ix de f aul t s. m k dir -p / st ack / pos t f ix_ re l ay/ {conf ig,us r ,us r/ s bin,us r/ bin ,q ue ue } m ak e m ak e f il e s CC=/ us r/ bin/ gcc \ CCARGS='-DDEF_ CO NFI G_ DI R= \" / st ack / pos t f ix_ re l ay/ conf ig\" \ -DDEF_ CO M M AND_ DI R= \ \" / st ack / pos t f ix_ re l ay/ us r/ s bin\" \ -DDEF_ DAEM O N_ DI R= \ \" / st ack / pos t f ix_ re l ay/ s bin\" \ -DDEF_ M AI L Q_ PATH = \" / st ack / pos t f ix_ re l ay/ us r/ bin/ m ail q \" \ -DDEF_ M ANPAGE_ DI R= \ \" / st ack / pos t f ix_ re l ay/ m an\" \ -DDEF_ NEW AL I AS_ PATH = \" / st ack / pos t f ix_ re l ay/ us r/ bin/ ne w al ias e s \" -DDEF_ QUEUE_ DI R= \ \" / st ack / pos t f ix_ re l ay/ q ue ue \" \ -DDEF_ SENDM AI L _ PATH = \ \" / st ack / pos t f ix_ re l ay/ us r/ s bin/ s e ndm ail \" ' m ak e m ak e ins t al l groupadd -g 16501 pos t f ix groupadd -g 16502 pos t drop us e radd -u 16501 -g 16501 -d / st ack / pos t f ix_ re l ay -s / bin/ f al s e pos t f ix

o3 m agaz ine :: page 7

Appl iance and V M :: Se cure Pos t f ix

Addit ional Program s I fyou w antt o incl ude program s s uch as DSPAM or Dov e cot , s im pl y buil dt h e m as s e parat e st ack s t h atgo in t h e ir re s pe ct iv e dire ct orie s l ik e / st ack / dov e cotf or e xam pl e.A de t ail e d art icl e on Dov e cott h atcov e rs buil ding itf rom s ource , is in t h is is s ue 's Se rv e r Side col um n. Cont rol Script s Th e s t ack ne e ds t h re e s cript s - st art , adm in and s t op. Th e s e l f -e xpl anat ory s t art/s t op s cript s are are l is t e d be l ow . st art _ s cript : #!/ bin/ bas h SM TPST ACK =/ opt / st ack / pos t f ix e xportSM TPST ACK m ount-v --bind / de v $ SM TPST ACK / de v m ount-v tde v pt s de v pt s $ SM TPST ACK / de v / pt s m ount-v tt m pf s sh m $ SM TPST ACK / de v / sh m m ount-v tproc proc $ SM TPST ACK / proc m ount-v ts ys f s s ys f s $ SM TPST ACK / s ys ch root$ SM TPST ACK / us r/ bin/ e nv -i \ H O M E=/ rootTERM =" $ TERM " PS1='\u:\w \$' \ PATH =/ bin:/ us r/ bin:/ s bin:/ us r/ s bin:/ st ack / pos t f ix_ re l ay/ s bin:/ st ack / pos t f ix_ re l ay/ us r/ s bin/ :/ st a ck / pos t f ix_ re l ay/ us r/ bin/\ / st ack / pos t f ix_ re l ay/ us r/ s bin/ pos t f ix s t art st op_ s cript : #!/ bin/ bas h SM TPST ACK =/ opt / st ack / pos t f ix e xportSM TPST ACK ch root$ SM TPST ACK / us r/ bin/ e nv -i \ H O M E=/ rootTERM =" $ TERM " PS1='\u:\w \$' \ PATH =/ bin:/ us r/ bin:/ s bin:/ us r/ s bin:/ st ack / pos t f ix_ re l ay/ s bin:/ st ack / pos t f ix_ re l ay/ us r/ s bin/ :/ st a ck / pos t f ix_ re l ay/ us r/ bin/\ / st ack / pos t f ix_ re l ay/ us r/ s bin/ pos t f ix s t op um ount$ SM TPST ACK / de v / pt s

um ount$ SM TPST ACK / de v / sh m um ount$ SM TPST ACK / de v / um ount$ SM TPST ACK / proc um ount$ SM TPST ACK / s ys Th e adm in s criptprov ide s a s h e l l int ot he pos t f ix s t ack , in cas e you ne e d t o pe rf orm any e m e rge ncy m aint e nance on it . adm in_ s cript : #!/ bin/ bas h SM TPST ACK =/ opt / st ack / pos t f ix e xportSM TPST ACK ch root$ SM TPST ACK / us r/ bin/ e nv -i \ H O M E=/ rootTERM =" $ TERM " PS1='\u:\w \$' \ PATH =/ bin:/ us r/ bin:/ s bin:/ us r/ s bin:/ st ack / pos t f ix_ re l ay/ s bin:/ st ack / pos t f ix_ re l ay/ us r/ s bin/ :/ st a ck / pos t f ix_ re l ay/ us r/ bin/\ / bin/ bas h --l ogin L ocal De l iv e ry Th e SM TP s t ack w it h Pos t f ix pre s e nt s an int e re s t ing ch al l e nge w h e n l ocal de l iv e ry is re q uire d, s uch as on a core SM TP s e rv er . Th e probl e m w it h l ocal de l iv e ry is t h att wo dif f e re nts t ack s ne e d t o s h are t h e s am e dat a. I nt h is cas e it 's pos t f ix f or s m t pl ocal de l iv e ry and dov e cotf or us e r im apd or pop3d acce s s . Ev e n ifa w e b m ail s ol ut ion is be ing us e d, im apd acce s s is s t il l ne ce s s ary. Th e ide al s it uat ion h e re is t o us e s om e f orm ofl ocal ne t w ork s t orage , s uch as iSCSI or NFS. W h atifyou are a s m al l bus ine s s , w it h j us ta l e as e d s e rv e r in col ocat ion?H ow is t he dat a s h are d?Th e s ol ut ion is t o m ounta com m on part it ion ins ide e ach s t ack , f or e xam pl e,/ de v / s da5 m igh tbe partoft h e dis k t h at 's us e d f or l ocal m ail st orage . Sim pl y m ount/ de v / s da5 in bot h / opt / st ack / pos t f ix/ st orage /and / opt / st ack / dov e cot / st orage . Butw h atift h e s e rv ice prov ide r part it ione d t h ings in a w ay t h att h is cus t om part it ion s ch e m e is n'tpos s ibl e ?Th e ans w e r is t o cre at e al oopback f il e s ys t e m , or f il e s ys t em on a f il e . Th e f il e is cre at e d w it h t h e dd

o3 m agaz ine :: page 8

Appl iance and V M :: Se cure Pos t f ix

com m and. Re m e m be r t ot ype t he f ol l ow ing com m ands out s ide ofch root . dd if =/ de v / z e ro of =/ opt / st orage / m ail .e xt 2 bs =512 count =X H e re X is t h e num be r of512k bl ock s you w antt o cre at e . Bas ical l yt h is f igure is doubl e t h e am ountofm e gabyt e s you w antt h e im age t o be . As s ign t he f il e t oal oopback de v ice us ing l os e t up : l os e t up / de v / l oop4 / opt / st orage / m ail .e xt 2 Final l y, us e m k e 2f s t o ge ne rat e af il e s ys t em: m k e 2f s -m 0 / de v / l oop4 Now s im pl y m ountt he f il e w it h m ount / de v / l oop4 / opt / st ack / pos t f ix/ st orage and m ount/ de v / l oop4 / opt / st ack / dov e cot / st orage . Core Se rv e r Conf igurat ion Th e re l ay s e rv e r conf igurat ion is prov ide d in de t ail in t h e Scal abl e SM TP s ol ut ions art icl e in t h is is s ue . Th is art icl e w il l t ak e a brie fl ook ath ow t o conf igure t h e core SM TP s e rv er . Th e " core " SM TP s e rv e r is t he h idde n s e rv e r be h ind t h e SM TP re l ays (w h ich are t h e publ ic M X s e rv e rs ). Th e " core " SM TP s e rv e r h andl es t he l ocal de l iv e ry of m ail int ot h e M ail dir (or m box) f or e ach us e r . Buil ding a " core " s e rv e r appl iance s t ack is bas ical l yt h e s am e as t h e abov e , us e pos t f ix ins t e ad ofpos t f ix_ re l ay. Th e conf igurat ion be l ow doe s notus e l ocal de l iv e ry, ins t e ad itus e s v irt ual m ail boxe s . Th is conf igurat ion re q uire s t h atno UNI X account s act ual l y e xis ton t h e s ys t em f or m ail us e rs . T o ach ie v e t h is , itus e s a v irt ual uid and gid, in t h e conf ig be l ow t h ese are 619 . Ch ange t h is t o s om e t h ing e l se t h at you w antt o us e , and m ak e s ure t h at bot h t h e us e r and group e xis t . Th e v irt ual m ap m us te xis tf or pos t m as t e r and abus e , t o re m ain RFC com pl iant . m ain.cf : q ue ue _ dire ct ory = / st ack / pos t f ix/ q ue ue com m and_ dire ct ory = / st ack / pos t f ix/ us r/ s bin

dae m on_ dire ct ory = / st ack / pos t f ix/ s bin m ail _ ow ne r = pos t f ix m yh os t nam e = core .s m t ps e rv er .m ydom ain.com m yne t w ork s = 127.0.0.0/ 8, 19 2.168.25.2/ 32 m yorigin = m ydom ain.com ine t _ int e rf ace s = 19 2.168.25.2, l ocal h os t smt p_ bind_ addre s s = 19 2.168.25.2 m yde s t inat ion = l ocal h os t l ocal _ re cipie nt _ m aps = v irt ual _ m ail box_ dom ains = h as h :/ conf ig/ v irt ual _ dom ains v irt ual _ m ail box_ bas e = / st orage / m ail / v irt ual _ m ail box_ m aps = h as h :/ conf ig/ v irt ual _ m ail box v irt ual _ uid_ m aps = s t at ic:619 v irt ual _ gid_ m aps = s t at ic:619 v irt ual _ al ias _ m aps = h as h :/ conf ig/ v irt ual #m ail drop_ de s t inat ion_ re cipie nt _l im it= 1 v irt ual _t rans port= v irt ual unk now n_ l ocal _ re cipie nt _ re j e ct _ code = 550 unk now n_ addre s s _ re j e ct _ code = 554 unk now n_ h os t nam e _ re j e ct _ code = 554 unk now n_ cl ie nt _ re j e ct _ code = 554 bif f = no smt pd_ h e l o_ re q uire d = ye s st rict _ rf c821_ e nv el ope s = ye s dis abl e_v rf y_ com m and = ye s smt pd_ re cipie nt _ re s t rict ions = pe rm it _ m yne t w ork s re j e ct _ unaut h _ de s t inat ion re j e ct _ non_ f q dn_ h os t nam e re j e ct _ non_ f q dn_ re cipie nt re j e ct _ unaut h _ pipe l ining re j e ct _ inv al id_ h os t nam e re j e ct _ unk now n_ s e nde r_ dom ain re j e ct _ rbl _ cl ie ntz e n.s pam h aus .org re j e ct _ rbl _ cl ie ntl is t .ds bl .org re j e ct _ rh s bl _ s e nde r ds n.rf c-ignorant .org pe rm it smt pd_ dat a_ re s t rict ions = re j e ct _ unaut h _ pipe l ining, re j e ct _ m ul t i_ re cipie nt _ bounce , pe rm it h e ade r_ ch e ck s = re ge xp:/ conf ig/ h e ade r_ ch e ck s .re ge xp smt pd_ banne r = $ m yh os t nam e ESM TP $ m ail _ nam e

o3 m agaz ine :: page 9

Appl iance and V M :: Se cure Pos t f ix

s e ndm ail _ pat h = / st ack / pos t f ix/ us r/ s bin/ s e ndm ail ne w al ias e s _ pat h = / st ack / pos t f ix/ us r/ bin/ ne w al ias e s m ail q _ pat h =/ st ack / pos t f ix/ us r/ bin/ m ail q set gid_ group = pos t drop ht ml _ dire ct ory = no m anpage _ dire ct ory = / st ack / pos t f ix/ m an re adm e _ dire ct ory = no Pe r t h e conf igurat ion abov e , m ail is s t ore in / st orage / m ail / . Th e act ual pat h t o w h e re m ail is s t ore d is conf igure d in t he v irt ual _ m ail box f il e.I th as t he f orm at : us e r@ dom ain.com pat h/ m ail box A good s ch e m e is t o us e us e r@ dom ain.com dom ain/ us e r , h ow e v e r ift h e organiz at ion h as m ul t ipl e dom ains butt h e us e rs are al l t he s am e , t h e n s im pl y m ak e dom ain a s t at ic v al ue s uch as us e r@ dom ain.com m ycom pany/ us e r . Again, t h is f il e can be ge ne rat e d us ing s im il ar s cript s as t ot h e one s in t h e s cal abl e smt p s ol ut ions art icl e . As l ong as t h e dire ct ory e xis t s (m ycom pany/ ), pos t f ix w il l ge ne rat e t h e m ail boxe s as m ail is re ce iv e d. Not e t h e pat h t h ough , as itw il l ne e d itf or t h e dov e cot(im ap s e rv e r) conf igurat ion. I M AP is us e d t o e nabl e us e rs t o acce s s t h e m ail once itis re ce iv e d. Th e v irt ual _ dom ains f il e is t h e us ual dom ain.com O K f orm atf il e , e ach dom ain is l is t e d on it s ow n l ine f ol l ow e d by a j unk k e yw ord (s uch as O K ). Concl us ion W it h v e ry l it t l e ef f ort , w e h av e cre at e d a bas e st ack f or pos t f ix. Sim pl y add t h e de f aul t conf igurat ion, and you are re ady t o de pl oy. T o de pl oy, w e s im pl y copy / st ack / pos t f ix, f or e xam pl e , w it h cp -a int ot h e re l e as e s t ack . Th is w as dis cus s e d in de t ail in t he l as t appl iance art icl e in t h e 6t h is s ue . Pos t f ix ht t p:/ / w w w .pos t f ix.org

o3 m agaz ine :: page 10

Se rv e r Side :: Dov e cotI M AP /PO P3

Us ing Dov e cotf or im apd and pop3d
Dov e cotis an ope n s ource I M AP and PO P3 s e rv er .I M AP and PO P3 are cl ie nts ide m ailprot ocol s us e d by e nd us e rs t o acce s s t h e ir e m ail . Th e re are a num be r ofope n s ource opt ions outt h e re f or I M AP and PO P3. Dov e cotof f e rs a f as t ,l igh t w e igh tand s e cure s ol ut ion f or h andl ing I M AP and PO P3. Th is art icl e prov ide s a guide on conf iguring s uch a s ys t em. Joh n Bus w e l l (bus w e l l j @ o3m agaz ine .com ) Dov e cotis an ope n s ource I M AP and PO P3 s e rv er .I M AP and PO P3 are m ail prot ocol s t h ate nabl e a cl ie ntt o acce s s or re t rie v e e m ail f rom a re m ot e s e rv er . Th e re are a num be r ofI M AP and PO P3 s e rv e rs av ail abl e as ope n s ource . Th e f ocus oft h is art icl e is on dov e cot . Dov e cotprov ide s a s e curit yf ocus e d and h igh l y s cal abl e s ol ut ion. Dov e cot s upport s e ncrypt e d and une ncrypt ed v e rs ions ofI M AP and PO P3. Ge t t ing Dov e cot Th e l at e s tv e rs ion ofDov e cotis av ail abl e f rom h t t p:/ / w w w .dov e cot .org. M os tL inux dis t ribut ions h av e a com pil edv e rs ion of dov e cotav ail abl e , s uch as Fe dora. Th e l at e st st abl e re l e as e ofdov e cotis 1.0.3, as of Se pt e m be r 2007. T o ins t al l dov e cotin Fe dora, s im pl y run yum ins t al l dov e cot . Buil ding Dov e cot T o buil d dov e cotf rom s ource , t h e onl y de pe nde ncy itne e ds is O pe nSSL .I f O pe nSSLis in a non-s t andard l ocat ion, itis ne ce s s ary t o pas s CFL AGS and L DFL AGS t ot h e conf igure and m ak e com m ands . For e xam pl e , ifyou are us ing a s t ack s ys t e m as de s cribe d in I s s ue 6 ofo3 m agaz ine , t hen you w oul d ne e d t o us e : CFL AGS=" -I / app/ com m on/ ssl _ core / incl ude " L DFL AGS=" -L / app/ com m on/ ssl _ core / l ib" ./ conf igure --pre f ix=/ app/ st ack / dov e cot--w it hgnu-l d --w it h -pic --w it h -s s l =ope ns s l --w it hssl dir=/ app/ com m on/ ssl _ dat a CFL AGS=" -I / app/ com m on/ ssl _ core / incl ude " L DFL AGS=" -L / app/ com m on/ ssl _ core / l ib" m ak e CFL AGS=" -I / app/ com m on/ ssl _ core / incl ude " L DFL AGS=" -L / app/ com m on/ ssl _ core / l ib" m ak e ins t al l I tis ne ce s s ary t o add t he l ib dire ct ory t o l d.s o.conf . Running e ch o " / app/ st ack / dov e cot / l ib" >> / et c/ l d.s o.conf& & l dconf ig w il l t ak e care oft h atf or you. I tw il l al s o be ne ce s s ary t o add t h e s bin dire ct ory t o t h e PATH . Th is is done w it h PATH =/ app/ st ack / dov e cot / s bin:$ PATH ;e xport PATH . Conf iguring Dov e cot Th e m os tt im e cons um ing partoft h e dov e cot set up is conf igurat ion. Th e conf igurat ion h as al otofopt ions , m os tofw h ich are unne ce s s ary t o ge tt h e s ys t e m up and running. I tis a good ide a, once t h e s e rv e r is running t of ine t une t h e conf igurat ion w it h t he e xt ra opt ions . Th e re is a dov e cot e xam pl e .conf , as w e l l as l dap and s q l e xam pl e f il e s , ifSQLor L DAP are be ing us e d. Th e s e e xam pl e f il e s are in t he et c/ dire ct ory w h e re dov e cotw as ins t al l e d. Dov e cotis s t art e d w it h a conf igurat ion f il e param e t er ,sot h e conf igurat ion f il e can be st ore d anyw h e re on t h e s ys t e m . Copy dov e cot -e xam pl e .conft o dov e cot .confin a l ocat ion s uch as / et c. Each conf igurat ion el e m e ntis w e l l com m e nt e d, s o e dit dov e cot .conft o s uitt he t ype ofconf igurat ion be ing de pl oye d. Quick s t artConf igurat ion Th e q uick s t artconf igurat ion, is an une ncrypt e d bas e conf igurat ion t h ato3 m agaz ine putt oge t her .T o us e dov e cotw it h roundcube (w e bm ail appl icat ion) on t h e s am e s e rv er ,t h is is al l t h atis ne e de d. I froundcube (or anot h e r w e bm ail appl icat ion) is running

o3 m agaz ine :: page 12

Se rv e r Side :: Dov e cotI M AP /PO P3

on a dif f e re nts e rv er , itw oul d be ne ce s s ary t o add e ncrypt ion t ot h e conf igurat ion. L ik e w is e , ifI M AP and PO P3 are be ing of f e re d dire ct l y t ot h e us e r f or us e w it h cl ie nt s s uch as Th unde rbird, itw oul d be ne ce s s ary t o add e ncrypt ion and adv is abl e t o s e cure t he conf igurat ion f urt h e r be f ore de pl oym e nt . bas e _ dir = / v ar/ run/ dov e cot / prot ocol s = im ap pop3 l is t e n = 10.19 2.168.25 dis abl e _ pl aint e xt _ aut h = no s h ut dow n_ cl ie nt s = ye s ssl _ dis abl e = ye s m ail _l ocat ion = m ail dir:~ / pop3_ uidl _f orm at= % 08Xu% 08Xv dot l ock _ us e _ e xcl = ye s m ail dir_ copy_ w it h _ h ardl ink s = ye s aut h _v e rbos e = ye s aut h de f aul t{ m e ch anis m s = pl ain pas s db pas s w d-f il e { args = / et c/ dov e cot / db/ pas s db } us e rdb s t at ic { args = uid=666 gid=666 h om e =/ v ar/ st ore / m ail / %u } } Th is is al l t h atis ne e de d t o ge tt h e s ys t em running. Th is is f ar f rom a s e cure conf igurat ion as w e h av e unne ce s s ary port s ope n on ot h e rI P addre s s e s . H ow e v e r w it h I M AP bound t o an int e rnal I P addre s s , prov ide d it 's prot e ct e d, s h oul d notbe a probl e m . Th e bas e _ dir opt ion t el l s dov e cot w h e re itis running f rom . Th e prot ocol s opt ion s pe cif ie s t h atbot h I M AP and PO P3 are s upport e d. I n m any cas e s itw oul d be adv is abl e t o drop I M AP and PO P3 in f av or of t h e ir s e cure v e rs ions , I M APS and PO P3S. Th e l is t e n opt ion t el l s dov e cotw h atI P addre s s t o bind t o. Att h is t im e , itcan onl y bind t o one addre s s or al l addre s s e s . Th e dis abl e _ pl aint e xt _ aut h cont rol s wh et her pl ain t e xtpas s w ords are pe rm it t e d. Th is is re al l y onl yf or t e st ing and its h oul d be s e tt o ye s l at er . Th e s h ut dow n_ cl ie nt s opt ion,

de s cribe s h ow dov e cots h oul dt re atcl ie nt s w h e n itis re s t art e d. Th e m ail _l ocat ion s pe cif ie s t ype m ail dir (m box is al so s upport e d) and t h e us e rs h om e dire ct ory. I n t h is conf igurat ion, t h e us e rs are v irt ual ,so pos t f ix is notcre at ing a M ail dir dire ct ory, t he h om e dire ct ory is t h e m ail dir . Th e ne xtt h re e l ine s (pop3_ uidl _f orm at ) s e ts om e ne ce s s ary de f aul t s. Final l yt h e aut h bl ock is w h e re t h e m agic h appe ns . I nt h is conf igurat ion, v irt ual us e rs are us e d, s o dov e cotw il l us e a s t andard pas s w ord f il e and a s t at ic us e rdb e nt ry. Th e st at ic us e rdb e nt ry e nabl e s a s ingl e UI D/ GI D (pe r t h e pos t f ix conf igurat ion) t o be us e d w it h at e m pl at e f or t h e h om e dire ct ory pat h. H e re t h e %u v ariabl e is us e d t o s pe cif yt he us e rnam e , e ach h om e dire ct ory is s t ore d unde r / v ar/ st ore / m ail / <us e rnam e >. Th e m ail _l ocat ion opt ion e arl ie r in t h e conf ig s pe cif ie s t h att h is l ocat ion (t h e h om e dire ct ory is ~ / ) is w h e re t h e m ail is s t ore d. Pos t f ix conf igurat ion Th is art icl e re f e rs t o a pos t f ix conf igurat ion. Th is is t h e conf igurat ion t h atis de s cribe d in t h e Buil ding a Se cure Pos t f ix Appl iance art icl e in t h is is s ue ofo3 m agaz ine . Th at conf igurat ion us e s v irt ual m ail boxe s t o st ore m ail in / v ar/ st ore / m ail / <us e rnam e >. Binding t o s om e butnotal l I Ps Th e one f l aw t h atdov e coth as is t h atitcan onl y bind t o one or al l I P int e rf ace s on t he s e rv er . Th e re is no prot ocol s pe cif ic binding out s ide ofbinding f or e ncrypt edv e rs ions of t h e prot ocol (s s l _l is t e n). I n s om e cas e s it m igh tbe ne ce s s ary t ol is t ent o s om e butnot al l t h e int e rf ace s . Th e onl y w ay t o ach ie v e t h is w it h outpat ch ing dov e cotis t o us e ipt abl e s . Sim pl y bl ock al l inbound t raf f ic t o t h e dov e cotport s , and al l ow t hem f or t he s pe cif ic I P addre s s e s . Al t h ough dov e cotw il l be l is t e ning on al l int e rf ace s , itw il l onl y re ce iv e t raf f ic f or t h e one s pe rm it t e d by ipt abl e s . Th is doe s l e av e a s om e w h at pre carious s e curit y s it uat ion, ifus e r e rror re s ul t s in ipt abl e s pe rm it t ing acce s s on I Ps it s h oul d not . Th e be s tapproach t o av oid t h is is t ot ak e a DENY AL Lpol icy us ing ipt abl e s -P

o3 m agaz ine :: page 13

Se rv e r Side :: Dov e cotI M AP /PO P3

I NPUT DRO P , butagain t h e adm inis t rat ors st il l ne e d t o be care f ul . Cre at ing t h e pas s w ord f il e A ut il it y cal l e d dov e cot pw is us e d t o ge ne rat e t h e pas s w ord e nt rie s . Th e SSH A s ch e m e is a good and s e cure m e t h od ofge ne rat ing pas s w ords . T o ge ne rat e a pas s w ord us ing SSH A, run dov e cot pw -s s s h a. Th e ut il it y w il l prom ptf or a pas s w ord t w ice , t h e n prov ide a l ine t h ats t art s w it h {SSH A} . Th is l ine , incl uding t h e {SSH A}is pl ace d int ot he pas s w ord f il e . Th e pas s w ord f il e h as a v e ry s im pl e f orm atus e rnam e :pas s w ord. So a us e r cal l edj oe w oul d h av e an e nt ry l ook ing l ik e j oe :{SSH A} aj h dk j s ah dk aj h dk aj h d. Te s t ing Th e e as ie s tw ay t ot e s tdov e cotis w it h t el ne t . Th e PO P3 s e rv ice runs on port110, and I M AP runs on port143. Th is is NOT t h e cas e ifyou are running t h e e ncrypt edv e rs ions . T o t e s tPO P3 t el ne tt o port110 on t h e s e rv er .I n t h is art icl e s e xam pl e,t el ne t10.19 2.168.25 110. + O K Dov e cotre ady. USER j oe + OK PASS m onk e ybr4!nS + OK L ogge d in. L I ST 1 100 2 3004 3 3043 . QUI T + OK L ogging out . T ot e s tI M AP ,t el ne tt o port143 on t h e s e rv er . For e xam pl e,t el ne t10.19 2.168.25 143. * O K Dov e cotre ady. A1 l ogin j oe m onk e ybr4!nS A2 s e l e ctinbox * FL AGS (\Ans w e re d \Fl agge d \De l et ed \Se e n \Draf t ) * O K [PERM ANENTFL AGS (\Ans w e re d \Fl agge d \De l et e d \Se e n \Draf t\*)] Fl ags pe rm it t e d. * 1470 EXI STS

* 0 RECENT * O K [UNSEEN 1] Firs tuns e e n A2 O K [READ-W RI TE] Se l e ctcom pl et e d. A3 CL O SE A3 O K Cl os e com pl et e d. A4 L O GO UT * BYE L ogging out A4 O K L ogoutcom pl et e d. Concl us ion Dov e cotprov ide s a f as t , s e cure and l igh t w e igh ts ol ut ion f or prov iding I M AP and PO P3 s e rv ice s . Th e ne xts t e p is t o prov ide e ncrypt e d s e rv ice s , w h ich are de t ail e d in t he Encrypt ing Em ail Prot ocol s art icl e in t h is is s ue .

o3 m agaz ine :: page 14

I P Ne t w ork ing :: Scal abl e SM TP Ne t w ork s

De s igning Scal abl e SM TP Ne t w ork s
Th is art icl e l ook s atde s igning s cal abl e SM TP ne t w ork s . Th e m ain principl e be h ind t h e de s ign us e d in t h is art icl e is a f ront l ine group ofSM TP re l ay s e rv e rs t h atactas t h e publ ic M X s e rv e rs . Th e n a core s e tofs e rv e rs on t h e back e nd t h atprov ide t he l ocal de l iv e ry and m ore in-de pt h proce s s ing. Th e re l ay s e rv e rs s k im t h e bul k oft he j unk , l e av ing l e s s proce s s ing t o be done on t h e core . Joh n Bus w e l l (bus w e l l j @ o3m agaz ine .com ) Th e SM TP prot ocol is us e d f or t rans f e rring e m ail f rom cl ie nt s t o s e rv e rs , and be t ween s e rv e rs . SM TP s t ands f or Sim pl e M ail Trans portProt ocol . Th is art icl e l ook s at buil ding s cal abl e SM TP ne t w ork s . W h il e m any s m al l bus ine s s e s and proj e ct s sh y aw ay f rom s ol ut ions w it h t e rm s s uch as " s cal abl e " and " e nt e rpris e " ,t h is is nott he cas e h e re . Sm al l bus ine s s e s of t e n e q uat e s cal abl e and e nt e rpris e w it h cos t l y, due t ot he w ay e xpe ns iv e , and of t enl e s s us e f ul product s are m ark e t e d. Be f ore going inde pt h ,l et 's cov e r s om e oft h e SM TP bas ics . DNS and M X re cords DNS pl ays an im port antpartin h ow e m ail is de l iv e re d w it h SM TP . Th e SM TP s e rv e rs are de f ine d in A re cords . Th e s e are t h os e DNS e nt rie s t h atas s ign an I P dire ct l yt o a h os t nam e . DNS h as a s pe cial re cord t ype cal l ed M X or M ail Exch ange . Th e s e M X re cords t el l a re m ot e m ail s e rv e r h ow an e m ail s h oul d be de l iv e re d t ot h atdom ain. M X re cords cons is t ofa pre f e re nce num be r and a h os tnam e . Th e h os tnam e m us tpointt o an A re cord, not a CNAM E (al ias ). I N MX 10 m x2.s m t p.s pl ice dne t w ork s .com . I N MX 10 m x3.s m t p.s pl ice dne t w ork s .com . I N MX 10 m x4.s m t p.s pl ice dne t w ork s .com . I N MX 10 m x6.s m t p.s pl ice dne t w ork s .com . I nt h e e xam pl e abov e f rom o3m agaz ine .com , you can s e e t he I N M X de f ining t h e MX t ype . Th e pre f e re nce num be r s e th e re as 10 f or e ach s e rv er . Th e f inal el e m e ntis t h e h os t nam e . Al s o not e t he f ul l st op t h atis re q uire d t ot e rm inat e t h e h os tnam e in t h e z one f il e. H e re t h e pre f e re nce num be r is t h e s am e , s o t h e DNS s e rv e r w il l random iz e t h e re s pons e l is tw it h e ach re q ue s t . Th e re m ot e s e rv e r w il l t h e n go dow n t he l is tone by one . Th e s e rv er w il l st op w h e n its ucce s s f ul l y de l iv e rs t he m ail , or itre ce iv e s an unre ach abl e h os tor unk now n us e r re s pons e f rom one oft he s e rv e rs in t he mxl is t .I ft h e pre f e re nce num be rs w e re dif f e re nt ,t hent h e h igh e s t priorit y (l ow e s tM X pre f e re nce v al ue ) w oul d be t rie d f irs t . L ook ing up M X v al ue s Th e h os tcom m and (or ns l ook up) can be us e d t of ind t h e MX v al ue s f or a part icul ar dom ain. For e xam pl e , h os t-tm x yah oo.com w il l yie l d: yah oo.com m ail is h andl e d by 1 a.m x.m ail .yah oo.com . yah oo.com m ail is h andl e d by 1 b.m x.m ail .yah oo.com . yah oo.com m ail is h andl e d by 1 c.m x.m ail .yah oo.com . yah oo.com m ail is h andl e d by 1 g.m x.m ail .yah oo.com . M al icious Us e rs Spam m e rs and t h os e at t e m pt ing t o propagat e v irus e s s om e t im e s t arge tt he l ow e s tpriorit y s e rv e rs on an M X l is t . Th e s e are of t e n back up s e rv e rs , s om e t im e s atan I SP , w h ich m ay noth av e t h e s am e ant i-v irus or ant i-s pam t e ch niq ue s e m pl oye d as t he prim ary s e rv e rs . W it h m ode rn h igh av ail abil it y s ol ut ions , and t h e nat ure ofM X re cords , itis notre al l y ne ce s s ary t o ut il iz e

o3 m agaz ine :: page 16

I P Ne t w ork ing :: Scal abl e SM TP Ne t w ork s

h igh e r M X v al ue s . I tis adv is abl e t o s im pl y us e t he t e ch niq ue s e m pl oye d abov e by o3 m agaz ine and Yah oo, t h us av oiding t arge t ing ofs pe cif ic s e rv e rs . Se nde r Pol icy F ram e w ork Th e e xpe rim e nt al RFC 4408 de f ine s SPF . SPF al l ow s SM TP s e rv e rs t o ide nt if y and re j e ctf orge d addre s s e s in t h e M AI LFRO M h e ade r during t h e SM TP e xch ange ofm ail . Th e f orge d addre s s e s are of t e n us e d in s pam , as an at t e m ptt o ge taround f il t e ring s ys t e m s . SPF w ork s by h av ing t h e ow ne r ofa dom ain de f ine a s pe cial DNS e nt ry. Th e SPF DNS e nt ry is a TXT e nt ry w h ich cont ains inf orm at ion abouth ow e m ail s h oul d be s e nt f rom t h atdom ain. Th e SPF e nt ry cont ains t he v e rs ion and s om e ot h e r inf orm at ion. m ydom ain.com . I N TXT " v =s pf 1 m x a:m x0.m ydom ain.com -al l " I nt h e e xam pl e abov e,t h e z one f il e f or t he dom ain is conf igure d w it h an SPF v e rs ion of 1, ifitcom e s f rom one oft h e M X s e rv e rs f or t h atdom ain, or ifitcom e s f rom m x0.m ydom ain.com . Anyt h ing re ce iv edf rom any ot h e r s ource s w il l be re j e ct e d (-al l ). Th e re is al s o a PTR e nt ry w h ich w il l ch e ck t h e re v e rs e DNS oft h e s e nde rs I P addre s s , t o s e e ifitre s ol v es t ot h e s am e dom ain as t h e s e nde r dom ain. SM TP L oad Bal ancing I n addit ion t ot h e round robin M X l oad bal ancing t h atDNS doe s by de f aul t , you coul d us e a h ardw are l oad bal ance r t ol oad bal ance e ach M X. Th e re are s e v e ral ope n s ource and com m e rcial opt ions av ail abl e t o do t h is . Th e adv ant age ofus ing l oad bal ancing is s cal abil it y. I ns t e ad ofh av ing a l arge l is tofM X re cords , you can h av e a s m al l num be r ofM X re cords . Each one oft h os e M X re cords w oul d pointt oav irt ual s e rv e r on t he l oad bal ance r . Each v irt ual s e rv e r coul d h av e h undre ds ofs e rv e rs be h ind it .I ft he de pl oym e nth as onl y a h andf ul ofs e rv e rs , us ing indiv idual M X re cords w il l w ork pe rf e ct l yf ine , re gardl e s s ofw h e t h e r a s e rv er is dow n or not .L oad bal ancing SM TP m ay al s o e nabl e af ine r l ev el ofcont rol ov e rl oad

bal ancing, butt h e adv ant age s w oul d be m arginal . Re l ay and Core Se rv e rs Th e s cal abl e s ol ut ion dis cus s e d in t h is art icl e us e s t wot ype ofs e rv e rs , re l ay and core . Th e re l ay s e rv e rs e xch ange m ail w it h ot h e r SM TP s e rv e rs on t he I nt e rne t . Th e n t h e re l ay s e rv e rs f orw ard v al id e m ail t ot h e core s e rv e rs . Th is de s ign e nabl e s N+ 1 re l ay s e rv e rs , w h ich are de f ine d by t h e M X re cords f or t h e dom ain. Th e s e re l ay s e rv e rs w il l priv at el y de l iv e r m ail t ot h e core s e rv e r(s ). Th e core s e rv e rs are onl y k now n t ot h e re l ay s e rv e rs , and onl y acce ptm ail f rom t h e re l ay s e rv e rs . Th e ide a h e re is t h att h e N+ 1 re l ay s e rv e rs re ce iv e al l e m ail ,wh et h e r itis l e git im at e or s pam . Th e re l ay s e rv e rs w e e d outas m uch s pam as pos s ibl e , be f ore f orw arding t h e m ail on t ot h e core s e rv e rs . Th e core s e rv e rs h av e m ore cos t l y ant i-s pam and ant i-v irus m e as ure s , butas t h e re l ay s e rv e rs h av e al re ady t rim m e d t h e m ail dow n s ubs t ant ial l y, t h e re is l ess l oad t o de al w it h. Th e M TA (M ail Trans f e r Age nt ) ofch oice f or t h e re s toft h is art icl e w il l be Pos t f ix. Re l ay Se rv e rs Th e re l ay s e rv e rs h av e no l ocal de l iv e ry m e ch anis m and t h e y do notde l iv e r m ail t o any us e rs . I ns t e ad t h e re l ay s e rv e rs pe rf orm s pe cif ic ant i-s pam and ot h e r ch e ck s , be f ore de l iv e ring m ail t ot h e core s e rv e rs . Th e s ol ut ion us e s RBL(Re al t im e Bl ack h ol e L is t s ), Re l ay Dom ains , Re l ay Re cipie ntM aps and h e ade r ch e ck s . Th e re are no adv ance ant is pam m e as ure s on t h e re l ay s e rv e rs , no ds pam , no s pam as s as s in, no pos t gre y. Th os e s ol ut ions ne e d t o gat h e r dat af rom m ul t ipl e e m ail s . Th e probl e m is t h atw it h N+ 1 re l ay s e rv e rs , e ach re l ay s e rv e r onl y re ce iv es 1/ N oft he t raf f ic. Th e goal w it h t h is s ol ut ion is t o k e e p its im pl e,sot h e adv ance d proce s s ing occurs on t h e core s e rv e rs , w it h re duce d l ev el s ofm ail . Re l ay Se rv e rs : RBL Re al t im e Bl ack h ol e L is t s us e DNS t o de t e rm ine ifa part icul ar SM TP s e rv e r is on t he l is tor not . Th e re are s e v e ral RBL s out t h e re , w e re com m e nd Spam h aus

o3 m agaz ine :: page 17

I P Ne t w ork ing :: Scal abl e SM TP Ne t w ork s

(z e n.s pam h aus .org), Dis t ribut e d Se nde r Bl ack h ol e L is t(l is t .ds bl .org) and RFC I gnorant(ds n.rf c-ignorant .org). Spam h aus de al s w it h s pam m e rs , s pam gangs and ot her part ie s t h atj us ts pe w j unk m ail in al l dire ct ions . Spam h aus is a good w ay t o bl ock al l t h os e s ource I Ps t h atare ripe f or s pam , and unl ik e l yt o cont ain s e rious bus ine s s cus t om e rs . Spam h aus re f e re nce s al l t he I P addre s s bl ock s t h atare us e d f or dynam ic I P al l ocat ions f or re s ide nt ial cabl e , ds l and dial up us e rs atal l t h e m aj or I SPs . Th e dis t ribut e d s e nde r bl ack h ol e l is t , s e nds out t e s tm e s s age s t o s e e ifa part icul ar m ail s e rv e r w il l re l ay f or s om e t h ing its h oul dn't . For e xam pl e , ifyou t ry t o s e nd e m ail f or s om e one @ yah oo.com t h rough t h e Googl e M ail s e rv e rs , f rom s om e one @ h ot m ail .com , it w on'tw ork . H ow e v er , m any us e rs w h o s e t up t h ings l ik e M icros of tExch ange on t h e ir corporat e ne t w ork s , s om e oft h os e us e rs be ing I T cons ul t ant s , cre at e ope n re l ays . Spam m e rs l ov e ope n re l ays , and ope n re l ays t oday re al l y s h oul d note xis t , as t h e y are s im pl y a s ign ofincom pe t e nce . Final l y, RFC I gnorantch e ck s t o s e e ifa s e rv e r is RFC com pl iantus ing s om e t e st s.T oday, ifa s e rv er is notRFC com pl iant , good ch ance it 's s om e of ft h e w al l j unk s e t up by s om e one w h o s h oul dn'tbe running a m ail s e rv er . Th e RBL is a f irs tl ine ofde f e ns e , and w il l cuts pam dow n cons ide rabl y. T o conf igure RBLw it h Pos t f ix, us e t he smt pd_ re cipie nt _ re s t rict ions com m and, al ong w it h t h e re j e ct _ rbl _ cl ie ntor re j e ct _ rh s bl _ s e nde r k e yw ords . smt pd_ re cipie nt _ re s t rict ions = re j e ct _ rbl _ cl ie ntz e n.s pam h aus .org re j e ct _ rbl _ cl ie ntl is t .ds bl .org re j e ct _ rh s bl _ s e nde r ds n.rf c-ignorant .org pe rm it Th is is j us tan e xam pl e,af ul l smt pd_ re cipie nt _ re s t rict ions e nt ry w oul d re j e cton addit ional param e t e rs , s e e t he f ul l conf igurat ion l is t edl at e r in t h e art icl e. Re l ay Se rv e rs : Re l ay Dom ains Pos t f ix e nabl es t h e conf igurat ion ofa re l ay

dom ain m ap. A re l ay dom ain is s im pl yal is t ofdom ains t h atyou w il l re l ay f or , your dom ains . I fa re m ot e s ys t em t rie s t o s e nd t oa dom ain notconf igure d in t h e m ap, itw on't w ork . Th is is e as il y conf igure d w it h t he re l ay_ dom ains conf igurat ion opt ion. For t h is art icl e , w e us e d m os t l y h as h e s , w h ich are ge ne rat e d by running pos t m ap agains ta t e xt f il e in / et c/ pos t f ix. For e xam pl e , pos t m ap re l ay_ dom ains w il l produce re l ay_ dom ains .db f rom t h e re l ay_ dom ains conf igurat ion t e xtf il e. I nt h e m ain.cfconf igurat ion f il e f or Pos t f ix, you w oul d conf igure : re l ay_ dom ains = h as h :/ et c/ pos t f ix/ re l ay_ dom ains Th e re l ay_ dom ains f il e w oul d cons is tof dom ain.com O K . Bas ical l y, t h e dom ain nam e f ol l ow e d by a t ab s e parat e d OK. I fa l otof dom ains re q uire conf igurat ion, you can us e a s cript . As s um ing t he l is tofdom ains are in a t e xtf il e cal l e d dom ain-l is t .t xt ,t he f ol l ow ing s criptw oul d ge tt he j ob done . #!/ bin/ bas h f or i in $ (catdom ain-l is t .t xt );do e ch o " $ i OK" >> re l ay_ dom ains ;done Th is w oul d produce f or e xam pl e: o3m agaz ine .com O K o3m agaz ine .ne t O K o3m agaz ine .org O K Re l ay Se rv e rs : Re cipie ntM aps Th e re cipie ntm ap w ork s on t h e s am e pre m is e as t h e re l ay dom ains , butw it h us e rs . Th e m ap is a s im pl e h as h , m ade up of us e r@ dom ain.com f ol l ow e d by O K on t he s am e l ine . Pos t f ix e nabl e s you t o ge tm aps f rom al l s ort s ofl ocat ions , m ys q l ,l dap e t c. Th e e as ie s tf orm is a s im pl e h as h . For a s m al l com pany, you h av e a s e tnum be r of us e rs , t ypical l y e m pl oye e s , s om e al ias e s and pe rh aps m ail ing l is t s . Ev enal arge com pany h as a s e tnum be r ofus e rs , and t h is inf orm at ion is t ypical l y st ore d in s om e f orm of ce nt ral iz e d dat abas e al re ady, s uch as l dap. Th e re cipie ntl is te nabl e s you t o cre at e a s ort

o3 m agaz ine :: page 18

I P Ne t w ork ing :: Scal abl e SM TP Ne t w ork s

ofw h it e l is tofpe rm it t e d e m ail addre s s e s . Th is can dras t ical l y re duce t h e am ountof al ph abe t ical s pam , e s pe cial l y ifyou us e cus t om al ias e s , pe rh aps hel pde s k @ m ycom pany.com ins t e ad of s upport @ m ycom pany.com . T o conf igure t h e re cipie ntm ap, t he re l ay_ re cipie nt _ m aps conf igurat ion opt ion is us e d. Again pos t m ap is run on t he re l ay_ re cipie nt s f il e t o ge ne rat e t h e h as h dat abas e . re l ay_ re cipie nt _ m aps = h as h :/ et c/ pos t f ix/ re l ay_ re cipie nt s T o ge ne rat e a q uick m ap, pe rh aps f rom a l is t ofus e rs (us e r-l is t .t xt ) and a l is tofdom ains (dom ain-l is t .t xt ), t he f ol l ow ing s criptw il l w ork : #!/ bin/ bas h f or i in $ (catdom ain-l is t .t xt );do f or y in $ (cat us e r-l is t .t xt );do e ch o " $ y@ $ i O K " >> re l ay_ re cipie nt s ;done ;done Re l ay Se rv e rs : H e ade r Ch e ck s Th e ide a be h ind h e ade r ch e ck s is t o us e re gul ar e xpre s s ions (re ge x) t of ind com m on st rings in t h e h e ade r , and prov ide cus t om REJECT m e s s age s . For e xam pl e,l et s s ay nobody atyour bus ine s s can re ad ch ine s e , t h e re is l it t l e pointin re ce iv ing m e s s age s w it h Ch ine s e e ncoding. So you coul d do s om e t h ing s uch as : / ^Subj e ct : =? big5? / REJECT Ch ine s e e ncoding notal l ow e d. For a f ul l l is tofe xam pl e s or t o s h are your ow n e xam pl e s , re f e rt ot h e s ubs cribe r l ogin s ys t e m or t he f orum s at w w w .o3m agaz ine .com . Re l ay Se rv e rs : Trans portM aps W it h l ocal de l iv e ry dis abl e d, Pos t f ix w il l ne e d pe r dom ain t rans portm aps t o de l iv e rt h e m ail t ot h e h idde n core s e rv e rs . Trans portm aps are s im il ar t ot h e ot h e r m aps dis cus s e d in t h is art icl e . Th e t rans portm ap us e s t he

f ol l ow ing f orm at : dom ain.com re l ay:[h idde n.core .dom ain.com ] I tis conf igure d us ing t rans port _ m aps = h as h :/ et c/ pos t f ix/ t rans port _ m ap. Again f or t h is h as h w e ne e d t o run pos t m ap on t he t e xt conf igurat ion f il e . Ke e ping w it h our us e f ul s cript s,t h e dom ain-l is t .t xtf il e can be us e d t o ge ne rat e t h e m ap. #!/ bin/ bas h f or i in $ (catdom ain-l is t .t xt );do e ch o " $ i re l ay:[ups t re am .m ydom ain.com ]" >> t rans port _ m ap;done Re l ay Se rv e rs : Final Conf igurat ion Us ing a v e ry s im pl e pos t f ix conf igurat ion, w it h RBL , Re ge x bas e d H e ade r Ch e ck s and a coupl e ofm aps , w e 'v e j us tcre at edav e ry s e cure re l ay. Th e f inal conf igurat ion f or t he re l ay is l is t e d be l ow . Th e conf igurat ion can be t h e s am e f or e ach re l ay, j us tv ary t he m yh os t nam e and ine t _ int e rf ace s t o m at ch t he h os tnam e and I P ofe ach indiv idual s e rv er . q ue ue _ dire ct ory = / smt p/ q ue ue com m and_ dire ct ory = / smt p/ us r/ s bin dae m on_ dire ct ory = / smt p/ s bin m ail _ ow ne r = t e st _ pos t f ix m yh os t nam e = m x9 9 .t e st .m ydom ain.com m yorigin = m ydom ain.com ine t _ int e rf ace s = 10.25.25.25, l ocal h os t m yde s t inat ion = l ocal _ re cipie nt _ m aps = v irt ual _ al ias _ m aps = h as h :/ conf ig/ v am ap l ocal _t rans port= e rror: l ocal m ail de l iv e ry is dis abl ed unk now n_ l ocal _ re cipie nt _ re j e ct _ code = 500 unk now n_ addre s s _ re j e ct _ code = 554 unk now n_ h os t nam e _ re j e ct _ code = 554 unk now n_ cl ie nt _ re j e ct _ code = 554 bif f= no smt pd_ h e l o_ re q uire d = ye s st rict _ rf c821_ e nv el ope s = ye s dis abl e_v rf y_ com m and = ye s smt pd_ re cipie nt _ re s t rict ions = pe rm it _ m yne t w ork s re j e ct _ unaut h _ de s t inat ion

o3 m agaz ine :: page 19

I P Ne t w ork ing :: Scal abl e SM TP Ne t w ork s

re j e ct _ non_ f q dn_ h os t nam e re j e ct _ non_ f q dn_ re cipie nt re j e ct _ unaut h _ pipe l ining re j e ct _ inv al id_ h os t nam e re j e ct _ unk now n_ s e nde r_ dom ain re j e ct _ rbl _ cl ie ntz e n.s pam h aus .org re j e ct _ rbl _ cl ie ntl is t .ds bl .org re j e ct _ rh s bl _ s e nde r ds n.rf c-ignorant .org pe rm it smt pd_ dat a_ re s t rict ions = re j e ct _ unaut h _ pipe l ining, re j e ct _ m ul t i_ re cipie nt _ bounce , pe rm it re l ay_ dom ains = h as h :/ conf ig/ re l ay_ dom ains re l ay_ re cipie nt _ m aps = h as h :/ conf ig/ re l ay_ re cipie nt s t rans port _ m aps = h as h :/ conf ig/ t rans port _ m aps m yne t w ork s _ s t yl e = h os t in_ f l ow _ de l ay = 5s h e ade r_ ch e ck s = re ge xp:/ conf ig/ h e ade rch e ck .re ge x smt pd_ banne r = $ m yh os t nam e ESM TP $ m ail _ nam e s e ndm ail _ pat h =/ smt p/ us r/ s bin/ s e ndm ail ne w al ias e s _ pat h =/ smt p/ us r/ s bin/ ne w al ias e s m ail q _ pat h =/ smt p/ us e r/ s bin/ m ail q set gid_ group = t e st _ pos t drop Core Se rv e rs Th e core s e rv e r(s ) are de f ine d in t he t rans portm ap. O nl yt h e re l ay SM TP s e rv e rs w il l k now aboutt h e core s e rv e r(s ). As dis cus s e d in pre v ious is s ue s ofo3 m agaz ine , you coul d us e a priv at e V PN be t ween s e rv e rs and rout e t he t raf f ic ov e rt h at e ncrypt edl ink , ifde s ire d. T okeept h ings s im pl e you coul d us e itas m x0.m ydom ain.com , butas itw il l ne v e r ge t e m ail f rom an SM TP s e rv e r out s ide ofyour cont rol , m ak e s ure itne v e r ge t s an M X re cord f or any dom ain. Th e core s e rv e r is w h e re e xt ra prot e ct ion s uch as DSPAM , Pos t gre y and ot h e r ant i-s pam m e as ure s are pl ace d. Such m e as ure s are dis cus s e d in ot her art icl e s in t h is is s ue , s o pl e as e re f e rt ot h os e art icl es f or conf igurat ion and f urt her inf orm at ion.

Prot e ct ing t h e Core Se rv e rs Th e Core Se rv e rs coul d w rit e t o a s h are d st orage m e dium s uch as NFS or iSCSI , or if t h e de pl oym e ntis s m al l , a pop3 /im apd s ol ut ion s uch as dov e cotm ay run on t h e core s e rv er . Dov e cotcoul d run as im apd, and Apach e on anot h e r s e rv e r coul d be running a w e b m ail s ol ut ion s uch as Roundcube , al so dis cus s e d in t h is is s ue . Th e t w o s e rv e rs coul d us e a V PN l ink or a l ocal priv at e ne t w ork , t o acce s s im apd. Th e m os t im port antprot e ct ion f or t h is SM TP s ol ut ion is t o us e ipt abl e s . Th e ipt abl e s conf igurat ion ne e ds t o al l ow t h e re l ay s e rv e rs , and de ny al l ot h e rt raf f ic. I ft h e s e rv e r is be ing us e d f or out bound int e rnal m ail ,t h e n ipt abl e s ne e ds t o al l ow ne w SM TP conne ct ions f rom l ocal us e r ne t w ork s , v pn ne t w ork s , and al l ow t h e core s e rv e rt o s e nd out bound SM TP t ot h e w orl d. For Re d H at , Ce nt O S, Fe dora, t he / et c/ s ys conf ig/ ipt abl e s w oul d ne e d t he f ol l ow ing adde d: -A RH -Fire w al l -1-I NPUT -p t cp --dport25 -s 10.10.25.25 -d 10.25.25.25 -jACCEPT -A RH -Fire w al l -1-I NPUT -p t cp --dport25 -s 10.20.25.25 -d 10.25.25.25 -jACCEPT -A RH -Fire w al l -1-I NPUT -p t cp --dport25 -s 10.30.25.25 -d 10.25.25.25 -jACCEPT -A RH -Fire w al l -1-I NPUT -p t cp --dport25 -s 10.6.66.0/ 24 -d 10.25.25.25 -jACCEPT -A RH -Fire w al l -1-I NPUT -m s t at e --s t at e EST ABL I SH ED,REL ATED -jACCEPT H e re 10.25.25.25 is t he I P addre s s oft he core SM TP s e rv er , 10.10.25.25, 10.20.25.25 and 10.30.25.25 are t he I P addre s s e s oft he re l ay SM TP s e rv e rs and 10.6.66.0/ 24 is t he l ocal us e r ne t w ork . Concl us ion Buil ding s cal abl e SM TP ne t w ork s w it h Pos t f ix is notas dif f icul ta ch al l e nge as itm ay init ial l y s e e m . Us ing a com binat ion ofN+ 1 re l ay s e rv e rs , and a s m al l num be r ofh igh pow e re d core s e rv e rs f or adv ance d proce s s ing al ong w it h t e ch niq ue s t h atbe t t e r de f ine w h o s h oul d be re ce iv ing m ail , one can e as il y e nabl e a f as t , and h igh l y s cal abl e SM TP ne t w ork .

o3 m agaz ine :: page 20

M obil it y :: M obil it yEm ail

M obil it yEm ail : A M obil e O ut l ook Al t e rnat iv e
M obil it yEm ail is an O pe n Source Proj e ctf or M icros of tW indow s . M obil it yEm ail prov ide s a pow e rf ul t ool t oI T adm inis t rat ors w h o ne e d t o s upportW indow s cl ie nt s butdo notne ce s s aril y w antt o run a M icros of tExch ange /O ut l ook e nv ironm e nt . M obil it yEm ail is bas e d of fM oz il l a Th unde rbird, h as l ot s ofs e curit yf e at ure s and runs of fa USB Th um bdriv e.I nt e grat e s w it h Pos t f ix /Dov e cotnice l y. Joh n Bus w e l l (bus w e l l j @ o3m agaz ine .com ) Th e M obil it y Proj e ctov e r at ht t p:/ / w w w .m obil it ye m ail .ne tis an int e re s t ing ope n s ource proj e ctf or W indow s . Th e M obil it y Proj e ctde al s w it h Em ail on W indow s prope rl y -- no m ore O ut l ook W e b Acce s s or t rying t o inde x t h ings w it h O ut l ook ov e ra sl ow V PN conne ct ion. Th e M obil it y Proj e ct t ak e s s om e gre atproj e ct s - M oz il l a Th unde rbird, O pe nPGP , and a f e w ot h e rs t o pl ace s t h e m int o a s ingl e s ol ut ion. Th e M obil it y Em ail cl ie ntw ork s w it h pract ical l y any m ail s e rv er .I ts upport s O pe nPGP and S/ MI M E e ncrypt ion and ifyou ne e d a m ail s e rv ice , itint e grat e s s e am l essl y w it h t he M obil it yEm ail .ne ts e rv ice , w h ich runs about $ 2.08/ m ont h . Th is is an ide al s it uat ion f or cus t om e rs w h o m igh tbe m igrat ing aw ay f rom Exch ange and O ut l ook , buth av e al arge num be r ofW indow s us e rs on t h e ir ne t w ork . Exch ange h as al l s ort s ofprobl e m s re l at edt o l arge m ail boxe s and I M APD. Port abl e Th e M obil it y cl ie ntput s your e m ail cl ie nton a USB de v ice . W h il e you coul d ins t al l iton a com put er ,t h ats ortofde f e at s t h e univ e rs al l y m obil e conce ptoft h e proj e ct .I ns t al l ing t he s ol ut ion on a USB s t ick is t riv ial . Dow nl oad t h e m obil it y pack age f rom t h e ir s it e (v ia Source Forge ), t h e n unpack t h e z ip f il e int o your USB de v ice . As s im pl e as t h at . Se rv e r Side Re q uire m e nt s Th e s ol ut ion it sel fw ork s on a num be r of popul ar f re e w e b s e rv ice s , incl uding Gm ail , H ot m ail and Yah oo. I fyou w antt o run your ow n s e rv er ,t h e n you'l l ide al l y ne e d t o conf igure Pos t f ix w it h SSLs upportf or SM TP , and Dov e cotf or SSLs upportt o prov ide im apd. Us ing t h e s ys t e m w it h H ot m ail is not adv is abl e , as H ot m ail appe ars t o nots upport e ncrypt e d s e s s ions . Yah oo s upport s TL S ov e r port110 and 587 (f or out bound SM TP). Gm ail Se t t ings T o conf igure w it h Gm ail us e t he f ol l ow ing set t ings : Th e s e rv e r nam e s h oul d be pop.gm ail .com Us e r nam e is yourus e rnam e @ gm ail .com Port9 9 5 Se curit y Se t t ings : Us e SSL Se rv e r Nam e is s m t p.gm ail .com Port465 Us e r Nam e as abov e Se cure conne ct ion as abov e ie : SSL M is c Fe at ure s Th e M obil it y Em ail s ys t e m h as a coupl e of int e re s t ing f e at ure s : * RSS Re ade r * Gl obal I nbox Support * Sav e d Se arch Fol de rs * M e s s age Grouping * Junk M ail Fil t e rs * Ant i-Ph is h ing Prot e ct ion * Adv ance d Se curit y * O pe nPGP s upport * Prof il e l ock ing *I nt el l ige ntt h e m ing * W e bm ail acce s s * Cont acts ide bar H ow Doe s itW ork ? Th e M obil it y Em ail s ys t e m is v e ry s im pl e and us e s Th unde rbird as a re m ot e I M AP cl ie nt .I f you don'tw antt o prov ide a w e b m ail s ol ut ion, or ifyou w antt o m ak e s ure t h atnon t e ch nical e m pl oye e s w h o m aybe us ing W indow s , s uch as Sal e s or M ark e t ing e m pl oye e s , are us ing

o3 m agaz ine :: page 22

M obil it y :: M obil it yEm ail

a s e cure s ol ut ion t o acce s s corporat e m ail w h e n on t h e road or ath om e . Concl us ion I n al l , M obil it y Em ail prov ide s a f as t , s e cure and s im pl e e m ail s ol ut ion f or W indow s us e rs . So re pl acing e xch ange w it h a s cal abl e pos t f ix /dov e cots ol ut ion, w h il e st il l prov iding s upportf or W indow s us e rs , m ak e s M obil it yEm ail an e xce l l e ntt ool in t he I T adm inis t rat ors ars e nal .

o3 m agaz ine :: page 23

Se curit y :: Encrypt ing M ail Prot ocol s

Encrypt ing M ail Prot ocol s
Em ail prot ocol s s uch as SM TP , PO P3 and I M AP can e as il y be e ncrypt e d us ing O pe nSSL . Th e TL S (Trans portL aye r Se curit y) prot e ct edv e rs ions oft h e s e prot ocol s pre v e ntpl ain t e xtpas s w ords in t h e cas e ofPO P3 and I M AP f rom t rav e rs ing t h e ne t w ork in an une ncrypt edf orm . W it h outTL S, it w oul d be t riv ial t o int e rce ptt h e s e pl ain t e xtpas s w ords . TL S w it h SM TP al s o prov ide s SM TP AUTH . Joh n Bus w e l l (bus w e l l j @ o3m agaz ine .com ) Em ail prot ocol s s uch as SM TP , PO P3 and I M AP are of t e n une ncrypt e d. For bus ine s s e s t h is can pos e s e rious s e curit y and conf ide nt ial it y conce rns . Th is art icl e l ook s at adding e ncrypt ion capabil it ie s t o Pos t f ix (f or SM TP) and t o Dov e cot(f or I M AP and PO P3). Pos t f ix TL S Support Th e e ncrypt ion capabil it ie s f or Pos t f ix are prov ide d by O pe nSSL . Pos t f ix w it h TL S (Trans portL aye r Se curit y) e nabl e d, prov ide s t h e abil it yt o e ncryptm ail and aut h e nt icat e cl ie nt s or s e rv e rs . H ow e v er ,t h e O pe nSSL l ibrary w il l add t h ous ands ofe xt ra l ine s of code t ot h e s ol ut ion, s o t h e ch ance s of addit ional bugs be ing int roduce d int o your m ail s ys t e m is incre as e d. TL S s upportw il l al s o add s om e com pl e xit yt ot h e s e rv er conf igurat ion as w e l l . Pos t f ix us e s t he " PEM " f orm atofce rt if icat e and priv at e k e y. Th e priv at e k e y m us tnotbe e ncrypt e d. I ft h e priv at e k e y is e ncrypt e d, it w il l re q uire a pas s w ord t o acce s s it .I ft he Pos t f ix s e rv e r is a publ ic M X s e rv e r (s uch as t h e pos t f ix M X re l ay s e rv e rs re f e re nce d in sev e ral art icl e s in t h is is s ue ), t h e n itw il l re q uire e it h e r a CA-s igne d or s e l f -s igne d ce rt if icat e.I ft h e ce rt if icat e is a s e l f -s igne d ce rt if icat e,t h e s e rv e r w il l ne e d t o produce t he sel f -s igne d CA ce rt if icat e as w e l l . Do you act ual l y ne e d TL S s upport ? I n m any cas e s , t h e ans w e r w il l be ye s . Notal l publ ic SM TP s e rv e rs outt h e re s upportTL S, sot h e re is no guarant ee t h ats e nding e m ail f rom bus ine s s t o bus ine s s w il l be e ncrypt e d. Th e onl y w ay t o guarant ee t h ate m ail is e ncrypt e d is t o us e an appl icat ion s uch as GPG t o e ncryptt h e e m ail be f ore s e nding it . Th e im port ance ofTL S s upportre al l y de pe nds on w h o w il l be s e nding e m ail t h rough t h e SM TP s e rv e rs . I ft h e bus ine s s h as opt edt o us e a w e b bas e d s ol ut ion s uch as RoundCube ov e r H TTPS, t hent h e re re al l y is n'ta ne e d f or TL S. M e s s age s s e ntf rom a w e b bas e d s ol ut ion w il l l ik e l y occur on t h e s am e s e rv e r or in a priv at e dat a ce nt er . Th e re is l it t l e ch ance of t h e m e s s age s be ing int e rce pt e d be t weent he w e b m ail s e rv e r and t h e SM TP s e rv er . Th e I P addre s s oft h e w e b m ail s e rv e r is k now n, and SM TP s e nde r re s t rict ions can be us e d in t h e Pos t f ix conf igurat ion. RoundCube al re ady aut h e nt icat es t h e s e nde r us ing I M AP . On t h e ot h e r h and, ife m pl oye e s are us ing appl icat ions s uch as Th unde rbird, t h e re is an e as e ofde pl oym e ntas s ociat e d w it h s upport ing TL S. Th e e m pl oye e can s e cure l y aut h e nt icat e and s e nd e m ail us ing t he corporat e inf ras t ruct ure , re gardl e s s oft h e ir l ocat ion - h om e , h ot el , or ata cus t om e r s it e. Forcing Encrypt ion Unl e s s you w antt o dras t ical l y re duce t he capabil it y ofre ce iv ing e m ail f rom t h e out s ide w orl d, f orcing e ncrypt ion f or inbound SM TP is nota s e ns ibl e opt ion. For inbound SM TP , TL S can be of f e re d butnote nf orce d. For out bound SM TP (m e s s age s be ing re l aye d t h rough our SM TP s e rv e r), t h e n e ncrypt ion can be us e d t o aut h e nt icat e and e ncryptt he m e s s age be ing s e ntf rom a pos s ibl y ins e cure l ocat ion. Conf iguring Pos t f ix T o conf igure pos t f ix, itis ne ce s s ary t o st ore t h e PEM ce rt if icat e s and k e ys (as w e l l as t he sel f -s igne d CA ce rt if icat e ifappl icabl e ) w h e re pos t f ix can acce s s t hem.T ypical l y w it h in a

o3 m agaz ine :: page 25

Se curit y :: Encrypt ing M ail Prot ocol s

t l s /or ce rt s /dire ct ory w it h in t h e pos t f ix conf igurat ion dire ct ory is a good l ocat ion. Th e onl y m odif icat ion t ot h e conf igurat ion t h atis re q uire d is t o pos t f ixs ' m ain.cf: smt p_ t l s _ CAf il e = / conf ig/ pos t f ix/ ce rt s/ cace rt .pe m smt p_ t l s _ s e s s ion_ cach e _ dat abas e = bt re e :/ v ar/ pos t f ix/ t l s _ s e s s ion_ cach e smt p_ us e _ t l s = ye s smt pd_ t l s _ CAf il e = / conf ig/ pos t f ix/ ce rt s/ cace rt .pe m smt pd_ t l s _ ce rt _f il e = / conf ig/ pos t f ix/ ce rt s/ m x0-ce rt .pe m smt pd_ t l s _ k e y_ f il e =/ conf ig/ pos t f ix/ ce rt s/ m x0k e y.pe m smt pd_ t l s _ re ce iv e d_ h e ade r = ye s smt pd_ t l s _ s e s s ion_ cach e _ dat abas e = bt re e :/ v ar/ pos t f ix/ smt pd_ t l s _ s e s s ion_ cach e t l s _ random _ s ource = de v :/ de v / urandom smt pd_ t l s _ s e curit y_ l ev el = m ay Th is conf igurat ion s h oul d be adde d t ot he e xis t ing pos t f ix conf igurat ion. I tis adv is abl e t o ge tune ncrypt e d com m unicat ions w ork ing prope rl yf irs t . Th e conf igurat ion as s um e s t h at cace rt .pe m cont ains t h e CA ce rt if icat e , m x0ce rt .pe m is t h e s e rv e r ce rt if icat e and m x0k e y.pe m is t h e s e rv e r k e y. De pe nding on t he L inux (or M acO S X) dis t ribut ion on t he s e rv er , itis adv is abl e t o ch e ck f or t he e xis t e nce of/ de v / urandom . W h e n ge ne rat ing t h e ce rt if icat e t h e com m on nam e s h oul d m at ch t h e h os t nam e and FQDN oft h e m ail s e rv er . Pos t f ix Se curit yL ev el s Pos t f ix s upport s f iv e dif f e re nts e curit yl ev el s. Th e s e are none , m ay, e ncrypt ,v e rif y and s e cure . W h e n " none " is s pe cif ie d, t h e re is no TL S s upport . Th e " m ay" opt ion us e s opport unis t ic TL S;itw il l ut il iz e TL S, f al l back

t o ce rt if icat e -l e s s TL S and no TL S is al so s upport e d. W it h " e ncrypt " , TL S is m andat ory. Th is is NOT s om e t h ing you s h oul d e nabl e on publ ic M X s e rv e rs . " V e rif y" is a s t e p up f rom t h at , re q uiring t h att h e s e rv e r ce rt if icat e be v al id (note xpire d, notre v ok e d and s igne d by at rus t e d ce rt if icat e aut h orit y). Final l y, t he " s e cure " opt ion prov ide s an adde d l aye r of h arde ning us ing s e cure ch anne l TL S s e s s ions , w h ich are re s is t antt o DNS f orge ry. Pos t f ix Pe r Sit e Encrypt ion As ofv 2.3 Pos t f ix h as t h e capabil it yt o e ncryptcom m unicat ions on a pe r s it e bas is . Th is is v e ry us e f ul ifa bus ine s s h as acq uire d one or m ore bus ine s s e s t h atare run f rom dif f e re ntl ocat ions and w ant s t o m ak e int e rcom pany com m unicat ions s e cure . Th is m aybe a l e gal re q uire m e nts uch as t h at re q uire d f or Sox. I tm aybe a re q uire m e ntt h at com m unicat ion be t weent h e bus ine s s and a t h ird part y at t orne ys of f ice are e ncrypt e d. A bus ine s s m aybe conduct ing bus ine s s w it h a gov e rnm e ntor m il it ary cl ie nt , re q uiring al l com m unicat ions t o m e e ta m inim um l ev el of e ncrypt ion or s e curit y. Th e s e are al l good e xam pl e s as t o w h y pe r s it e e ncrypt ion m aybe re q uire d. W it h pe r s it e e ncrypt ion, publ ic M X s e rv e rs can f orce pos t f ix s e curit y l ev el s be t w e e n s pe cif ic s it e s . Pe r s it e e ncrypt ion is re l at iv el y st raigh tf orw ard and is docum e nt e d in t h e pos t f ix TL S h ow t o. SM TP Aut h e nt icat ion w it h Pos t f ix SM TP Aut h e nt icat ion is prov ide d by SASL (Sim pl e Aut h e nt icat ion and Se curit yL aye r). A s im pl e conf igurat ion f il e in t h e pos t f ix conf igurat ion dire ct ory is re q uire d. Th is is st ore d in pos t f ix/ s as l / smt pd.conf . Th e f il e ne e ds pw ch e ck _ m e t h od: s as l aut h d. I nt he pos t f ix conf igurat ion f il e t he f ol l ow ing conf igurat ion w il l e nabl e SASLaut h e nt icat ion: smt pd_ s as l _ aut h _ e nabl e = ye s smt pd_ s as l _ s e curit y_ opt ions = noanonym ous smt pd_ s as l _l ocal _ dom ain = $ m yh os t nam e smt pd_ s as l _ pat h =smt pd brok e n_ s as l _ aut h _ cl ie nt s = ye s smt pd_ re cipie nt _ re s t rict ions = pe rm it _ s as l _ aut h e nt icat e d,

o3 m agaz ine :: page 26

Se curit y :: Encrypt ing M ail Prot ocol s

pe rm it _ m yne t w ork s , ch e ck _ re l ay_ dom ains H e re you can s e e t h atadding pe rm it _ s as l _ aut h e nt icat e d (t h e ot h e r opt ions in s m t pd_ re cipie nt _ re s t rict ions are com m on de f aul t s f or re f e re nce purpos e s , and are not SASLs pe cif ic), e nabl e s SASLaut h e nt icat ed us e rs t o s e nd e m ail t h rough t h e SM TP s e rv er , re gardl e s s ofw h e t h e r or nott h e y are in t h e pe rm it t e d ne t w ork s or conf igure d as a re l ay dom ain. Th e abov e e xam pl e is f or t h e m ore com m on Cyrus SASLconf igurat ion. I fyou w antt o us e Dov e cotSASLus e t he f ol l ow ing ins t e ad of smt pd_ s as l _ pat h : smt pd_ s as l _t ype = dov e cot smt pd_ s as l _ pat h = priv at e/ aut h For dov e cot , you w il l ne e d t o conf igure t he Dov e cotaut h e nt icat ion s ock e tin t h e dov e cot conf igurat ion. I fdov e cotand pos t f ix are running in dif f e re ntch root s , you w il l ne e d t o h ard l ink t h e s ock e tw it h t he l n unix com m and and m ak e s ure t h e pos t f ix us e r is conf igure d in t h e dov e cotch roote nv ironm e nt . Th e f ol l ow ing conf igurat ion f or dov e cotis re q uire d: aut h de f aul t{ m e ch anis m s = pl ain l ogin pas s db pam {} us e rdb pas s w d {} s ock e tl is t en{ cl ie nt{ pat h = / v ar/ s pool / pos t f ix/ priv at e/ aut h m ode = 0660 us e r = pos t f ix group = pos t f ix } } } Encrypt ing I M AP and PO P3 W h il e e ncrypt ing SM TP is n'tal w ays ne ce s s ary, unl e s s a w e b m ail s ys t e m is t he onl ymet h od ofacce s s ing e m ail , e ncrypt ed I M AP and PO P3 is ne ce s s ary. I M AP and PO P3 prot ocol s s e nd t h e us e rnam e and pas s w ord ov e r une ncrypt e d ch anne l s , and in

pl ain t e xtf orm at . An e m pl oye e acce s s ing t h e ir e m ail v ia e it h e r prot ocol f rom a re m ot e l ocat ion, coul d e as il y h av e t h e ir us e rnam e and pas s w ord s t ol e n us ing v e ry t riv ial pack e t capt ure t e ch niq ue s . Th ink ofune ncrypt ed I M AP and PO P3 as TEL NET s e s s ions . M os t com panie s re q uire t h e us e ofSSH ins t e ad of TEL NET due t ot he f actt h atTEL NET s im pl y s e nds us e rnam e s and pas s w ords in pl ain t e xtov e r une ncrypt e d conne ct ions . T o e nabl e e ncrypt edI M AP and PO P3, t he prot ocol s l ine in dov e cot .confne e ds t o be m odif ie d f rom : prot ocol s = im ap pop3 T o s om e t h ing m ore s e cure : prot ocol s = im ap im aps pop3s Th e une ncrypt edI M AP prot ocol h as be e n k e ptf or s upport ing RoundCube . W h il e RoundCube s upport s e ncrypt edI M AP , it 's an unne ce s s ary l oad on t h e s e rv e rs as t h e back e nd com m unicat ion be t w e e n RoundCube and t he I M AP s e rv e r is ov e r a priv at e and s e cure l ink . I ft h atw as nott h e cas e , e ncrypt edI M AP w oul d be t h e w ay t o go. Th e onl y addit ional conf igurat ion dov e cot ne e ds is t o k now w h e re t of ind t h e SSL ce rt if icat es.I tw il l ne e d t h e SSLce rt if icat e and t h e SSLk e y f il e (again PEM ). ssl _ ce rt _f il e =/ conf ig/ ce rt s/ im ap0-ce rt .pe m ssl _ k e y_ f il e =/ conf ig/ k e ys / im ap0-k e y.pe m ssl _ dis abl e = no You coul d ifde s ire d, us e t h e s am e ce rt if icat e and k e y pair f or bot h pos t f ix and dov e cot . Dov e coth ow e v e r s upport s e ncrypt edkey f il e s . Th e pas s w ord f or t h e keyf il e m us tbe s uppl ie d w it h t h e conf igurat ion opt ion ssl _ k e y_ pas s w ord. I fa s e l f -s igne d ce rt if icat e w as us e d, t h e ssl _ ca_ f il e conf igurat ion opt ion m us tbe us e d t o pointdov e cott ot h e CA ce rt if icat e. Ge ne rat ing SSL Ce rt if icat es T o ge ne rat e an SSLce rt if icat e us ing

o3 m agaz ine :: page 27

Se curit y :: Encrypt ing M ail Prot ocol s

O pe nSSL : ope ns s l re q -node s -ne w -x509 -k e yout s e rv er .k e y -outs e rv er .cs r Us e t h e dom ain nam e f or t h e Com m on Nam e , and com pl et e t h e ot h e r q ue s t ions as appropriat e. Sign t h e ce rt if icat e re q ue s t(or s ubm itt he ce rt if icat e re q ue s tt o a CA aut h orit y). T o s ign t h e re q ue s tw it h your ow n CA: ope ns s l x509 -x509 t ore q -in s e rv er .cs r s ignk e y s e rv er .k e y -outt m p.pe m ope ns s l ca -pol icy pol icy_ anyt h ing -out s e rv er .crt-inf il es t m p.pe m rm t m p.pe m I fyou do noth av e your ow n CA, you can ge ne rat e one w it h : ope ns s l re q -ne w -x509 -k e youtcak e y.k e y outcace rt .crt You can ge tFREE s igne d ce rt if icat e s igning f rom CAce rt .T o ge ne rat e a ce rt if icat e re q ue s tf or us e w it h CAce rtus e : ope ns s l re q -node s -ne w -k e youts e rv er .k e y outs e rv er .cs r Copy t h e cont e nt s ofs e rv er .cs r int ot he ce rt if icat e re q ue s tf orm on t h e CAce rt w e bs it e. Concl us ion Adding e ncrypt ion s upportf or I M AP and PO P3 is a s ure re q uire m e ntofany m ail s ys t em,wh et h e r it 's corporat e or not . Support f or SM TP is opt ional , buta re q uire m e ntf or organiz at ions w it h us e rs w h o us e appl icat ion bas e d m ail cl ie nt s s uch as Th unde rbird, and w h o ne e d t o s e nd e m ail f rom l e s s s e cure l ocat ions s uch as h ot el s , h ot s pot s , re s ide nt ial l ocat ions and cus t om e r s it es.T o e xt e nd t he s cal abl e m ail arch it e ct ure dis cus s e d in anot h e r art icl e in t h is is s ue , itw oul d be an ide al s it uat ion t o de pl oy out bound SM TP s e rv e rs t h atare s e parat e f rom inbound SM TP s e rv e rs , butnotm andat ory. o3 m agaz ine :: page 28

Dat abas e and St orage :: DSPAM

Us ing DSPAM t o re duce s t orage us age
DSPAM is a pow e rf ul e nt e rpris e grade ant i-s pam s ol ut ion. DSPAM prov ide s a cont e nt -bas e d f il t e ring s ys t e m , w it h an e as y t o us e and appl iance -l ik e w e b bas e d us e r int e rf ace . DSPAM is v e ry f l e xibl e and can ins e rt e d pract ical l y anyw h e re in an e xis t ing m ail s e rv e rs e t up. Th is art icl e l ook s at ins e rt ing DSPAM int ot h e Scal abl e SM TP Ne t w ork s ol ut ion dis cus s e d e arl ie r in t h is is s ue . Joh n Bus w e l l (bus w e l l j @ o3m agaz ine .com ) Th is s t orage art icl e is going t ot ak e a s om e w h atuniq ue approach . Th e art icl e coul d h av e dis cus s e d s om e t h ing t riv ial s uch as h ow t o st ore m ail on iSCSI or opt im iz e NFS f or m ail st orage , t opics w e w il l cov e r in l at er is s ue s . I ns t e ad, t h is art icl e l ook s ats av ing st orage s pace com pany-w ide by e l im inat ing dat at h ats h oul d ne v e r e nd up in t he corporat e inbox -- SPAM . W h ich Sol ut ion Th e re are a num be r ofope n s ource ant is pam and ant i-v irus s ol ut ions outt h e re . Spam As s as s in and ASSP (as s p.s ource f orge .ne t ) are t wot h atcom e t o m ind. DSPAM (ds pam .nucl e are l e ph ant .com ) w as s e l e ct e d be caus e itproduce d t h e be s t re s ul t s in t e st ing. DSPAM s cal e s be t t er , al t h ough ASSP is pot e nt ial l y anot h e r good candidat e. W h atis DSPAM DSPAM is a s cal abl e ope n s ource cont e nt bas e d s pam f il t er . DSPAM is de s igne d f or m ul t i-us e r e nt e rpris e e nv ironm e nt s , w h ich is t h e re as on itw as s e l e ct e d. According t ot he DSPAM Proj e ctw e bs it e , DSPAM h as be e n de pl oye d in m any com m e rcial s ol ut ions and t he l arge s tde pl oym e ntis approxim at el y 350,000 m ail boxe s . Th e DSPAM t e am is k now n f or t h ink ing out s ide t h e box, producing ne w al gorit h m s and t e ch niq ue s f or f igh t ing s pam . Th e re is a s t rong f ocus on l arge -s cal e de pl oym e nt s , s o pe rf orm ance and s cal abil it y are f act ors w h ich are cl os e l y m onit ore d by t he t e am . DSPAM is one oft h e be s t , ifnot t h e be s t , ant i-s pam s ol ut ion outt h e re . W h e re doe s DSPAM f it L et 's q uick l y re cap our Ent e rpris e grade de pl oym e ntdis cus s e d e arl ie r in t h is is s ue . M ul t ipl e SM TP re l ay s e rv e rs are de pl oye d at dif f e re ntdat a ce nt e rl ocat ions gl obal l y. Th e y coul d be in t h e s am e dat a ce nt er , butf or t h is de pl oym e ntt h e y are gl obal l y dis t ribut edt o prov ide a de gre e ofre dundancy. Th e s e SM TP re l ay s e rv e rs are t h e s e rv e rs s pe cif ie d by t h e M X re cords f or t h e dom ain(s ) t h att hey are h andl ing m ail f or . Th e M X re cords al l h av e t h e s am e pre f e re nce num be r . Th e SM TP re l ay s e rv e rs us e re l ay re cipie nt , re l ay dom ains and re l ay t rans portcapabil it ie s in Pos t f ix t o de t e rm ine ift h e re cipie ntis v al id. Th e SM TP re l ay s e rv e rs do m inim al ant is pam ch e ck s s uch as h e ade r ch e ck s , and m ak e us e ofpubl ic Re al -Tim e Bl ack h ol e l is t s. Anyt h ing t h atpas s e s is s e nton t o a ce nt ral s e rv e r(s ) w h e re m ail is de l iv e re d. Th e re are a num be r ofpl ace s one coul d pl ace DSPAM . I tdoe s notm ak e m uch s e ns e t o pl ace DSPAM on t h e re l ay s e rv e rs or in f rontoft h e re l ay s e rv e rs . Th e re l ay s e rv e rs w il l f il t e r outa f air am ountofunw ant e d m ail . Pl acing DSPAM in f rontoft h e re l ay s e rv e rs coul d re s ul tin unne ce s s ary proce s s ing, s uch as j unk s e ntt o non-e xis t e ntaddre s s e s , f rom RBLl is t e d s ource addre s s e s and bas ic poorl y craf t e d s pam . H ow e v er , DSPAM l e arns as itproce s s e s m ail , s o DSPAM ne e ds t o be in a l ocat ion w h e re itw il l proce s s al l of w h att h e re l ay s e rv e rs cons ide r good m ail . DSPAM coul d be int e grat e d w it h t h e M TA (Pos t f ix) on t h e ce nt ral (core ) m ail s e rv e rs . H ow e v e rt h e goal is f or t h is s ol ut ion t o be as f l e xibl e and s cal abl e as pos s ibl e . DSPAM h as a w e b bas e d us e r int e rf ace , s o t rying t o int e grat e t h at , s pe cial l y w it h in a ch rootbas e d e nv ironm e ntw il l m ak e t h ings unne ce s s aril y com pl e x.

o3 m agaz ine :: page 30

Dat abas e and St orage :: DSPAM

DSPAM s upport s a st and al one dae m on m ode , w h e re itcan actas an SM TP re l ay. Th is art icl e re com m e nds t h atDSPAM be pl ace d be t weent h e SM TP re l ay s e rv e rs and t h e SM TP core s e rv e rs . Th e re l ay s e rv e rs are conf igure d w it h t h e re l ay t rans portopt ion in Pos t f ix. Each dom ain is m appe d as m ydom ain.com re l ay:[s m t p.core .s e rv er .m ydom ain.com ]. I ns t e ad oft h e re l ay s e rv e rs pas s ing dire ct l y t ot h e core s e rv e rs , t h e y w il l pas s t o DSPAM ins t e ad. Th e re l ay t rans porton e ach oft he SM TP re l ay s e rv e rs w il l be m odif ie d t o us e re l ay:[ds pam .core .s e rv er .m ydom ain.com ] ins t e ad. DSPAM w il l t h e n re l ay t h e m ail on t o smt p.core .s e rv er .m ydom ain.com . Th e re are a coupl e ofadv ant age s t ot h is approach . DSPAM can be e nabl e d on a pe r dom ain bas is f or t e st ing, m ak ing conf igurat ion probl ems,l e s s cat as t roph ic. St andard SM TP l oad bal ancing, w h e t h e r it s com m e rcial or w it h an ope n s ource proj e ct s uch as Nginx can be us e d t o dis t ribut e l oad acros s m ul t ipl e DSPAM boxe s . Sim pl y m ak e ds pam .core .s e rv er .m ydom ain.com re s ol v e t o aV irt ual Se rv e rI P addre s s . Sav ing St orage Space Th e ov e ral l s ol ut ion w il l dras t ical l y re duce t he cos tofh av ing t o de al w it h s pam . Notonl y are t h e re cos ts av ings be ne f it s in t e rm s of st orage , bute m pl oye e s no l onge r h av e t o ide nt if y and de l et e s pam . Th e re is a l ong t e rm accum ul at iv e ef f e ctofs av ing ne t w ork bandw idt h , ne t w ork s t orage and w ork s t at ion st orage ov e rt im e . I nt e grat ing DSPAM w it h an ant i-v irus s ol ut ion s uch as Cl am AV , m e ans t h atf urt h e rs t orage s av ings can be m ade by e nf orcing at t ach m e ntpol icie s (s uch as no e xe cut abl e s ) and re ducing t h e ris k ofa v irus out bre ak , s h oul d you h av e v irus s us ce pt ibl e ope rat ing s ys t e m s s uch as W indow s on your ne t w ork . Sol ut ion O v e rv ie w Th e s ol ut ion t h is art icl e w il l l ook atinv ol v es DSPAM , M ySQL ,L igh t t pd and Cl am AV . L igh t t pd is us e d t o prov ide acce s s t ot he DSPAM w e b int e rf ace , w h il e Cl am AVis prov iding t h e ant i-v irus . M ySQLis t h e st orage

met h od t h atis be ing us e d w it h DSPAM . DSPAM s upport s pos t gre s q l , buil t -in h as h s ys t e m , and SQL it e as w e l l . Th e h as h driv er is f as t , butitus e s a l otofm e m ory t o m m ap() us e rs . Us ing M ySQLis f as tand v e ry s cal abl e.I tw ork s f or s m al l and l arge s cal e de pl oym e nt s. W h il e t h e s ol ut ion f or t h is art icl e w as buil t f rom s ource , t h e re is no re as on w h y you coul d notus e t h e buil t -in pack age s t h atcom e w it h your f av orit e L inux dis t ribut ion. Th e com m ands prov ide d in t h is art icl e t o buil d f rom s ource , s h oul d w ork w it h any L inux dis t ribut ion, and w it h M acO S X and Fre e BSD as w e l l .I n is s ue 6 ofo3 m agaz ine , t h e re w as a dis cus s ion aboutbuil ding appl iance s t yl e st ack s w it h L inux From Scrat ch . Th is art icl e us e s t h e s am e f ram e w ork dis cus s e d in t h at art icl e.I fyou are int e re s t e d, you s h oul d re f er t ot h atart icl e f or de t ail s on h ow t h e st ack is buil t . Buil ding t h e s ource code Th is art icl e us e s DSPAM 3.8.0, L igh t t pd 1.4.17, M ySQL5.0.45 and Cl am AV0.9 1.2. Th is art icl e al s o us e s O pe nSSLand PCRE. Re f e rt o is s ue 6 ifyou ne e d t ol e arn h ow t o buil dt h ese f rom s ource . I n m os tcas e s O pe nSSLis al re ady in / us r/ l ib. M ySQLis buil t f irs t , be caus e itis ne e de d by DSPAM . O t her t h an t h at ,t h e orde r in w h ich t h e s ource is com pil e d doe s notm at t er . M ySQL groupadd -g 6500 m ys q l us e radd -u 6500 -g 65500 -d / st ack / m ys q l -s / bin/ f al s e m ys q l ./ conf igure --pre f ix=/ st ack / m ys q l --w it hm ys q l d-us e r=m ys q l --w it h -unix-s ock e t pat h =/ t m p/ as _ m ys q l .s ock --e nabl e -as s e m bl er \ --w it h -ope ns s l =/ com m on/ ssl _ core --w it hope ns s l -incl ude s =/ com m on/ ssl _ core / incl ude -w it h -ope ns s l -l ibs =/ com m on/ ssl _ core / l ib \ --e nabl e -t h re ad-s af e -cl ie nt--e nabl e -s h are d -w it h -gnu-l d --w it h -pic \ --w it h -arch iv e -s t orage -e ngine --w it h -cs v st orage -e ngine --w it h -bl ack h ol e -s t orage e ngine \ --w it h -f e de rat e d-s t orage -e ngine

o3 m agaz ine :: page 31

Dat abas e and St orage :: DSPAM

m ak e & & m ak e ins t al l Cl am AV e ch o " cl am av :x:6530:6530::/ st ack / cl am av :/ bin/ f al se" >> / et c/ pas s w d e ch o " cl am av :x:6530" >> / et c/ group ./ conf igure --pre f ix=/ st ack / cl am av --e nabl es h are d --dis abl e -s t at ic --w it h -gnu-l d --w it h -pic --w it h -dbdir=/ st ack / cl am av db m ak e & & m ak e ins t al l Not e:I fyou t ar up t h e Cl am AVdis t ribut ion f or t rans f e rt o an appl iance , m ak e s ure t h atyou do notcom pre s s t he t ar . Bot h gz ip and bz ip2 h ad probl e m s uncom pre s s ing t h e cl am av db dire ct ory. Coul d be a bug w it h bz ip2 and gz ip, m ore t h an l ik e l y a ch aract e r s e q ue nce in t h e Cl am AVdat af il e t h ough . DSPAM ./ conf igure --pre f ix=/ st ack / ds pam --e nabl es h are d --dis abl e -s t at ic --e nabl e -dae m on -e nabl e -cl am av --e nabl e -s ys l og \ --e nabl e -l arge -s cal e --e nabl e -v irt ual -us e rs -w it h -gnu-l d --w it h -pic --w it h -ds pam h om e =/ st ack / ds pam -h om e \ --w it h -s t orage -driv e r=m ys q l _ drv ,h as h _ drv -w it h -m ys q l incl ude s =/ st ack / m ys q l / incl ude / m ys q l \ --w it h -m ys q l -l ibrarie s =/ st ack / m ys q l / l ib/ m ys q l m ak e & & m ak e ins t al l Not e : DSPAM re q uire s a ds pam us e r and group, butt h os e are conf igurabl e. L igh t t pd ./ conf igure --pre f ix=/ st ack / l igh t t pd --e nabl es h are d --dis abl e -s t at ic --w it h -gnu-l d --w it h -pic --w it h -ope ns s l =/ com m on/ ssl _ core \ --w it h -ope ns s l incl ude s =/ com m on/ ssl _ core / incl ude /--w it hpcre m ak e & & m ak e ins t al l Conf iguring Cl am AV Cl am AVis v e ry e as y t o conf igure w it h it s cl am d.confconf igurat ion f il e st ore d unde r

et c/ . Th e l ocat ion oft he et c/dire ct ory w il l de pe nd on t h e pre f ix us e d w h e n Cl am AVw as com pil e d. Th e re are m any conf igurat ion opt ions t h atde t e rm ine h ow Cl am AVh andl es at t ach m e nt s . Th e s e can be conf igure d t o s uit t h e ne e ds ofyour de pl oym e nt . Th e onl y im port antconf igurat ion ch ange s are t o com m e ntoutL ocal Sock e tand add t h e TCP set t ings . Th e TCP s e t t ings are TCPSock e t XXXX, w h e re XXXX is t h e portnum be r . Th e de f aul tportus e d f or Cl am AVis 3310. Th e ot h e r TCP s e t t ing is TCPAddr . By de f aul t Cl am AVbinds t oI NADDR_ ANY, w h ich is al l t he I P int e rf ace s . Th is is a bad ide a. Since t h is s ol ut ion us e s Cl am AVint e rnal l y on t he s am e s ys t e m as DSPAM , us e t he l oopback addre s s . #L ocal Sock e t/ t m p/ cl am av .s ock TCPSock e t3310 TCPAddr 127.0.0.1 St artCl am AVw it h cl am d -c / pat h/ t o/ et c/ cl am d.conf . Conf iguring L igh t t pd As t h is m agaz ine h as cov e re d l igh t t pd on m any occas ions , t h e conf igurat ion is going t o f ocus on t h e pie ce s ne ce s s ary t o int e grat e DSPAM . Th e DSPAM W e bUI is pe rl bas e d and us e s CGI .I tal s o re q uire s GD and s om e graph ing m odul es f rom CPAN. I ns t al l ing t h os e w il l be cov e re d l at e r in t h e art icl e . Th e conf igurat ion e xam pl e f il e f or l igh t t pd is st ore d in doc/ l igh t t pd.confin t h e s ource code dis t ribut ion ofl igh t t pd. Th e f irs ts t e p is t o e nabl e t h e m od_ aut h, m od_ s e t e nv and m od_ cgi m odul e s in t he conf igurat ion. Th e ... are notpartoft he conf igurat ion, butre pre s e ntt h e ch unk of m odul es t h atw e re notl is t e d be l ow . s e rv er .m odul es # =( " m od_ re w rit e" , ... " m od_ aut h" , " m od_ s e t e nv " , " m od_ f as t cgi" , ...

o3 m agaz ine :: page 32

Dat abas e and St orage :: DSPAM

" m od_ cgi" , ... " m od_ acce s s l og" ) Th e f ol l ow ing s e gm e nte nabl es t h e pe rl bas e d CGI . al ias .url = (" / cgi-bin/ " => " / st ack / l igh t t pd/ cgibin/ ") cgi.as s ign = ( " .pl " => " / us r/ bin/ pe rl " , " .cgi" => " / us r/ bin/ pe rl ") ) Th e re are s om e ot h e rs e t t ings you m ay w ant t o conf igure s uch as SSL/TL S. L igh t t pd w as cov e re d in-de pt h in I s s ue 1 ofo3 m agaz ine . M os toft h e conf igurat ion opt ions l is t ed in t h atart icl e are s t il l v al id, incl uding t he v irt ual h os ts e t up. Th e aut h e nt icat ion conf igurat ion f or L igh t t pd is dis cus s e d l at e r in t h is art icl e. Se t t ing up M ySQL Dat abas e s DSPAM com e s w it h a num be r ofSQLs cript s f or s e t t ing up M ySQL . Th e s e are s t ore d in s rc/ t ool s .m ys q l _ drv / . Th e re are t wo m ys q l _ obj e ct s -xxx.s q l f il e s . O ne is opt im iz e d f or s pe e d and one is opt im iz e d f or s pace . You can us e e it h e r one , de pe nding on t he pe rf orm ance re q uire m e nt s ofyour de pl oym e nt . As t h e s ol ut ion us e s v irt ual us e rs (t h e re are no UNI X us e r account s on any oft h e s ys t e m s ), t he v irt ual _ us e rs .s q l s criptw il l al s o ne e d t o be run. root :/ # m ys q l m ys q l > cre at e dat abas e ds pam db; Que ry O K , 1 row af f e ct e d (0.02 s e c) m ys q l > GRANT AL LPRI V I L EGES O N ds pam db.* TO 'ds pam us e r'@ 'l ocal h os t ' I DENTI FI ED BY 'pas s w ord'; Que ry O K , 1 row af f e ct e d (0.01 s e c) m ys q l > e xit m ys q l </ t m p/ m ys q l _ obj e ct s -s pe e d.s q l m ys q l </ t m p/ v irt ual -us e rs -al ias .s q l

Conf iguring DSPAM Th e conf igurat ion f il e f or DSPAM is s t ore d in et c/ ds pam .conf . Th e f il e is re l at iv el y st raigh t f orw ard, t h e s ource buil d w il l pl ace a s am pl e conf igurat ion f il e in t h e re f or you. Th e e nt e rpris e f ocus ofDSPAM be com e s pre t t y cl e ar w h e n you e xam ine t h e conf igurat ion f il e . For e xam pl e , DSPAM s upport s dif f e re nt M ySQLs e rv e rs e t t ings f or re ad and w rit e ope rat ions . Th is m ak e s itv e ry s im pl e t oset up M ySQLre pl icat ion w it h a s ingl e w rit e -m as t er . Som e t h ing t h atl arge de pl oym e nt s w oul d m ore t h an l ik e l y re q uire . Th e conf igurat ion be l ow w il l conf igure DSPAM as an SM TP re l ay. Th e e xis t ing SM TP re l ays w il l s e nd m ail t o DSPAM w h ich w il l proce s s it , and f orw ard itt ot h e ce nt ral SM TP s e rv er . Es s e nt ial l y, t h e DSPAM s e rv er h as be e n ins e rt e d be t weent he t w o in t he original set up. Th e conf igurat ion w oul d rough l y be t h e s am e ifone w as ins e rt ing a cl us t e r ofDSPAM s e rv e rs , al t h ough itm igh t be adv is abl e t o run m ul t ipl e M ySQLs e rv e rs in a cl us t er , de pe nding on h ow m uch m ail you pl an on proce s s ing. M os toft h e conf igurat ion be l ow is t h e de f aul t . Th e k e y pie ce s t o m ak e t h e s ol ut ion w ork are t h e De l iv e ryH os t , De l iv e ryPort , De l iv e ryProt o, w h ich are us e d t o s pe cif yt he ce nt ral (core ) SM TP s e rv e r(s ) w h e re t h e m ail is ul t im at el y de l iv e re d. Th e Se rv e rPortis us e d t o s pe cif yt h e portDSPAM w il l l is t e n on. Unf ort unat el y, DSPAM doe s n'tappe ar t o al l ow you t o s pe cif y w h ich I P addre s s t o bind t o. Th e s e t up us e d f or t h is art icl e as s um e s t h atDSPAM is t h e onl yt h ing t h atw il l us e port25 on t h e s ys t e m (e g. de dicat e d DSPAM box). I ft h at 's nott h e cas e , you w il l ne e d t o pat ch DSPAM t o bind t ot he I Pt h atyou w ant itt o bind t o. Th e code you w oul d w antt o ch ange is in s rc/ dae m on.c (t he l ocal _ addr .s in_ addr .s _ addr = I NADDR_ ANY; ne e ds t o be ch ange d t o bind t oa conf igurat ion param e t e r ifite xis t s ). T o e nabl e Cl am AV , s im pl y uncom m e ntt he Cl am AVl ine s in t h e conf igurat ion be l ow . T o run Cl am AVon a de dicat e d s ys t e m , s im pl y ch ange t h e Cl am AV H os tf rom 127.0.0.1 t ot he

o3 m agaz ine :: page 33

Dat abas e and St orage :: DSPAM

I P addre s s oft h e Cl am AVs e rv er , or ift he s ys t e m is l oad bal ance d, t he v irt ual s e rv e rI P oft h e cl us t er . H om e / st ack / ds pam -h om e St orage Driv er / st ack / s n_ ds pam / l ib/ l ibm ys q l _ drv .s o De l iv e ryH os t19 2.168.9 9 .25 De l iv e ryPort25 De l iv e ryI de ntds pam -s e rv er De l iv e ryProt o SM TP O nF ail e rror Trus troot TrainingM ode t ef t T e st Condit ional Training on Fe at ure w h it el is t Al gorit h m grah am burt on Tok e niz e r ch ain PV al ue bcr W e bSt at s on I m probabil it yDriv e on Pre f e re nce " s pam Act ion=q uarant ine " Pre f e re nce " s ignat ure L ocat ion=m e s s age " # 'm e s s age ' or 'h e ade rs ' Pre f e re nce " s h ow F act ors =on" Al l ow O v e rride t rainingM ode Al l ow O v e rride s pam Act ion s pam Subj e ct Al l ow O v e rride s t at is t ical Se dat ion Al l ow O v e rride e nabl e BNR Al l ow O v e rride e nabl e W h it el is t Al l ow O v e rride s ignat ure L ocat ion Al l ow O v e rride s h ow F act ors Al l ow O v e rride opt I n opt O ut Al l ow O v e rride w h it el is t Th re s h ol d M ySQL Se rv er 127.0.0.1 M ySQL Port 3306 M ySQL Us e r ds pam us e r M ySQL Pas s pas s w ord M ySQL Db ds pam db M ySQL Com pre s s t rue M ySQL Conne ct ionCach e 10 M ySQL V irt ual T abl e ds pam _ v irt ual _ uids M ySQL V irt ual UI DFie l d uid M ySQL V irt ual Us e rnam e Fie l d us e rnam e Not if icat ions of f Purge Signat ure s 14 # St al e s ignat ure s Purge Ne ut ral 9 0 # Tok e ns w it h ne ut ral is h probabil it ie s Purge Unus e d 9 0 # Unus e d t ok e ns Purge H apaxe s 30 # Tok e ns w it h l ess t h an 5 h it s (h apaxe s )

Purge H it s 1S 15 # Tok e ns w it h onl y1 s pam h it Purge H it s 1I 15 # Tok e ns w it h onl y1 innoce nth it L ocal M X 19 2.168.9 9 .25 Sys t emL og on Us e rL og on O ptout #Cl am AV Port 3310 #Cl am AV H os t 127.0.0.1 #Cl am AV Re s pons e re j e ct Se rv e rPort 25 Se rv e rQue ue Siz e 32 Se rv e rPI D / v ar/ run/ ds pam .pid Se rv e rM ode ds pam Proce s s orURL Cont e xton Proce s s orBias on Pars e ToH e ade rs on Ch ange M ode O nPars e on Ch ange Us e rO nPars e f ul l W e bUI I ns t al l ing t h e W e bUI is re l at iv el y s im pl e . Th e s ource dire ct ory cont ains a w e bui/dire ct ory. Copy t h e cgi-bin and h t docs t ot h e de s ire d l ocat ion f or l igh t t pd, t h e n de l et e M ak e f il e* and *.in f rom t h e cgi-bin and h t docs dire ct orie s . You don'tne e d t h os e f il es,t hey are s ource f il e s us e d in buil ding t h e code . Th e W e bUI us e s t h e REM OTE_ USER v ariabl e , s o itis ne ce s s ary t o conf igure s om e f orm ofaut h e nt icat ion. I fyou f ol l ow e d our pre v ious art icl e s in t h is is s ue , t h e n you'v e us e d t h e re l ay re cipie ntl is t . You can us e t he s am e s criptf il e s and s am e s ource l is tt o ge ne rat e t h e aut h e nt icat ion s e t up. Sim pl y pointyour brow s e r att h e W e bUI and l ogin. Th e W e bUI giv e s pe r us e r s t at is t ics on h ow DSPAM is doing. Th e re are s ix t abs in t he W e bUI - pe rf orm ance , pre f e re nce s , al e rt s, q uarant ine , anal ys is , and h is t ory. Th e pe rf orm ance t ab giv e s you a de t ail edv ie w on h ow w e l l DSPAM is doing. St at is t ics s uch as h ow m uch s pam w as caugh t , s canne d, l e arne d, f al s e pos it iv e s and t h e SPAM rat io. I t giv e s a nice s e tofpe rce nt age rat e s as w e l l . Th e pre f e re nce s t ab al l ow s e ach us e r t o cont rol t he l ev el oft raining t h atis done , and h ow DSPAM s h oul d de al w it h SPAM w h il e

o3 m agaz ine :: page 34

Dat abas e and St orage :: DSPAM

t raining. I tal s o al l ow s t h e us e r t o e nabl e f e at ure s s uch as aut om at ic w h it e l is t ing. Th e al e rt s t ab prov ide s you w it h not if icat ions . Th e q uarant ine t ab giv es al is tofe m ail t h at DSPAM s us pe ct s is bad, al ong w it h a pe rce nt age rat ing. From h e re , t h e us e r can pick e m ail and e it h e r de l et e or de l iv e r it . Th e anal ys is t ab giv e s you s om e nice f ancy graph s (as s um ing you ins t al l e d GD and t he GD pe rl m odul es f rom CPAN). I fnot , you w il l ne e d t o obt ain t h e GD graph ics l ibrary (h t t p:/ / w w w .bout el l .com / gd/ ), and itw il l l ik e l y ne e d l ibj pe g and l ibpng as w e l l as t h e CPAN pe rl m odul e s - GD, GD-Graph 3D, GDGraph , GDT e xt Ut il , and CGI . Th e s e can be ins t al l ed w it h com m ands s uch as : pe rl -M CPAN -e 'ins t al l GD::Graph 3d' M ak e s ure t h atl ibgd is ins t al l edf irs tt h ough ! I fyou l og int ot h e W e bUI as t h e adm inis t rat or , t h e n you ge tSys t e m St at us , Us e r St at is t ics , Adm inis t rat ion and t h e Cont rol Ce nt er . Th e DSPAM W e bUI h as a nice appl iance l ik e f eel t o it . M os toft h e conf igurat ion you w oul dev er ne e d t o do, or any oft h e st at is t ics you w oul d ne e d are acce s s ibl e t h rough it . Be l ow is an e xam pl e ofconf iguring aut h e nt icat ion f or l igh t t pd. T o conf igure bas ic aut h e nt icat ion in l igh t t pd, a coupl e ofconf igurat ion opt ions are adde d t ot he l igh t t pd.conf . Be l ow w e s e tt he aut h .de bug v al ue t o prov ide d de t ail e d de bug inf orm at ion f or t h e aut h m odul e,t h is is us e f ul during s e t up and t e st ing. Th e back e nd re pre s e nt s t he t ype ofaut h e nt icat ion, h e re t h ings are k e pts im pl e w it h pl ain. L DAP and ht pas s w d are t w o ofm any dif f e re ntopt ions . Th e l ocat ion f or t h e pas s w ord f il e is al so prov ide d. aut h .de bug = 2 aut h .back e nd = " pl ain" aut h .back e nd.pl ain.us e rf il e = " / st ack / l igh t t pd/ .pas s db/ .pl ainpas s " Ne xt , cre at e t h e pas s w ord f il e: us e rnam e :m ypl aint e xt pas s w ord

Final l y, conf igure l igh t t pd.conft o pas s w ord prot e ctt h e cgi-bin dire ct ory. aut h .re q uire = ( " / cgi-bin/ " => (" met h od" => " bas ic" , " re al m " => " Pas s w ord Prot e ct e d" , " re q uire " => " v al id-us e r" ) ) Th e pl ain t e xtpas s w ords are nota good ide a. Good f or t e st ing t h ough . A be t t e r opt ion is t o us e h t dige s t . Th e h t dige s tt ool w il l cre at e e nt rie s in t h e pas s w ord f il e f or you. T o us e h t dige s tins t e ad ofpl ain, ch ange t he back e nd t ype f rom " pl ain" t o" ht dige s t " , ch ange aut h .back e nd.pl ain.us e rf il e t o aut h .back e nd.h t dige s t .us e rf il e and m odif yt he met h od opt ion f rom " bas ic" t o" dige s t " . L DAP W h il e ith as n'tbe e n m e nt ione d h e re , al l of t he el e m e nt s us e d in t h e Em ail s ol ut ions acros s t h is is s ue ofo3 m agaz ine al l s upport L DAP .I ns t e ad ofus ing s cript s t o ge ne rat e your us e r l is t , w h ich is f ine f or a s m al l com pany, butift h e organiz at ion h as t h ous ands ofus e rs , itbe com e s a l it t l e s il l yt o t ry t o adm inis t e r us e rs t h atw ay. Ev e ryt h ing f rom Pos t f ix t o Dov e cott o DSPAM , can us e L DAP . Sim pl y conf igure O pe nL DAP , cre at e your s ch e m a and popul at e itw it h your us e r dat a. You can e v e n m igrat e t h e us e r dat a f rom a s cript(s uch as t h e one us e d t o cre at e t h e re l ay re cipie ntl is t )t o popul at e t he L DAP dat abas e . I ft h e s ys t e m s are ge ograph ical l y dis t ribut e d, L DAP can q ue ry ov e r a back h aul l ink s uch as O pe nV PN, or L DAP can be conf igure d in a dis t ribut e d m anne r . M ul t ipl e Dom ains , O ne Us e r I fyou us e d t h e re l ay re cipie nts t yl e s cript(t h is k e e ps a m as t e rl is tofus e rnam e s , a m as t er l is tofdom ains and com bine s t he t w o) t o ge ne rat e your us e r l is t ,t h e n you w il l w antt o f ine t une h ow DSPAM de al s w it h v irt ual us e rs . By de f aul t , ifyou h av e bob@ dom ain1.com , bob@ dom ain2.com and bob@ dom ain3.com , w h il e bob m igh tbe j us t one guy, h e w il l h av e t h re e account s on

o3 m agaz ine :: page 35

Dat abas e and St orage :: DSPAM

DSPAM . Th is is notide al , e s pe cial l y s ince m any bus ine s s e s prot e ctt h e ir t rade m ark s w it h m ul t ipl e dom ains , and of t e n h av e dom ains f or dif f e re ntbrands or proj e ct s . Th e re as on f or t h is is t h atf or DSPAM one e m ail addre s s is one account .T of ix t h is , DSPAM ne e ds t o be t ol dt h atbob@ w h at ev e r is t he s am e guy, s o onl y us e one account . Th e re are a coupl e ofadv ant age s , as ide f rom s av ing bob f rom h av ing t o m aint ain m ul t ipl e account s . DSPAM w il l l e arn be t t e r be caus e al l oft h e m ail bob re ce iv e s w il l be us e d f or t raining. So ifbob ge t s a s pam @ dom ain1.com , and t henaf ew week s l at er @ dom ain2.com , w it h a s ingl e account ,t he s e cond s pam w il l be e as il y caugh t .I tal so prov ide s t h e us e r w it h be t t e rs t at is t ics and s o on. I tal s o doe s n'tincre as e t h e adm inis t rat ion l oad ofus e rs t im e s dom ains . So t o do t h is , s im pl y cre at e an e nt ry in t he ds pam _ v irt ual _ uids t abl e , m apping e ach of bobs e m ail addre s s e s t ot h e s am e uid. I fyou ne e d t o do t h is , you w il l ne e d t o us e t he v irt ual _ us e r_ al ias e s .s q l f il e and NOT t he v irt ual _ us e rs .s q l f il e , w h e n you ge ne rat e t he dat abas e . Th e re as on f or t h is is t h att he v irt ual _ us e rs .s q l f il e us e s t h e UI D as a uniq ue prim ary k e y, s o you w oul d notbe abl e t o cre at e dupl icat e UI D e nt rie s . Us e t h e de s cribe ds pam _ v irt ual _ uids ; com m and in t h e m ys q l int e ract iv e cons ol e,t o ch e ck t h att h e uid f ie l d is notm ark e d as a PRI M ARY K EY (Ke y = PRI ), and t h e Ext ra f ie l d doe s noth av e aut o_ incre m e ntf or uid. I f itdoe s , you us e d t h e w rong SQLf il e t o ge ne rat e t he t abl e.T o ins e rte nt rie s us e : I NSERT I NTO ds pam _ v irt ual _ uids V AL UES (uid='1', us e rnam e =" bob@ dom ain.com " ); As you can s e e , t h is is j us ts im pl e t e xt . You coul d e as il y w rit e a s im pl e s criptt o ge ne rat e t h is SQLl ine f rom your re cipie ntl is t , and out putitt o a us e rs .s q l f il e . Th e n s im pl y im portitw it h m ys q l dat abas e _ nam e < us e rs .s q l .

Te s t ing T ot e s tDSPAM , w it h outh av ing t o go l iv e. Sim pl yt el ne tt o port25 on t h e DSPAM s e rv er .I t 's re gul ar SM TP , s o us e : H EL O m xt e st .dom ain.com 250 ds pam .dom ain.com M AI LFRO M : <e xt e rnal @ ot h e rdom ain.com > 250 2.1.0 O K RCPT TO : <m e @ dom ain.com > 250 2.1.0 O K DAT A Subj e ct : Spam t e st Th is is a t e st . Th e n s im pl y ch e ck your inbox (pe rh aps w it h RoundCube ), and you s h oul dsee t h e m ail w it h X-DSPAM h e ade rs in it . Going L iv e T o go l iv e w it h t h e s ol ut ion, m odif yt he re l ay_ t rans portconf igurat ion on e ach oft he SM TP re l ay s e rv e rs s o t h e re l ay:[s e rv e r] l ine f or e ach dom ain is re l aye d t h rough DSPAM ins t e ad ofdire ct l yt ot h e core s e rv er . You coul d do t h is one s e rv e r ata t im e , or al l at once . I tdoe s n'tm at t er . Concl us ion DSPAM is a pow e rf ul ant i-s pam s ol ut ion. DSPAM w as de pl oye d ato3 m agaz ine af t e ra coupl e ofw e e k s ofrunning w it h j us tt he SM TP M X s e t up. Th e SM TP M X s e t up cut t h e s pam dow n by a good 60% , and adding DSPAM t ot h e m ix f inis h e d t he j ob. As de m ons t rat e d w it h t h is art icl e , it 's a re l at iv el y st raigh tf orw ard t as k t o ins e rtDSPAM int o an e xis t ing m ail s ys t e m . Ev e n ifyou ne e d t o run s om e t h ing l ik e M icros of tExch ange as your core s e rv e rs , t h e re is no re as on w h y you coul d notrun pos t f ix and DSPAM t o prot e ct t h e ce nt ral e xch ange s e rv er .

o3 m agaz ine :: page 36

W e b Appl icat ions :: RoundCube W e bm ail

W e b bas e d e m ail w it h RoundCube
RoundCube is an AJAX pow e re d w e b bas e d I M AP cl ie ntw rit t e n in PH P . RoundCube prov ide s an e as y t o de pl oy w e b bas e d m ail s ol ut ion. RoundCube us e s pas s t h rough aut h e nt icat ion, prov iding a w e b bas e d int e rf ace dire ct l yt ot h e back e nd I M AP s e rv er . Prov iding a pow e rf ul w e b bas e d e m ail s ol ut ion w it h outre q uiring any addit ional accountm anage m e nt . Joh n Bus w e l l (bus w e l l j @ o3m agaz ine .com ) RoundCube is an ope n s ource w e bm ail s ol ut ion w rit t e n in PH P . RoundCube w ork s w it h a M ySQLdat abas e and an I M AP s e rv er . RoundCube w ork s w e l l w it h Dov e cot , an ope n s ource I M AP s e rv e r s ol ut ion. Th e re is a de t ail e d art icl e on s e t t ing up Dov e cotin t h is is s ue . RoundCube is a m ode rn s ol ut ion, s upport ing XH TM Land CSS 2. I tof f e rs a sl ick ye ts im pl e w e b int e rf ace t o e m ail , s om e t h ing t h atis notal w ays t h e cas e w it h ope n s ource w e bm ail s ol ut ions . RoundCube h as f ul l s upportf or M I M E /H TM Lm e s s age s , at t ach m e nt s and h as m ul t i-l ingual capabil it ie s . RoundCube al s o w ork s w it h Pos t gre SQLand SQL it e. Pas s -t h ru Aut h e nt icat ion Probabl y one oft h e sl ick e s tf e at ure s of RoundCube is t h atitprov ide s pas s -t h rough aut h e nt icat ion t ot he I M AP s e rv er .I ts upport s m ul t ipl e I M AP s e rv e rs t h rough a drop dow n box. For m os tbus ine s s e s , t h e re w oul d t ypical l y onl y be one I M AP s e rv er . Th e adv ant age h e re is t h ataccountinf orm at ion is onl y ne e de d on t he I M AP s e rv er .I fa us e rnam e and pas s w ord is e nt e re d on t he RoundCube l ogin int e rf ace t h att he I M AP s e rv e r doe s n'tre cogniz e , t h e re is no acce s s f or t h atus e r . Th e re is no ne e d t o cre at e e xt ra account s or add an e xt ra l aye r ofaccount m anage m e nt , w h ich is of t ent h e cas e w it h w e bm ail s ol ut ions . Sl ick butSim pl e Th e RoundCube int e rf ace is s l ick ye ts im pl e. Th e f ol de rs are l is t e d on t he l ef t , and t h e m ail is l is t e d on t h e righ t . Th e m ail is l is t e d by Subj e ct , Se nde r , Dat e , Siz e and At t ach m e nt (icon). Th e m ail l is t ing t ak e s up m os toft he page . A s m al l s e tofl ink s f or Em ail , Addre s s Book , Se t t ings and L ogoutrun al ong t he t op. Typical ch e ck , com pos e , re pl y, f orw ard, de l et e and printicons al ong w it h a s e arch bar are dire ct l y abov e t h e m ail l is t ing. Th e s ol ut ion is f as tand s l ick . Cl ick ing on a m e s s age h igh l igh t s itin a dis t inct iv e dark re d col or , and doubl e cl ick ing itw il l ope n up t he e m ail . Drag and Drop RoundCube s upport s drag and drop w h ich com pone nt , as w e l l as s e l e ct ing m ul t ipl e e m ail s f rom t h e m ail l is t ing page . I tm ak e s it v e ry e as y t o h igh l igh tanyt h ing t h att h e s e rv er s ide f il t e rs h av e n'taut om at ical l yf il t e re d f or you and s im pl y drop t h e m int ot he appropriat e f ol de r . Any oft h e icons abov e t he m ail l is t ing are s upport e d w it h t h e m ul t ipl e sel e cts uch as de l et e and f orw ard. Print ing Print ing s upportis j us tas good as Googl e M ail . For print ing, RoundCube conv e rt s t he e m ail in a print e rf rie ndl y bl ack and w h it e f orm at , and aut om at ical l y ope ns t h e print dial ogue in L inux, M acO S X and W indow s XP . Addre s s Book RoundCube h as a v e ry bas ic, ye tv e ry f unct ional addre s s book f e at ure . Th e addre s s book is l is t e d on t he l ef t , and e nt rie s are e dit e d on t h e righ t . Th e addre s s book s upport s bas ic f ie l ds s uch as Nam e , Firs t/ L as tnam e and e m ail addre s s . H ow e v er , itis ope n s ource d s o itw oul d nott ak e m uch t o e xt e nd t h e code as ne e de d, t o s upportf ie l ds s uch as com pany nam e . Th e addre s s book prov ide s " f ind as you t ype " s upport ,sowh en com pos ing ne w m e s s age s , ift h e re is a m at ch , itw il l be dis pl aye d as an opt ion be l ow t he T o: f ie l d.

o3 m agaz ine :: page 38

W e b Appl icat ions :: RoundCube W e bm ail

Se t t ings Th e conf igurat ion s e t t ings f or RoundCube on a pe r us e r bas is are pre f e re nce s , f ol de rs and ide nt it ie s . RoundCube s upport s m ul t ipl e s e nde r ide nt it ie s , w h ich is v e ry us e f ul ifyour bus ine s s us e s m ul t ipl e dom ains (pe rh aps one f or t h e com pany and one f or an ope n s ource proj e ctt h e com pany s pons ors ). Unde r pre f e re nce s , itis pos s ibl e t o s e tt he l anguage , t im e z one , row s pe r page (num be r ofe nt rie s l is t e d in t h e m ail l is t ing), dat e f orm at , dis pl ay H TM Land h ow of t ent o aut om at ical l y s av e draf t s . Fol de rs is a v e ry bas ic s e t up, s im pl y nam e t he f ol de r . I de nt it ie s e nabl es t h e conf igurat ion ofs e nde r ide nt it ie s . Th is cons is t s ofa Dis pl ay Nam e , e m ail addre s s , organiz at ion, re pl y-t o, bcc and s ignat ure s e t t ings . I tis al s o pos s ibl e t osel e ct w h ich ide nt it yt o us e as a de f aul t . Addit ional Fe at ure s I n addit ion t ot h e m ain f e at ure s al re ady dis cus s e d, RoundCube al s o prov ide s buil t -in cach ing f or f as t e r m ail box acce s s , s upportf or e xt e rnal SM TP s e rv e rs , unl im it e d us e rs and unl im it e d m e s s age s . Th e re is al s o a buil t -in s pe l l ch e ck e d and t h e e nt ire int e rf ace is cus t om iz abl e us ing s k ins . I ns t al l ing RoundCube RoundCube is ins t al l e d w it h in t he ht docs of t h e w e b s e rv er . M os tus e rs , e s pe cial l y bus ine s s us e rs w il l w antt o us e RoundCube v ia SSL/TL S. W it h Apach e , t h is is s im pl y set t ing up an SSL/TL Sv irt ual s e rv er .I n addit ion t ot h e st andard s e t up (re f e rt oI s s ue 7 ofo3 m agaz ine w h e re w e docum e nth ow t o conf igure Apach e f or us e w it h Yoxe l ), RoundCube re q uire s s e curing t h e conf ig dire ct ory. <Dire ct ory " / www/ roundcube / ht docs / conf ig/ " > O pt ions Fol l ow Sym L ink s Al l ow O v e rride None O rde r de ny,al l ow De ny f rom al l </ Dire ct ory> Th e SSLv irt ual s e rv e r conf igurat ion f or Apach e 2.2 :

<V irt ual H os t10.44.3.80:443> Docum e nt Root" / www/ roundcube / ht docs " Se rv e rNam e roundcube .m ycom pany.com Se rv e rAdm in adm in@ m ycom pany.com ErrorL og / l ogs / www/ roundcube -e rror .l og Trans f e rL og / l ogs / www/ roundcube -xf er .l og SSL Engine O n SSL Ciph e rSuit e AL L :!ADH :!EXPO RT56:RC4+ RSA:+ H I GH :+ M EDI UM :!L O W :+ SSL v 2:+ EXP:!e NUL L SSL Ce rt if icat e Fil e / app/ st ack / apach e / conf / ce rt s/ roundcube .crt SSL Ce rt if icat e Ke yFil e / app/ st ack / apach e / conf / k e ys / roundcube .k e y <Fil e s M at ch " \.(cgi|s h t ml |ph t ml |ph p)$ " > SSL O pt ions + St dEnv V ars </ Fil e s M at ch > </ V irt ual H os t > Unpack t h e roundcube t ar f il e in h t docs , t hen m ov e bin, conf ig, inde x.ph p, l ogs , program , s k ins and t empt ot he ht docs dire ct ory. t ar z xv froundcube m ail -0.1-rc1.1.t ar .gz cd roundcube m ail -0.1-rc1 m v conf ig inde x.ph p l ogs program s k ins t emp ../ cd ../ m v roundcube m ail -0.1-rc1 ~ / ch ow n -R w e bus e r:w e bus e r . I nt h e conf ig dire ct ory, t h e re are t wof il es db.inc.ph p.dis tand m ain.inc.ph p.dis t . Re nam e t h e s e w it h t h e m v com m and as f ol l ow s : m v db.inc.ph p.dis tdb.inc.ph p m v m ain.inc.ph p.dis tm ain.inc.ph p Th e onl yl ine t h atre al l y ne e ds e dit ing in db.inc.ph p is t h e one t h ats pe cif ie s t he dat abas e . RoundCube s upport s M ySQL , Pos t gre SQLand SQL it e.T o us e itw it h M ySQLt he f orm atis : $ rcm ail _ conf ig['db_ ds nw '] = 'm ys q l :/ / us e r:pas s w ord@ h os t / dat abas e '; I nt h e m ys q l cons ol e,t h e ne ce s s ary com m ands are :

o3 m agaz ine :: page 39

W e b Appl icat ions :: RoundCube W e bm ail

m ys q l > CREATE DAT ABASE roundcube db; m ys q l > GRANT AL LPRI V I L EGES O N roundcube db.* TO roundm ail @l ocal h os t I DENTI FI ED BY 'it s be t t e rt h anyah oo!'; I tis al s o ne ce s s ary t o init ial iz e t h atdat abas e . Th is is done w it h t h e m ys q l com m and and t h e m ys q l 5.init ial .s q l (or t h e appropriat e f il e f rom t h e sql /dire ct ory in t h e roundcube t ar dis t ribut ion f or your dat abas e e ngine ). m ys q l roundcube db < m ys q l 5.init ial .s q l I nt h e e xam pl e abov e , roundcube db is us e d f or t h e dat abas e and roundm ail is us e d f or t h e us e rnam e . Conf igurat ion Th e f inal pie ce ofconf igurat ion f or RoundCube is m ain.inc.ph p. Th is f il e prov ide s acce s s t o im port ants e t t ings s uch as t h e de f aul t _ h os t , w h ich s h oul d be s e tt ot he I P addre s s ofyour I M AP s e rv er . Th e onl y ot h e rs e t t ing t h ath as t o be conf igure d is t he out bound SM TP s e rv er , w h ich in m any cas e s is l ik e l yt o be l ocal h os t(127.0.0.1). Concl us ion W it h av e ry s im pl e conf igurat ion, RoundCube is re ady t o go. Sim pl y pointa brow s e r at ht t ps :/ / I P .ADDRESS.O F .H TTPS.SERV ER/ and t h e RoundCube l ogin s cre e n is dis pl aye d. Ent e rt h e us e rnam e and pas s w ord f or t he I M AP us e r , and you h av e af ul l y f unct ional w e bm ail s ys t e m . Th e onl ykey f e at ure t h atRoundCube l ack s is t h e abil it yt o s orte m ail int of ol de rs aut om at ical l y bas e d on s om e crit e ria. Th is can e as il y be done on t he s e rv e r s ide w it h pos t f ix and m ail drop h ow e v er . RoundCube ht t p:/ / w w w .roundcube .ne t

o3 m agaz ine :: page 40

V oice and M ul t im e dia :: V oice m ail /Em ail

V oice m ail /Em ail I nt e grat ion
I nt e grat ing t he t w o m ain com m unicat ion s ys t ems t h atm ode rn bus ine s s e s us e - V oice and Em ail is a re l at iv el y st raigh tf orw ard t as k w it h O pe n Source s ol ut ions . As t e ris k , t h e O pe n Source PBX s ol ut ion m ak e s ite as y t o int e grat e V oice m ail w it h Em ail . Th is art icl e pus h e s t h e e nv el op l ook ing at ope n s ource s pe e ch re cognit ion and acce s s ing Em ail v ia Ph one . Joh n Bus w e l l (bus w e l l j @ o3m agaz ine .com ) Th is is s ue ofo3 m agaz ine w oul d notbe a com pl et e Em ail s ol ut ion w it h outl ook ing at int e grat ion be t w e e n com m unicat ion s ys t ems. So f ar ,t h is is s ue h as l ook e d atbuil ding e nt e rpris e grade e m ail s ys t e m s , butt h e re is anot h e rv e ry im port antcom m unicat ion s ys t e m in e v e ry bus ine s s -- V oice . Th is art icl e l ook s atint e grat ing t h e corporat e v oice m ail s ys t e m w it h t h e e m ail s ys t e m . Th e v oice m ail s ys t em sel e ct edf or t h is art icl e is As t e ris k . Trixbox Th is art icl e is going t ol ook att h e nut s and bol t s ofconf iguring t h e s ol ut ion m anual l y. H ow e v e r ift h at 's notyour cup oft e a, Trixbox is a gre ats ol ut ion. You can rol l t h e Trixbox s ol ut ion (f rom w w w .t rixbox.org) or purch as e a f ul l bl ow n int e grat e d appl iance f rom Trixbox.com . W e w oul d re com m e nd conf iguring ityours e l f , butt h e n w e 're l ik e t h at ! Conf iguring As t e ris k V oice m ail As t e ris k us e s v oice m ail .conft o conf igure v oice m ail . Th e f orm atis re l at iv el y st raigh t f orw ard. Th e [ge ne ral ] bl ock is us e d t oset s om e de f aul tparam e t e rs , t hent h e [de f aul t ] bl ock is us e d t o as s ign m ail boxe s . As t e ris k m ak e s itv e ry e as y t o int e grat e v oice m ail w it h corporat e e m ail . A q uick l ook att h e de f aul t bl ock : [de f aul t ] 1234 => 5666,bob,bob@ m ydom ain.com 5432 => 6665,t im ,t im @ m ydom ain.com Th e f irs tf our digit s are t h e ph one e xt e ns ion, t h e s e cond s e tofdigit s (e g. 5666 in t he e xam pl e ) is t h e pin /pas s code f or t he v oice m ail . Th e f irs ts t ring (bob) is t h e nam e oft he v oice m ail m ail box ow ne r and f inal l yt he e m ail addre s s f or v oice m ail not if icat ion. T o f ine t une t h e e m ail not if icat ion, t h e [ge ne ral ] bl ock is us e d t oset up s om e de f aul t s: [ge ne ral ] s e rv e re m ail =v oice m ail @ m ydom ain.com f rom s t ring=V oice m ail e m ail s ubj e ct =Ne w V oice m ail m e s s age $ {V M _ M SGNUM }f rom $ {V M _ CAL L ERI D} e m ail body=O n $ {V M _ DATE}you re ce iv eda $ {V M _ DUR}l ong m e s s age f rom $ {V M _ CAL L ERI D} \n e m ail dat ef orm at =% A, % d % B % Y at % H :% M :% S Th e conf igurat ion is v e ry e as y t o re ad. Th e v oice m ail s e rv e r e m ail addre s s is s e t(m ak e s ure ite xis t s ), a uniq ue From ide nt if ie r (m ak e s ite as ie r t of il t e r), and t h e s ubj e ct/ body is s e t . You w il l see t h ata num be r of v ariabl es t o de f ine t h e Cal l e rI D num be r , durat ion, m e s s age I D and dat e oft he v oice m ail . At t ach ing t he V oice m ail So f ar ,t he v oice m ail s ys t e m h as be e n int e grat e d int o corporat e e m ail s ys t e m by prov iding not if icat ions t h atv oice m ail is t h e re . Th is re q uire s t h e e m pl oye e t o pick up t he ph one , and ch e ck t h e ir v oice m ail . Th at 's al righ t , buts om e e m pl oye e s are t oo bus y and t henf orge tt o do itl at er . Som e t im e s im port antcal l s are m is s e d by accide nt . At t ach ing t he v oice m ail t ot h e e m ail not if icat ion can h e l p pre v e ntt h att o a ce rt ain de gre e . At t ach ing t he v oice m ail in As t e ris k is act ual l y m uch e as ie r t h an you m igh te xpe ct . A coupl e ofe xt ra com m ands are ne e de d t o

o3 m agaz ine :: page 42

V oice and M ul t im e dia :: V oice m ail /Em ail

t h e [ge ne ral ] bl ock in addit ion t ot h e e xam pl e abov e. [ge ne ral ] f orm at =w av at t ach =ye s As s im pl e as t h at . Now w h e n v oice m ail is re ce iv e d, itis at t ach e d in W AVf orm at , and s e ntas partoft h e not if icat ion. Conv e rt ing t he V oice m ail t o Em ail So f ar t h e s ol ut ion h as s e am l essl y int e grat ed V oice m ail w it h Em ail , at t ach ing t he v oice m ail as W AVand not if ying t h e us e r . For m os t bus ine s s e s t h is is m ore t h an e nough t okeep t h e m h appy. Since o3 m agaz ine is al l about pus h ing t h e e nv el ope a l it t l e , w h y notconv e rt t he V oice m ail t oT e xt ?Th is can be done , t oa re as onabl e de gre e w it h a proj e ctcal l ed Jul ius . Jul ius is an ope n s ource proj e ctt h at prov ide s a h igh -pe rf orm ance , t w o-pas s l arge v ocabul ary cont inuous s pe e ch re cognit ion de code r s of t w are . I t 's int e nde d f or re s e arch e rs and de v el ope rs , butitw ork s f or craz y s ys t e m adm inis t rat ors as w e l l ! Jul ius is av e ry im pre s s iv e proj e ct .I tcan h andl e de coding in re al t im e , butw e onl y ne e d itt o de al w it h a W AVf il e . Jul ius al re ady s upport s W AVf orm at , and As t e ris k is out put t ing in W AVf orm at , s o it 's al l v e ry h andy. Jul ius can be us e d w it h any l anguage prov ide d you giv e itt h e ne ce s s ary f il es -L M in ARPA s t andard f orm at , AM in H TK as cii h m m de f s f orm at . AM is an acous t ic m ode l w h il e L M is a l anguage m ode l . T o ge tW AVf orm at , you ne e d t o com pil e Jul ius w it h t he l ibs ndf il e l ibrary. Th e s ys t em re q uire s a dict ionary f il e.We t ook t h e one f rom t h e Crypt ol ibrary, butyou coul d us e any dict ionary f il e t h atyou w ant . Th e bas ic param e t e rs you ne e d are : ./ j ul ius -inputraw f il e -f il el is tv oice m ail .w av q uie t> v oice m ail .t xt Th is t el l s t h e appl icat ion t o us e w av (raw f il e ), t h e inputf il el is tand q uie tm ode (j us tdoe s t he be s tw ord m at ch ) and out putitt o v oice m ail .t xt . Not e t h atw e 'v e om it t eda

num be r ofopt ions you'l l ne e d t o s e tt o m ak e t h is w ork , s uch as t h e dict ionary f il e l ocat ion. Th is is notf or t he f ainth e art e d, and it s f ar f rom pe rf e ct . Th e goal h e re is t o inj e cta be s t gue s s approach t o at t ach ing t he t e xtoft he v oice m ail . Th e ide a is t h att h e re cipie ntm igh t h av e av ague ide a ofw h att he v oice m ail is aboutbe f ore ope ning it . Ge t t ing t h e out putt o Jul ius can be done in a num be r ofdif f e re ntw ays . Th e cont e ntf il t e r is a pot e nt ial opt ion in pos t f ix. I tm igh tal s o be pos s ibl e t o m ix s om e t h ing up w it h am av is d. Am av is d is a h igh e r pe rf orm ance int e rf ace be t w e e n M TA and cont e ntch e ck e rs s uch as v irus s canne rs and ant i-s pam appl icat ions . A coupl e ofcus t om s cript s , and Jul ius coul d be t urne d int o a cont e ntf il t er . I fyou are t h ink ing ofrol l ing t h is int o product ion, itw oul d be adv is abl e t o run a de dicat e d M TA f or v oice m ail . Th e v oice m ail s ys t e m coul dt h e n pas s m ail t h rough an am av is d s e t up, pars e t he v oice m ail t ot e xt , m odif yt h e body and pas s t h e not if icat ion on t ot h e us e r . Th is is j us tone pot e nt ial de pl oym e nt . Th e re is pot e nt ial h e re f or t h is s e t up t o be us e d in re al -t im e . Th e Ruby As t e ris k Gat e w ay I nt e rf ace , com bine d w it h Jul ius in s e rv e r m ode , and a cus t om appl icat ion, coul d be us e d t o pe rf orm re al -t im e v oice t o ins t ant m e s s age . Such an appl icat ion coul d be us e d t of orw ard s upportcal l s t o ch atbas e d s upports t af fw h e n q ue ue s be com e back l ogge d. Th e s ys t e m coul d al s o be us e d t o e nabl e de afor m ut e e m pl oye e s t o e as il y int e ractw it h v oice cal l e rs . T o conv e rtt he t e xt back t ov oice on t h e re t urn pat h , s om e t h ing l ik e f e st iv al 's t e xt 2w av w oul d w ork . Re ading Em ail f rom V oice m ail Since t h e ope n s ource e nv el ope is be ing pus h e d t oday, w h ataboutre ading e m ail by ph one . Th e re are a w h ol e l otofs e curit y is s ue s re l at edt ot h is , and itw oul d re q uire a good bitofaddit ional program m ing t o m ak e it w ork . H ow e v er , it 's w ort h a q uick m e nt ion. Th e Ruby As t e ris k Gat e w ay I nt e rf ace (RAGI ) w h ich h as be e n pre v ious l y dis cus s e d in o3

o3 m agaz ine :: page 43

V oice and M ul t im e dia :: V oice m ail /Em ail

m agaz ine , can be us e d t o cre at e I nt e ract iv e V oice Re s pons e appl icat ions t h atint e grat e s e am l essl y w it h As t e ris k . Th e re are ot her opt ions f or t h os e w h o don'tcode in Ruby. O ne opt ion w oul d be t o us e t e xt 2w av , and w rit e s om e s cript s t h atinj e ctt h e w av f il e int o t he v oice m ail s ys t e m . Th is is re l at iv el y e as y t o do, care ne e ds t o be giv ent o m ak e s ure t h atm e s s age I Ds are pre s e rv e d. I t 's l ik e l y t h atnotal l e m ail s h oul d be pl ace d int o v oice m ail . Cont e ntf il t e ring, s uch as m ail drop coul d be us e d t o pl ace m ail int o a s pe cial I M AP f ol de r , w h ich is t h e n s canne d by an appl icat ion, conv e rt edt o audio w it h f e st iv al / t e xt 2w av and t h e n inj e ct e d int ot h e As t e ris k v oice m ail s ys t em. Asl ick opt ion m igh tbe t o w rit e an appl icat ion t h atus e s RAGI ,t h ate nabl es t h e us e r t o e nt e rt h e ir us e rnam e and pas s w ord f or t he I M AP s e rv e rv ia t ouch t one ph one , and pre s e ntt h e us e r w it h opt ions . Som e opt ions m igh tbe t ol is tt he l as t5 e m ail s,l is te m ail f rom a part icul ar f ol de r , or s e arch f or e m ail . Th e pos s ibil it ie s are e ndl e s s and al l pos s ibl e w it h O pe n Source . Concl us ion Bas ic int e grat ion be t weenv oice m ail and e m ail is re l at iv el y st raigh tf orw ard and can e as il y be done w it h af e w m odif icat ions t ot he As t e ris k v oice m ail .conff il e . Adv ance d int e grat ion s uch as s pe e ch re cognit ion and acce s s ing e m ail by ph one are al l now pos s ibl e t h ank s t o m any innov at iv e O pe n Source proj e ct s s uch as Jul ius , RAGI , and Fe s t iv al . As t e ris k ht t p:/ / w w w .digium .com Ruby As t e ris k Gat e w ay I nt e rf ace (RAGI ) ht t p:/ / w w w .s napv ine .com / code / ragi/ Jul ius ht t p:/ / j ul ius .s ource f orge .j p/ e n_ inde x.ph p

o3 m agaz ine :: page 44