Syed Jahanzaib Personal Blog to Share Knowledge !

December 27, 2012

Howto configure GMAIL as SENDMAIL RELAY :D (Also can be used with RM to send Email Notifications)

Filed under: Linux Related, Radius Manager — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 3:01 PM

gmail-logo

If you want to use GMAIL as your sendmail relay server, Use the below configuration.

{I required it to send DMASOFTLAB RADIUS MANAGER Email notifications to all users regarding there service status, account expiry, renewal , various alerts and other info. that’s why I wrote this guide, it maybe useful for others too . . Syed Jahanzaib }

OS Used: Ubuntu 10.4 / 12.4

First install Sendmail and its utilities.


apt-get install sendmail mailutils

Now configure signed SSL certificates

 mkdir /etc/mail/certs
 chmod 700 /etc/mail/certs
 cd /etc/mail/certs


openssl dsaparam 1024 -out dsa1024 -out dsa1024.pem

(It will ask you various questiosn , just enter them accordingly, like country code, for Pakistan its PK, and other information you have)


openssl req -x509 -nodes -days 3650 -newkey dsa:dsa1024.pem -out /etc/mail/certs/mycert.pem -keyout /etc/mail/certs/mykey.pem

(It will ask you various questions , just enter them accordingly, like country code, for Pakistan its PK, and other information you have)


openssl req -x509 -new -days 3650 -key /etc/mail/certs/mykey.pem -out /etc/mail/certs/mycert.pem

 


ln -s /etc/mail/certs/mycert.pem /etc/mail/certs/CAcert.pem
 chmod 600 /etc/mail/certs/*
 cd ..

Now configure gmail SMTP authentication information, This file may be blank, just paste the text showed in code box.
nano  /etc/mail/authinfo
AuthInfo:smtp.gmail.com "U:root" "I:USERNAME@gmail.com" "P:PASSWORD" AuthInfo: "U:root" "I:USERNAME@gmail.com" "P:PASSWORD"

Save & Exit & issue below command

makemap hash /etc/mail/authinfo < /etc/mail/authinfo
Now Add the following configurations at the bottom of sendmail.mc file
nano /etc/mail/sendmail.mc

dnl #
dnl # SSL Settings
define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR/CAcert.pem')
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')
dnl #
dnl # GMAIL FORWARDING
define(`SMART_HOST',`[smtp.gmail.com]')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl

Now rebuild sendmail config and start the service 😀

make -C /etc/mail
service sendmail restart

 

Test the setup 😉

Use the below command to test the local smtp .

– – – – -??

Regard’s
Syed Jahanzaib

Short notes for Ubuntu 12.4 Apache Server


apache-ubuntu-1

Following are some short notes / references for APACHE related configuration in Ubuntu
[I used Ubuntu 12.4 version in this post]


1- Howto Disable DIRECTORY BROWSING in apache2 / Ubuntu 12.4

If you want to Disable Browsing on every folder inside /var/www/ then Edit following file

nano /etc/apache2/sites-available/default

& Change the Options

‘Options Indexes FollowSymLinks MultiViews’
to
‘Options FollowSymLinks MultiViews’

(means Remove the Indexes word).
and restart apache2 service by

service apcahe2 restart


OR to Disable Directory Browsing for ‘specific folder’ like /var/www/backup

Remove the following directive from your required folder.

Indexes

For example,  you want to remove directory browsing for /var/www/backup folder.
Edit the below file /etc/apache2/sites-enabled/000-default by using following command

nano /etc/apache2/sites-enabled/000-default

The Default config is below.

Alias /backup /var/www/backup

DirectoryIndex index.html
Options Includes Indexes FollowSymLinks MultiViews

Change it below

Alias /backup /var/www/backup

#DirectoryIndex index.html
Options Includes FollowSymLinks MultiViews

Save & Exit , then Restart APACHE Service by

service apache2 restart


 


4- Howto Password Protect Apache Folder with .htaccess

If you want to password protect specific folder in Apache so unauthorized users cannot access it, use the following method. There are other better methods available, You can follow them for best practices. I just achieved it this way,,,

First Create password file

htpasswd -c /etc/apache2/passwd zaibtest

(Replace zaibtest with your required username, It will ask you for password, enter password you like to set for user zaibtest. Also you can save this file anywhere you like)

Now protect your required folder, for example I want to protect /var/www/backup folder, then use the following directives in in /etc/apache2/sites-enabled/000-default

nano /etc/apache2/sites-enabled/000-default

Now in end before </Virtualhost> , add following lines …

AllowOverride All
Require all granted

Save & Exit , then Restart APACHE2 Service by

service apache2 restart

Now try to access the folder, it will ask you the password.

asking-password
After providing valid id password, you can access your folder. (I use it to download backup data from remote location)

access-granted


5- APACHE2 ERROR WHEN RESTART SERVICE

YOU SEE THIS ERROR WHEN RESTART APACHE2 SERVICE ….


apache2: Could not reliably determine the server’s fully qualified domain name,

 … waiting ..
apache2: Could not reliably determine the server’s fully qualified name

If you see above error while restarting apache2 service, To fix that problem, you need to add and directive in the the httpd.conf file. Open the terminal and type,

nano /etc/apache2/httpd.conf

By default httpd.conf file will be blank. Now, simply add the following line to the file.

ServerName localhost

Save & EXIT.

Now restart the server.

service apache2 restart
This time, you will not see any error. 🙂

6- Howto set Default page to some other page/extension

Edit file `etc/apache2/mods-available/dir.conf` by

nano /etc/apache2/mods-available/dir.conf

and add your option like

DirectoryIndex admin.php index.html index.cgi index.pl index.php index.xhtml index.htm
Save & restart apache2 service
service apache2 restart
Done.

7- Creating Short name (ALIAS) for Radius Manager (in Ubuntu 12.4)

If you want to access your radius manager admin panel via short name (like alias)
Example: You want to use short path  http://10.0.0.1/panel to actually access the http://10.0.0.1/radiusmanager/admin.php

Then edit file /etc/apache2/sites-enabled/000-default

and add lines before /virtualhost directive,

Alias /panel /var/www/radiusmanager

DirectoryIndex admin.php
Options Includes FollowSymLinks MultiViews
AllowOverride None
order allow,deny
allow from all

Now restart apache by service apache2 restart and try to access the site using /panel alias.


# Creating ALIAS for folder outside www folder [Tested with Ubuntu 16.4]

[Modified on 26-DEC-2018]

Edit apache2 default config file

nano /etc/apache2/sites-enabled/000-default.conf

Paste following before </VirtualHost> word (this line is usually the last line in this config file, change the name of download1 & folder according to your local setup


Alias /download1 "/some_local_folder/"

#DirectoryIndex index.html
Options Includes FollowSymLinks MultiViews Indexes
AllowOverride None
order allow,deny
allow from all
Require all granted

& restart apache2 server

service apache2 restart

Change apache2 default port

Edit

nano /etc/apache2/ports.conf

# Change Listen 80 to some other port example 1235

Listen 1235

Save and exit.

Now edit

nano /etc/apache2/sites-enabled/000-default

and change <VirtualHost *:80> to some other port like

save and exit,

restart apache

service apache2 restart

Restrict direct file access via .htaccess

we have folder inside /var/www/html/somefolder , we want to restrict direct file view

create .htaccess file and put

order allow,deny
deny from all

Log Source Report Port in Apache’s LOG

To log source user port as well

Edit the apache config file & ADD %{remote}p directive to combined & common section


LogFormat "%h %{remote}p %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %{remote}p %l %u %t \"%r\" %>s %O" common

Now you will see the port as well…

Please refer to following URL for more information

Regard’s
Syed Jahanzaib

%d bloggers like this: