Six Predictions for Cloud Collaboration in 2013

As we move into 2013 and attempt a glance further into the future, we see shifts in the conversation around cloud collaboration. I’ve outlined a few thoughts on what we can expect soon, over the course of the next few years, and in the future.
In 2013, we’ll see the cloud conversation shift to flexibility and agility as primary drivers of adoption.

“Businesses will have to provide an environment in which their employees are connected in ways they have never been connected before.”

As more companies understand the problems that arise in the collection of big data and the number of employees who work outside the office increases, cloud adoption will grow exponentially. Gartner data shows 71 percent of businesses adopted Software as a Service (SaaS) within the past three years, with three quarters of businesses planning on increasing SaaS spending. However, the reason companies increasingly invest in SaaS will shift. As a recent Forrester survey shows, a decreasing number of businesses are prioritizing lower costs as a reason to adopt SaaS, while an increasing number of businesses are focusing on “business agility” as a reason to deploy a SaaS solution.
In order to compete effectively in the future, businesses will have to provide an environment in which their employees are connected in ways they have never been connected before – connecting employees to customers, partners, and suppliers real time, anytime, anywhere, and providing context to these collaborative sessions.  This can only be accomplished through leveraging an increasing set of collaborative technology, and exposing the most relevant data across the traditional mediums of voice, video, and chat. Cloud accelerates the roll-out of this technology consistently across entire companies and their business partners, so they can improve the efficiency of their decision-making and the quality of their customers’ experience. As the cloud and macroeconomic factors increase the speed of business and collaboration, businesses will look to the cloud to as a means to deploy the growing set of integrated collaborative tools and gain a competitive edge.
As cloud collaboration moves beyond early adopters in 2013, hybrid models will proliferate and customers will increasingly demand a seamless, uncompromising user experience between the cloud and the customer premises.

“More than 50 percent of enterprises began cloud migrations in 2011.”

Increasingly, businesses will look to a world of many clouds where some services are hosted on private clouds for policy/regulatory compliance or balance sheet reasons while others are hosted by public-cloud providers. Businesses will move to find a right balance between the two with hybrid cloud models. More than 50 percent of enterprises began cloud migrations in 2011 and at least 12 percent of all enterprise workloads will run on clouds (public, private, hybrid, community) globally by 2013.
In 2013, cloud delivery of video will enable a cost paradigm shift leading to acceleration of adoption of pervasive, any-to-any video conferencing.

“Deploying these advancements in the cloud will allow us to make any-to-any video connections between mobile, personal and room-based systems.”

Historically three key factors prevented widespread adoption of video: high infrastructure and endpoint costs, consistent quality of experience and lack of interoperability between systems. In 2013 we will see advances across all three of these challenges, particularly in software capabilities that will dramatically lower infrastructure and endpoint costs.  Deploying these advancements in the cloud will allow us to make any-to-any video connections between mobile, personal and room-based systems while optimally allocating resources depending on the endpoint, resulting in significantly lower costs and higher quality.  This will enable businesses of all sizes to take advantage of the power of video collaboration.
Over the next few years, mobile phones will connect to 4G LTE networks and be fully –featured devices for business collaboration, leveraging network intelligence to deliver unparalleled quality of experience for voice, messaging and video.

“LTE provides sufficient bandwidth to carry voice, video and data on a single radio network.”

LTE provides sufficient bandwidth to carry voice, video and data on a single radio network. With deployments already accelerating around the world, mobile operators are transitioning from circuit switch voice (GSM/CDMA) toward an all IP SIP-based architecture (IMS) over LTE, supporting high-bandwidth multimedia and real-time applications. This year, Metro-PCS and South Korea Telcos launched voice over LTE based on IMS (VoLTE), and major operators expect to launch similar offerings in late 2013 or 2014. Because the VoLTE architecture is based on SIP, integrating a mobile device as a business extension will become possible without the installation of a soft client.  Providers will enable a foundational set of enterprise-class voice, video, or messaging features via the network while enriching and unifying those experiences with a soft client or mobile browser.  As businesses demand more collaboration over video and social enterprise applications, the support provided by these new 4G LTE networks will increase the quality of communications and collaboration.
In the coming years, the Internet of Everything will connect people and ‘things,’ allowing for contextual collaboration, enabling new work styles, and empowering people to accomplish the extraordinary.  

 ”These experiences will be enabled by the Internet of Everything, resulting in a massive amount of data that provides us context and information in everything we do.”

Knowledge workers using enterprise software to instant message, meet via voice and video, and share content with coworkers and clients may also be using social tools, such as Facebook and Twitter, that are not fully integrated into the enterprise. Currently, a knowledge worker may enter an online and video meeting and not recognize another attendee’s name. Today, with some plug-in applications as early examples of a growing trend, scrolling over that person’s name may bring up recent email exchanges, providing a small amount of context going into the meeting. Now imagine a meeting solution that provides even more contextual cues. As you hover over another attendee’s name, a LinkedIn profile pops up with a picture, job title and description, and a list of shared professional contacts. A profile from enterprise and/or consumer social software instantly enlightens you to the personal and professional interests you share with this attendee. These experiences will be enabled by the Internet of Everything, resulting in a massive amount of data that provides us context and information in everything we do, even in the workplace.
2013 will “mark the beginning of a new era in IT; the emergence of the Celebrity CIO”.

“2013 will be the year of the CIO.”

During 2012 we saw the role and demands on IT grow exponentially, and as we enter 2013 we will see this accelerate.  The rise of the Cloud and the migration from the desktop (PC) to the workspace (multiple devices and platforms) will start to become central to business strategy and operational success.  Successful CIOs will react to this challenge as they are less measured by network uptime, and increasingly concerned with service availability, the impact they make on the business and how they can drive efficient business processes, innovation and business transformation.  2013 will be the year of the CIO.  The CIO’s influence and image will transform through the year and we will start to see ‘celebrity’ CIOs emerge.  They will rise like the stars of Silicon Valley have in recent times.  Their broadening skills will become highly prized by any business looking to drive innovation, market appeal and share value.  In turn they will become more influential, command greater recognition and wielding greater power.
As we continue seeing growth in these areas, the importance of collaboration and social interactions in the workplace continue to be prioritized as necessary components of a successful business. Feel free to share your thoughts on how you think cloud collaboration will change in the comments section below.

Read More

Understanding VLAN Trunk Protocol (VTP)

Introduction

VLAN Trunk Protocol (VTP) reduces administration in a switched network. When you configure a new VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere. VTP is a Cisco-proprietary protocol that is available on most of the Cisco Catalyst series products.
Note: This document does not cover VTP Version 3. VTP Version 3 differs from VTP Version 1 (V1) and Version 2 (V2), and it is only available on Catalyst OS (CatOS) 8.1(1) or later. VTP Version 3 incorporates many changes from VTP V1 and V2. Make certain that you understand the differences between VTP Version 3 and earlier versions before you alter your network configuration. Refer to one of these sections of Configuring VTP for more information:

• Understanding How VTP Version 3 Works
  
• Interaction with VTP Version 1 and VTP Version 2 (VTP Version 3)
  

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software or hardware versions.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Understand VTP

Flash Animation: VTP

Refer to the VLAN Trunk Protocol (VTP) Flash animation, which explains these concepts for VTP V1 and V2:

• Introduction to VTP
  
• VTP domain and VTP modes
  
• Common VTP problems and solutions
  

Note: This document does not cover VTP Version 3. VTP Version 3 differs from VTP V1 and V2 and is only available on CatOS 8.1(1) or later. Refer to one of these sections of Configuring VTP for more information:

• Understanding How VTP Version 3 Works
  
• Interaction with VTP Version 1 and VTP Version 2 (VTP Version 3)
  

VTP Messages in Detail

VTP packets are sent in either Inter-Switch Link (ISL) frames or in IEEE 802.1Q (dot1q) frames. These packets are sent to the destination MAC address 01-00-0C-CC-CC-CC with a logical link control (LLC) code of Subnetwork Access Protocol (SNAP) (AAAA) and a type of 2003 (in the SNAP header). This is the format of a VTP packet that is encapsulated in ISL frames:

Of course, you can have a VTP packet inside 802.1Q frames. In that case, the ISL header and cyclic redundancy check (CRC) is replaced by dot1q tagging.
Now consider the detail of a VTP packet. The format of the VTP header can vary, based on the type of VTP message. But, all VTP packets contain these fields in the header:

• VTP protocol version: 1, 2, or 3
  
• VTP message types:
  
  • Summary advertisements
    
  • Subset advertisement
    
  • Advertisement requests
    
  • VTP join messages
    
• Management domain length
  
• Management domain name
  

Configuration Revision Number

The configuration revision number is a 32-bit number that indicates the level of revision for a VTP packet. Each VTP device tracks the VTP configuration revision number that is assigned to it. Most of the VTP packets contain the VTP configuration revision number of the sender.
This information is used in order to determine whether the received information is more recent than the current version. Each time that you make a VLAN change in a VTP device, the configuration revision is incremented by one. In order to reset the configuration revision of a switch, change the VTP domain name, and then change the name back to the original name.

Summary Advertisements

By default, Catalyst switches issue summary advertisements in five-minute increments. Summary advertisements inform adjacent Catalysts of the current VTP domain name and the configuration revision number.
When the switch receives a summary advertisement packet, the switch compares the VTP domain name to its own VTP domain name. If the name is different, the switch simply ignores the packet. If the name is the same, the switch then compares the configuration revision to its own revision. If its own configuration revision is higher or equal, the packet is ignored. If it is lower, an advertisement request is sent.

This list clarifies what the fields means in the summary advertisement packet:

• The Followers field indicates that this packet is followed by a Subset Advertisement packet.
  
• The Updater Identity is the IP address of the switch that is the last to have incremented the configuration revision.
  
• The Update Timestamp is the date and time of the last increment of the configuration revision.
  
• Message Digest 5 (MD5) carries the VTP password, if MD5 is configured and used to authenticate the validation of a VTP update.
  

Subset Advertisements

When you add, delete, or change a VLAN in a Catalyst, the server Catalyst where the changes are made increments the configuration revision and issues a summary advertisement. One or several subset advertisements follow the summary advertisement. A subset advertisement contains a list of VLAN information. If there are several VLANs, more than one subset advertisement can be required in order to advertise all the VLANs.

This formatted example shows that each VLAN information field contains information for a different VLAN. It is ordered so that lowered-valued ISL VLAN IDs occur first:

Most of the fields in this packet are easy to understand. These are two clarifications:

• Code—The format for this is 0x02 for subset advertisement.
  
• Sequence number—This is the sequence of the packet in the stream of packets that follow a summary advertisement. The sequence starts with 1.
  

Advertisement Requests

A switch needs a VTP advertisement request in these situations:

• The switch has been reset.
  
• The VTP domain name has been changed.
  
• The switch has received a VTP summary advertisement with a higher configuration revision than its own.
  

Upon receipt of an advertisement request, a VTP device sends a summary advertisement. One or more subset advertisements follow the summary advertisement. This is an example:

• Code—The format for this is 0x03 for an advertisement request.
  
• Start-Value—This is used in cases in which there are several subset advertisements. If the first (n) subset advertisement has been received and the subsequent one (n+1) has not been received, the Catalyst only requests advertisements from the (n+1)th one.
  

Other VTP Options

VTP Modes

You can configure a switch to operate in any one of these VTP modes:

• Server—In VTP server mode, you can create, modify, and delete VLANs and specify other configuration parameters, such as VTP version and VTP pruning, for the entire VTP domain. VTP servers advertise their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links. VTP server is the default mode.
  
• Client—VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.
  
• Transparent—VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements, but transparent switches do forward VTP advertisements that they receive out their trunk ports in VTP Version 2.
  
• Off (configurable only in CatOS switches)—In the three described modes, VTP advertisements are received and transmitted as soon as the switch enters the management domain state. In the VTP off mode, switches behave the same as in VTP transparent mode with the exception that VTP advertisements are not forwarded.
  

VTP V2

VTP V2 is not much different than VTP V1. The major difference is that VTP V2 introduces support for Token Ring VLANs. If you use Token Ring VLANs, you must enable VTP V2. Otherwise, there is no reason to use VTP V2. Changing the VTP version from 1 to 2 will not cause a switch to reload.

VTP Password

If you configure a password for VTP, you must configure the password on all switches in the VTP domain. The password must be the same password on all those switches. The VTP password that you configure is translated by algorithm into a 16-byte word (MD5 value) that is carried in all summary-advertisement VTP packets.

VTP Pruning

VTP ensures that all switches in the VTP domain are aware of all VLANs. However, there are occasions when VTP can create unnecessary traffic. All unknown unicasts and broadcasts in a VLAN are flooded over the entire VLAN. All switches in the network receive all broadcasts, even in situations in which few users are connected in that VLAN. VTP pruning is a feature that you use in order to eliminate or prune this unnecessary traffic.
Broadcast traffic in a switched network without pruning
This figure shows a switched network without VTP pruning enabled. Port 1 on Switch A and Port 2 on Switch D are assigned to the Red VLAN. If a broadcast is sent from the host connected to Switch A, Switch A floods the broadcast and every switch in the network receives it, even though Switches C, E, and F have no ports in the Red VLAN.
Broadcast traffic in a switched network with pruning
This figure shows the same switched network with VTP pruning enabled. The broadcast traffic from Switch A is not forwarded to Switches C, E, and F because traffic for the Red VLAN has been pruned on the links shown (Port 5 on Switch B and Port 4 on Switch D).
When VTP pruning is enabled on a VTP server, pruning is enabled for the entire management domain. Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain). VTP pruning takes effect several seconds after you enable it. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs greater than 1005) are also pruning-ineligible.

Use VTP in a Network

By default, all switches are configured to be VTP servers. This configuration is suitable for small-scale networks in which the size of the VLAN information is small and the information is easily stored in all switches (in NVRAM). In a large network, the network administrator must make a judgment call at some point, when the NVRAM storage that is necessary is wasteful because it is duplicated on every switch. At this point, the network administrator must choose a few well-equipped switches and keep them as VTP servers. Everything else that participates in VTP can be turned into a client. The number of VTP servers should be chosen in order to provide the degree of redundancy that is desired in the network.
Notes:

• If a switch is configured as a VTP server without a VTP domain name, you cannot configure a VLAN on the switch.
  Note: It is applicable only for CatOS. You can configure VLAN(s) without having the VTP domain name on the switch which runs on IOS.
  
• If a new Catalyst is attached in the border of two VTP domains, the new Catalyst keeps the domain name of the first switch that sends it a summary advertisement. The only way to attach this switch to another VTP domain is to manually set a different VTP domain name.
  
• Dynamic Trunking Protocol (DTP) sends the VTP domain name in a DTP packet. Therefore, if you have two ends of a link that belong to different VTP domains, the trunk does not come up if you use DTP. In this special case, you must configure the trunk mode as on or nonegotiate, on both sides, in order to allow the trunk to come up without DTP negotiation agreement.
  
• If the domain has a single VTP server and it crashes, the best and easiest way to restore the operation is to change any of the VTP clients in that domain to a VTP server. The configuration revision is still the same in the rest of the clients, even if the server crashes. Therefore, VTP works properly in the domain.
  

Configure VTP

Refer to Configuring VLAN Trunk Protocol (VTP) for information to configure VTP.

Troubleshoot VTP

Refer to Troubleshooting VLAN Trunk Protocol (VTP) for information to troubleshoot VTP.

Conclusion

There are some disadvantages to the use of VTP. You must balance the ease of VTP administration against the inherent risk of a large STP domain and the potential instability and risks of STP. The greatest risk is an STP loop through the entire campus. When you use VTP, there are two things to which you must pay close attention:

• Remember the configuration revision and how to reset it each time that you insert a new switch in your network so that you do not bring down the entire network.
  
• Avoid as much as possible to have a VLAN that spans the entire network.
  

Read More

Creating a Mail Server on Ubuntu (Postfix, Courier, SSL/TLS, SpamAssassin, ClamAV, Amavis)

UPDATE: This guide has been updated to work with Ubuntu 12.04 LTS.

Note: this has been tested to work on the following versions of Ubuntu:

• Ubuntu 12.04
• Ubuntu 11.04
• Ubuntu 10.04
• Ubuntu 9.04

One of the most fragile and fragmented services I’ve had to configure on Ubuntu is a mail server. No matter which of the many guides I follow, each time I do it there’s always something not working.
This one is mostly for my benefit, but hopefully it’ll be useful to others, too. I’ve tried to make the guide easy to follow and as short as possible. Please comment if something isn’t clear.
Before we start, I have to give a huge amount of credit to Ivar Abrahamsen for his guide which is, by far, one of the best ones out there.
So let’s kick off…
We’ll be building a mail server made up of the following components:

• Postfix is the mail transfer agent (MTA) responsible for accepting new messages and storing them on your server as well as allowing authorised users to send e-mail.
• Courier sits in front of Postfix and provides an IMAP and POP3 interface for clients to connect to.
• SASL with SSL and TLS allows you to authenticate and communicate with the mail server securely.
• SpamAssassin will analyse your e-mails as they arrive and will filter out what it thinks is spam.
• ClamAV will scan e-mails for viruses before delivering it to your inbox.
• Amavis ties SpamAssasin and ClamAV together, and is itself hooked into Postfix.
• MySQL will be used to manage user accounts and e-mail forwarding.

Installation
First, switch to the root user unless, of course, you like typing sudo.

sudo su -

For simplicity, we’ll install all the software in one go:

apt-get update apt-get install -y mysql-server postfix postfix-mysql libsasl2-modules libsasl2-modules-sql libgsasl7 libauthen-sasl-cyrus-perl sasl2-bin libpam-mysql clamav-base libclamav6 clamav-daemon clamav-freshclam amavisd-new spamassassin spamc courier-base courier-authdaemon courier-authlib-mysql courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl

During the installation of MySQL you will be prompted for the root user password, as shown:


Enter a secure password, and don’t forget it!
Similarly, during the installation of Courier you will be presented with the following configuration prompts:

Choose No

Choose OK

Choose Internet Site

Enter your mail server name (e.g. replace example.com with your own domain). Make sure you have this subdomain configured in your DNS records.

Choose OK

I won’t walk you through the parameters we’re using when configuring Postfix as I want to keep this guide light. If you’re interested, you can find more information from the man pages.

mv /etc/postfix/main.cf{,.default} vi /etc/postfix/main.cf

Copy/paste the following (change all instances of mail.example.com):

myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = no mydestination = relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mynetworks_style = host mailbox_size_limit = 0 virtual_mailbox_limit = 0 recipient_delimiter = + inet_interfaces = all message_size_limit = 0   # SMTP Authentication (SASL)   smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain =   # Encrypted transfer (SSL/TLS)   smtp_use_tls = yes smtpd_use_tls = yes smtpd_tls_cert_file = /etc/ssl/private/mail.example.com.crt smtpd_tls_key_file = /etc/ssl/private/mail.example.com.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache   # Basic SPAM prevention   smtpd_helo_required = yes smtpd_delay_reject = yes disable_vrfy_command = yes smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject   # Force incoming mail to go through Amavis   content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings   # Virtual user mappings   alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases virtual_mailbox_base = /var/spool/mail/virtual virtual_mailbox_maps = mysql:/etc/postfix/maps/user.cf virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 virtual_alias_maps = mysql:/etc/postfix/maps/alias.cf virtual_mailbox_domains = mysql:/etc/postfix/maps/domain.cf

mv /etc/postfix/master.cf{,.default} vi /etc/postfix/master.cf

Copy/paste the following (no changes required):

# # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes submission inet n - - - - smtpd pickup fifo n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o smtp_fallback_relay= showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

As all our mail users are going to be virtual (i.e. we’re not going to create physical user accounts for each user), we only need to create one mail directory and one user account.

groupadd virtual -g 5000 useradd -r -g "virtual" -G "users" -c "Virtual User" -u 5000 virtual mkdir /var/spool/mail/virtual chown virtual:virtual /var/spool/mail/virtual

Make sure that, if the UID or GID differs from 5000, you update the virtual_uid_maps and virtual_gid_maps values in /etc/postfix/main.cf, and MYSQL_UID_FIELD and MYSQL_GID_FIELD in /etc/courier/authmysqlrc (later in this guide).
Now we’ll create the database which will store the mail user configuration and forwarding rules.

mysql -uroot -p

Enter the password you created during the MySQL installation.
Copy/paste the following (change mailuserpassword, example.com and change the admin’s password to something more secure):

CREATE DATABASE mail; GRANT ALL ON mail.* TO mail@localhost IDENTIFIED BY 'mailuserpassword';   FLUSH PRIVILEGES; USE mail;   CREATE TABLE IF NOT EXISTS `alias` ( `source` varchar(255) NOT NULL, `destination` varchar(255) NOT NULL default '', `enabled` tinyint(1) unsigned NOT NULL default '1', PRIMARY KEY (`source`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8;   CREATE TABLE IF NOT EXISTS `domain` ( `domain` varchar(255) NOT NULL default '', `transport` varchar(255) NOT NULL default 'virtual:', `enabled` tinyint(1) unsigned NOT NULL default '1', PRIMARY KEY (`domain`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8;   CREATE TABLE IF NOT EXISTS `user` ( `email` varchar(255) NOT NULL default '', `password` varchar(255) NOT NULL default '', `name` varchar(255) default '', `quota` varchar(255) default NULL, `enabled` tinyint(1) unsigned NOT NULL default '1', PRIMARY KEY (`email`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8;   INSERT INTO `alias` (`source`, `destination`, `enabled`) VALUES ('@localhost', 'admin@example.com', 1); INSERT INTO `alias` (`source`, `destination`, `enabled`) VALUES ('@localhost.localdomain', '@localhost', 1); INSERT INTO `domain` (`domain`, `transport`, `enabled`) VALUES ('localhost', 'virtual:', 1); INSERT INTO `domain` (`domain`, `transport`, `enabled`) VALUES ('localhost.localdomain', 'virtual:', 1); INSERT INTO `domain` (`domain`, `transport`, `enabled`) VALUES ('example.com', 'virtual:', 1); INSERT INTO `user` (`email`, `password`, `name`, `quota`, `enabled`) VALUES ('admin@example.com', ENCRYPT('changeme'), 'Administrator', NULL, 1);

Note that we’re encrypting the password. Some guides will recommend storing the password in clear text so that you can configure Postfix to support CRAM-* (e.g. CRAM-MD5) authentication methods. I think it’s much more secure to store these passwords encrypted and use SSL/TLS to encrypt your authentication requests. For that reason, we don’t need to store clear text passwords and we don’t need to provide CRAM-* support.
Now that the database is in place we can create the map files to tell Postfix how to communicate with it.

mkdir /etc/postfix/maps vi /etc/postfix/maps/alias.cf

Copy/paste the following (change mailuserpassword):

user=mail password=mailuserpassword dbname=mail table=alias select_field=destination where_field=source hosts=127.0.0.1 additional_conditions=and enabled = 1

vi /etc/postfix/maps/domain.cf

Copy/paste the following (change mailuserpassword):

user = mail password = mailuserpassword dbname = mail table = domain select_field = domain where_field = domain hosts = 127.0.0.1 additional_conditions = and enabled = 1

vi /etc/postfix/maps/user.cf

Copy/paste the following (change mailuserpassword):

user = mail password = mailuserpassword dbname = mail table = user select_field = CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') where_field = email hosts = 127.0.0.1 additional_conditions = and enabled = 1

Set restrictive read permissions as these files contain the MySQL mail user’s password.

chmod 700 /etc/postfix/maps/* chown postfix:postfix /etc/postfix/maps/*

The final part of configuring Postfix is to configure the authentication mechanism. SASL is a authentication layer that provides the ability to receive a user’s credentials in a variety of formats.

mkdir -p /var/spool/postfix/var/run/saslauthd mkdir /etc/postfix/sasl adduser postfix sasl vi /etc/postfix/sasl/smtpd.conf

Copy/paste the following (change mailuserpassword):

pwcheck_method: saslauthd auxprop_plugin: sql mech_list: plain login sql_engine: mysql sql_hostnames: 127.0.0.1 sql_user: mail sql_passwd: mailuserpassword sql_database: mail sql_select: SELECT password FROM user WHERE email='%u@%r' AND enabled = 1

chmod -R 700 /etc/postfix/sasl/smtpd.conf mv /etc/default/saslauthd{,.default} vi /etc/default/saslauthd

Copy/paste the following (no changes required):

START=yes DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"

vi /etc/pam.d/smtp

Copy/paste the following (change all instances of mailuserpassword):

auth required pam_mysql.so user=mail passwd=mailuserpassword host=127.0.0.1 db=mail table=user usercolumn=email passwdcolumn=password crypt=1 account sufficient pam_mysql.so user=mail passwd=mailuserpassword host=127.0.0.1 db=mail table=user usercolumn=email passwdcolumn=password crypt=1

chmod 700 /etc/pam.d/smtp

Now let’s configure Courier.
I like to provide both IMAP and POP3 support, although personally I only use IMAP. In addition, we’ll be provide SSL support for securing authentication requests.

mv /etc/courier/authdaemonrc{,.default} vi /etc/courier/authdaemonrc

Copy/paste the following (no changes required):

authmodulelist="authmysql" authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe" daemons=5 authdaemonvar=/var/run/courier/authdaemon DEBUG_LOGIN=0 DEFAULTOPTIONS="" LOGGEROPTS=""

mv /etc/courier/authmysqlrc{,.default} vi /etc/courier/authmysqlrc

Copy/paste the following (change mailuserpassword):

MYSQL_SERVER localhost MYSQL_USERNAME mail MYSQL_PASSWORD mailuserpassword MYSQL_PORT 0 MYSQL_DATABASE mail MYSQL_USER_TABLE user MYSQL_CRYPT_PWFIELD password MYSQL_UID_FIELD 5000 MYSQL_GID_FIELD 5000 MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD "/var/spool/mail/virtual" MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') MYSQL_NAME_FIELD name MYSQL_QUOTA_FIELD quota

mv /etc/courier/imapd{,.default} vi /etc/courier/imapd

Copy/paste the following (no changes required):

ADDRESS=0 PORT=143 MAXDAEMONS=40 MAXPERIP=20 PIDFILE=/var/run/courier/imapd.pid TCPDOPTS="-nodnslookup -noidentlookup" LOGGEROPTS="-name=imapd" IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE" IMAP_KEYWORDS=1 IMAP_ACL=1 IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE" IMAP_PROXY=0 IMAP_PROXY_FOREIGN=0 IMAP_IDLE_TIMEOUT=60 IMAP_MAILBOX_SANITY_CHECK=1 IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN" IMAP_DISABLETHREADSORT=0 IMAP_CHECK_ALL_FOLDERS=0 IMAP_OBSOLETE_CLIENT=0 IMAP_UMASK=022 IMAP_ULIMITD=65536 IMAP_USELOCKS=1 IMAP_SHAREDINDEXFILE=/etc/courier/shared/index IMAP_ENHANCEDIDLE=0 IMAP_TRASHFOLDERNAME=Trash IMAP_EMPTYTRASH=Trash:7 IMAP_MOVE_EXPUNGE_TO_TRASH=0 SENDMAIL=/usr/sbin/sendmail HEADERFROM=X-IMAP-Sender IMAPDSTART=YES MAILDIRPATH=Maildir

mv /etc/courier/imapd-ssl{,.default} vi /etc/courier/imapd-ssl

Copy/paste the following (change mail.example.com):

SSLPORT=993 SSLADDRESS=0 SSLPIDFILE=/var/run/courier/imapd-ssl.pid SSLLOGGEROPTS="-name=imapd-ssl" IMAPDSSLSTART=YES IMAPDSTARTTLS=YES IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/bin/couriertls TLS_KX_LIST=ALL TLS_COMPRESSION=ALL TLS_CERTS=X509 TLS_CERTFILE=/etc/ssl/private/mail.example.com.pem TLS_TRUSTCERTS=/etc/ssl/certs TLS_VERIFYPEER=NONE TLS_CACHEFILE=/var/lib/courier/couriersslcache TLS_CACHESIZE=524288 MAILDIRPATH=Maildir

mv /etc/courier/pop3d{,.default} vi /etc/courier/pop3d

Copy/paste the following (no changes required):

PIDFILE=/var/run/courier/pop3d.pid MAXDAEMONS=40 MAXPERIP=4 POP3AUTH="LOGIN" POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" POP3AUTH_TLS="LOGIN PLAIN" POP3AUTH_TLS_ORIG="LOGIN PLAIN" POP3_PROXY=0 PORT=110 ADDRESS=0 TCPDOPTS="-nodnslookup -noidentlookup" LOGGEROPTS="-name=pop3d" POP3DSTART=YES MAILDIRPATH=Maildir

mv /etc/courier/pop3d-ssl{,.default} vi /etc/courier/pop3d-ssl

Copy/paste the following (change mail.example.com):

SSLPORT=995 SSLADDRESS=0 SSLPIDFILE=/var/run/courier/pop3d-ssl.pid SSLLOGGEROPTS="-name=pop3d-ssl" POP3DSSLSTART=YES POP3_STARTTLS=YES POP3_TLS_REQUIRED=0 COURIERTLS=/usr/bin/couriertls TLS_STARTTLS_PROTOCOL=TLS1 TLS_KX_LIST=ALL TLS_COMPRESSION=ALL TLS_CERTS=X509 TLS_CERTFILE=/etc/ssl/private/mail.example.com.pem TLS_TRUSTCERTS=/etc/ssl/certs TLS_VERIFYPEER=NONE TLS_CACHEFILE=/var/lib/courier/couriersslcache TLS_CACHESIZE=524288 MAILDIRPATH=Maildir

We need to create SSL certificates for Courier to use when authenticating using SSL/TLS. You can either purchase these (to prevent “invalid” certificate warnings) or generate a self-signed certificate which is just as secure, and free.
Run the following (change mail.example.com):

# Remove default certificates rm -f /etc/courier/imapd.cnf rm -f /etc/courier/imapd.pem rm -f /etc/courier/pop3d.cnf rm -f /etc/courier/pop3d.pem   # Generate a new PEM certificate (valid for 10 years) openssl req -x509 -newkey rsa:1024 -keyout "/etc/ssl/private/mail.example.com.pem" -out "/etc/ssl/private/mail.example.com.pem" -nodes -days 3650   # Generate a new CRT certificate (valid for 10 years) openssl req -new -outform PEM -out "/etc/ssl/private/mail.example.com.crt" -newkey rsa:2048 -nodes -keyout "/etc/ssl/private/mail.example.com.key" -keyform PEM -days 3650 -x509   chmod 640 /etc/ssl/private/mail.example.com.* chgrp ssl-cert /etc/ssl/private/mail.example.com.*

You will be prompted to input some information about the certificates you create. You can enter any information you want here except Common Name (CN) which must be your mailname (e.g. mail.example.com).
Next we’ll configure Amavis, the software that ties together SpamAssassin and ClamAV with Postfix.

adduser clamav amavis cat /dev/null > /etc/amavis/conf.d/15-content-filter-mode vi /etc/amavis/conf.d/15-content-filter-mode

Copy/paste the following (no changes required):

use strict;   @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);   @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);   1;

cat /dev/null > /etc/amavis/conf.d/50-user vi /etc/amavis/conf.d/50-user

Copy/paste the following (no changes required):

use strict;   @local_domains_acl = qw(.); $log_level = 1; $syslog_priority = 'info'; $sa_kill_level_deflt = 6.5; $final_spam_destiny = D_DISCARD; $pax = 'pax';   1;

mv /etc/default/spamassassin{,.default} vi /etc/default/spamassassin

Copy/paste the following (no changes required):

ENABLED=1 OPTIONS="--create-prefs --max-children 5 --helper-home-dir" PIDFILE="/var/run/spamd.pid" CRON=0

dpkg-reconfigure clamav-freshclam

Choose OK

Choose daemon

Choose a mirror closest to you.

Enter your proxy, if required. Usually you will leave this blank.

By default, ClamAV updates every hour. That’s excessive. Bring that down to once a day.

Choose No
Now restart everything.

/etc/init.d/saslauthd restart /etc/init.d/postfix restart /etc/init.d/courier-authdaemon restart /etc/init.d/courier-imap restart /etc/init.d/courier-imap-ssl restart

That’s it, you’re done!
You can test your setup by configuring your mail client to connect to your new mail server using admin@example.com as your username and the password you chose (“changeme” in the guide).
Errors will usually show up in /var/log/mail.log or post any problems you’re having in a comment and I’ll try my best to help.

Read More

Voice Over Internet Protocol (VoIP)

VoIP, which stands for Voice Over Internet Protocol, is a general term used to describe different technologies used for the delivery of voice communications over IP networks or other packet-switched networks. Put in simple terms, it is most commonly used for technology which allows users to use a telephone over the internet.
VoIP Phone technology has been around since the early 1990's, but only recently has the service become widely available for commercial and residential use. VoIP relies on high speed Broadband Internet connections to work properly. The widespread increase in the availability of Broadband Internet connections is the reason VoIP phone services has risen dramatically since about 2004. Many Broadband carriers now mass market VoIP services as part of their technology packages and product offerings.

VoIP Configurations

There are three common methods of connecting to VoIP service providers:


(typical analog telephone adapter (ATA) for connecting an analog phone to a VoIP provider)

1. An Analog Telephone Adapter (ATA) which is connected between a broadband network and an existing telephone line. This type of service is usually offered by broadband Internet providers. It is generally less expensive than traditional phone service from the phone company and provides a connection of similar quality.
2. Dedicated VoIP phones are phones that allow VoIP calls without the use of a computer. Instead they connect directly to the IP network (using technologies such as Wi-Fi or Ethernet).
3. A softphone (also known as an Internet phone or Digital phone) is a piece of software that can be installed on a computerthat allows VoIP calling without dedicated hardware. The greatest advantage of using a softphone is the ability to use the same phone number anywhere in the world. If you have a laptop that has the softphone software, your phone can literally travel where ever you can take your laptop.

VoIP Benefits and Restrictions

A huge benefit to VoIP is reduced cost. VoIP services can cost up to three timesless than traditional phone service. In addition, more than one call at a time can be transmitted over a VoIP connection allowing usersto forego adding additional telephone lines when multiple lines are needed. And finally, most additional fee services such as call waiting, conference calling, and call forwarding are included free of charge with most VoIP plans.
VoIPdoes have it limitations though. First and foremost, VoIP call quality is only as good as the broadband network on which it is carried. So during peak internet usage periods, VoIP call quality can suffer and broadband connection become overloaded and therefore slow. In addition, if your power or internet connection is down, your VoIP service will be down as well unlike traditional phone lines. And finally, because of the difficulty in locating specific IP addresses, it is much more difficult to track a 911 or other emergency call than with traditional phone service.

Overall

Overall, VoIP phone service can provide a reliableand much less expensive option to traditional phone service. The reliability and quality of VoIP phone service continues to improve as new software and hardware technologies are added and as broadband networks become more widespread and faster.
If you are considering VoIP, please visit one of the quality VoIP providers listed on this page. In addition, you may want to first test the quality of your potential broadband VoIP connection using our free VoIP Connection Speed Test.

Read More

Advantages and disadvantages of computers

Today, the computer is used in every field and has made our day to day tasks very easy but there are some advantages and disadvantages of computers.

Advantages of Computer

Computer has made a very vital impact on society. It has changed the way of life. The use of computer technology has affected every field of life. People are using computers to perform different tasks quickly and easily. The use of computers makes different task easier. It also saves time and effort and reduces the overall cost to complete a particular task.

Many organizations are using computers for keeping the records of their customers. Banks are using computers for maintaining accounts and managing financial transactions. The banks are also providing the facility of online banking. The customers can check their account balance from using the internet. They can also make financial transaction online. The transactions are handled easily and quickly with computerized systems.

People are using computers for paying their bills, managing their home budgets or simply having some break and watching a movie, listening to songs or playing computer games. Online services like skype or social media websites are used for communication and information sharing purposes.

Computer can be used as a great educational tool. Students can have access to all sort of information on the internet. Some great websites like Wikipedia, Khan’s Academy, Code Academy, Byte-Notes provides free resources for students & professionals.  

Moreover, the computer is being used in every field of life such as medical, business, industry, airline and weather forecasting.

Disadvantages of computer

The use of computer has also created some problems in society which are as follows.

Unemployment

Different tasks are performed automatically by using computers. It reduces the need of people and increases unemployment in society.

Wastage of time and energy

Many people use computers without positive purpose. They play games and chat for a long period of time. It causes wastage of time and energy. Young generation is now spending more time on the social media websites like Facebook, Twitter etc or texting their friends all night through smartphones which is bad for both studies and their health. And it also has adverse effects on the social life.

Data Security

The data stored on a computer can be accessed by unauthorized persons through networks. It has created serious problems for the data security.

Computer Crimes

People use the computer for negative activities. They hack the credit card numbers of the people and misuse them or they can steal important data from big organizations.

Privacy violation

The computers are used to store personal data of the people. The privacy of a person can be violated if the personal and confidential records are not protected properly.

Health risks

The improper and prolonged use of computer can results in injuries or disorders of hands, wrists, elbows, eyes, necks and back. The users can avoid health risks by using the computer in proper position. They must also take regular breaks while using the computer for longer period of time. It is recommended to take a couple of minutes break after 30 minutes of computer usage.

Impact on Environment

The computer manufacturing processes and computer waste are polluting the environment. The wasted parts of computer can release dangerous toxic materials. Green computer is a method to reduce the electricity consumed and environmental waste generated when using a computer. It includes recycling and regulating manufacturing processes. The used computers must be donated or disposed off properly.

Read More