Month: December 2016

Remove exim4 on Debian 7

Remove just exim4 package itself on Debian 7 with following command

#apt-get remove exim4

Remove exim4 with dependent packages on Debian 7 with following command

#apt-get remove --auto-remove exim4

Remove exim4 and delete configuration, data files on Debian 7 with following command

#apt-get purge exim4

Remove and delete exim4 configuration, data files, dependencies on Debian 7 with following command

#apt-get purge --auto-remove exim4

Postfix SMTP Relay Gmail Debian 7

Update Debian with current updates with Aptitude command

Install Aptitude command following aptitude update

#apt-get update -y && apt-get upgrade -y

Remove and delete exim4 configuration, data files, dependencies on Debian 7 with following command

#apt-get purge --auto-remove exim4

Make sure the postfix, libsasl2-modules and ca-certificates package is installed and up to date:

#apt-get install postfix libsasl2-modules ca-certificates mailutils

Set Postfix to start on server boot:

#update-rc.d postfix defaults

Remove postfix start on server boot

#update-rc.d postfix disable

Enable postfix start on server boot

#update-rc.d postfix enable

During Postfix installation, a pop up will appear asking for configuration.

  • For “General type of mail configuration,” choose Internet Site.
  • For System Mail name insert system hostname.
  • For any other question, choose default values.

Configuring Gmail SMTP Usernames and Passwords Authentication

Create or edit the password file:

#nano /etc/postfix/sasl_passwd

Add this line:

[smtp.gmail.com]:587 [email protected]:password

Create hash db file for Postfix by running the postmap command:

#postmap /etc/postfix/sasl_passwd

Securing Password and Hash Database Files.

The /etc/postfix/sasl_passwd and the /etc/postfix/sasl_passwd.db files created in the previous steps contain your SMTP credentials in plain text. For security reasons, change ownership and permissions to root for the two files:

#chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
#chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

Next, validate certificates to avoid running into error. Run following command:

#cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | tee -a /etc/postfix/cacert.pem

On Debian 8

Thawte_Premium_Server_CA.pem not exist on Debian 8,so we have to download it manually

#cd /etc/ssl/certs
#wget https://www.thawte.com/roots/thawte_Premium_Server_CA.pem
#mv thawte_Premium_Server_CA.pem Thawte_Premium_Server_CA.pem
#cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | tee -a /etc/postfix/cacert.pem

Configuring the Relay Server on Postfix configuration /etc/postfix/main.cf file to use the external SMTP server.

#nano /etc/postfix/main.cf

Insert following gmail SMTP relay host line

relayhost = [smtp.gmail.com]:587

At the end of the file, add the following parameters to enable authentication:

#nano /etc/postfix/main.cf

Then add the following parameters on /etc/postfix/main.cf to enable authentication:

#enable SASL authentication
smtp_sasl_auth_enable = yes
# disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Enable STARTTLS encryption
smtp_use_tls = yes
# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Save the changes and Restart Postfix:

#service postfix restart

Send test email to test if Relay work good with mail command below

echo "This is a test." | mail -s "test message" [email protected]

Check the logs for any Postfix errors on Debian

#tail -f /var/log/mail.log

Error and Troubleshooting

Port 25 open by iptables firewall
Make sure port 25 open has been accept by iptables firewall, visit this article to Install and Set Up Iptables Firewall on Centos 6
Postfix Gmail SMTP Relay access denied

rcpt to: [email protected]
554 5.7.1 <[email protected]>: : Relay access denied

Your Google Account has been suspendedYour-Google-Account-has-been-suspended

Hi vpshelpdesk,
Google has suspended your Account, [email protected], because of a violation of our Terms of Service.

Please follow possible solution below, so far it is working for meallow-less-secure-apps-ON

Change the “allow less secure apps” setting to enable. This allows them to connect to the account again.
Insert and Verify Account recovery email and phoneVerify-Account-recovery-email-and-phone

If Gmail SMTP Relay rare to use and rare sign in sometimes the message will not deliver again. Once check tail -f /var/log/maillog, we will find error below;

May 16 14:31:43 vpsheldesk.com postfix/smtp[1096]: D738BA40BE0: to=, relay=smtp.gmail.com[74.125.138.109]:587, delay=31, delays=0.01/0.04/31/0, dsn=4.7.14, status=deferred (SASL authentication failed; server smtp.gmail.com[74.125.138.109] said: 534-5.7.14 Please log in via your web browser and?534-5.7.14 then try again.?534-5.7.14 Learn more at?534 5.7.14 https://support.google.com/mail/answer/78754 w190sm8732463ywa.39 - gsmtp)
Visit GMAIL HELP https://support.google.com/mail/answer/78754 and follow the instructions


Can’t sign in to my email app
If you’re using the wrong Gmail password on another email app, you might have these problems:

  • The app keeps asking for your username and password
  • You see an “invalid credentials” error message
  • You see a “web login required” error message

If you have these problems or can’t sign in, first check to make sure you’re using the right password.

Tip: Keep in mind that passwords are case-sensitive.
Troubleshoot sign-in problems
If you’re sure your password is right, try these tips:

  • If you’ve turned on 2-Step Verification for your account, you might need to enter an App password instead of your regular password.
  • Sign in to your account from the web version of Gmail at https://mail.google.com. Once you’re signed in, try signing in to the mail app again.
  • Visit http://www.google.com/accounts/DisplayUnlockCaptcha and sign in with your Gmail username and password. If asked, enter the letters in the distorted picture.
  • Your app might not support the latest security standards. Try changing a few settings to allow less secure apps access to your account.
  • Make sure your mail app isn’t set to check for new email too often. If your mail app check for new messages more than once every 10 minutes, the app’s access to your account could be blocked.
  • Change your password according to our tips on creating a strong password.

Enable mod_rewrite Apache2 on Debian 7

mod_rewrite installed by default on Apache2 installation,

Check verify the existence of /etc/apache2/mods-available/rewrite.load.

#cat /etc/apache2/mods-available/rewrite.load

LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so

Enable and load mod_rewrite

#a2enmod rewrite

The above command will create a symbolic link in /etc/apache2/mods-enabled.

#ls -al /etc/apache2/mods-enabled/rewrite.load

lrwxrwxrwx 1 root root 30 Dec 7 05:26 /etc/apache2/mods-enabled/rewrite.load -> ../mods-available/rewrite.load

Then open and edit /etc/apache2/sites-available/default configuration. Replace every occurrence of “AllowOverride None” with “AllowOverride all”.

#vim /etc/apache2/sites-available/default

Finally, restart Apache2.

#service apache2 restart

Disable mod_rewrite Module in Apache2

To disable module use a2dismod command

#a2dismod rewrite

Finally, restart Apache2.

#service apache2 restart

Set up Iptables On Debian 7

Make sure Debian has been update and upgrade

#apt-get update && apt-get dist-upgrade

Then type following rules below on terminal

#iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
#iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
#iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
#iptables -I INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT

// add rules to allow traffic on your loopback interface:
#iptables -A INPUT -i lo -j ACCEPT
#iptables -A OUTPUT -o lo -j ACCEPT
#iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
#iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
#iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
#iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
#iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
#iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
#iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
#iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
#iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
#iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -P OUTPUT ACCEPT
#iptables -P INPUT DROP

Check list iptables rules

#iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTAB LISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x0 2 state NEW
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x0 2 state NEW
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

iptables-persistent for Debian/Ubuntu
Since Ubuntu 10.04 LTS (Lucid) and Debian 6.0 (Squeeze) there is a package with the name “iptables-persistent” which takes over the automatic loading of the saved iptables rules. To do this, the rules must be saved in the file /etc/iptables/rules.v4 for IPv4 and /etc/iptables/rules.v6 for IPv6. For use iptables-persistent, the package must simply be installed.

#apt-get install iptables-persistent

System will ask to save iptables rules to /etc/iptables/rules.v4 for IPv4 and /etc/iptables/rules.v6, choose Yes.

Save your rules by running:

#service iptables-persistent save
#service iptables-persistent restart

And it flush your IPtables rules, effectively disabling your firewall, run:

#service iptables-persistent stop
#service iptables-persistent start
#service iptables-persistent restart

Done!

Faster way just paste this on console

/sbin/iptables -F && /sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP && /sbin/iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP && /sbin/iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP && /sbin/iptables -I INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT && /sbin/iptables -A INPUT -i lo -j ACCEPT && /sbin/iptables -A OUTPUT -o lo -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT && /sbin/iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT && /sbin/iptables -P OUTPUT ACCEPT && /sbin/iptables -P INPUT DROP

Next!!

#apt-get install iptables-persistent

iptables-save

#/sbin/iptables-save > /etc/iptables/rules.v4
#/sbin/iptables-save > /etc/iptables/rules.v6

iptables-restore

#/sbin/iptables-restore < /etc/iptables/rules.v4
#/sbin/iptables-restore < /etc/iptables/rules.v6

Install Apache Mysql Php on Debian 7

Install Aptitude command following aptitude update command

#apt-get install aptitude

Up-to-date and upgrade the system to current version

#aptitude update && aptitude safe-upgrade

Or update Debian system with apt-get command

#apt-get update && apt-get upgrade

Install Apache

#apt-get install apache2

Install mysql server

#apt-get install mysql-server

Finish up by running the MySQL set up script:

#mysql_secure_installation

Install PHP

#apt-get install php5 && apt-get install php-pear && apt-get install php5-mysql && apt-get install php5-gd

Finish up by restarting apache:

#service apache2 restart

Error 

Could not reliably determine the server’s fully qualified ***. Solved by Add ServerName localhost at /etc/apache2/apache2.conf at end of line

ServerName localhost

Enable and load mod_rewrite Apache2 on Debian 8

#a2enmod rewrite

Then open and edit /etc/apache2/apache2.conf find

Options Indexes FollowSymLinks
AllowOverride All
Require all granted

Replace “AllowOverride None” to “AllowOverride all”

Enable Apache2 mod_headers & mod_expires on

To increase PageSpeed: Leverage browser caching.

enable mod_headers:

#a2enmod headers
Enabling module headers
To activate the new configuration, you need to run:
service apache2 restart

enable mod_expires:

#a2enmod expires
Enabling module expires
To activate the new configuration, you need to run:
service apache2 restart

Then restart Apache server to make these changes effective

#service apache2 restart

Enable apache mod_rewrite for seo user friendly url CentOS 6

Enable apache mod_rewrite for seo user friendly url CentOS 6

The mod_rewrite module on httpd conf is enabled by default on CentOS 6. check if mod_rewrite.so module has been installed and activate at httpd configuration.

#cat /etc/httpd/conf/httpd.conf | grep mod_rewrite
LoadModule rewrite_module modules/mod_rewrite.so

** If it is commented (#), please remove it (#) out.

Enable .htaccess File for seo user friendly
Once the mod_rewrite module has been activated, you can set up your URL rewrites by creating an .htaccess file in your default document root directory.

A .htaccess file allows us to modify our rewrite rules without accessing server configuration files. For this reason, .htaccess is critical to your web server. Before we begin, we need to allow Apache to read .htaccess files located under the /var/www/html directory.

You can do this by editing httpd.conf file:

#vi /etc/httpd/conf/httpd.conf

Find the section <directory /var/www/html> and change AllowOverride None to AllowOverride All, there are 2 AllowOverride Off must change to AllowOverride On

<Directory /var/www/html>
AllowOverride All
</Directory>

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#

Save and exit.

Now restart Apache to put the change into effect:

#service httpd restart