Configure Postfix for authenticated Simple Mail Transfer Protocol (SMTP)

Postfix can be configured to relay mail for users at remote locations with a valid username and password combination. Following this guide will allow Authenticated SMTP and passwords to be sent in plain text. A secure transport layer should be implemented to ensure that usernames and passwords can not be eavesdropped while in transit.

Authenticated SMTP requires users who are not in the “mynetwork” directive within /etc/postfix/main.cf to supply a valid username and password before the mail server will forward mail.

This configuration requires Postfix to be installed and be configured to accept incoming mail on an Internet facing interface.

  1. Open /etc/postfix/main.cf with your editor and add the line smtpd_sasl_auth_enable = yes
    smtpd_sasl_auth_enable = yes

    This line informs Postfix to enable SMTP AUTH when users not in the mynetwork directive attempt to send mail using this Postfix mail server to users not in the domain which Postfix has been configured to listen on.

  2. Also in /etc/postfix/main.cf, add smtpd_sasl_security_options=noanonymous
    smtpd_sasl_security_options=noanonymous

    This disables anonymous style logins for SMTP AUTH. Without this line anyone will be able to use your machine as an open relay.

  3. Again in /etc/postfix/main.cf, add the smtpd_recipient_restrictions as specified below:
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
    
    reject_unauth_destination, check_relay_domains

    This line sets the restrictions for clients attempting to relay mail through your mail server.

  4. Edit /etc/sysconfig/saslauthd and set the value of MECH (Abbrevition of the word mechanism) to pam:
    MECH=pam

    Setting this value to pam, sets saslauthd to use the local Plugguable Authentication Modules (PAM) subsystem to validate each username and password.

  5. Ensure that saslauthd will start on boot by adding it to the third and fifth runlevels.
    /sbin/chkconfig --level 35 saslauthd on
  6. Start or restart the saslauthd service:
    /sbin/service saslauthd start
    
    /sbin/service saslauthd restart
  7. Finally start or restart Postfix:
    /sbin/service postfix start
    
    /sbin/service postfix restart

The Postfix server should now be started and allow relaying of mail from authenticated clients. You can confirm this by connecting to the mail server using the telnet application.

Most communication with the mail server can be done in plain text, but the authentication information must be encoded in Base64.

You can generate this information by modifying the line below, replacing the username and password with a valid username and password that can be authenticated by the Postfix server.

perl -MMIME::Base64 -e 'print encode_base64("usernameusernamepassword");'

It should produce a string similar to the format below.

     dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=

Do not loose the generated string as it will be used shortly.

Authentication can be tested by connecting to the mail server with telnet and manually entering the SMTP information.

In the example below the section in bold is what should be typed. Replace the string after AUTH PLAIN with the Base64 string created above

# telnet mail.example.com 25
Trying 127.0.0.1...
Connected to mail.example.com (123.123.123.123).
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
EHLO anotherhost.com 
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5
250-XVERP
250 8BITMIME
AUTH PLAIN dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ= 
235 Authentication successful
QUIT 
221 Bye

The line “250-AUTH PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5” shows that the Postfix server allows users to authenticate.

For more information, visit the Red Hat Postfix HOWTO.

15 Quotes from Torvalds and Stallman about Free and Open Source Software

I read the below quotes, and I wanted to share them with everyone

1. “To be able to choose between proprietary software packages is to be able to choose your master. Freedom means not having a master. And in the area of computing, freedom means not using proprietary software.”
-Richard M. Stallman

2. “Software is like sex: it’s better when it’s free.”
-Linus Torvalds

3. “Value your freedom or you will lose it, teaches history. ‘Don’t bother us with politics’, respond those who don’t want to learn.”
-Richard M. Stallman

4. “Software patents are a huge potential threat to the ability of people to work together on open source. Making it easier for companies and communities that have patents to make those patents available in a common pool for people to use is one way to try to help developers deal with the threat.”
-Linus Torvalds

5. “If programmers deserve to be rewarded for creating innovative programs, by the same token they deserve to be punished if they restrict the use of these programs.”
-Richard M. Stallman

6. “One of the questions I’ve always hated answering is how do people make money in open source. And I think that Caldera and Red Hat — and there are a number of other Linux companies going public — basically show that yes, you can actually make money in the open-source area.”
-Linus Torvalds

7. “Control over the use of one’s ideas really constitutes control over other people’s lives; and it is usually used to make their lives more difficult.”
-Richard M. Stallman

8. “It just makes it even harder for people to even approach the (open source) side, when they then end up having to worry about … public humiliation.”
-Linus Torvalds

9. “I founded the free software movement, a movement for freedom to cooperate. Open source was a reaction against our idealism. We are still here and the open-source people have not wiped us out.”
-Richard M. Stallman

10. “When it comes to software, I much prefer free software, because I have very seldom seen a program that has worked well enough for my needs, and having sources available can be a life-saver.”
-Linus Torvalds

11. “If you focus your mind on the freedom and community that you can build by staying firm, you will find the strength to do it.”
-Richard M. Stallman

12. “Anybody who tells me I can’t use a program because it’s not open source, go suck on rms. I’m not interested. 99% of that I run tends to be open source, but that’s _my_ choice, dammit.”
-Linus Torvalds

13. “’Free software’ is a matter of liberty, not price. To understand the concept, you should think of ‘free’ as in ‘free speech,’ not as in ‘free beer’.”
-Richard M. Stallman

14. “I’m doing a free operating system just a hobby, won’t be big and professional like gnu for 386 (486) AT clones.”
-Linus Torvalds

15. “Once GNU is written, everyone will be able to obtain good system software free, just like air.”
-Richard M. Stallman

Please if you have quote , share it with us.

Four Linux softphones reviewed

Many businesses are turning to Voice over IP (VoIP) to save money on infrastructure and communications costs, but just ripping out your existing phone system and replacing it with VoIP will not work. VoIP systems require IP phones or analog telephone adapters to allow your existing phones to work. If equipment costs are stopping you from experimenting with VoIP, softphones can provide an inexpensive way for businesses to get up and running with VoIP, as I recently discovered by putting Kiax, Linphone, Twinkle, and CounterPath’s X-Lite to the test.

A softphone runs on your computer and provides all the features and functionality of a regular phone. I tested the four Linux-based programs using an Asterisk server and multiple Linux workstations on an internal LAN. Kiax, Linphone, and Twinkle are open source. X-Lite is not, but is available as a free download.

Three out of the four support Session Initiation Protocol (SIP), a signalling protocol under development by the Internet Engineering Task Force (IETF) to establish VoIP connections. With its IETF backing, SIP is quickly becoming the standard protocol for VoIP. Kiax is exception. It uses Digium’s Inter Asterisk Exchange (IAX) protocol. The main advantage of IAX over SIP is its transparency to firewalls. IAX softphones work behind firewalls without the need for external proxy servers or the need to change firewall settings.

In addition to a signalling protocol, VoIP endpoints need to specify codec software that turns analog voice communication into digital packets for transmission over the network and back again at the receiver’s end. The choice of codec depends on the bandwidth available. The codec that gives the highest voice quality is the G.711u, which is the standard codec that traditional plain old telephone service (POTS) providers use. G.711u provides high voice quality but requires high bandwidth. Because we did our testing on a switched 100Mbps LAN — in other words, a very fast network — we used the G.711u codec with all the products, and found voice quality was not a distinguishing issue. Under these conditions, they all delivered roughly the same voice quality.

Let’s take a look at what does set these softphones apart.

Kiax

What makes Kiax stand out is its simple interface. Making and receiving calls is intuitive. Kiax sports a call register that lists all calls made and received. A nice touch is the ability to sort calls in the register based on whether they were incoming, outgoing, or missed. There is not much more to Kiax’s interface; simplicity is a good thing sometimes.

The major drawback for Kiax is its lack of SIP support. If there is an Asterisk server between Kiax (or another IAX client) and a SIP client, everything will work out. If not, forget it. Kiax can talk to SIP clients only through an Asterisk server.

Kiax has packages available for Debian, Red Hat, and SUSE, as well as a plain tarball with the Kiax binary. I opted for the tarball, and installation went without a hitch.

Linphone

Linphone is more than four years old, making it the grandfather of the bunch. Linphone is distributed only as source code; no binary packages are available from the project. Linphone requires the libosip2 package, which is included in Linphone’s download directory. An optional package providing support for the iLBC codec is there as well.

Along with meeting your VoIP needs, Linphone also has a simple instant messenger application built in. This eliminates the need to have two separate applications open for basic communication tasks. The default interface is simple, but offers power users a little more, which you can access by clicking on the “show more” check box in the main window.

Linphone’s biggest strength is its outstanding codec support. It not only supports multiple bit-rates for Speex, it even supports the very poor quality, but extremely low bandwidth, DoD 1015 codec. With all the codecs it supports out of the box, it is surprising that it requires a patch for iLBC support.

Linphone was not without its share of problems, all of which can be traced to the fact that I was upgrading to the latest release and not doing a fresh install. Version 1.1 requires Speex. That should not have been a problem, as I already had Speex installed. Of course, it required the latest version of Speex. No problem, I had the latest Speex installed. But wait, Linphone will not install without the speexenc program in /usr/bin. The only problem is that the Speex installation places it in /usr/local/bin. This is not a difficult problem to solve, but it’s something the user should not have to take care of.

The other problem after upgrading is that Linphone would no longer authenticate to my Asterisk server. Removing the password requirement from the Asterisk’s SIP configuration file did the trick. This may be fine on a LAN where you trust the users, but it’s probably not a good idea if you will be connecting to the outside world.

Despite the problems with upgrading, Linphone was otherwise rock-solid, as you might expect from a product that has been around for a long time.

Twinkle

Twinkle is the most ambitious of the group. At this time, Twinkle is only available as source code. It also requires GNU Common C++ and GNU ccRTP, and you can get both from its main download page. Once the requirements are out of the way, Twinkle installs without a hitch.

Twinkle supports a long list of features and has the most professional feel of the open source softphones. It supports two line appearances. If you are talking on line one and another call comes in, you have the option of placing the first call on hold and switching to line two to take the second. The User Profile section for account setup is the most intuitive and the best out of the four.

Twinkle comes with a few added services to simplify the user’s life. If you do not feel like talking, the Do Not Disturb feature will generate a SIP “480 Temporarily Not Available” response to anyone trying to call you. If you enjoy talking no matter who is calling, the Auto Answer feature connects all calls without your interaction. My favorite Twinkle feature is Call Redirection. With it, you can send calls to another user. Redirection can be set up for all calls, or for calls that come in when your lines are busy, or if you do not answer the call within a certain amount of time.

What’s not to like about Twinkle? Well, it lacks an address book and call history reports, though these features are planned for future releases. Twinkle is definitely a softphone to keep your eye on.

CounterPath X-Lite

Last, but not least, is X-Lite, the only proprietary softphone of the bunch. Although it’s not open source, it is free as in beer for personal or commercial use. Unlike the other softphones in this review, X-Lite is also available for Windows and Mac OS X. The Linux version is provided as a tarball with the X-Lite binary. Just download, unzip, and run.

X-Lite’s Audio Tuning Wizard runs when you start it for the first time. This is a feature the other softphones should adopt. It allows you to confirm that X-Lite is playing nice with your sound card and microphone. It even calibrates your microphone to adjust for the ambient noise level around the computer. These settings can be adjusted at any time by right-clicking the X-Lite client.

X-Lite’s biggest strength is the usefulness of its interface. Without accessing any menus you can adjust the speaker volume, adjust the microphone volume, and choose which codecs are enabled. Another advantage is its three line appearances, one more than Twinkle supports. As far as features go, X-Lite has just about everything you can expect in a softphone.

Well, almost. While its interface is simple, its menu options are not. X-Lite has an overwhelming number of settings. For example, why have a menu option to disable codecs when they can be toggled on and off directly from the main interface? Another downside is that some of the features the other softphones offer, like Auto-Answer and Do Not Disturb, are locked. I only found this out after trying to enable them with no luck. For those features to work, you must purchase X-Lite’s successor, CounterPath’s eyeBeam video and softphone. An audio-only version runs $30, and no Linux versions of eyeBeam are available at this time.

Which one wins?

Each of the four softphones has pros and cons. Kiax is mean and lean but works only in an Asterisk environment. Linphone is stable and mature, but may not be wise to deploy in an Asterisk environment due to authentication issues. Twinkle has a lot to offer, but is a relative newcomer to the game. X-Lite works on multiple platforms, but its free version comes crippled, and its paid version isn’t available on Linux.

Regardless of their individual issues, one thing is for sure: Each of these free softphones can help you evaluate whether VoIP is right for your company without expensive additional equipment.

Paul Virijevich is working to eliminate the “Linux consultants cost more” TCO myth. He recently started a consultancy providing cost-effective open source solutions to small businesses.

Softphone protocol and codec support

Kiax Linphone Twinkle X-Lite
SIP No Yes Yes Yes
Codec Support
G711a 64 Kbps No Yes Yes Yes
iLBC 13.3-15.5 Kbps Yes With patch No Yes
DoD 1015 2.4 Kbps No Yes No No

Source: http://www.linux.com/feature/48393

Zimbra and Hylafax integration

You can setup Zimbra CS as a gateway for HylaFax users to send fax out using the scheme <fax number>@fax.our.domain, following these steps:

  1. Edit file /opt/zimbra/postfix/conf/master.cf, append this line:
  2. fax       unix  -       n       n       -       1       pipe
    
        flags= user=uucp argv=/usr/bin/faxmail -d -n ${user}
  3. Edit file /opt/zimbra/postfix/conf/transport, append this line:
  4. fax.your.domain   fax:localhost

    And then use this command to regenerate the transport.db file:

    /opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/transport
  5. Edit file /opt/zimbra/postfix/conf/main.cf, append this line:
  6. fax_destination_recipient_limit = 1

    Note: the process limit of 1 in the master.cf file is necessary with fax software that cannot handle multiple requests at the same time.

  7. Edit file /opt/zimbra/conf/localconfig.xml, modify the entry “postfix_transport_maps” as follow:
  8. <key name="postfix_transport_maps">
        <value>proxy:ldap:/opt/zimbra/conf/ldap-transport.cf, hash:/opt/zimbra/postfix/conf/transport</value>
    </key>

    Note: specify dbm instead of hash if your system uses dbm files instead of db files. To find out what map types Postfix supports, use the command postconf -m.

  9. Then of course, restart the Zimbra MTA service with command (as zimbra user):
  10. zmmtactl stop
    zmmtactl start

Note: be sure to not advertise fax.your.domain in the DNS 🙂

This process has been tested on Zimbra CS Open Source edition 5.0.9 and HylaFax 4.4.4 running on the same Linux CentOS 5 machine.

What is cloud computing?

Cloud computing can be loosely defined as using scalable computing resources provided as a service from outside your environment on a pay-per-use basis. You use only what you need, and pay for only what you use. You can access any of the resources that live in the “cloud” at any time, and from anywhere across the Internet. You don’t have to care about how things are being maintained behind the scenes in the cloud.

Cloud computing derives from the common depiction in technology architecture diagrams of the Internet, or IP availability, illustrated as a cloud. Cloud computing gained attention in 2007 as it became a popular solution to the problem of horizontal scalability.

The cloud is responsible for being highly available and responsive to the needs of your application. Cloud computing has also been called utility computing, or grid computing. Cloud computing is a paradigm shift in how we architect and deliver scalable applications. In the past, successful companies spent precious time and resources building an infrastructure that in turn provided them a competitive advantage. It was frequently a case of “You build it first and they will come.” In most cases, this approach:

  • Left large tracts of unused computing capacity that took up space in big data centers.
  • Required someone to babysit the servers.
  • Had associated energy costs.

The unused computing power wasted away, with no way to push it out to other companies or users who might be willing to pay for additional compute cycles.With cloud computing, excess computing capacity can be put to use and be profitably sold to consumers. This transformation of computing and IT infrastructure into a utility, which is available to all, somewhat levels the playing field. It forces competition based on ideas rather than computing resources.

Resources that your applications and IT systems constantly need (to meet growing demands for storage, computing resources, messaging systems, and databases) are essentially commoditized. You can rent this infrastructure from the vendor that provides you with the best price and service. Simple, isn’t it? It’s a simple but revolutionary idea that is not entirely new.

Configure vTigerCRM to authenticate users using OpenLDAP (running inside Zimbra server)

vTiger itself supports to authenticate with LDAP users in the core. However, the authLDAP module need to be added to get this works.

Please do following steps:

  1. Download authLDAP at: http://forums.vtiger.com/download.php?id=278&sid=fc740e44553f4f8ba3aaf01a620019f0
  2. Extract and copy the folder authLdap to modules/Users/
  3. Enable LDAP authentication in config.inc.php by adding this code (below the DB settings):

//AUTHCFG
$AUTHCFG['authType'] = 'LDAP';  //Can either by LDAP, AD, or SQL
//Config Options for LDAP
$AUTHCFG['ldap_host'] = 'z.iwayvietnam.com';
$AUTHCFG['ldap_port'] = 389;
$AUTHCFG['ldap_basedn'] = 'dc=iwayvietnam,dc=com';
$AUTHCFG['ldap_uid'] = 'uid';  //can be CN or UID depending on ldap install
$AUTHCFG['ldap_username'] = NULL;
$AUTHCFG['ldap_pass'] = NULL;

Enable Instant Messaging feature on Zimbra

By default, IM feature is not enabled on Zimbra systems after upgrading. You can use these commands to enable it:

su - zimbra
zmprov -l -v mcf zimbraXMPPEnabled TRUE
zmprov -v mc default zimbraFeatureIMEnabled TRUE
zmprov -v mc default zimbraFeatureInstantNotify TRUE
zmcontrol stop
zmcontrol start

Obviously set the COS to the one you use if it’s not the default.

Good luck! 🙂

Zend Framework Reaches New Milestone: 5 Million Downloads

With now over 5 millions downloads under its belt (2.5 million of those in the past six months alone!) the Zend Framework open-source project has shown phenomenal growth. This means a much larger and more vibrant community of developers to hire from, to pore over and vet ZF code contributions, and, in general, to raise the bar for professional PHP development.To that end, we are happy to announce a new case study showcasing the world-famous Indy 500 racetrack: the Indianapolis Motor Speedway (IMS) and their standardization on Zend Framework. Read a short summary here or the entire case study to see why IMS chose Zend. Jon Whitcraft, Lead Application Developer at IMS said: “I can’t tell you how important a friendly and growing community is to building a product the open-source way.”

Download Zend Framework »
Zend Framework Support »
More on Zend Framework »

How to open all ports (DMZ) in Zoom X4 DSL modem

Before continuing, you will need to know the IP address of the computer or device you will be setting as the DMZ.

  1. Open your web browser and go to http://10.0.0.2/ . Log in using ‘admin’ as the username and ‘zoomadsl’ as the password.
  2. Click on Advanced Setup at the top of the page. Then locate and click on the ‘NAT’ button.
  3. Select ‘NAT Rule Entry’ from the drop down list. Click on the ‘Add’ button near the bottom to add a new NAT rule.
  4. You should use the following settings:
    • ‘Rule Flavor’ should be RDR
    • Rule ID should be 10 (or any other unused rule ID number)
    • Specify both ‘Local Address From’ and ‘Local Address To’ as your computer’s private IP address (10.0.0.5 for instance)
    • Leave all other settings unchanged
    • Click ‘Save Changes’ at the bottom.
  5. Once you have saved the changes, be sure to click on ‘Write Settings to Flash’ so that the modem retains the settings if you ever turn it off.

Linux ready for real-time computing in financial services

Is Linux capable of handling the mission-critical, high-volume demands of the world’s biggest financial institutions? Speakers at the recent sixth annual Linux on Wall Street conference offered solid evidence in the affirmative, despite unresolved issues concerning real-time Linux and hypervisor interoperability.

Vinod Kutty, the distributed computing R&D head at the Chicago Mercantile Exchange (CME), now the CME Group, and a conference speaker, believes that Linux has become more mature as a platform and is ready for mission-critical, financial services workloads.

“I’m starting to see Linux companies focusing on enterprise customer needs” and beefing up their staff of talented Unix developers, Kutty said after the conference. “These are signs that they are ready to play in the enterprise market.”

Speakers like Kutty presented plenty of evidence that Linux is running mission-critical applications, including high-performance, real-time systems. In terms of financial systems, real time generally refers to a transaction time measured in microseconds or milliseconds. The faster the transaction time, the more traders can execute orders and the faster the orders can be filled. Kutty explained how the Chicago-based CME converted its systems from Solaris Sparc servers to Red Hat Enterprise Linux and achieved better performance in speed and reliability at lower cost, all while handling a large increase in electronic trade volume.Completed in late 2004, the 18-month migration provided CME with the backbone to increase from 250 million trades of commodity contracts in 2003 to 1.2 billion contracts in 2007. In addition, the transaction speed was sharply reduced from 200 milliseconds to 10 to 15 milliseconds, the closest to real time that is achievable today, he said.

IBM brings real-time Linux to U.S. Navy
Keith Bright, the program director of IBM’s Linux Technology Center, discussed another successful real-time Linux project: the creation of a centralized ship-board computing infrastructure for U.S. Navy destroyers under contract with Raytheon. IBM’s Total Ship Computing Environment will run all Zumwalt-class destroyer applications from weapons, command-and-control, radar and navigation. The centralized computing system will run on IBM BladeCenter and IBM x86 servers on real-time Linux and real-time Java.For the Navy’s project, IBM assembled a Linux team that first had to improve the quality of the kernel — fixing patches, debugging code, testing — and then integrate it with the Red Hat stack. In turn this improved kernel became the foundation for IBM’s Java Real Time, now called WebSphere Real Time, all on the open source model, he said.

“In 2005 [when IBM was working on the Navy’s real-time project], nobody wanted to play this game,” he added, referring to the distros’ reluctance to add real-time features to the Linux kernel and environment. “But open source has come a long way. It’s exciting to see Linux move into the mainstream.” The first version of the computing platform was delivered in mid-2006 on time and on budget, Bright said. The greatest project challenge was its tight schedule, he said. No ships have yet been launched under the program, which is ongoing. “Real time is pretty exciting in open source,” Bright said. “We had guaranteed real time and better throughput. It’s often one or the other. But real-time goals were achieved with minimum impact to performance as planned.” Real time is not about high performance but about determinism (the ability to prioritize tasks) and guaranteed execution, he noted. Head Bubba, the vice president of IT research and development at Credit Suisse, said he has validated a 40% performance improvement with the real-time Linux kernel. “This is an extreme case, but if you architect it correctly, you can see a performance boost,” he said. “But there is a tradeoff, because the real-time kernel could affect throughput. [The real-time kernel] is very stable, but it’s up to you to decide. Eventually, this will go mainstream.”

Microsoft, Novell hypervisor interoperability
In a separate workshop, Microsoft and Novell representatives gave an update on their ongoing efforts to make their systems interoperable following the joint Novell/Microsoft 2006 agreement. These areas include virtualization, directory and identity interoperability, and document formats.

Of particular interest was the ongoing effort between the two companies to make their respective virtualization hypervisors work interchangeably on each other’s operating systems. (Novell’s SUSE Enterprise Linux uses the open source Xen hypervisor, and Microsoft uses its own Hyper-V hypervisor.) Interoperability will be achieved with special adapters for each system.

As a young data center player, Linux still has plenty of catch-up challenges ahead, including interoperability, better vendor support and additional management tools. And the pace at which computing itself is changing — with added capabilities such as virtualization and cloud computing – that challenge involves some shifting ground. But conference speakers agreed that Linux has definitely arrived as a platform and is generating more than its share of innovation. The bottom line: Proprietary vendors had better take Linux seriously.

By Pam Derringer, News Writer
14 Apr 2008 | SearchEnterpriseLinux.com