That’s why it took me so long till I found out what’s the problem. First there was problem with squidGuard that all the configuration was done perfectly but the filtering was not working, end up manage to find the problem was the blacklist was not build with .db format. Second problem was the new Squid configuration for transparent mode was different from the older version and much more simpler. Below I write up all the steps to configure transparent proxy with squidGuard.

Pre-requisite : Squid-2.6, squidGuard-1.4 and iptables

1) Squid and iptables can be installed from the distro cd media, I’ll assume you have already done so.

2) Download squidGuard from here, unpack the package after finish download and do the installation as follow:-

cd squidGuard-1.2.0
./configure
make
make install

3) After done the installation, now you need to download the blacklist file and I have do a small script to download the blacklist and update into the db folder. Copy the following and paste into a new file, save the file and change the file mode to 777 by “chmod 777 <filename>”.

cd /usr/local/squidGuard/db/
rm -f /usr/local/squidGuard/db/blacklists.tgz
wget -c http://squidguard.mesd.k12.or.us/blacklists.tgz
rm -rfv /usr/local/squidGuard/db/blacklist/*
tar xvfz /usr/local/squidGuard/db/blacklists.tgz
/usr/local/bin/squidGuard -C all
chown -R squid.squid /usr/local/squidGuard/db/blacklists/*

You need to configured the squidGuard.conf before you can use the squidGuard, here is a sample of the squidGuard.conf configuration file for your reference.

4) Just execute “./<filename>” to download the blacklist and update the blacklist database. You also can schedule this script to run weekly to update the blacklist database via crond.

5) After done the SquidGuard installation we proceed to configure the Squid to enable the SquidGuard filter and add the following

redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf

at the end of the squid.conf file.

6) Then look for the line contain “http_port 3128” and add “transparent” behind as below

“http_port 3128 transparent”

this is how it enable the transparent proxy for the new squid version. Save the file and reload the squid using the following command

/sbin/service squid reload

7) The transparent proxy would not successful without add a firewall rules in the iptables as below

$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

change the “eth0” according to your network interface and add other firewall rules that required but I would not cover it here as it depend on your network environment. Make sure you have put the above line into “/etc/rc.local” so everytime the system boot up will have the iptables rules enabled.

Here we have completed on the Squid Transparent Proxy with SquidGuard successfully configured.

When I found out that then i know this is not easy man, migrate from webmail to Mdaemon as you all know that webmail store all the email is using Maildir format and not Mbox. If the email store in Mbox format, I can use Mdaemon Multipop to pull the email from Debian mail server and this will much more easier. So the fact now is all the email is store in Maildir and it need to be migrate to Mdaemon, my first plan as follow :-

1) Copy all the email inside Maildir folder that consist of cur, new, tmp folder and paste to mdaemon server
2) Import back into Mdaemon using outlook express

The first plan sound like will work right, but end up with problems. Each of the email inside Maildir file name is too long and when copied over to windows each of the email file name is all same and it can’t be imported. So have to find another solutions and I was thinking to do the following:-

1) Convert Maildir to Mbox format
2) Copy the mbox file to Mdaemon
3) Extract the mbox file into individual emails
4) Import all the emails using outlook express

Second plan sounds good but need to see whether I can find any tools that can do that from the net, and very glad that I manage to find all the tools needed. I found a tools call Maildir to Mbox conversion from here and another tools call Mbox2eml but I have lost the website but I have uploaded the tools here.

Here you can get the manual on how to do the migrations.

Source : System Aligned

Here I’ll show you on how to set sendmail to listen on port other then 25 or using the MSA port 587.  This how-to based on “Centos 5.0″

Requirement

sendmail-cf-8.13.8-2.el5
sendmail-8.13.8-2.el5

1. Make sure you have the 2 packages installed on your Linux machine. It can be any version as all the setting is done through the .mc files. To check if the packages is install by issuing this command:-

 # rpm -qa | grep sendmail

2.  Go to the “/etc/mail” folder and edit the sendmail.mc file.

# cd /etc/mail
# vi sendmail.mc

After edit the “sendmail.mc” file, look for the following lines:-

dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea’)dnl

to activate this option, remove the word “dnl” infront of the statement like:-

DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea’)dnl

Save the file.

3. Backup your sendmail.cf configuration file first before you make the new sendmail.cf file.

# cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.<date>

then you can run the following command to create the new sendmail.cf file

# make -C /etc/mail

now restart your sendmail

# /sbin/service sendmail restart

Shutting down sm-client:                                   [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail:                                         [  OK  ]
Starting sm-client:                                        [  OK  ]

4. Test to telnet to port 587 and see if its working

# telnet localhost 587

[root@mmix mail]# telnet localhost 587
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 abc.com.my ESMTP Sendmail 8.13.8/8.13.8; Fri, 7 Dec 2007 03:41:16 +0800

once you can see the above msg, that’s mean your sendmail now is accepting both port 25 and 587. My friend Wing loon, have another how-to on using IPTABLES to redirect port 25 to another port.

Source : Sendmail.org | Wingloon.com 

In this guide, I will not go details into the basic sendmail configuration as I assume you’re familiar with the basic sendmail setup. I will more concentrate on the SMTP AUTH module and this guide can be applied to either Centos 4.x or Centos 5.x.

Requirement :

sendmail
sendmail-cf
cyrus-sasl
cyrus-sasl-devel
cyrus-sasl-lib
cyrus-sasl-plain
cyrus-sasl-md5

1. First you need to have sendmail installed either the service is started or stopped. Edit the sendmail.mc file under the “/etc/mail” folder.

cd /etc/mail
vi sendmail.mc

2. Un-comment the following lines:-

define(`confAUTH_OPTIONS’, `A’)dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
define(`confAUTH_MECHANISMS’, `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl

Eg.

define(`confAUTH_OPTIONS’, `A’)dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS’, `A p’)dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
define(`confAUTH_MECHANISMS’, `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl

by default the “confAUTH_OPTIONS” is already un-commented, just leave it and un-comment the remaining 2 lines.

3. After made the changes, you need to create the new sendmail.cf file using the configuration from the

sendmail.mc. Run the following command to generate the new sendmail.cf file:

make -C /etc/mail

4. After generating the new sendmail.cf, you edit the basic setting for sendmail and start the sendmail service:-

/sbin/service sendmail start

make sure you can see the “OK” when the service starting.

5. Now you can test the sendmail see if the server is using the SMTP AUTH module by doing a telnet to port 25.

telnet localhost 25

if you can see like the screenshot below with this line “250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN” means its working.

6. But that’s not all, you still not able to send email out from your server even you have keyin the correct username and password due to the saslauthd authenticator is not started. To do that start the saslauthd services:-

/sbin/service saslauthd start

7. Now you can try to use any email client to test send email to the server without using the SMTP AUTH on the client side and you will get the following error.

just enable the “SMTP AUTH” option in the email client and you can send the email out to the mail server.

8. Make sure both of the services is auto start when the server boot up:-

/sbin/chkconfig –level 2345 sendmail on
/sbin/chkconfig –level 2345 saslauthd on

9. That’s all, you have done the SMTP AUTH for sendmail. Please drop me a comment if you found any error during your implementation and I’ll glad to help out.

Source : sendmail.org

If you’ve ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc…) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn’t it be better to automatically prevent that attacker from continuing to gain entry into your system?

This is where Denyhost come in place, where it check for any host that try to login within few failed attempt the remote host ip will be block from login for week or month depend on your setting.

You need to have the followng packages installed:-

1. First you need to download from this website denyhost from here

cd /opt

wget -c http://optusnet.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz

2. Extract the file

tar xvfz /opt/DenyHosts-2.6.tar.gz

cd /opt/Denyhost-2.6

3. Install the package

python setup.py install

4. After install, the sample configuration file will be located in /usr/share/denyhosts and you need to copy it

cd /usr/share/denyhosts
cp denyhosts.cfg-dist denyhosts.cfg

5. Edit the denyhosts.cfg file and change the following lines:-

PURGE_DENY = 2w # purge the blocked entries after 2 week. Default is never
BLOCK_SERVICE = ALL # default is sshd only, prefered to block all
DENY_THRESHOLD_INVALID = 3 # default is 5, deny host if failed 3 login attempt.

the rest of the setting can leave it as default and it works perfectly. They do have other function that can send notification through email when new

block ip added.

6. We have done the setting part, now is to have the Denyhost to start automatically when server bootup. Copy the daemon-control file into

“/etc/rc.d/init.d/” folder.

cp daemon-control-dist /etc/rc.d/init.d/denyhost
chkconfig –add denyhost

7. To start the service immediately, run the following

/sbin/service denyhost start

8. To check if the service is running

ps xa | grep denyhost

and if you can see as below, that’s mean is already working

16747 ? S 0:00 python /usr/bin/denyhosts.py –daemon –config=/usr/share/denyhosts/denyhosts.cfg

9. All the IP being blocked is listed in the “/etc/hosts.deny” file and to remove the IP from blocked, just remove the IP from the file and it can be login back to the server.

That’s all, you have successfully installed the Denyhost.

Source : Howtoforge

So he ask me to help him to do the auto mount the windows share folder. To start off the configuration, make sure the windows pc have set as below:-

1) Windows firewall enable the “File and Printer Sharing”

2) Have share a folder with “Full access” and make sure there is no space in the shared name, try to use simple name.

If you have those set in the windows PC, then you can head to the Ubuntu box and mount the windows shared drive. If your Ubuntu does not have the smbfs type the following to install it:-

# apt-get install smbfs

after install then we create a mount point folder in “/mnt ” called download

# mkdir /mnt/download

# smbmount //<computer name>/<shared folder> /mnt/download -o password=”",rw,dmask=0775

This will mount the windows share folder into /mnt/download folder but will not auto mount after reboot, in order to do that i use the “/etc/rc.local” file to auto mount it. Add the following command in the file.

# /usr/bin/smbmount //<computer name>/<shared folder> /mnt/download -o password=”",rw,dmask=0775

if your windows share folder need username and password then use the following:-

# /usr/bin/smbmount //<computer name>/<shared folder> /mnt/download -o username=<username>,password=<password>,rw,dmask=0775

That’s all, now you can start using the /mnt/download folder.