Postfix can be configured to relay mail for users at remote locations with a valid username and password combination. Following this guide will allow Authenticated SMTP and passwords to be sent in plain text. A secure transport layer should be implemented to ensure that usernames and passwords can not be eavesdropped while in transit.

Authenticated SMTP requires users who are not in the “mynetwork” directive within /etc/postfix/main.cf to supply a valid username and password before the mail server will forward mail.

This configuration requires Postfix to be installed and be configured to accept incoming mail on an Internet facing interface.

1. Open /etc/postfix/main.cf with your editor and add the line smtpd_sasl_auth_enable = yes
   

   smtpd_sasl_auth_enable = yes

   This line informs Postfix to enable SMTP AUTH when users not in the mynetwork directive attempt to send mail using this Postfix mail server to users not in the domain which Postfix has been configured to listen on.

2. Also in /etc/postfix/main.cf, add smtpd_sasl_security_options=noanonymous
   

   smtpd_sasl_security_options=noanonymous

   This disables anonymous style logins for SMTP AUTH. Without this line anyone will be able to use your machine as an open relay.

3. Again in /etc/postfix/main.cf, add the smtpd_recipient_restrictions as specified below:
   

   smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_relay_domains

   This line sets the restrictions for clients attempting to relay mail through your mail server.

4. Edit /etc/sysconfig/saslauthd and set the value of MECH (Abbrevition of the word mechanism) to pam:
   

   MECH=pam

   Setting this value to pam, sets saslauthd to use the local Plugguable Authentication Modules (PAM) subsystem to validate each username and password.

5. Ensure that saslauthd will start on boot by adding it to the third and fifth runlevels.
   

   /sbin/chkconfig --level 35 saslauthd on

6. Start or restart the saslauthd service:
   

   /sbin/service saslauthd start /sbin/service saslauthd restart

7. Finally start or restart Postfix:
   

   /sbin/service postfix start /sbin/service postfix restart

The Postfix server should now be started and allow relaying of mail from authenticated clients. You can confirm this by connecting to the mail server using the telnet application.

Most communication with the mail server can be done in plain text, but the authentication information must be encoded in Base64.

You can generate this information by modifying the line below, replacing the username and password with a valid username and password that can be authenticated by the Postfix server.

perl -MMIME::Base64 -e 'print encode_base64("usernameusernamepassword");'

It should produce a string similar to the format below.

     dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=

Do not loose the generated string as it will be used shortly.

Authentication can be tested by connecting to the mail server with telnet and manually entering the SMTP information.

In the example below the section in bold is what should be typed. Replace the string after AUTH PLAIN with the Base64 string created above

# telnet mail.example.com 25
Trying 127.0.0.1...
Connected to mail.example.com (123.123.123.123).
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
EHLO anotherhost.com 
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5
250-XVERP
250 8BITMIME
AUTH PLAIN dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ= 
235 Authentication successful
QUIT 
221 Bye

The line “250-AUTH PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5″ shows that the Postfix server allows users to authenticate.

For more information, visit the Red Hat Postfix HOWTO.

Finally, after 3 years of continuous improvement, OpenOffice 3.0 has been released.

OpenOffice.org 3.0 is more powerful than ever before and with support for MS Access 2007 .accdb files, improved support for VBA macros, and a new ability to read MS Office Open XML files, it’s even easier to make the change away from legacy MS Office software.

OpenOffice.org 3.0 naturally has a fresh look, with a new start center, new splash screen, new icons, and a host of usability improvements. New core features include:

Writer (word processing)

• New slider control for zooming which allows multi-page display while editing
• Powerful new multilingual support
• Improved notes capabilities
• Ability to edit wiki documents for the web, in addition to conventional office documents

Calc (spreadsheet)

• Increase in capacity of up to 1024 columns per sheet
• Powerful new equation solver
• New collaboration feature for multiple users

Draw (graphics)

• Ability to cope with poster-size graphics – up to three square meters or 32.3 square feet.

Impress (presentation):

• Fully featured table designer inside a presentation

You can read the full press release here: http://www.prweb.com/releases/OOo/3/prweb1459364.htm

And download OpenOffice.org 3.0 for free at: http://download.openoffice.org/

By default, Fedora Core 9 allow just “root” to use CD/DVD writer. It prevents access to CD/DVD RW+ device to non-root users.

You can follow these steps to set write permission for a specific non-root user to write to CD/DVD RW+:

1. Add the user into the “disk” group:

groupmems -a tuanta -g disk

1. Set group write permission to /dev/sg* (owned by “disk”) at startup:

Modify the file: /etc/udev/rules.d/50-udev-default.rules,

At line:

KERNEL=="sg[0-9]*",             ATTRS{type}!="3|6", GROUP="disk", MODE="0640"

Modify to:

KERNEL=="sg[0-9]*",             ATTRS{type}!="3|6", GROUP="disk", MODE="0660"

Note: just modifying the MODE from 640 (group read only) to 660 (group read+write)

And finally, reboot the system.

We are pleased to announce: The Zimbra Collaboration Suite version 5.0.10

Generally, ZCS 5.0.10 contains many important enhancements and bug fixes, including:

• DNS MX validation check is now available from the administration console
• ZCS can now bet set to add an X-Authenticated_user header to outgoing messages
• When an account is created from the administration console, now the administrator can set the time zone for the user
• Yahoo! Translator is now available as a Zimlet used for translating and composing messages
• Auto-group backups can be started from the Admin Console
• RHEL5 cluster support is Beta with 5.0.10

Key Enhancements:
30387 – Allow each domain to have a default set of Zimlets zimbraZimletDomainAvailableZimlets
30644 – Per user optional appointment history logging zimbraCalendarMaxRevisions (default 1 essentially preserves non-revision behavior, 0 is unlimited)
30614 – Calendar integrity checking tool zmcalchk
30623 – separate forward filtering rules and mail forwarding features zimbraFeatureMailForwardingInFiltersEnabled
30833 – Authenticated-User: header or something similar needed zimbraSmtpSendAddAuthenticatedUser
25884 – ZCO : User not alerted of certain errors in a noticable way Copy of sync failures delivered to inbox (turnOffLocalFailures registry entry).

Builds Now GA:
Network Edition – Ubuntu 8.04 LTS x86 & x86_64

Notable Fixes:
27645 – Exceptions to recurring appointments are lost if the series is changed
30646 – CalDav will remove (hard delete invite) if you hit ‘ok’ in the notification
30128 – nginx: make capability list configurable zimbraReverseProxy[Imap/Pop3]EnabledCapability
31080 – 5.0.9 upgrade broke sorting on From column in Inbox
29445 – Out of RPC cache msg in AJAX client
30948 – Need custom java upgrade program for upgrading domain wiki templates (faster upgrades)

Best practice is to make a backup before preforming any server maintenance: Backup and Restore Articles – Zimbra :: Wiki

5.0.10 Network Edition Release Notes

5.0.10 Network Edition Downloads

5.0.10 Open Source Edition: Release Notes & Downloads (updated builds available)

Be sure to subscribe to the blog – enjoy this release!
-The Zimbra Team