UBC Physics & Astronomy
mailold.phas.ubc.ca
142.103.236. / 192.168.1.
Local system engineers: Dave Peterson 604-297-2410(o), 604-551-5116(c) or Duncan Furniss
F1 - Setup     Alt-F1 - Sysboot
To check sendmail version:  /usr/sbin/sendmail -d0.1 -bv root
ServeRAID Adapter Quick Reference    LSI Raidman Software (65MB)
mailold.jpg

Mail Server Testing Guide   

ALERT: Need to reset battery timers (using SMclient software) around March of 2012

  IBM x3650 DS3200 EXP3000
Machine type 7979   (x3650) 1726-HC2 1727-HC1
Serial number KQDNBLL 130239T 130952R
Product ID 7979LBU    
System memory 32GB    
Processors 2 x Quad core, Intel(R) Xeon(R) CPU - L5420 @ 2.50GHz    
Disaster Recovery | Installation Notes | DS3200 Configuration Info | BIOS SETUP | UPS STATUS
Disk setup
RAID STATUS - login and run /usr/RaidMan/RaidMan.sh
/ (root)
RAID 1 - local disk mirror
 1 global hot spare
5 x 73GB, 2.5" drives total
/mailindexes
 RAID 1 - local disk mirror

DS3200 Configuration - login and run /opt/IBM_DS4000/client/SMclient    Currently three drives in Raid 5 plus one hot spare.
/mail RAID 0
striped over 2 RAID 6 arrays
RAID Ctlr RAID 6
(8 + 2p)		 RAID 0
Drive 1
RAID Ctlr RAID 6
(8 + 2p)		 RAID 0
Drive 2
Two (2) hardware RAID 6 arrays were created using
the SMclient software then LVM was used to create
a (RAID 0) drive by striping the two RAID 6 arrays.
20 drives plus 1 hot spare = 21 drives
(DS3200 / EXP3000)

Note:we now only create home directories on the mail server for new accounts for "department members" - aka - those who will be included on the everyone@phas email list. 

Here's a code snippet from addusr:
# Set up files on mail server (for "everyone" only)
   if ( $category eq "Faculty" or $category eq "Staff" or $category eq "Postdocs" or
     $category eq "Adj-Assoc" or $category eq "Grads" or $category eq "Others" )
   {
This therefore WILL NOT include the following categories of users:
    Ugrad,     Visitor,     System,     Misc

If a Ugrad or Visitor needs/want to have an email account you just need to log onto the mail server and run the following command:

/opt/sysadmin/passwd/make_mailhome <username>

Assuming that the username has already been propagated to the mail server /etc/passwd file.
Chkconfig --list output:
15-07-09 replaced system drive IBM 73GB 2.5" drive (spare) was not seen in /usr/RaidMan/RaidMan.sh. Bought new disk from eTech 
old disk: FRU 39R7366 SN: 3NP359QW
new disk: FRU 39R7366 SN: BSF9P8C03RRT
Disk came up OK and was added as a global hot spare.
12-05-28 changed access file 
[0][root@mail]$ cat access
localhost.localdomain	RELAY
localhost		RELAY
127.0.0.1		RELAY
142.103.236		RELAY
From:number1expert.com	REJECT
From:tikinhand.com.com	REJECT
12-05-17
remove perdition/vanessa 
[0][root@mail]$ yum remove perdition
---> Package perdition.x86_64 0:1.17.1-3 set to be erased
====================================================================================================
 Package                 Arch                 Version                 Repository               Size
 perdition               x86_64               1.17.1-3                installed               256 k
====================================================================================================
  Erasing        : perdition                                                                    1/1 
warning: /etc/perdition/popmap saved as /etc/perdition/popmap.rpmsave
warning: /etc/perdition/perdition.conf saved as /etc/perdition/perdition.conf.rpmsave
Removed:
  perdition.x86_64 0:1.17.1-3                                                                       
[1][root@mail]$ yum remove vanessa_socket vanessa_socket-devel vanessa_socket-pipe
---> Package vanessa_socket.x86_64 0:0.0.7-1 set to be erased
---> Package vanessa_socket-devel.x86_64 0:0.0.7-1 set to be erased
---> Package vanessa_socket-pipe.x86_64 0:0.0.7-1 set to be erased
====================================================================================================
 Package                         Arch              Version               Repository            Size
====================================================================================================
 vanessa_socket                  x86_64            0.0.7-1               installed             19 k
 vanessa_socket-devel            x86_64            0.0.7-1               installed            103 k
 vanessa_socket-pipe             x86_64            0.0.7-1               installed             31 k
====================================================================================================
  Erasing        : vanessa_socket-devel                                                         1/3 
  Erasing        : vanessa_socket                                                               2/3 
  Erasing        : vanessa_socket-pipe                                                          3/3 
Removed:
  vanessa_socket.x86_64 0:0.0.7-1                  vanessa_socket-devel.x86_64 0:0.0.7-1            
  vanessa_socket-pipe.x86_64 0:0.0.7-1
12-02-10
PHAS_MailStore Error The following PHAS_MailStore errors were recorded. I logged into the SMclient and all looked OK - no errors to be found. I ran a dump and put the info in /var/log/120319_DS-3200.zip. 
Summary
Node ID: PHAS_MailStore

Event Error Code: 1706
Event occurred: Mar 17, 2012 4:51:19 PM
Event Message: Optimal wide port becomes degraded
Component type: Enclosure Component (ESM, GBIC/SFP, Power Supply, or Fan)
Component location: Enclosure 85, Slot 1

Event Error Code: 1707
Event occurred: Mar 17, 2012 4:51:19 PM
Event Message: Degraded wide port becomes failed
Component type: Enclosure Component (ESM, GBIC/SFP, Power Supply, or Fan)
Component location: Enclosure 85, Slot 1

Event Error Code: 1706
Event occurred: Mar 17, 2012 4:57:04 PM
Event Message: Optimal wide port becomes degraded
Component type: Enclosure Component (ESM, GBIC/SFP, Power Supply, or Fan)
Component location: Enclosure 85, Slot 1

Event Error Code: 1707
Event occurred: Mar 17, 2012 4:57:04 PM
Event Message: Degraded wide port becomes failed
Component type: Enclosure Component (ESM, GBIC/SFP, Power Supply, or Fan)
Component location: Enclosure 85, Slot 1

Event Error Code: 280d
Event occurred: Mar 17, 2012 4:57:15 PM
Event Message: Drive enclosure component failed or removed
Component type: Enclosure Component (ESM, GBIC/SFP, Power Supply, or Fan)
Component location: Enclosure 0, Slot 1

Event Error Code: 281d
Event occurred: Mar 17, 2012 4:57:15 PM
Event Message: Temperature sensor removed
Component type: Temperature Sensor
Component location: Enclosure 0, Slot 1
12-02-10
squirrelmail config changed to use sendmail rather than smtp for mail delivery Ran /usr/share/squirrelmail/config/conf.pl 
[root@mail]$ diff /etc/squirrelmail/config.php /etc/squirrelmail/config.php.090519 
33c33
< $useSendmail            = true;
---
> $useSendmail            = false;
185,187c185
< $only_secure_cookies     = true;
< $disable_security_tokens = false;
< $check_referrer          = '';
---
> $only_secure_cookies   = true;
189c187
< $config_location_base    = '';
---
> $config_location_base     = '';
200c198
< ?>
\ No newline at end of file
---
> ?>
12-02-10
Implemented daily rotation of /var/log/maillog Edited /etc/logrotate.d/syslog: 
/var/log/messages /var/log/secure /var/log/spooler /var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
	/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
	/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

/var/log/maillog {
  daily
  compress
  missingok
  notifempty
  sharedscripts
  postrotate
    /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
  endscript
rotate 62
olddir /var/log/maillogs
}
11-09-07
Modified /etc/init.d/halt to add apcupsd lines. 
 # apcupsd lines added by rdp, 11-09-07
# See if this is a powerfail situation.                               # ***apcupsd***
if [ -f /etc/apcupsd/powerfail ]; then                                # ***apcupsd***
   echo                                                               # ***apcupsd***
   echo "APCUPSD will now power off the UPS"                          # ***apcupsd***
   echo                                                               # ***apcupsd***
   /etc/apcupsd/apccontrol killpower                                  # ***apcupsd***
   echo                                                               # ***apcupsd***
   echo "Please ensure that the UPS has powered off before rebooting" # ***apcupsd***
   echo "Otherwise, the UPS may cut the power during the reboot!!!"   # ***apcupsd***
   echo                                                               # ***apcupsd***
fi
11-02-02
Turned off iptables - control all access through FWSM.
10-11-15 - Service call - Ref# 41JN4PW 
Node ID: PHAS_MailStore
Host IP Address: localhost6.localdomain6/0:0:0:0:0:0:0:1%1
Host ID: localhost6.localdomain6
Event Error Code: 226c
Event occurred: Nov 11, 2010 2:37:12 AM
Event Message: Drive failure
Component type: Drive
Component location: Enclosure 85, Slot 3

SUMMARY
   Number of drives: 21
      Current drive types: Serial Attached SCSI (SAS) (21)
   BASIC:
      TRAY, SLOT  STATUS   CAPACITY    TYPE  CURRENT DATA RATE  PRODUCT ID        FIRMWARE VERSION  
      85, 3       Optimal  136.732 GB  SAS   3 Gbps             ST3146855SS       BA28
10-10-08 - Install new certificate 
Installed new certificate in /etc/pki/certs
10-05-10 - Install bacula-5.0.2 
rpmbuild --rebuild --define "build_rhel5 1" --define "build_client_only 1" bacula-5.0.2-1.src.rpm
rpm -Uvh /usr/src/redhat/RPMS/x86_64/bacula-client-5.0.2-1.x86_64.rpm /usr/src/redhat/RPMS/x86_64/bacula-libs-5.0.2-1.x86_64.rpm
09-11-27 - Install new SSL Certificate on mail 
cp /etc/pki/tls/private/mail.phas.ubc.ca.key.new  /etc/pki/tls/private/mail.phas.ubc.ca.key
cp /etc/pki/tls/certs/091126/mail.phas.ubc.ca.crt /etc/pki/tls/certs/mail.phas.ubc.ca.crt
cp /etc/pki/tls/certs/091126/gd_bundle.crt /etc/pki/tls/certs/gd_bundle.crt
Now edit /etc/httpd/conf.d/ssl.conf and change the following lines to be as shown: 
SSLCertificateFile /etc/pki/tls/certs/mail.phas.ubc.ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/mail.phas.ubc.ca.key
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
Now edit /etc/dovecot.conf and change the following lines to be as shown: 
ssl_cert_file = /etc/pki/tls/certs/mail.phas.ubc.ca.crt
ssl_key_file = /etc/pki/tls/private/mail.phas.ubc.ca.key
Now restart the affected services: 
service sendmail restart
service dovecot restart
service httpd restart
09-11-20 - SSL Certificate Expiration Handling
The ssl cert for mail is set to expire on Nov 30th. I first renewed on GoDaddy and they issue me a credit for mail.phas.ubc.ca.
You now need at least a 2048 bit key so I had to regenerate the csr and private key as follows:
I first made a copy of the old private key, then deleted the old key (since the genkey program will not overwrite an existing key file). 
cp /opt/pki/tls/private/mail.phas.ubc.ca.key /opt/pki/tls/private/mail.phas.ubc.ca.key.hold
rm /opt/pki/tls/private/mail.phas.ubc.ca.key
Now generate the new private key and csr: 
genkey mail.phas.ubc.ca
(Selected 2048 bits, to generate a CSR (other) and to not use a pass phrase to encrypt the private key.)
The new csr was put in /opt/pki/tls/certs/mail.phas.ubc.ca.3.csr

I went on the GoDaddy website and requested a new certificate for mail. I had to enter this csr in a window. Now wait for new certificate to be generted. This will first require approval of public affairs guy. He normally does it automatically.
09-10-19 Edited /etc/mail/virtusertable to add ampel lines: 
#--------------------------------------------------------------
# ampel.ubc.ca domain
#--------------------------------------------------------------
# bounce any addresses not listed in this table
@ampel.ubc.ca                error:unavailable User unknown

# admin addresses...
#-------------------
access@ampel.ubc.ca             ampelsec
ampelsec@ampel.ubc.ca           ampelsec
ampel-sec@ampel.ubc.ca          ampelsec
cleanroom@ampel.ubc.ca          cleanroom
cleanroom-admin@ampel.ubc.ca    cleanroom-admin
nanofab@ampel.ubc.ca            nanofab
Then ran "make virtusertable.db"
09-09-25 
wget http://dl.atrpms.net/el5-x86_64/atrpms/stable/dovecot-sieve-1.1.6-9.el5.x86_64.rpm
wget http://dl.atrpms.net/el5-x86_64/atrpms/testing/dovecot-1.2.5-0_100.el5.x86_64.rpm
wget http://dl.atrpms.net/el5-x86_64/atrpms/testing/dovecot-devel-1.2.5-0_100.el5.x86_64.rpm
09-09-10
"network unreachable resolving" errors
The new bind version 9.3.6 (Redhat 5.4) trys to use IPv6 transport even if the server host does not have IPv6 connectivity, resulting in slower name resolution.
Sep 6 05:50:14 mail named[11117]: network unreachable resolving 'midnight.state.ky.us/A/IN': 2001:503:a124:ffff:ffff:ffff:ffff:ff7e#53 
To fix this you have to start the bind damon with "-4" (IPv4 only). I did this by adding the 
line "OPTIONS="-4"" to /etc/sysconfig/named and restarting named.
09-08-18
webmail autorespond option
Took away the option to not save a copy, i.e. a copy of the email will always be saved in the users inbox. See the if ($keep) line and its ending curly brace that I commented out. A consequence of doing it this way is that even if all three options (forward,reply,keep a copy) are unchecked, the .forward file is created with "\username" rather than just deleting it. 
[1][root@mail]$ pwd
/usr/share/squirrelmail/plugins/autorespond
[0][root@mail]$ diff lib.php lib.php.orig
592c592
<         $check_label = ar_gettext("Keep a copy?");
---
>         $check_label = ar_gettext("Keep a copy here?");
600c600
<     <tr align=left valign=top bgcolor="#ffffcc">
---
>     <tr align=left valign=top bgcolor="{$color[4]}">
607,613d606
<     <tr bgcolor="{$color[12]}">
<       <td colspan="3" align="center">
<         <font color="#993300"><b>
<         To disable the autorespond functionality, uncheck all three options
<         (Forward, Reply, Keep a copy)</b></font>
<       </td>
<     </tr>
789c782
<  //   if ($keep) {
---
>     if ($keep) {
810c803
< //    }
---
>     }
Other changes to autoreponder files that I made previously: 
[0][root@mail]$ diff config.php config.php.oldmail 
34c34
<     $AUTORESPOND_OPTS['ftphost'] = 'localhost';
---
>     $AUTORESPOND_OPTS['ftphost'] = '192.168.1.13';
125c125
<   you will not keep copies of mail in your mailbox unless you also select
---
>   you will not keep copies of mail in your mailbox unless you also select 
176,178d175
< //$AUTORESPOND_OPTS['keep_desc'] = '';
< 
< // "keep a copy when vacationing or forwarding" option:
180,184c177
< Enable this to keep a copy of any mail you receive.  
< <!--If you've set up
< <a href="../spamrule/options.php">Spam filters</a>, select "filtered"
< to send your mail through those, otherwise select "unfiltered" to
< store mail without filtering.-->
---
> <b>Enable this to keep a copy of any mail you receive.</b>
[0][root@mail]$ diff setup.php setup.php.orig
47c47
<         'name' => _("Auto Response (Vacation Msg)"),
---
>         'name' => _("Auto Response:  Reply or Forward"),
09-06-29
There was an error after installing (pre-built) bacula-client-3.0.1-1.x86_64.rpm (don't know why it took so long for the error to appear): 
28-Jun 19:10 mail-fd JobId 2378: Fatal error: ACL support not configured for your machine.
Based on experience on hyper (see webapage), I did the following... 
rpmbuild --rebuild --define "build_rhel5 1" --define "build_x86_64 1" --define "build_mysql5 1" bacula-3.0.1-1.src.rpm
This worked without errors so then I installed it: 
rpm --force -Uvh /usr/src/redhat/RPMS/x86_64/bacula-client-3.0.1-1.x86_64.rpm
09-05-22
started caching nameserver
09-05-21
stopped perdition
09-xx-xx
Perdition Installation 
cd /usr/local/src
 mkdir perdition
 cd perdition/
 wget http://www.vergenet.net/linux/vanessa/download/vanessa_adt/0.0.7/vanessa_adt-0.0.7.tar.gz
 wget http://www.vergenet.net/linux/vanessa/download/vanessa_logger/0.0.7/vanessa_logger-0.0.7.tar.gz
 wget http://www.vergenet.net/linux/vanessa/download/vanessa_socket/0.0.7/vanessa_socket-0.0.7.tar.gz
 tar zxf vanessa_adt-0.0.7.tar.gz
 vi vanessa_adt-0.0.7/vanessa_adt.spec  (Change Copyright to License on lines with GNU)
 mv vanessa_adt-0.0.7.tar.gz vanessa_adt-0.0.7.tar.gz.orig
 tar zcf vanessa_adt-0.0.7.tar.gz ./vanessa_adt-0.0.7
 1028  rpmbuild -tb vanessa_adt-0.0.7.tar.gz
 tar zxf vanessa_logger-0.0.7.tar.gz 
 vi vanessa_logger-0.0.7/*.spec (Change Copyright to License on lines with GNU)
 mv vanessa_logger-0.0.7.tar.gz vanessa_logger-0.0.7.tar.gz.orig
 tar zcf vanessa_logger-0.0.7.tar.gz ./vanessa_logger-0.0.7
 tar zxf vanessa_socket-0.0.7.tar.gz
 vi vanessa_socket-0.0.7/*.spec
 mv vanessa_socket-0.0.7.tar.gz vanessa_socket-0.0.7.tar.gz.orig
 tar zcf vanessa_socket-0.0.7.tar.gz ./vanessa_socket-0.0.7
 rpmbuild -tb vanessa_logger-0.0.7.tar.gz
 rpm -Uvh /usr/src/redhat/RPMS/i386/vanessa_logger-0.0.7-1.i386.rpm
 rpm -Uvh /usr/src/redhat/RPMS/i386/vanessa_logger-devel-0.0.7-1.i386.rpm
 rpmbuild -tb vanessa_socket-0.0.7.tar.gz
 rpm -Uvh /usr/src/redhat/RPMS/i386/vanessa_socket-0.0.7-1.i386.rpm 
 rpmbuild -tb vanessa_adt-0.0.7.tar.gz
 rpm -Uvh /usr/src/redhat/RPMS/i386/vanessa_adt-0.0.7-2.i386.rpm
 rpm -Uvh /usr/src/redhat/RPMS/i386/vanessa_adt-devel-0.0.7-2.i386.rpm
 rpm -Uvh /usr/src/redhat/RPMS/i386/vanessa_socket-devel-0.0.7-1.i386.rpm 
 (downloaded mysql-devel-5.0.45-7.el5.i386.rpm, postgresql-8.1.11-1.el5_1.1.i386.rpm,
  postgresql-devel-8.1.11-1.el5_1.1.i386.rpm, unixODBC-devel-2.2.11-7.1.i386.rpm
  and installed them).
 [
 wget http://www.vergenet.net/linux/perdition/download/1.17.1/perdition-1.17.1.tar.gz
 tar zxf perdition-1.17.1.tar.gz 
 vi perdition-1.17.1/packaging/lsb/perdition.spec
 mv perdition-1.17.1.tar.gz perdition-1.17.1.tar.gz.orig
 tar zcf perdition-1.17.1.tar.gz ./perdition-1.17.1
 rpmbuild -tb perdition-1.17.1.tar.gz 
 NOTE: got some errors wrt perditionlibdb_daemon so tried next steps instead
 ]
 wget http://www.invoca.ch/pub/packages/perdition/perdition-1.17.1-3.src.rpm
 rpmbuild --rebuild perdition-1.17.1-3.src.rpm 
 rpm -Uvh /usr/src/redhat/RPMS/i386/perdition-1.17.1-3.i386.rpm
09-02-17
Installed dovecot v1.1.11 
cd /usr/local/src
mkdir dovecot-1.1.11
cd dovecot-1.1.11
cp ../dovecot-1.1.7/dovecot.init-nopid .
cp ../dovecot-1.1.7/dovecot.pam .
cp ../dovecot-1.1.7/dovecot.init .
cp ../dovecot-1.1.7/maildir-migration.txt .
cp ../dovecot-1.1.7/migrate-folders .
cp ../dovecot-1.1.7/migrate-users .
cp ../dovecot-1.1.7/perfect_maildir.pl .
cp ../dovecot-1.1.7/dovecot-REDHAT-FAQ.txt .
cp ../dovecot-1.1.7/dovecot.logrotate .
wget http://dovecot.org/releases/1.1/dovecot-1.1.11.tar.gz
tar zxf dovecot-1.1.11.tar.gz
rm dovecot-1.1.11.tar.gz
cd dovecot-1.1.11   (cwd = /usr/local/src/dovecot-1.1.11/dovecot-1.1.11)
cp /usr/local/src/dovecot-1.1.7/dovecot-1.1.7/dovecot-1.1.7.spec .
mv dovecot-1.1.7.spec dovecot-1.1.11.spec
edit spec file and change version to be correct
 - also commented out two lines with patch1 in them
cd ..    (cwd = /usr/local/src/dovecot-1.1.11)
tar zcf dovecot-1.1.11.tar.gz ./dovecot-1.1.11
create new rpm file:
  rpmbuild -tb dovecot-1.1.11.tar.gz
install new rpm file:
  rpm -Uvh /usr/src/redhat/RPMS/x86_64/dovecot-1.1.11-0_83.x86_64.rpm
09-01-07
RT: Request Tracker setup 
- downloaded src from http://bestpractical.com/rt/
- tar zxf rt-3.8.1.tar.gz 
- chown -R root:root rt-3.8.1
- perl -MCPAN -e shell
- make fixdeps
- yum install perl-Return-Value
- RT_FIX_DEPS_CMD='/usr/bin/perl -MCPAN -e"install %s"'
- export RT_FIX_DEPS_CMD
- make fixdeps
- perl -MCPAN -e "install Bundle::CPAN"
- /usr/bin/perl -MCPAN -e shell
    o conf urllist http://cpan.yahoo.com/
- make fixdeps
- yum install graphviz
- make fixdeps
- ./configure --enable-graphviz --enable-gd --enable-gpg --with-web-user=apache --with-web-group=apache
- vi /etc/group
- cpan Sys::Syslog
- cp RT_Config.pm RT_SiteConfig.pm
- vi RT_SiteConfig.pm
- vi /etc/httpd/conf/httpd.conf
- service httpd restart
- ln -s /opt/rt3/bin/rt-mailgate /etc/smrsh/rt-mailgate
- newaliases
- make dropdb
- make initialize-database
08-12-19
bacula client setup on mail (note had to remove --with-x in order to compile w/o errors) 
[root@mail bacula-2.4.2]# ./configure --with-python --with-openssl --prefix=/opt/bacula --exec-prefix=/opt/bacula --sysconfdir=/opt/bacula/etc --with-scriptdir=/opt/bacula/scripts --with-dump-email=root@localhost --with-job-email=root@localhost --with-smtp-host=localhost --enable-client-only

[root@mail bacula-2.4.2]# make
[root@mail bacula-2.4.2]# make install
[root@mail bacula-2.4.2]# make install-autostart-fd
08-12-08
- downloaded the vacation program from http://rpmfind.net//linux/RPM/PLD/dists/ra/PLD/i686/PLD/RPMS/vacation-1.2.6.1-3.i686.html
and installed it.
08-12-02
sendmail setup
Use the following command to determine sendmail version and compile features. 
sendmail -d0.1 -bv root
Needed to start saslauthd: 
[0][root@mailX]$ chkconfig saslauthd on
[0][root@mailX]$ service saslauthd start
08-12-01
ssl certificate setup
Obtained gd_bundle.crt and mail.phas.ubc.ca.crt files from GoDaddy. Installed into /opt/pki/tls/certs. Edited /etc/dovecot.conf as follows: 
ssl_cert_file = /etc/pki/tls/certs/mail.phas.ubc.ca.crt
ssl_key_file = /etc/pki/tls/private/mail.phas.ubc.ca.key
ssl_ca_file = /etc/pki/tls/certs/gd_bundle.crt
modified /etc/security/limits.conf Added the following lines: 
# 08-12-01 rdp add next lines to prevent dovecot warning:
# Dovecot Imap: Warning: fd limit 1024 is lower than what Dovecot can use
# These lines allow for processes to run with 4096 file descriptors by
# default and the user process can increase it to 8192 via ulimit.
*               hard    locks           8192
*               hard    nofile          8192
*               soft    locks           4096
*               soft    nofile          4096
09-01-23
installing dovecot v1.1.9 
cd /usr/local/src
mkdir dovecot-1.1.9
cd dovecot-1.1.9
cp ../dovecot-1.1.7/dovecot-1.1-default-settings.patch .
cp ../dovecot-1.1.7/dovecot.init-nopid .
cp ../dovecot-1.1.7/dovecot.pam .
cp ../dovecot-1.1.7/dovecot.init .
cp ../dovecot-1.1.7/maildir-migration.txt .
cp ../dovecot-1.1.7/migrate-folders .
cp ../dovecot-1.1.7/migrate-users .
cp ../dovecot-1.1.7/perfect_maildir.pl .
cp ../dovecot-1.1.7/dovecot-REDHAT-FAQ.txt .
cp ../dovecot-1.1.7/dovecot.logrotate .
wget http://www.dovecot.org/releases/1.1/dovecot-1.1.9.tar.gz
tar zxf dovecot-1.1.9.tar.gz
rm dovecot-1.1.9.tar.gz
cd dovecot-1.1.9   (cwd = /usr/local/src/dovecot-1.1.9/dovecot-1.1.9)
cp /usr/local/src/dovecot-1.1.7/dovecot-1.1.7/dovecot-1.1.7.spec .
mv dovecot-1.1.7.spec dovecot-1.1.9.spec
edit spec file and change version to be correct
cd ..    (cwd = /usr/local/src/dovecot-1.1.9)
tar zcf dovecot-1.1.9.tar.gz ./dovecot-1.1.9
create new rpm file:
  rpmbuild -tb dovecot-1.1.9.tar.gz
install new rpm file:
  rpm -Uvh /usr/src/redhat/RPMS/x86_64/dovecot-1.1.9-0_83.x86_64.rpm
08-11-28
installing dovecot v1.1.7 
yum remove dovecot (to remove v1.0.7, RHEL5 default)
downloaded source files and uncompressed/untarred, had no spec file with it.
downloaded spec file from http://atrpms.net/dist/el5/dovecot/ and put into source dir
downloaded rpm source file from redhat (for V1.0.7) to get spec file
compared the spec files and modified the atrpm spec file a little to more closely match config options in RHEL spec file
created new tgz file (now has spec file in it):
  tar zcf dovecot-1.1.7.tar.gz ./dovecot-1.1.7
created new rpm file:
  rpmbuild -tb dovecot-1.1.7.tar.gz
installed new rpm file:
  rpm -ivh /usr/src/redhat/RPMS/x86_64/dovecot-1.1.7-0_83.x86_64.rpm

08-11-28
phpMyAdmin installation
Please see EPEL Extra Packages for Enterprise Linux 
[0][root@mailX]$ rpm -Uv http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm 
[0][root@mailX]$ yum install phpMyAdmin
Installed: phpMyAdmin.noarch 0:2.11.9.3-1.el5
Installed ProjectPier and dotproject.
08-11-28
ssl certificate generation 
- installed crypto-utils package
- ran genkey program to generate private/public key pair and to generate CSR
- selected 1024 bits and to generate CSR for "other"
- CSR was put in file: /etc/pki/tls/certs/mail.phas.ubc.ca.0.csr
- did not set a passphrase on the private key

You now need to submit your CSR and documentation to your certificate
authority. Submitting your CSR may involve pasting it into an online
web form, or mailing it to a specific address. In either case, you
should include the BEGIN and END lines.

-----BEGIN CERTIFICATE REQUEST-----
MIIB7DCCAVUCAQAwgasxCzAJBgNVBAYTAkNBMRkwFwYDVQQIExBCcml0aXNoIENv
bHVtYmlhMRIwEAYDVQQHEwlWYW5jb3V2ZXIxJzAlBgNVBAoTHlVuaXZlcnNpdHkg
b2YgQnJpdGlzaCBDb2x1bWJpYTEpMCcGA1UECxMgUGh5c2ljcyBhbmQgQXN0cm9u
b215IERlcGFydG1lbnQxGTAXBgNVBAMTEG1haWwucGhhcy51YmMuY2EwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMZqsKZM4RIWKqi2vbXK0bP5f3syQNXzy17Q
BH/fjjraPTa1vN3qCHwb1zdduLEd6ybIWIWN0Dia98BQ6Y9MeBvAM1Y1QGIWdTpc
KL+Yxv4vL1DH/AE+YOzlqk/J1hNa+RF/qtaa70Bzhhgl267jg2TEUzl0kmsJh+u4
PHAFx0HfAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQAyUTjzC+n7jsWsfNbBtZ8R
xhrYAD5dA4VIWPnqS0oQpULDql98oKZZH0yqayn6aSKcMJ/++coxIuXZQB0plkLn
XHn47rewEoz3NJsVe6KqmhVs+ieanFvZzLPkH2+er1kxH7GiNAwFCEQRjyb02nMR
CuejoaO2z9ukJN5F6gumbg==
-----END CERTIFICATE REQUEST-----
08-11-28
bacula client setup on mail
didn't work, need to revisit bacula install
[root@mail bacula-2.4.2]# ./configure --with-python --with-openssl --with-x --prefix=/opt/bacula --exec-prefix=/opt/bacula --sysconfdir=/opt/bacula/etc --with-scriptdir=/opt/bacula/scripts --with-dump-email=root@localhost --with-job-email=root@localhost --with-smtp-host=localhost --enable-client-only

[root@mail bacula-2.4.2]# make install

[root@mail bacula-2.4.2]# make install-autostart-fd
08-08
Dovecot conversion notes

08-07-30
switched to using dovecot deliver as lda around 9pm
Here is a graph showing the effect of the switch to dovecot. This graph shows a more detailed comparison of the load.
08-07-27
08-06-24
08-04-02
08-04-01
08-01-19
06-06-06
06-05-09
05-12-20
05-12-13
05-11-03
05-05-06
05-05-04
05-05-02
- Edited /etc/xinetd.d/imap[s] and changed the cps line from 500 5 to 5000 2.  This controls the number of connections per second and the wait-to-restart time.  I also added the line flags = NOLIBWRAP.  According to documents on the squirrelmail website, this could increase connection performance by up to 10%.
05-02-01

04-10-18
-Fri Oct 15 
WARNING: Kernel Errors Present
VFS: Error -5 occured while...: 16Time(s)  These appear to be due to some users not having quotas set.  I will look into this...

04-07-07

04-05-18

04-05-07

04-04-08
- Updated the SCSI BIOS and FIRMWARE with the help of the IBM tech to v6.10.24.  It is important to update the drivers first and then do the BIOS and FIRMWARE or you may not be able to boot your system since the new BIOS/FIRMWARE may not know about the older drivers.  To do the update, you just need to create the 2 Update Xpress CDs from the IBM website and then boot from them.

04-04-05

04-04-05

04-03-24

04-03-17
- Goal: get smtp auth working so users can send email (relay) through mail.physics.ubc.ca as long as they are securely authenticated.  Things I needed to do:
1. Created /etc/sysconfig/saslauthd and put the following line in it:
MECH=shadow
2. Edited /usr/lib/sasl2/Sendmail.conf and put in the following line:
pwcheck_method:saslauthd
3. chkconfig saslauthd on
4. service saslauthd start
5. Edited /etc/mail/sendmail.mc and enabled/edited the following lines:
define(`confAUTH_OPTIONS', `A p y')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confCACERT_PATH',`/usr/share/ssl/certs')
define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
define(`confSERVER_CERT',`/usr/share/ssl/certs/imapd.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/imapd.pem')
FEATURE(delay_checks)dnl
6. Found good reference at http://www.joreybump.com/code/howto/smtpauth.html.
7. I tested this setup on W3, using the command "sendmail -bD -X /tmp/test.log" to make user everything worked ok.  Log looked like this:
02477 >>> 250 2.0.0 i2HMs7Vq002477 Message accepted for delivery
02479 === CONNECT mail.physics.ubc.ca.
02477 <<< QUIT
02477 >>> 221 2.0.0 w3.p02477 >>> 220 w3.physics.ubc.ca ESMTP Sendmail 8.12.10/8.12.10; Wed, 17 Mar 2004 14:54:07 -0800
02477 <<< EHLO w3.physics.ubc.ca
02477 >>> 250-w3.physics.ubc.ca Hello [192.168.0.100], pleased to meet you
02477 >>> 250-ENHANCEDSTATUSCODES
02477 >>> 250-PIPELINING
02477 >>> 250-8BITMIME
02477 >>> 250-SIZE
02477 >>> 250-DSN
02477 >>> 250-ETRN
02477 >>> 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
Note: LOGIN PLAIN not available yet since we are not yet in an encrypted session
02477 >>> 250-STARTTLS
02477 >>> 250-DELIVERBY
02477 >>> 250 HELP
02477 <<< STARTTLS
02477 >>> 220 2.0.0 Ready to start TLS
02477 <<< EHLO w3.physics.ubc.ca
02477 >>> 250-w3.physics.ubc.ca Hello [192.168.0.100], pleased to meet you
02477 >>> 250-ENHANCEDSTATUSCODES
02477 >>> 250-PIPELINING
02477 >>> 250-8BITMIME
02477 >>> 250-SIZE
02477 >>> 250-DSN
02477 >>> 250-ETRN
02477 >>> 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Note: LOGIN PLAIN now available becasue we are now in an encrypted session
02477 >>> 250-DELIVERBY
02477 >>> 250 HELP
02477 <<< AUTH CRAM-MD5
02477 >>> 334 PDY2Njc1MzgzMi41ODIyMjk1QHczLnBoeXNpY3MudWJjLmNhPg==
02477 <<< cmFwIDU2MjE5YjYxMTI2YmQ4NzEzNDRhZjZmNGNjMmQwOGQ1
02477 >>> 535 5.7.0 authentication failed
02477 <<< AUTH PLAIN AHJhcAAzMS4vRjByZA==
02477 >>> 235 2.0.0 OK Authenticated
02477 <<< MAIL FROM:<rap@w3.physics.ubc.ca>
02477 >>> 250 2.1.0 <rap@w3.physics.ubc.ca>... Sender ok
02477 <<< RCPT TO:<rap@physics.ubc.ca>
02477 >>> 250 2.1.5 <rap@physics.ubc.ca>... Recipient ok
02477 <<< DATA
02477 >>> 354 Enter mail, end with "." on a line by itself
02477 <<< Message-ID: <4058D70F.5050301@w3.physics.ubc.ca>
02477 <<< Date: Wed, 17 Mar 2004 14:54:07 -0800
02477 <<< From: Ron <rap@w3.physics.ubc.ca>
02477 <<< User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007
02477 <<< X-Accept-Language: en-us, en
02477 <<< MIME-Version: 1.0
02477 <<< To: Ron Parachoniak <rap@physics.ubc.ca>
02477 <<< Subject: test 5
02477 <<< Content-Type: text/plain; charset=us-ascii; format=flowed
02477 <<< Content-Transfer-Encoding: 7bit
02477 <<<
02477 <<< test 5
02477 <<<
02477 <<< .
02477 >>> 250 2.0.0 i2HMs7Vq002477 Message accepted for delivery

04-03-12
[root@mail vsftpd]# iostat -d -k -x /dev/sda6 15
 [root@mail root]# vmstat 15

04-01-29

04-01-28

Installed DCC (distributed checksum clearinghouse), DCC version 1.2.29 from http://www.dcc-servers.net/dcc/source/dcc-dccd.tar.Z
To install it, I just ran ./configure, make, make install.  I then checked the spamassassin debug log and it appears to be working OK.


04-01-26

04-01-14
- Moved /var/spool/mail to /mail/inboxes and set up links to it from /var/spool/mail and /var/mail
- Moved /var/spool/[mqueue, mqueue.in, MailScanner] to /mail/[mqueue, mqueue.in, MailScanner] and created links from /var/spool
- Edited /etc/cron.daily/clean.quarantine to enable it and to set new quarantine directory
- downloaded the vacation program from http://rpmfind.net//linux/RPM/PLD/dists/ra/PLD/i686/PLD/RPMS/vacation-1.2.6.1-3.i686.html
and installed it.

 04-01-17
Commissioned new mailserver!

04-01-14
My goal here is to get imap over ssl working.  I need first to generate my server keys and certificates and my CA (Certifying Authority) key and certificate.

Create an RSA private key without a passphrase for the mail server:
edited /usr/share/ssl/openssl.conf and set defaults (including expiry of 3650 days).
cd /etc/httpd/conf
/usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key
chmod go-rwx /etc/httpd/conf/ssl.key/server.key
Generate a CSR (certificate signing request) using the server RSA private key (didn't actually do this since I am doing a self-signed certificate:
umask 77
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out /etc/httpd/conf/ssl.csr/server.csr
Create a self-signed (CA) certificate (x509 structure) using the RSA key of our CA:
umask 77
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 3650 -out /etc/httpd/conf/ssl.crt/server.crt
Make the imapd.pem file so we can connect to the imap server securely:
cd /usr/share/ssl/certs
make imapd.pem

04-01-08

03-04-10

Testing Sendmail

Using telnet

  1. telnet servername portnumber
    If the command works, you receive a response from the SMTP server that is similar to the following: 
    220 site.contoso.com Microsoft Exchange Internet Mail Connector
    Note There are different versions of SMTP servers, and you may receive different responses from the receiving server. What is important is that you receive the 220 response with the FQDN of the server and the version of SMTP. Additionally, all versions of Microsoft SMTP include the term "Microsoft" in the 220 response.
  2. Start communication by typing the following command:
    EHLO test.com
    Note You can use the HELO command, but EHLO is a verb that exists in the Extended SMTP verb set. It is a good idea to use EHLO, unless you believe that there is a problem with the Extended SMTP Verbs.
    If the command is successful, you receive the following response: 
    250 OK
  3. Type the following command to tell the receiving SMTP server who the message is from: 
    MAIL FROM:Admin@test.com
    Note This address can be any SMTP address that you want, but it is a good idea to consider the following issues:
    1. Some SMTP mail systems filter messages based on the MAIL FROM: address and may not permit certain IP addresses to connect or may not permit the IP address to send e-mail to the SMTP mail system if the connecting IP address does not match the domain where the SMTP mail system resides. In this example, that domain is test.com.
    2. If you do not use a valid e-mail address when you send a message, you cannot determine if the message had a delivery problem, because the non-delivery report (NDR) cannot reach an IP address that is not valid. If you use a valid e-mail address, you receive the following response from the SMTP server: 
      250 OK - MAIL FROM Admin@test.com
  4. Type the following command to tell the receiving SMTP server whom the message is to.

    Note It is a good idea to always use a valid recipient SMTP address in the domain that you are sending to. For example, if you are sending to john@domain.com, you must be certain that john@domain.com exists in the domain. Otherwise, you will receive an NDR.

    Type the following command with the SMTP address of the person you want to send to:

    RCPT TO: User@Domain.Com
    You receive the following response: 
    250 OK - Recipient User@ Domain.Com
  5. Type the following command to tell the SMTP server that you are ready to send data: 
    DATA
    You receive the following response: 
    354 Send data. End with CRLF.CRLF
  6. You are now ready to start typing the 822/2822 section of the message. The user will see this part of the message in their inbox. Type the following command to add a subject line: 
    Subject: test message

    Press ENTER two times. You do not receive a response from this command.

    Note The two ENTER commands comply with Request for Comments (RFC) 822 and 2822. 822 commands must be followed by a blank line.

  7. Type the following command to add message body text: 
    This is a test message you will not see a response from this command.
  8. Type a period (.) at the next blank line, and then press ENTER. You receive the following response: 
    250 OK
  9. Close the connection by typing the following command: 
    QUIT
    You receive the following response: 
    221 closing connection
  10. Verify that the recipient received the message that you sent. If any error event messages appear in the application event log, or if there are problems receiving the message, check the configuration or the communication to the host. 
To make sure your sendmail binary is compiled with Milter support just run :
    * sendmail -d0.13 -bv root | grep MILTER (works for sendmail 8.10.x, 8.11.x,8.12.x).
    * or sendmail -d0.1 -bv root | grep MILTER (works for sendmail 8.12.x) 

Few Milter solutions are multi-purpose ones : most of them try to address one given need 
(virus-scanning, antispam, ...). Remember you can use several Milters (several 
INPUT_MAIL_FILTER definitions in the .mc file) if a single one does not offer all the 
features you need.

Opensource milters:
http://milter.free.fr/intro/index.html
You can display class w entries with the following command: 
echo '$=w' | sendmail -bt -d0.4
By default, class w contains localhost, the IP address 127.0.0.1, and the system's IP address(es), fully qualified domain names, and short hostnames. Entries placed in /etc/mail/local-host-names or /etc/mail/sendmail.cw are added to these default values.

Testing SMTP AUTH connections

http://qmail.jms1.net/test-auth.shtml

When setting up a mail server, one of the things you should do before you "go live" is to test it- not only to make sure things which should work, do work, but to make sure things which shouldn't work, don't.

One of the things to test is whether or not your server correctly supports the AUTH command. This command is used when a remote client wishes to identify themself as an "authenticated" user, normally so that they can use your server as an outbound mail relay. This is very handy for companies with employees who travel, or for ISPs with clients who travel.

Find your authentication information

In order to use the AUTH command, you need to know the base64-encoded version of the userid and password you will be using to authenticate to the server. Normally this would be the same as the userid and password you would use to check your mail using IMAP or POP3. This perl command (which requires the MIME::Base64 module) will do the encoding for you:

% perl -MMIME::Base64 -e 'print encode_base64("\000jms1\@jms1.net\000not.my.real.password")'
AGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ=

Note: Make sure to use \0 both as the first character of what you're encoding, and as the separator between the userid and the password. There was an error with the original version of these directions- I had forgotten about needing a \0 at the beginning. Sorry all!
Another reader pointed out that perl silently interprets the "@" sign in the middle of a string and replaces it with the contents of an array with that name, if one exists... or with nothing, if not. I just did a full two-way test with my real password, and it turns out if you don't put a backslash in front of the "@" sign it won't work. Good call.
And JT Justman pointed out that if you use \0 as the separator, and the userid or password happens to start with a digit, perl will try to find and use a three-digit octal character code instead of a one-digit null byte with two normal digits behind it. Using \000 instead of just \0 prevents this from happening.

Connecting to the server

Depending on how the server is configured, you may need to use SSL or TLS before you are able to use the AUTH command. In fact, if you are able to use the AUTH command without using either SSL or TLS, you are in fact sending your userid and password over the internet in clear text. Anybody with a packet sniffer in the right spot will be able to read the base64-encoded string you send to authenticate, and it's really easy to decode that stuff- in fact the same command above will work if you change "encode_base64" to "decode_base64" (and put the encoded string between the double quotes, obviously.)

  • To connect to a normal, non-secured SMTP server on IP address 1.2.3.4, you would use this command:

    % telnet 1.2.3.4 25

  • To connect to a server which should support TLS, you may wish to verify that it does support TLS first. When you send the EHLO command, the server will respond with a list of the items it supports. If you see STARTTLS on the list, it means the server will allow you to send the STARTTLS command. Example:

    % telnet 1.2.3.4 25
    220 a.mx.jms1.net NO UCE ESMTP
    ehlo testing
    250-a.mx.jms1.net NO UCE
    250-STARTTLS
    250-PIPELINING
    250 8BITMIME
    quit

    Once you have verified that the server supports the STARTTLS command, you can use the "-starttls smtp" option of openssl s_client to connect. This makes openssl connect normally (without encryption), send a STARTTLS command, negotiate the SSL encryption, and then allow you to interact with the encrypted session. For example, to connect to a TLS-enabled SMTP servers on IP address 1.2.3.4, you would use this command:

    % openssl s_client -starttls smtp -crlf -connect 1.2.3.4:25

  • And for an SSL server (where you connect to a different port number and have to establish an SSL connection before the SMTP conversation even starts) on IP address 1.2.3.4 port 465, you would use this command:

    % openssl s_client -crlf -connect 1.2.3.4:465

Make sure the server supports AUTH

When you first connect to an SSL or TLS server, you will see the key-exchange information fly by on the screen, and the last line you see when it stops scrolling text will be the server's "banner" message, which tells the client that the server is ready to accept commands. For a non-secured connection, the first thing you see will be the banner.

When the banner is received, a normal SMTP client would send an EHLO command to the server in order to identify the client machine, as well as ask for a list of the capabilities supported by the server.

If you are using an openssl command to connect to an SSL or TLS server, make sure to enter your SMTP commands in lowercase as shown here. The openssl "s_client" command watches what you type- if you send a line of text starting with a capital "R", it will re-key the SSL layer instead of sending your command to the server... and if you send a line of text which starts with a capital "Q", it will terminate the SSL connection and exit.

220 a.mx.jms1.net NO UCE ESMTP
ehlo testing
250-a.mx.jms1.net NO UCE
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-PIPELINING
250 8BITMIME

Look at the response from your EHLO command, make sure AUTH is on the list, and that PLAIN is one of the options it supports. If it's not listed, the server will not let you send an AUTH command. This may be because the connection is not secured and the server is protecting you from sending your authentication information across the net in plain text...

Sending the AUTH command

Assuming the server supports AUTH, we will send the actual AUTH command to try and authenticate.

AUTH PLAIN AGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ=
235 ok, go ahead (#2.0.0)

If you see this message, you are authenticated. If you see this one instead...

AUTH PLAIN AGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ=
535 authorization failed (#5.7.0)

... then obviously it means you are not authenticated. If you were not able to authenticate, you can try another AUTH PLAIN command- although if the server is logging the traffic or running an intrusion detection system, having multiple AUTH commands in a single SMTP session is enough to raise a red flag. Be careful not to ban your test client's IP address.

Sending the message

Once you are authenticated, you may continue with a normal SMTP conversation and the server should accept any message from you, whether you are relaying to an outside domain or not. Even if you don't authenticate, the server will still accept messages from you- it just won't relay (it will act the same as if you had never entered an AUTH command at all.)

mail from: <nospam@jms1.net>
250 ok
rcpt to: <nospam@jms1.net>
250 ok
data
354 go ahead
From: John <nospam@jms1.net>
To: Nobody <nospam@jms1.net>
Subject: fnord

hail eris!
.
250 ok 1113954693 qp 29052
quit
221 a.mx.jms1.net NO UCE

Testing IMAPD
IMAPD Testing 
[root@mail root]# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS AUTH=LOGIN] localhost.localdomain IMAP4rev1 2003.338rh at Thu, 27 Sep 2007 14:34:47 -0700 (PDT)
A01 CAPABILITY
* CAPABILITY IMAP4REV1 IDLE NAMESPACE MAILBOX-REFERRALS BINARY UNSELECT SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND LOGIN-REFERRALS STARTTLS AUTH=LOGIN
A01 OK CAPABILITY completed
A02 LOGOUT
* BYE mail.phas.ubc.ca IMAP4rev1 server terminating connection
A02 OK LOGOUT completed
Connection closed by foreign host.
Testing pop 
[root@mail ~]# telnet localhost pop3
+OK dovecot ready.
user johndoe
+OK
pass password
+OK Logged in.
list
+OK 1 messages:
1 622
.
retr 1
+OK 622 octets
Return-Path: 
X-Original-To: johndoe
Delivered-To: johndoe@mail.acme.local
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
        by mail.acme.local (Postfix) with SMTP id 9729067C17
        for ; Thu, 22 Feb 2007 09:06:37 -0500 (EST)
Message-Id: <20070222140640.9729067C17@mail.acme.local>
Date: Thu, 22 Feb 2007 09:06:37 -0500 (EST)
From: johndoe@mail.acme.local
To: undisclosed-recipients:;
X-IMAPbase: 1172153557 1
Status: O
X-UID: 1
Content-Length: 5
X-Keywords:


test
.
quit
+OK Logging out.
Connection closed by foreign host.
[root@mail ~]#
Testing TLS - 17-06-09, rdp 
rap@ada:~$ openssl s_client -starttls smtp -crlf -connect smtp.phas.ubc.ca:587
CONNECTED(00000003)
depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
verify return:1
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
verify return:1
depth=0 OU = Domain Control Validated, CN = *.phas.ubc.ca
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/CN=*.phas.ubc.ca
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
 3 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIHKzArIl0lbDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UE
BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY
BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMu
Z29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3Vy
ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xNDA0MTQyMjQwMDVaFw0x
ODA4MTIxNzMxMTdaMDsxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRl
ZDEWMBQGA1UEAwwNKi5waGFzLnViYy5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK+T9PRn9qAtaKB1DjS7uw6xzUIhJX5YD6zsEog9M2PB7s6t7TqW
LqT2l/aJAIZKLZnalmJMoR2b0u8Cl8hjAhMaWW1dLeQsLp4N8LQat6xPUTICS8I1
3IYrAj8cqW2vTfZC8HORa4mMnh/yqD9AiXJc9Zu7/XCYE4yYaqhhpLXHUDM8HeDI
ek4I2SslSkoYW1P396PUSZPZ7veHMhVZpaZpCJ60P4Ci04Rg0U1FqpxCb3/RPRXC
uChcOYRolYOnbOj6fZ/kkDQMR0T5g1Vp0m+PEyLpOOfXWC/ZP45sUUDAKO7crTkm
HrMjrKRqbwX+u3MRSCmCj1uUxWqPOy7VYBMCAwEAAaOCAbAwggGsMA8GA1UdEwEB
/wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB
/wQEAwIFoDA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdvZGFkZHkuY29t
L2dkaWcyczEtNDIuY3JsMFMGA1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3Bggr
BgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0
b3J5LzB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdv
ZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2Rh
ZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0
gzCiM9f7bLPwtCyAzjAlBgNVHREEHjAcgg0qLnBoYXMudWJjLmNhggtwaGFzLnVi
Yy5jYTAdBgNVHQ4EFgQU70cF9ruMsWsmTEQ1l5RwbBvmV30wDQYJKoZIhvcNAQEL
BQADggEBAFgz5naeLjhoYGQja+v3u+HX/CEEiB8lTFQMDA26ghcofO++7+zENss5
Tbbs2Cph99xaMh//EIAZRxN/GKZn9CUIdzCvvp82PwxuSW34EvXXoUJRU76tHv3X
0PSd1McFiPq26eO/iMbk+ROaKwviHpTLKDHQLP4bby8E1I094bJskro6iYmc7a16
Z5Vo7mo3fIaxaZnKpuNnSY6uyWC1vOUjpIY85wBcCCYZlJGLVtja1lS6N0CjXAD6
5X5n6EBZGHRSN19TruJC/+q65d6a5FRfUq/aY/p3Alxq21j68o0jLqpDozIKh8pI
yOddBN1aZKrUKZjoZlL3Rs/GhHsufeo=
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=*.phas.ubc.ca
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
---
Acceptable client certificate CA names
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Client Certificate Types: RSA fixed DH, DSS fixed DH, RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: DH, 2048 bits
---
SSL handshake has read 6652 bytes and written 566 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384
    Session-ID: 9718FC75BD24A59CA9AB5F1EA7CC2582FA6E2A489AB06E8C36E81064DA2906AF
    Session-ID-ctx: 
    Master-Key: E7FF56EA1089736F70A6C87DDF16314AA3E531CA52DE71BE57F7CBD3841ADDCD32D79163067C568DED2111CED9A971AB
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 1 (seconds)
    TLS session ticket:
    0000 - 29 05 8b 3c fd cc 73 a9-98 a0 9d f2 9f ad 94 5b   )..<..s........[
    0010 - ab 6f f8 70 9b 16 44 e5-50 53 d2 64 fe 28 37 6f   .o.p..D.PS.d.(7o
    0020 - 87 88 bc 28 de b7 ca c0-ad b4 a5 c8 19 c1 3a 91   ...(..........:.
    0030 - 17 61 8f dc ad 17 6f 73-e3 1e 48 0a 4f 94 ea 07   .a....os..H.O...
    0040 - 7c 35 10 c7 91 5e 45 42-df 67 2e 72 a2 03 17 99   |5...^EB.g.r....
    0050 - 0d 42 57 f6 f3 fd 2e 16-e0 9a a7 8e 1c bf 6a 1b   .BW...........j.
    0060 - b8 8d 39 b7 25 e1 01 96-b8 4a a5 7d cf 32 ad 99   ..9.%....J.}.2..
    0070 - 25 33 a2 a7 e5 e4 df 34-30 96 ed 02 57 c9 d8 9d   %3.....40...W...
    0080 - 46 58 78 d1 e4 ad ad a8-46 dd 27 04 5f 12 05 51   FXx.....F.._..Q
    0090 - eb 72 3c ac f9 d2 be 4c-9a 7c 24 7b 89 73 be 91   .r<....L.|${.s..

    Start Time: 1497046301
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 HELP
ehlo localhost
250-mail.phas.ubc.ca Hello ada.phas.ubc.ca [142.103.235.80], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
QUIT
DONE
Testing POP3 TLS/SSL
This is a followup to Juliet Kemp's excellent Troubleshooting Linux Servers with telnet article. This is adapted from the aging but still-excellent Linux Cookbook.

Telnet does not support any encryption. If you are protecting your POP3 sessions with TLS/SSL then you need s_client, which is part of OpenSSL. You can query both local and remote mail servers, using your own server names of course. Commands that you type are in bold:

$ openssl s_client -connect localhost.com:995
$ openssl s_client -connect remotehost.com:995

You'll see a whole lot of lines about certificates and protocols, and eventually something like this:

---
+OK Dovecot ready.

Now we know we're talking to a Dovecot server. Dovecot supports both secure POP3 and secure IMAP. Now I can give Dovecot my login. Note that if you enter an invalid username it won't tell you, but will still say +OK:


+OK Dovecot ready.
user carla
+OK
pass password
+OK Logged in.

Let's see if I have any messages:

list
+OK 2 messages:
1 1759
2 12422

Yay, two messages for me! Use the retr command to read them:

retr 1
+OK 1759 octets
[snip headers]
Date: Tue, 15 Feb 2011 11:56:48 -0800
From: Mom
To: carla@example.com
Subject: dinner this weekend
[snip message-id]

Hello Little Carla,

We're having a little get-together this weekend and hope you can come. Bring your fabulous chicken skewers.

Love,
the Mama

To read the second message type retr 2. To delete messages type dele followed by the message number, for example dele 1. Messages are not really deleted until you type quit, so you can change your mind and un-delete with the rset command, which un-deletes all messages marked for deletion.

You may need to use the domain name on a remote server to log in, for example user carla@example.com. RFC 1939 contains a complete listing of POP3 commands.

Testing IMAP TLS/SSL
This is how to talk to an IMAP server over TLS/SSL. Again, commands that you type are in bold, and remember to use your own server name and login:

$ openssl s_client -connect localhost.com:993
CONNECTED(00000003)
[snip mass certificate and protocol lines]
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

login carla password
a001 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in

Hurrah, we're in! Now let's list mailboxes:

a002 list "" "*"
* LIST (\HasChildren) "." "INBOX"
* LIST (\HasNoChildren) "." "INBOX.INBOX_Trash"
* LIST (\HasNoChildren) "." "INBOX.Trash"
* LIST (\HasNoChildren) "." "INBOX.read"
* LIST (\HasNoChildren) "." "INBOX.Queue"
* LIST (\HasNoChildren) "." "INBOX.INBOX_Drafts"

And let's see what's in the Inbox:

a003 examine inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft Junk NonJunk)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 10 EXISTS
* 0 RECENT
* OK [UNSEEN 1] First unseen.
* OK [UIDVALIDITY 1291459647] UIDs valid
* OK [UIDNEXT 8026] Predicted next UID
* OK [HIGHESTMODSEQ 2710] Highest
a003 OK [READ-ONLY] Select completed.

There are ten messages; let's read the body of the fourth one without the headers:

a004 4 rfc822.text
* 4 FETCH (RFC822.TEXT {857}
On Tue, 15 Feb 2011 11:44:21 -0800
Edwin Hungrytum wrote:

I hear there is going to be food this weekend-- may I come?

Thanks!
Edwin

a005 OK Fetch completed.

I'm bored with reading email this way, so it's time to go:

a005 logout
* BYE Logging out
a005 OK Logout completed.
closed

There are many different commands for listing messages, and reading headers and selected headers. Read all about them in RFC 3501.

BIOS SETUP and Boot Info:
LSI Logic Corp MPT IM BIOS
MPTBIOS-IM-5.03.07
IBM Build:
HBA
 ID
 LUN
 Vendor
 Product
0
 7
 0
 LSI
 LSI 1030 [  402] 1000E00
0
 8
 0
 IBM
 32P0032a S320 1 1
1
 7
 0
 LSI
 LSI 1030 [  402] 1000E00
BIOS Version 1.08

System Summary (from ServerGuide):
       Item                                        Details
---------------------------------------------------------------------
System serial number                               KPMH959
Machine type                                       8670
System memory                                      2550MB
Processors, processor slots                        2, 2
Date and time                                      10/04/2003, 12:01:16
System BIOS version                                1.08
ROM diagnostics build level                        15
Integrated System Management Processor             Revision 14               
ServeRAID-5i Adapter                               Firmware 5.11.05
                                                   1 Logical Drive
System Partition                                   Created
DISASTER RECOVERY
  1. Install a new server.
  2. Load RHEL - currently running RHEL AS 5.
  3. Install updates using up2date.
  4. Copy over backup files from alpha:/home/backups/mail (these files are rsync'd daily). Checklist follows:
    • /etc/aliases
    • /etc/crontab
    • /etc/exports
    • /etc/hosts
    • /etc/hosts.allow
    • /etc/named.conf
    • /etc/php.ini
    • /etc/xinetd.d/imap
    • /etc/xinetd.d/imaps
    • /etc/xinetd.d/ipop2
    • /etc/xinetd.d/ipop3
    • /etc/xinetd.d/pop3s
    • /etc/cron.daily/dirdump.cron
    • /etc/cron.daily/rsync-backup
    • /etc/cron.daily/squirrelmail.cron
    • /root/.bashrc
    • /etc/cron.d/*
    • /etc/httpd/*
    • /etc/mail/*
    • /etc/squirrelmail/*
    • /mail/mailman/*
    • /mail/slist/*
    • /opt/sysadmin/*
    • /usr/share/ssl/*
    • /usr/share/squirrelmail/plugins/*
    • /var/lib/squirrelmail/*
    • /var/named/*
    • /var/spool/cron/*
  5. Check sendmail installation
    • DO NOT START Sendmail until /mail and /var/spool/mail are in place!!
    • /mail is actually on XserveRAID so you need to mount it.
    • start sendmail and check
  6. Check certificates - should be in place from backup.  If needed, re-created or install as per below.
  7. Check web server installation - https.
  8. Check mailman installation.
  9. (install firestarter).
  10. Install Netvault. (alpha:/home/backups/netvault)
  11. Check vsftpd installation (/etc/vsftpd/vsftpd.conf).  Needed for (sqmail) vacation program.
  12. Check NFS exports to warp/hyper.
  13. Check hosts.allow file.
Additional, non-critical items to take care of:
  1. Install APCUPSD (it is in /usr/local/src which is backed up
  2. Start nscd.
 
        [root@mail root]# df -h
        Filesystem            Size  Used Avail Use% Mounted on
        /dev/sda3             9.7G  4.8G  4.4G  53% /
        /dev/sda1              99M   68M   26M  73% /boot
        /dev/sda2             9.7G   33M  9.1G   1% /chroot
        /dev/sdb1             962G  229G  723G  25% /mail
        /dev/sda6             114G   28G   81G  26% /var/spool/mail
        none                  4.0G     0  4.0G   0% /dev/shm
Chkconfig --list output:
Installation Notes
  1. When I started the DS3200/EXP3000, the Summary Fault light on the DS3200 came on. .
  2. Had to uninstall old Storage Manager software before I could reinstall the new. When reinstalling I got warnings that the config files (emwback_v03.bin, emwdata_v03.bin) shoudl be backed up because they would be overwritten. I backed them up but didn't need to use the backups for anything.
  3. Upgraded firmware and light went out.
  4. Newer firmware became available. When I tried to update it, it would not let me select the appropriate firmware file - said it wasn't valid. Turns out I had to use the standalone formware upgrade utility (/opt/IBM_DS4000/upgrade/SMfwupgrade).
  5. Used Storage Manager software to create a RAID5 array named RAID5_00 and then created a logical drive named LogicalDrive00 that used all of the array space.
  6. Used Storage Manager software to create a RAID5 array named RAID5_01 and then created a logical drive named LogicalDrive01 that used all of the array space.
  7. Download the RDAC (Redundant Disk Array Controller) driver from IBM (rdac-LINUX-09.03.0C05.0029-source.tar.gz). Unpacked, ran make clean, make, make install. Got message, MPP driver package has been successfully installed on your system. This created a new MPP initrd image. Edited boot loader configuration file, /boot/grub/menu.lst, to add a new boot menu, which uses mpp-2.6.18-92.1.18.el5.img as the initrd image. Rebooted the system for MPP to take effect. 
    New boot menu entry:
       title Red Hat Linux (2.6.18-92.1.18.el5) with MPP support
       root (hd0,0)
       kernel /vmlinuz-2.6.18-92.1.18.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet crashkernel=128M@16M
       initrd /mpp-2.6.18-92.1.18.el5.img
  8. Installing SystemXpress updates. Downloaded updates for the x3650 into /opt/x3650/UpdateXpress_SystemPack/v1.3_RHEL5/SystemPack. Put the installer files into the same directory. Ran the installer in compare mode (./SystemPack_Installer/install201.rhel5 co) to see which updates are required.
  9. Installed Raidman version 9.
  10. Used logical volume manager to create disk volumes. I striped the two RAID5 arrays to make logical volume LogVol_Mail.  
    [0][root@mailX]$ pvdisplay
      --- Physical volume ---
      PV Name               /dev/sdc1
      VG Name               VolGrp02
      PV Size               1.06 TB / not usable 4.00 MB
      Allocatable           yes (but full)
      PE Size (KByte)       4096
      Total PE              278999
      Free PE               0
      Allocated PE          278999
      PV UUID               I3e9qz-E3GS-wvCt-jEWh-42fz-zBR5-zpoMiB

      --- Physical volume ---
      PV Name               /dev/sdd1
      VG Name               VolGrp02
      PV Size               1.06 TB / not usable 4.00 MB
      Allocatable           yes (but full)
      PE Size (KByte)       4096
      Total PE              278999
      Free PE               0
      Allocated PE          278999
      PV UUID               4Pbp59-Iar6-tCVP-33QK-8bID-rf1R-xraymc

      --- Physical volume ---
      PV Name               /dev/sdb1
      VG Name               VolGrp01
      PV Size               68.25 GB / not usable 1023.50 KB
      Allocatable           yes (but full)
      PE Size (KByte)       4096
      Total PE              17472
      Free PE               0
      Allocated PE          17472
      PV UUID               Va5a6m-A1Ij-McvW-TfD8-AQLC-bLcA-EkY0eV

      --- Physical volume ---
      PV Name               /dev/sda2
      VG Name               VolGroup00
      PV Size               68.15 GB / not usable 22.34 MB
      Allocatable           yes (but full)
      PE Size (KByte)       32768
      Total PE              2180
      Free PE               0
      Allocated PE          2180
      PV UUID               ITSSkW-OVHA-ppng-ykMc-dQKT-piL1-BdWj7Y

    [0][root@mailX]$ lvdisplay
      --- Logical volume ---
      LV Name                /dev/VolGrp02/LogVol_Mail
      VG Name                VolGrp02
      LV UUID                hzObfP-4Vym-SWt1-mXeb-a5uX-D8rJ-CL2GZ0
      LV Write Access        read/write
      LV Status              available
      # open                 1
      LV Size                2.13 TB
      Current LE             557998
      Segments               1
      Allocation             inherit
      Read ahead sectors     auto
      - currently set to     256
      Block device           253:2

      --- Logical volume ---
      LV Name                /dev/VolGrp01/LogVol_Mail_Indexes
      VG Name                VolGrp01
      LV UUID                km8BYm-Skr0-E6Wo-7xeS-eNVg-IuWr-NKxWDi
      LV Write Access        read/write
      LV Status              available
      # open                 1
      LV Size                68.25 GB
      Current LE             17472
      Segments               1
      Allocation             inherit
      Read ahead sectors     auto
      - currently set to     256
      Block device           253:3

      --- Logical volume ---
      LV Name                /dev/VolGroup00/LogVol00
      VG Name                VolGroup00
      LV UUID                KhVvaa-oQ7a-sKqZ-l5lL-ZK07-2sOT-roL1V9
      LV Write Access        read/write
      LV Status              available
      # open                 1
      LV Size                66.19 GB
      Current LE             2118
      Segments               1
      Allocation             inherit
      Read ahead sectors     auto
      - currently set to     256
      Block device           253:0

      --- Logical volume ---
      LV Name                /dev/VolGroup00/LogVol01
      VG Name                VolGroup00
      LV UUID                yUoVBH-LDxb-0wUz-9N0c-w2Sj-vEUZ-oapHbw
      LV Write Access        read/write
      LV Status              available
      # open                 1
      LV Size                1.94 GB
      Current LE             62
      Segments               1
      Allocation             inherit
      Read ahead sectors     auto
      - currently set to     256
      Block device           253:1

    [0][root@mailX]$ df -h
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/mapper/VolGroup00-LogVol00
                           65G  6.2G   55G  11% /
    /dev/sda1              99M   37M   58M  39% /boot
    tmpfs                  16G     0   16G   0% /dev/shm
    /dev/mapper/VolGrp02-LogVol_Mail
                          2.1T  251G  1.8T  13% /Mail
    /dev/mapper/VolGrp01-LogVol_Mail_Indexes
                           68G  1.7G   63G   3% /MailIndexes
            
  11. [0][root@mailX]$ lsmod
    Module                  Size  Used by
    ip_conntrack_netbios_ns    36033  0 
    xt_state               35265  11 
    ip_conntrack           91237  2 ip_conntrack_netbios_ns,xt_state
    nfnetlink              40457  1 ip_conntrack
    iptable_filter         36161  1 
    ip_tables              55329  1 iptable_filter
    ip6table_filter        36033  1 
    ip6_tables             50049  1 ip6table_filter
    mptctl                 63817  0 
    autofs4                57289  2 
    sunrpc                198025  1 
    ipt_REJECT             38849  1 
    ip6t_REJECT            38849  1 
    xt_tcpudp              36417  27 
    x_tables               50377  6 xt_state,ip_tables,ip6_tables,ipt_REJECT,ip6t_REJECT,xt_tcpudp
    cpufreq_ondemand       42449  8 
    dm_multipath           52945  0 
    video                  53197  0 
    sbs                    49921  0 
    backlight              39873  1 video
    i2c_ec                 38593  1 sbs
    button                 40545  0 
    battery                43849  0 
    asus_acpi              50917  0 
    acpi_memhotplug        40133  0 
    ac                     38729  0 
    ipv6                  420609  114 ip6t_REJECT
    xfrm_nalgo             43845  1 ipv6
    crypto_api             42177  1 xfrm_nalgo
    parport_pc             62313  0 
    lp                     47121  0 
    parport                73165  2 parport_pc,lp
    ide_cd                 73697  0 
    cdrom                  68713  1 ide_cd
    serio_raw              40517  0 
    i2c_i801               41685  0 
    bnx2                  173917  0 
    i2c_core               56129  2 i2c_ec,i2c_i801
    shpchp                 70765  0 
    i5000_edac             42177  0 
    edac_mc                60193  1 i5000_edac
    pcspkr                 36289  0 
    dm_snapshot            50569  0 
    dm_zero                35265  0 
    dm_mirror              60489  0 
    dm_mod                 99481  14 dm_multipath,dm_snapshot,dm_zero,dm_mirror
    mppVhba               162016  2 
    ata_piix               54981  0 
    libata                192345  1 ata_piix
    mptsas                 69201  1 
    mptscsih               69569  1 mptsas
    scsi_transport_sas     66753  1 mptsas
    mptbase               111461  3 mptctl,mptsas,mptscsih
    aacraid               101573  5 
    mppUpper              143436  1 mppVhba
    sg                     69865  2 
    sd_mod                 56257  9 
    scsi_mod              188665  10 mptctl,mppVhba,libata,mptsas,mptscsih,scsi_transport_sas,aacraid,mppUpper,sg,sd_mod
    ext3                  167249  4 
    jbd                    93873  1 ext3
    uhci_hcd               57433  0 
    ohci_hcd               54493  0 
    ehci_hcd               65741  0
  12.   
        [root@mail root]# df -h
DS3200 Configuration Info

For more assistance contact Ron Parachoniak, rap@phas.ubc.ca ( Sysadmin )

webmaster@phas.ubc.ca [Dept. Home Page] last updated: June 28, 2005