Posts Tagged ‘Linux’

How to enable squid authentication with htpasswd


Hi again

if you decided to have a squid web proxy which has authentication system. the simplest way is that creating an file and save the usernames and password in it. you can just create the file by touch command.

then change its permission and owner in way that squid has an permision to read it.

after all just add the following configuration file into your squid.conf file.

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl ncsa_users proxy_auth REQUIRED
acl ncsa_users1 urlpath_regex kasper
http_access allow ncsa_users
http_access allow ncsa_users1

then for creating a new password just use the following command.

htpasswd /etc/squid/passwd user1

thats it. I will pu some configuration about the other methods of squid configuration later. but if you have any question about this do not hesitate to contact me.


refrences :

How to disable route cache instead of manually flush cache



mostly when you are using the load balancing router in Linux. the caching system of iproute2 causes some problem. therefore you can manually flush it by “ip route flush cache” command or changing /proc/sys/net/ipv4/route/flush file into 1.  So that  type “echo 1 > /proc/sys/net/ipv4/route/flush ” command in your Linux.
also you can configure these options

Maximum size of the routing cache. The old entries will be purged when the cache reaches this size.
/ proc/sys/net/ipv4/route/max_size

Waiting period to clear the routing cache.
/ proc/sys/net/ipv4/route/min_delay

thats it

if you have further question just let me know


How to setup Linux Mail Server (Postfix + Dovecot + SASL + Spam Filtering)


Hi again.

Firstly i thank ray ban store , Robert Shumake and Mohsen Amiri for their reading and commenting my posts.

when i searching the internet i found that there is no complete reference for installing the mail server in linux. therefore i decided to add the blog entry to define the complete process of  installing the mail server with spam filtering.

note that all the actions i will talk are in Debian Linux Environment which is my favorite Linux distribution however all these action can be run in other distribution with a little changes. if you have problem with other distribution just let me know.

ok lets do it.

At first you should download the necessary packages:

now start installing MTA (Mail Transferring Agent)

aptitude install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules popa3d

after installing you should start configuring your postfix service therefore

vim /etc/postfix/

then add the following code to your configuration file.

myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname  ## check that the name is correct
mydestination = ## in order to receive mails
relayhost =
mynetworks = ## Note that you should insert the

#due to connection to clamav in future

mailbox_command = procmail -a “$EXTENSION”
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

and the start to configuring the other option may you need to set in your postfix service. (please override the above configuration if any exist in your file).  honestly we should check our postfix config file again in few next steps.

ok, after installing the postfix, you should install the IMAP/POP3 servers. its so easier than the postfix :) just run the following commands.

aptitude install dovecot-imapd dovecot-pop3d dovecot-common

after installing process would be finished. open the configuration file and start to uncomment some configuration option of the dovecote

vim /etc/dovecot/dovecot.conf

and uncomment the following option :

protocols = pop3 imap

disable_plaintext_auth = no
pop3_uidl_format = %08Xu%08Xv

(Hummm, you can find these option in vim environment by type “/$your search Criteria ‘ )

now you can start to add users. simply add user with command adduser $yourNewUser

then restart your postfix and dovecote services.

now its the turn of SASL. but let me to explain something. for the security reason the postfix use the chroot directory and if you want to address some files to the postfix (eg some other extra files), you should copy or link them to the root directory of the postfix. (mostly /var/spool/postfix).

ok back to our mail server isntalatin.

again you should edit the postfix main configuration file.

vim /etc/postfix/

and add the following options

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated, reject_unauth_destination ##
Note that this option should be optimized for spam filtering :)
smtpd_sasl_security_options = noanonymous

but for start using of the sasl ,still there is somthing to do.

you should remove the current sasl directory and link it to the postfix root folder.

rm -r /var/run/saslauthd/

mkdir -p /var/spool/postfix/var/run/saslauthd

ln -s /var/spool/postfix/var/run/saslauthd /var/run

chgrp sasl /var/spool/postfix/var/run/saslauthd

adduser postfix sasl

and then you should edit your dovecote configuration file again:( therefore again

vim /etc/dovecot/dovecot.conf

auth default {
mechanisms = plain login
passdb pam {
userdb passwd {
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix



ok almost done. now you have a mail server working on linux but there is very important **point.**

mail server works based on the MX (Mail Exchange) DNS records. so if you want to test you mail server, you should configure your DNS server. (i will let you know how to configure your dns in my next post)

OK, but there is something left. till now we install the mail server which is perfect for  clients. but if we want to connect your mail server to the internet there are many unauthorized users who use your mail server to send their spam or mails which cause many mail servers in internet block your mail server IP address. therefor we should configure mail server so that misuse are minimized.

in the postfix there are few configuration option which helps us to reduce the misusing of the unknown clients. there are some rules that the server should obey. for instance reject the unregistered IP address (mostly they are dynamic IPs which ISP leased to their clients eg).

iv made some configuration which you can add to your postfix configuration file.

default_destination_rate_delay = 10

default_destination_recipient_limit = 5

default_extra_recipient_limit = 50

smtpd_recipient_limit = 50

smtpd_helo_required = yes

disable_vrfy_command = yes

strict_rfc821_envelopes = yes

invalid_hostname_reject_code = 554

multi_recipient_bounce_reject_code = 554

non_fqdn_reject_code = 554

relay_domains_reject_code = 554

unknown_address_reject_code = 554

unknown_client_reject_code = 554

unknown_hostname_reject_code = 554

unknown_local_recipient_reject_code = 554

unknown_relay_recipient_reject_code = 554

unknown_sender_reject_code = 554

unknown_virtual_alias_reject_code = 554

unknown_virtual_mailbox_reject_code = 554

unverified_recipient_reject_code = 554

unverified_sender_reject_code = 554

disable_vrfy_command = yes

smtpd_delay_reject = yes

smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit

smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client, reject_rbl_client, reject_rbl_client ,  reject_rbl_client,  reject_rbl_client,  reject_rbl_client,  reject_rbl_client,  reject_rbl_client, reject_rbl_client,  reject_rbl_client,  reject_rbl_client,  reject_rbl_client,  permit,  reject

### i changed the default values to my optimum way based on my network. you should do the same

smtpd_error_sleep_time = 1s

smtpd_soft_error_limit = 10

smtpd_hard_error_limit = 20

smtp_client_restrictions = permit_mynetworks,  permit_sasl_authenticated,  reject_maps_rbl, reject_unknown_client

(references : )

thats it.  the above configuration will prevent many spams. but i recommend you to add an anti virus to your mail server.

Be patient, there is one step left and that is installing the anti spam .

apt-get install clamsmtp clamav-freshclam

Edit the  /etc/clamsmtpd.conf  file and change  
OutAddress: 10025 to OutAddress: 10026.
also change
Listen: to Listen:

then edit the postfix main configuration file again
and add the following options :)  

vim  /etc/postfix/
content_filter = scan:
receive_override_options = no_address_mappings


vim etc/postfix/
# AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp

        -o smtp_send_xforward_command=yes

# For injecting mail back into postfix from the filter inet  n -       n       -       16      smtpd

        -o content_filter=

        -o receive_override_options= no_unknown_recipient_checks,

        -o smtpd_helo_restrictions=

        -o smtpd_client_restrictions=

        -o smtpd_sender_restrictions=

        -o smtpd_recipient_restrictions=permit_mynetworks,reject

        -o mynetworks_style=host

        -o smtpd_authorized_xforward_hosts=

(reference : )

now restart your server and check for the errors and logs on
/var/log/mail.log or /vae/log/mail.err

now you can test your anti-virus by sending the mail with the
following content 


 :)  thats it.
it should be recognize the following command as virus.
it is not a real virus but a test string called the Eicar.

and finally you can update your antivirus engine manually by
entering freshclam command.
yeah thats it!!! you configure your mail server with spam filtering. 

Note: by the way dont forget to configure your sasld to start.
 vim /etc/default/saslauthd
and change START=no to START=yes.

there are many other option available but they are really should
be set based on your network conditioned.
therefore if you have any question dont hesitate to ask me later.

aptitude install dovecot-imapd dovecot-pop3d dovecot-common

How to Install PPTP Client on Linux


Hi again

when you use the debian server probably you need to connect a vpn server and somehow route your packets through them. therefore i decided to let you know how you can connect to a vpn server in command line interface.

first you should install the pptp-linux package in your Debian.

aptitude install pptp-linux

then you can add your user account in the file /etc/ppp/chap-secret in the following style.

$Domain\\$yourusername PPTP $Yourpassword

(if you havent any domain. dont worry just write your username.)

now you configured you username nad password for your connection. but which connection ?!  you should now add or create a new vpn client connection for your server.

Therefore go to the /etc/ppp/peers/ and create a new file with name of your connection. for instance :

vim /etc/ppp/peers/myfirstvpnconnection

ok now in the editor environment try to add the following parameters which i will tell you why we use each one.

pty “pptp $YouIPAddressOfServer –nolaunchpppd”
name $YourUSername
remotename PPTP
file /etc/ppp/options.pptp
ipparam vpn

now you should go to the /etc/ppp/options.pptp and then comment and uncomment some parameters

the following parameters should be comment are :


then you should add the following parameter in the file.


thats  it. simply you create new vpn connection in your debian. but the main thing is about  starting  the connection.

First check you connection by the following command which enables you to see what exactly happen and ensure you the connection will be established or not.

pon $connectionname debug dump logfd 2 nodetach

ok if the connection is done and you give the IP from the server,just press ctrl+c to disconnecting the connection (poff $ConnectionName is also used) and add it this connection into you interface file in order to make it available whenever the Debian boot.

go into the /etc/network/interfaces and then add these following commands.

auto tunnel

iface tunnel inet ppp

provider $YouVPNCOnnectionNAme (Which your created in /etc/ppp/peers)

thats it. your connection will be start whenever your debian starts :)

Note: if you decided to ensure whenever your connection disconnected, your connection try to reconnect just you should add the persist in your connection file.

so just type

echo “persist” >> /etc/ppp/peers/$YourVPNfile

if you have any further question dont hesitate to contact me:)


     Copyrighted Mehdi Behamin , All Rights Reserved
Blog has been visited 207147 times