https://wiki.archlinux.org/api.php?action=feedcontributions&user=ChemicalRascal&feedformat=atomArchWiki - User contributions [en]2024-03-29T01:19:09ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=System_time&diff=330226System time2014-08-14T06:57:36Z<p>ChemicalRascal: /* UTC in Windows */ QWORD suggestion on 64-bit variants of Windows - based entirely on personal experience, alas.</p>
<hr />
<div>[[es:Time]]<br />
[[fa:زمان]]<br />
[[fr:Horloge]]<br />
[[ja:Time]]<br />
[[ru:Time]]<br />
[[zh-CN:Time]]<br />
[[Category:Mainboards and BIOS]]<br />
[[Category:System administration]]<br />
In an operating system, the time (clock) is determined by four parts: time value, time standard, time zone, and Daylight Saving Time (DST) if applicable. This article explains what they are and how to read/set them.<br />
<br />
== Hardware clock and system clock ==<br />
<br />
A computer has two clocks that need to be considered: the "Hardware clock" and the "System/software clock". <br />
<br />
'''Hardware clock''' (a.k.a. the Real Time Clock (RTC) or CMOS clock) stores the values of: Year, Month, Day, Hour, Minute, and the Seconds. It does not have the ability to store the time standard (localtime or UTC), nor whether DST is used. <br />
<br />
'''System clock''' (a.k.a. the software clock) keeps track of: time, time zone, and DST if applicable. It is calculated by the Linux kernel as the number of seconds since midnight January 1st 1970, UTC. The initial value of the system clock is calculated from the hardware clock, dependent on the contents of {{ic|/etc/adjtime}}. After boot-up has completed, the system clock runs independently of the hardware clock. The Linux kernel keeps track of the system clock by counting timer interrupts.<br />
<br />
=== Read clock ===<br />
<br />
To check the current system clock time (presented both in local time and UTC):<br />
<br />
$ timedatectl status<br />
<br />
Run the same command as root to display also the hardware clock time.<br />
<br />
=== Set clock ===<br />
<br />
To set the system clock directly:<br />
# timedatectl set-time "yyyy-MM-dd hh:mm:ss"<br />
<br />
For example:<br />
# timedatectl set-time "2014-05-26 11:13:54"<br />
sets the time to May 26th, year 2014, 11:13 and 54 seconds.<br />
<br />
=== RTC clock ===<br />
<br />
Standard behavior of most operating systems is:<br />
<br />
* Set the system clock from the hardware clock on boot.<br />
* Keep accurate time of the system clock with an NTP daemon, see [[#Time synchronization]].<br />
* Set the hardware clock from the system clock on shutdown.<br />
<br />
== Time standard ==<br />
<br />
{{Note|[[Systemd]] will use UTC for the hardware clock by default.}}<br />
<br />
There are two time standards: '''localtime''' and '''C'''oordinated '''U'''niversal '''T'''ime ('''UTC'''). The localtime standard is dependent on the current ''time zone'', while UTC is the ''global'' time standard and is independent of time zone values. Though conceptually different, UTC is also known as GMT (Greenwich Mean Time).<br />
<br />
The standard used by hardware clock (CMOS clock, the time that appears in BIOS) is defined by the operating system. By default, Windows uses localtime, Mac OS uses UTC, and UNIX-like operating systems vary. An OS that uses the UTC standard, generally, will consider CMOS (hardware clock) time a UTC time (GMT, Greenwich time) and make an adjustment to it while setting the System time on boot according to your time zone.<br />
<br />
When using Linux it is beneficial to have the hardware clock set to the UTC standard and made known to all operating systems. Defining the hardware clock in Linux as UTC means that Daylight Saving Time will automatically be accounted for. If using the localtime standard the system clock will not be changed for DST occurrences assuming that another operating system will take care of the DST switch (and provided no NTP agent is operating).<br />
<br />
You can set the hardware clock time standard through the command line. You can check what you have set your Arch Linux install to use by:<br />
<br />
$ timedatectl status | grep local<br />
<br />
The hardware clock can be queried and set with the {{ic|timedatectl}} command. To change the hardware clock time standard to localtime, use:<br />
<br />
# timedatectl set-local-rtc true<br />
<br />
If you want to revert to the hardware clock being in UTC, do:<br />
<br />
# timedatectl set-local-rtc false<br />
<br />
Be warned that, if the hardware clock is set to localtime, dealing with daylight saving time is messy. If the DST changes when your computer is off, your clock will be wrong on next boot ([http://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html there is a lot more to it]). Recent kernels set the system time from the RTC directly on boot, assuming that the RTC is in UTC. This means that if the RTC is in local time, then the system time will first be set up wrongly and then corrected shortly afterwards on every boot. This is the root of certain weird bugs (time going backwards is rarely a good thing).<br />
<br />
These will generate {{ic|/etc/adjtime}} automatically; no further configuration is required.<br />
<br />
During kernel startup, at the point when the RTC driver is loaded, the system clock may be set from the hardware clock. Whether this occurs depends on the hardware platform, the version of the kernel and kernel build options. If this does occur, at this point in the boot sequence, the hardware clock time is assumed to be UTC and the value of {{ic|/sys/class/rtc/rtcN/hctosys}} (N=0,1,2,..) will be set to 1. Later, the system clock is set again from the hardware clock from systemd, dependent on values in {{ic|/etc/adjtime}}. Hence, having the hardware clock using localtime may cause some unexpected behavior during the boot sequence; e.g system time going backwards, which is always a bad idea.<br />
{{Note|The use of {{ic|timedatectl}} requires an active dbus. Therefore, it may not be possible to use this command under a chroot (such as during installation). In these cases, you can revert back to the hwclock command.}}<br />
<br />
=== UTC in Windows ===<br />
<br />
One reason users often set the RTC in localtime to [[Windows and Arch Dual Boot|dual-boot with Windows]] ([http://blogs.msdn.com/b/oldnewthing/archive/2004/09/02/224672.aspx which uses localtime]). However, Windows is able to deal with the RTC being in UTC with a simple [[Time#UTC in Windows|registry fix]]. It is recommended to configure Windows to use UTC, rather than Linux to use localtime. If you make Windows use UTC, also remember to disable the "Internet Time Update" Windows feature, so that Windows does not mess with the hardware clock, trying to sync it with internet time. You should instead use an agent for the NTP to modify the RTC and sync to internet time, see [[#Time synchronization]].<br />
<br />
Using {{ic|regedit}}, add a {{ic|DWORD}} value with hexadecimal value {{ic|1}} to the registry:<br />
<br />
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\RealTimeIsUniversal<br />
<br />
Alternatively, create a {{ic|*.reg}} file (on the desktop) with the following content and double-click it to import it into registry:<br />
<br />
Windows Registry Editor Version 5.00<br />
<br />
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]<br />
"RealTimeIsUniversal"=dword:00000001<br />
<br />
If the above appears to have no affect, and a 64-bit variant of Windows is being used, using a {{ic|QWORD}} value instead of a {{ic|DWORD}} value may resolve the issue.<br />
<br />
Windows XP and Windows Vista SP1 have support for setting the time standard as UTC and can be activated in the same way. However, there is a bug after resuming from the suspend/hibernation state that resets the clock to ''localtime''. For these operating systems, it is recommended to use ''localtime''.<br />
<br />
Should Windows ask to update the clock due to DST changes, let it. It will leave the clock in UTC as expected, only correcting the displayed time.<br />
<br />
The hardware clock and system clock time may need to be [[#Set clock|updated]] after setting this value.<br />
<br />
If you are having issues with the offset of the time, try reinstalling {{Pkg|tzdata}} and then setting your time zone again:<br />
<br />
# timedatectl set-timezone America/Los_Angeles<br />
<br />
It makes sense to [http://www.addictivetips.com/windows-tips/disable-time-synchronization-in-windows-7/ disable] time synchronization in Windows - otherwise it will mess up the hardware clock.<br />
<br />
== Time zone ==<br />
<br />
To check the current zone defined for the system:<br />
<br />
$ timedatectl status<br />
<br />
To list available zones:<br />
<br />
$ timedatectl list-timezones<br />
<br />
To change your time zone:<br />
<br />
# timedatectl set-timezone ''Zone''/''SubZone''<br />
<br />
Example:<br />
<br />
# timedatectl set-timezone Canada/Eastern<br />
<br />
This will create an {{ic|/etc/localtime}} symlink that points to a zoneinfo file under {{ic|/usr/share/zoneinfo/}}. In case you choose to create the link manually, keep in mind that it must be a symbolic link, not hard, as specified in archlinux(7).<br />
<br />
See {{ic|man 1 timedatectl}}, {{ic|man 5 localtime}}, and {{ic|man 7 archlinux}} for more details.<br />
<br />
{{Note|If the pre-systemd configuration file {{ic|/etc/timezone}} still exists in your system, you can remove it safely, since it is no longer used.}}<br />
<br />
== Time skew ==<br />
<br />
Every clock has a value that differs from ''real time'' (the best representation of which being [[Wikipedia:International Atomic Time|International Atomic Time]]); no clock is perfect. A quartz-based electronic clock keeps imperfect time, but maintains a consistent inaccuracy. This base 'inaccuracy' is known as 'time skew' or 'time drift'.<br />
<br />
When the hardware clock is set with {{ic|hwclock}}, a new drift value is calculated in seconds per day. The drift value is calculated by using the difference between the new value set and the hardware clock value just before the set, taking into account the value of the previous drift value and the last time the hardware clock was set. The new drift value and the time when the clock was set is written to the file {{ic|/etc/adjtime}} overwriting the previous values. The hardware clock can therefore be adjusted for drift when the command {{ic|hwclock --adjust}} is run; this also occurs on shutdown but only if the {{ic|hwclock}} daemon is enabled (hence for systems using systemd, this does not happen).<br />
<br />
{{Note|If the hwclock has been set again less than 24 hours after a previous set, the drift is not recalculated as {{ic|hwclock}} considers the elapsed time period too short to accurately calculate the drift.}}<br />
<br />
If the hardware clock keeps losing or gaining time in large increments, it is possible that an invalid drift has been recorded (but only applicable, if the hwclock daemon is running). This can happen if you have set the hardware clock time incorrectly or your [[#Time standard|time standard]] is not synchronized with a Windows or Mac OS install. The drift value can be removed by removing the file {{ic|/etc/adjtime}}, then set the correct hardware clock and system clock time, and check if your time standard is correct.<br />
<br />
{{Note|For those using systemd, but wish to make use of the drift value stored in {{ic|/etc/adjtime}} (i.e. perhaps cannot or do not want to use NTP); they need to call {{ic|hwclock --adjust}} on a regular basis, perhaps by creating a cron job.}}<br />
<br />
The software clock is very accurate but like most clocks is not perfectly accurate and will drift as well. Though rarely, the system clock can lose accuracy if the kernel skips interrupts. There are some tools to improve software clock accuracy:<br />
<br />
* See [[#Time synchronization]].<br />
* {{AUR|adjtimex}} in the [[AUR]] can adjust kernel time variables like interrupt frequency to help improve the system clock time drift.<br />
<br />
== Time synchronization ==<br />
<br />
The [[Wikipedia:Network Time Protocol|Network Time Protocol]] (NTP) is a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. The following are implementations of such protocol:<br />
<br />
* [[Network Time Protocol daemon]] is the [[Wikipedia:reference implementation|reference implementation]] of the protocol, especially recommended to be used on time servers. It can also adjust the interrupt frequency and the number of ticks per second to decrease system clock drift, and will cause the hardware clock to be re-synchronised every 11 minutes.<br />
* [[systemd-timesyncd]] is a simple daemon that only implements a client side, focusing only on querying time from one remote server. It should be more than appropriate for most installations.<br />
* [[OpenNTPD]] is part of the OpenBSD project and implements both a client and a server. <br />
* [[Chrony]] is a client and server that is roaming friendly and designed specifically for systems that are not online all the time.<br />
<br />
== Per-user/session or temporary settings ==<br />
<br />
For some use cases it may be useful to change the time settings without touching the global system values. For example to test applications relying on the time during development or adjusting the system time zone when logging into a server remotely from another zone. <br />
<br />
To make an application "see" a different date/time than the system one, you can use the ''faketime'' (from {{Pkg|libfaketime}}) or the {{Pkg|datefudge}} utilities.<br />
<br />
If instead you want an application to "see" a different time zone than the system one, set the {{ic|TZ}} [[environment variable]], for example: <br />
<br />
{{hc|1=$ date && export TZ="/usr/share/zoneinfo/Pacific/Fiji" && date|2=<br />
Sa 24. Mai 12:38:26 CEST 2014<br />
Sa 24. Mai 22:38:26 FJT 2014<br />
}}<br />
<br />
This is different than just setting the time, as for example it allows to test the behaviour of a program with positive or negative UTC offset values, or the effects of DST changes when developing on systems in a non-DST time zone.<br />
<br />
Another use case is having different time zones set for different users of the same system: this can be accomplished by setting the {{ic|TZ}} variable in the shell's configuration file, see [[Environment variables#Defining variables locally]] and [[Autostarting#Shells]].<br />
<br />
== Troubleshooting ==<br />
<br />
=== Clock shows a value that is neither UTC nor local time ===<br />
<br />
This might be caused by a number of reasons. For example, if your hardware clock is running on local time, but {{ic|timedatectl}} is set to assume it is in UTC, the result would be that your timezone's offset to UTC effectively gets applied twice, resulting in wrong values for your local time and UTC.<br />
<br />
To force your clock to the correct time, and to also write the correct UTC to your hardware clock, follow these steps:<br />
<br />
* Setup [[ntpd]] (enabling it as a service is not necessary).<br />
* Set your [[#Time zone|time zone]] correctly.<br />
* Run {{ic|ntpd -qg}} to manually synchronize your clock with the network, ignoring large deviations between local UTC and network UTC.<br />
* Run {{ic|hwclock --systohc}} to write the current software UTC time to the hardware clock.<br />
<br />
== See also ==<br />
<br />
* [http://www.linuxsa.org.au/tips/time.html Linux Tips - Linux, Clocks, and Time]<br />
* [http://www.twinsun.com/tz/tz-link.htm Sources for Time Zone and Daylight Saving Time Data] for {{Pkg|tzdata}}<br />
* [http://www.ucolick.org/~sla/leapsecs/timescales.html Time Scales]<br />
* [[Wikipedia:Time]]</div>ChemicalRascalhttps://wiki.archlinux.org/index.php?title=Postfix&diff=261794Postfix2013-06-08T10:28:06Z<p>ChemicalRascal: /* Step 4: /etc/postfix/aliases */ Removed bizzare, out-of-place "=D"</p>
<hr />
<div>[[Category:Mail Server]]<br />
{{Article summary start}}<br />
{{Article summary text|This article discusses the installation and configuration of Postfix}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|PostFix Howto With SASL}}<br />
{{Article summary wiki|Simple Virtual User Mail System}}<br />
{{Article summary wiki|Courier MTA}}<br />
{{Article summary wiki|SOHO Postfix}}<br />
{{Article summary end}}<br />
<br />
From [http://www.postfix.org/ Postfix's site]:<br />
:"''Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.''"<br />
<br />
The goal of this article is to setup Postfix for virtual mailbox delivery only. There will be no delivery to user accounts on the system ({{ic|/etc/passwd}}). Further, access will only be available via a web mail frontend (Squirrelmail), no direct POP3 or IMAP access will be granted. It should be fairly easy to allow those additional features given the information below, but it is not within the scope of this document.<br />
<br />
== Required packages ==<br />
<br />
{{Accuracy|The squirrelmail package is currently dropped from the offical repositories and moved to the [[AUR]]. {{Pkg|roundcubemail}} is an officially supported possible alternative to Squirrelmail}}<br />
<br />
* {{Pkg|postfix}}<br />
* {{AUR|courier-imap}}<br />
* {{Pkg|squirrelmail}}<br />
* {{Pkg|mariadb}}<br />
* {{Pkg|apache}}<br />
* {{Pkg|openssl}}<br />
<br />
== Postfix configuration ==<br />
<br />
=== Step 1: check /etc/passwd, /etc/group ===<br />
<br />
After Postfix installation, make sure that the following shows up in {{ic|/etc/passwd}}:<br />
postfix:x:73:73::/var/spool/postfix:/bin/false<br />
<br />
Make sure that the following shows up in {{ic|/etc/group}}:<br />
postdrop:x:75:<br />
postfix:x:73:<br />
<br />
{{Note|Postfix can be made to run in a chroot. This document does not currently cover this and might be added later.}}<br />
<br />
=== Step 2: setup MX record ===<br />
<br />
An MX record should point to the mail host. Usually this is done from configuration interface of your domain provider.<br />
<br />
A mail exchanger record (MX record) is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient's domain. <br />
<br />
When an e-mail message is sent through the Internet, the sending mail transfer agent queries the Domain Name System for MX records of each recipient's domain name. This query returns a list of host names of mail exchange servers accepting incoming mail for that domain and their preferences. The sending agent then attempts to establish an SMTP connection to one of these servers, starting with the one with the smallest preference number, delivering the message to the first server with which a connection can be made. <br />
<br />
{{Note|Some mail servers will not deliver mail to you if your MX record points to a CNAME. For best results, always point an MX record to an A record definition. For more information, see e.g. [https://secure.wikimedia.org/wikipedia/en/wiki/List_of_DNS_record_types Wikipedia's List of DNS Record Types].}}<br />
<br />
=== Step 3: /etc/postfix/master.cf ===<br />
<br />
This is the Pipeline configuration file, in which you can put your new pipes e.g. to check for Spam!<br />
<br />
=== Step 4: /etc/postfix/main.cf ===<br />
<br />
==== For virtual mail ====<br />
<br />
===== Step 4.1 myhostname =====<br />
<br />
set myhostname if your mail server has multiple domains, and you do not want the primary domain to be the mail host. The default is to use the result of a gethostname() call if nothing is specified.<br />
For our purposes we will just set it as follows:<br />
<br />
myhostname = mail.nospam.net<br />
<br />
This is assuming that a DNS A record, and an MX record both point to mail.nospam.net<br />
<br />
===== Step 4.2 mydomain =====<br />
<br />
this is usually the value of myhostname, minus the first part. If your domain is wonky, then just set it manually:<br />
<br />
mydomain = nospam.net<br />
<br />
===== Step 4.3 myorigin =====<br />
<br />
this is where the email will be seen as being sent from. I usually set this to the value of mydomain. For simple servers, this works fine. This is for mail originating from a local account. Since we are not doing local delivery (except sending), then this is not really as important as it normally would be.<br />
<br />
myorigin = $mydomain<br />
<br />
===== Step 4.4 mydestination =====<br />
<br />
This is the lookup for local users. Since we are not going to deliver internet mail for any local users, set this to localhost only.<br />
<br />
mydestination = localhost<br />
<br />
===== Step 4.5 mynetworks and mynetwork_style =====<br />
<br />
Both of these control relaying, and whom is allowed to. We do not want any relaying.<br />
For our sakes, we will simply set mynetwork_style to host, as we are trying to make a standalone postfix host, that people with use webmail on. No relaying, no other MTA's. Just webmail.<br />
<br />
mynetworks_style = host<br />
<br />
===== Step 4.6 relaydomains =====<br />
<br />
This controls the destinations that Postfix will relay TO. The default value is $mydestination. This should be fine for now.<br />
<br />
relay_domains = $mydestination<br />
<br />
===== Step 4.7 home_mailbox =====<br />
<br />
This setting controls how mail is stored for the users.<br />
Set this to "Maildir/", as courier IMAP requires Maildir style mail storage. This is a good thing. Maildir format mailboxes remove the possible race conditions that can occur with old style mbox formats. No more need to deal with file locking. The '/' at the end is REQUIRED.<br />
<br />
home_mailbox = Maildir/<br />
<br />
===== Step 4.8 virtual_mail =====<br />
<br />
Virtual mail is mail that does not map to a user account ({{ic|/etc/passwd}}). This is where all the email for the system will be kept. We are not doing local delivery, remember, so if you want a user that has the same name as a local user, just make a virtual account with the same name.<br />
First thing we need to do is add the following:<br />
<br />
virtual_mailbox_domains = virtualdomain.tld<br />
virtual_alias_maps = hash:/etc/postfix/virtual_alias, mysql:/etc/postfix/mysql_virtual_forwards.cf<br />
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains.cf<br />
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailboxes.cf<br />
virtual_mailbox_base = /home/vmailer<br />
virtual_uid_maps = static:5003<br />
virtual_gid_maps = static:5003<br />
virtual_minimum_uid = 5003<br />
virtual_mailbox_limit = 51200000<br />
<br />
virtual_mailbox_domains is a list of the domains that you want to receive mail for. This CANNOT be the same thing that is listed in mydestination. That is why we left mydestination to be localhost only.<br />
virtual_mailbox_maps will contain the info about the virtual users and their mailbox locations. We are using a hash file to store the more permanent maps, and these will override the forwards in the MySQL database.<br />
<br />
virtual_mailbox_base is the base dir where the virtual mailboxes will be stored.<br />
The gid and uid maps are the real system user account that the virtual mail will be owned by. This is for storage purposes. Since we will be using a web interface, and do not want people accessing this by any other means, we will be creating this account later with no login access.<br />
Virtual_mailbox_limit controls the size of the mailbox. I do not know how well this works yet. I have set the size above to about 50MB.<br />
<br />
===== Step 4.9 Default message and mailbox size limits =====<br />
<br />
Postfix imposes both message and mailbox size limits by default. The message_size_limit controls the maximum size in bytes of a message, including envelope information. (default 10240000) The mailbox_size_limit controls the maximum size of any local individual mailbox or maildir file. This limits the size of '''any''' file that is written to upon local delivery, '''including files written by external commands''' (i.e. procmail) that are executed by the local delivery agent. (default is 51200000, set to 0 for no limit) If bounced message notifications are generated, check the size of the local mailbox under {{ic|/var/spool/mail}} and use postconf to check these size limits:<br />
<br />
supersff:~> postconf -d mailbox_size_limit<br />
mailbox_size_limit = 51200000<br />
supersff:~> postconf -d message_size_limit<br />
message_size_limit = 10240000<br />
<br />
==== Local mail ====<br />
<br />
The only things you need to change in {{ic|/etc/postfix/main.cf}} are as follows. Uncomment them and modify them to the specifics listed below. Everything else can be left as installed.<br />
<br />
inet_interfaces = loopback-only<br />
mynetworks_style = host<br />
append_dot_mydomain = no<br />
default_transport = error: Local delivery only!<br />
<br />
If you want to control where the mail gets delivered and which mailbox format is to be used, you can do this by setting:<br />
home_mailbox = /some/path <br />
or:<br />
mail_spool_directory some/path<br />
''mail_spool_directory'' is an absolute path where all mail goes, while ''home_mailbox'' specifies a mailbox relative to the user's home directory. If the path ends with a slash ('/'), messages are stored in Maildir format (directory tree, one message per file); if it doesn't, the mbox format is used (all mail in one file). <br />
<br />
Examples:<br />
mail_spool_directory = /var/mail (1)<br />
home_mailbox = Maildir/ (2)<br />
1) All mail will be stored in {{ic|/var/mail}}, mbox format.<br />
<br />
2) Mail will be saved in {{ic|~/Maildir}}, Maildir format.<br />
<br />
=== Step 4: /etc/postfix/aliases ===<br />
<br />
We need to map some aliases to real accounts. The default setup by arch looks pretty good here.<br />
<br />
Uncomment the following line, and change it to a real account. I put the user account on the box that I use. Best not to just send mail to root, because you do not want to be logging in as root or checking email as root. Not good. Sudo is your friend, and so is forwarding root mail. Since this is for local delivery only (syslogs and stuff), it is still within the realm of mydestination.<br />
<br />
root: USER<br />
<br />
Once you have finished editing {{ic|/etc/postfix/aliases}} you must run the postalias command:<br />
<br />
postalias /etc/postfix/aliases<br />
<br />
=== Step 5: /etc/postfix/virtual_alias ===<br />
<br />
Create {{ic|/etc/postfix/virtual_alias}} with the following contents:<br />
<br />
{{bc|<br />
MAILER-DAEMON: postmaster<br />
postmaster: root<br />
<br />
# General redirections for pseudo accounts<br />
bin: root<br />
daemon: root<br />
named: root<br />
nobody: root<br />
uucp: root<br />
www: root<br />
ftp-bugs: root<br />
postfix: root<br />
<br />
# Put your local aliases here.<br />
<br />
# Well-known aliases<br />
manager: root<br />
dumper: root<br />
operator: root<br />
abuse: postmaster<br />
<br />
# trap decode to catch security attacks<br />
decode: root<br />
<br />
# Person who should get root's mail. Don't receive mail as root!<br />
root: cactus@virtualdomain.tld<br />
}}<br />
<br />
Then run the postalias command on it:<br />
postalias /etc/postfix/virtual_alias<br />
<br />
Alternatively you can create the file .forward in /root. specify the user to whom root mail should be forwarded, e.g. ''user@localhost''.<br />
<br />
{{hc|/root/.forward|<br />
user@localhost<br />
}}<br />
<br />
=== Step 6. mysql_virtual_domains.cf ===<br />
<br />
Create the {{ic|/etc/postfix/mysql_virtual_domains.cf}} file with the following (or similar) contents:<br />
<br />
user = postfixuser<br />
password = XXXXXXXXXX<br />
hosts = localhost<br />
dbname = postfix<br />
table = domains<br />
select_field = 'virtual'<br />
where_field = domain<br />
<br />
=== Step 7: mysql_virtual_mailboxes.cf ===<br />
<br />
Create the /etc/postfix/mysql_virtual_mailboxes.cf file with the following (or similar) contents:<br />
<br />
user = postfixuser<br />
password = XXXXXXXXXX<br />
hosts = localhost<br />
dbname = postfix<br />
table = users<br />
select_field = concat(domain,'/',email,'/')<br />
where_field = email<br />
<br />
Instead of having a directory structure something like ''/home/vmail/example.com/user@example.com'' you can have cleaner subdirectories (without the additional domain name) by replacing ''select_field'' and ''where_field'' with:<br />
<br />
query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'<br />
<br />
=== Step 8: mysql_virtual_forwards.cf ===<br />
<br />
Create the {{ic|/etc/postfix/mysql_virtual_forwards.cf}} file with the following (or similar) contents:<br />
<br />
user = postfixuser<br />
password = XXXXXXXXXX<br />
hosts = localhost<br />
dbname = postfix<br />
table = forwardings<br />
select_field = destination<br />
where_field = source<br />
<br />
=== Step 9: Postfix check ===<br />
<br />
Run the {{ic|postfix check}} command. It should output anything that you might have done wrong in a config file. <br />
<br />
To see all of your configs, type {{ic|postconf}}. To see how you differ from the defaults, try {{ic|postconf -n}}.<br />
<br />
=== Step 10: enable and start the service ===<br />
<br />
Enabling the [[systemd]] service '''postfix''' will automatically start Postfix at boot, but needs to be started manually for the first time.<br />
<br />
=== Step 11: newuser ===<br />
<br />
We need to create the user for storing the virtual mail. Create a vmailuser as follows:<br />
<br />
# groupadd -g 5003 vmail<br />
# useradd -g vmail -u 5003 -d /home/vmailer -s /bin/false vmailer<br />
# mkdir /home/vmailer<br />
# chown vmailer.vmail /home/vmailer<br />
# chmod -R 750 /home/vmailer<br />
# passwd vmailer<br />
<br />
5003 UID/GID are the ones specified in the Postfix main.cf file.<br />
<br />
== MySQL configuration ==<br />
<br />
=== Step 1: create a MySQL database ===<br />
<br />
Create MySQL database called 'postfix', or something similar.<br />
<br />
CREATE DATABASE postfix;<br />
USE postfix;<br />
<br />
=== Step 2: setup table structure ===<br />
<br />
Import the following table structure.<br />
{{bc|<br />
CREATE TABLE `domains` (<br />
`domain` varchar(50) NOT NULL default '',<br />
PRIMARY KEY (`domain`),<br />
UNIQUE KEY `domain` (`domain`)<br />
);<br />
<br />
<br />
CREATE TABLE `forwardings` (<br />
`source` varchar(80) NOT NULL default '',<br />
`destination` text NOT NULL,<br />
PRIMARY KEY (`source`)<br />
);<br />
<br />
CREATE TABLE `users` (<br />
`email` varchar(80) NOT NULL default '',<br />
`password` varchar(20) NOT NULL default '',<br />
`quota` varchar(20) NOT NULL default '20971520',<br />
`domain` varchar(255) NOT NULL default '',<br />
UNIQUE KEY `email` (`email`)<br />
);<br />
}}<br />
<br />
=== Step 3: create a MySQL user ===<br />
<br />
Add a user for Postfix to use. Something like "postfixuser".<br />
Give permissions for Postfix user to the table. This user should be listed in the {{ic|/etc/postfix/mysql_virtual_domains.cf}} file.<br />
<br />
The [http://dev.mysql.com/doc/refman/5.5/en/server-administration.html official reference manual] has a detailed guide on user management and server administration in general.<br />
<br />
The following is just an example for creation of 'postfixuser' with password 'XXXXXXXXXX'.<br />
Note that the GRANT statements need to be executed after creating the tables in the next step.<br />
<br />
CREATE USER 'postfixuser' IDENTIFIED BY 'XXXXXXXXXX';<br />
GRANT SELECT, INSERT, UPDATE, DELETE ON domains TO postfixuser;<br />
GRANT SELECT, INSERT, UPDATE, DELETE ON forwardings TO postfixuser;<br />
GRANT SELECT, INSERT, UPDATE, DELETE ON users TO postfixuser;<br />
<br />
=== Step 4: add a domain ===<br />
<br />
INSERT INTO `domains` VALUES ('virtualdomain.tld');<br />
<br />
=== Step 5: add a user ===<br />
<br />
INSERT INTO `users` VALUES ('cactus@virtualdomain.tld', 'secret', <br />
'20971520', 'virtualdomain.tld');<br />
<br />
The above creates the user and sets a password as secret. <br />
<br />
This will allow you to use encrypted passwords<br />
<br />
INSERT INTO `users` VALUES ('cactus@virtualdomain.tld', ENCRYPT('secret'), <br />
'20971520', 'virtualdomain.tld');<br />
<br />
== Test Postfix ==<br />
<br />
Start Postfix service. Now lets see if Postfix is going to deliver mail for our test user.<br />
{{bc|<br />
telnet servername 25<br />
ehlo testmail.org<br />
mail from:<test@testmail.org><br />
rcpt to:<cactus@virtualdomain.tld><br />
data<br />
This is a test email.<br />
<br />
.<br />
quit<br />
}}<br />
<br />
=== Error response ===<br />
<br />
451 4.3.0 <lisi@test.com>:Temporary lookup failure<br />
Maybe you have entered the wrong user/password for MySQL or the MySQL socket is not in the right place.<br />
<br />
=== See that you have received a email ===<br />
<br />
Now type {{ic|$ find /home/vmailer}}.<br />
<br />
You should see something like the following:<br />
{{bc|<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/tmp<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/cur<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new/1102974226.2704_0.bonk.testmail.org<br />
}}<br />
The key is the last entry. This is an actual email, if you see that, it is working.<br />
<br />
== Configure Courier IMAP ==<br />
<br />
=== Step 1: /etc/courier-imap/imapd ===<br />
<br />
ADDRESS=127.0.0.1<br />
<br />
We set the listen address to LOCAL ONLY. No outside connections.<br />
<br />
=== Step 2: /etc/authlib/authdaemonrc ===<br />
<br />
Remove all the modules from the authmodulelist line except for authmysql like so:<br />
<br />
authmodulelist="authmysql"<br />
<br />
=== Step 3: /etc/authlib/authmysqlrc ===<br />
<br />
Replace the ''entire'' file with the following:<br />
{{bc|<br />
MYSQL_SERVER localhost<br />
MYSQL_USERNAME postfixuser<br />
MYSQL_PASSWORD secret<br />
MYSQL_SOCKET /run/mysqld/mysqld.sock<br />
MYSQL_DATABASE postfix<br />
# MYSQL_NAME_FIELD name<br />
MYSQL_USER_TABLE users<br />
MYSQL_CLEAR_PWFIELD password<br />
MYSQL_UID_FIELD '5003'<br />
##note, this is the uid that we set in /etc/postfix/main.cf<br />
MYSQL_GID_FIELD '5003'<br />
##note, this is the gid that we set in /etc/postfix/main.cf<br />
MYSQL_LOGIN_FIELD email<br />
MYSQL_HOME_FIELD "/home/vmailer"<br />
MYSQL_MAILDIR_FIELD concat(domain,'/',email,'/')<br />
MYSQL_QUOTA_FIELD quota<br />
}}<br />
Where secret is the MySQL password for the user postfixuser.<br />
If you are using encrypted passwords by using MySQL's encrypt function. Use "MYSQL_CRYPT_PWFIELD columnname" instead of "MYSQL_CLEAR_PWFIELD columnname".<br />
<br />
For an alternative directory structure, you could also use this setting for MAILDIR_FIELD:<br />
<br />
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')<br />
<br />
In this case, ''courier'' will use a directory like {{ic|/home/vmail/exampledomain.com/exampleuser}}.<br />
<br />
=== Step 4: autorun imapd on system start ===<br />
<br />
If you already using [[systemd]], enable '''authdaemond''' and '''courier-imapd.services'''.<br />
If authdaemond fails to start, make sure the folder {{ic|/run/authdaemon}} exists.<br />
<br />
=== Step 5: Fam and rpcbind ===<br />
<br />
{{Accuracy|FAM should not be required anymore.|section=FAM is obsolete}}<br />
Courier-imap for arch comes compiled with FAM. This means portmap is also required. What used to be portmap is nowadays called rpcbind.<br />
<br />
Install {{Pkg|rpcbind}} and edit {{ic|/etc/fam/fam.conf}}<br />
<br />
local_only = true<br />
idle_timeout = 0<br />
<br />
Make sure the two above values are set. Then start and enable the daemon '''rpcbind'''.<br />
<br />
=== Step 6: start courier imap ===<br />
<br />
Start the ''imapd'' daemon.<br />
<br />
=== Step 7: Test courier ===<br />
<br />
Lets see if courier is working:<br />
{{bc|<nowiki><br />
telnet localhost imap<br />
Trying 127.0.0.1...<br />
Connected to localhost.localdomain.<br />
Escape character is '^]'.<br />
* OK [[CAPABILITY IMAP4rev1 ... ]] Courier-IMAP ready.<br />
<br />
A LOGIN "cactus@virtualdomain.tld" "password"<br />
A OK LOGIN Ok.<br />
<br />
B SELECT "Inbox"<br />
* FLAGS (\Draft \Answered ... \Recent)<br />
* OK [[PERMANENTFLAGS (\Draft \Answered ... \Seen)]] Limited<br />
* 8 EXISTS<br />
* 5 RECENT<br />
* OK [[UIDVALIDITY 1026858715]] Ok<br />
B OK [[READ-WRITE]] Ok<br />
<br />
Z LOGOUT<br />
* BYE Courier-IMAP server shutting down<br />
Z OK LOGOUT completed<br />
Connection closed by foreign host.<br />
</nowiki>}}<br />
<br />
== Configure Squirrelmail==<br />
<br />
=== Step 1: Create secure http site (https) ===<br />
<br />
We are going to create a secure http site. This is so that people can login with plain text passwords, and not have to worry about the passwords getting sniffed (or worry less).<br />
<br />
==== Step 1.1: Edit /etc/httpd/conf/extra/httpd-ssl.conf ====<br />
<br />
Add appropriate information. Here is an example section:<br />
{{bc|<br />
<VirtualHost _default_:443><br />
# General setup for the virtual host<br />
DocumentRoot "/home/httpd/site.virtual/virtualdomain.tld/html"<br />
ServerName virtualdomain.tld:443<br />
ServerAdmin noemailonthisbox@localhost<br />
<Directory "/home/httpd/site.virtual/virtualdomain.tld/html"><br />
Options -Indexes +FollowSymLinks<br />
AllowOverride Options Indexes AuthConfig<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
}}<br />
<br />
==== Step 1.15 Include httpd-ssl.conf in httpd.conf ====<br />
<br />
Simply uncomment this line in your httpd.conf:<br />
<br />
#Include conf/extra/httpd-ssl.conf<br />
<br />
==== Step 1.2: Create the directory structure ====<br />
<br />
Now, create the directory you specified in the ssl.conf file.<br />
<br />
$ mkdir -p /home/httpd/site.virtual/virtualdomain.tld/html<br />
<br />
==== Step 1.3: Generate a certificate ====<br />
<br />
Follow the instructions here: [[LAMP#SSL]]<br />
<br />
==== Step 1.4: restart Apache and test ====<br />
<br />
Make sure that https is now working, and that you can get to the secure site.<br />
<br />
=== Step 2: put Squirrelmail in the directory you created===<br />
<br />
Either extract squirrelmail, or move it from where the arch package puts it, into the directory you created for the secure http site.<br />
<br />
=== Step 3: run Squirrelmail config utility ===<br />
<br />
cd ''squirrelmaildir''/config<br />
perl conf.pl<br />
<br />
Make sure you select 'D', then type in courier and hit enter. Make sure your other options are correct as well.<br />
Note: If you use php with safe mode on, make sure that the data dir is owned by the same owner as all the files in the squirrelmail directory. With safe mode off, simply follow the squirrelmail setup directions.<br />
<br />
=== Step 4: test the Squirrelmail setup ===<br />
<br />
Point your browser to squirrelmail/src/configtest.php. Should you get an error on directory location, make sure php.ini has been set to allow access to them (open_basedir directive).<br />
<br />
=== Step 5: test Squirrelmail ===<br />
<br />
Log in with the test account. You will need to login with the form of: <br />
username: cactus@virtualdomain.tld <br />
password: secret<br />
<br />
Try sending email to non-existent local accounts. You should get an immediate bounce back. <br />
Try sending email to external good email accounts, as well as non-existent ones. <br />
Just general testing stuff.<br />
If everything works fine, then you can add other accounts to the MySQL database, and away you go!<br />
<br />
==== Troubleshooting ====<br />
<br />
If you received an error similar to:<br />
{{bc|1=Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/lib/squirrelmail/data) is not within the allowed path(s): \<br />
(/srv/http/:/home/:/tmp/:/usr/share/pear/) in /home/httpd/site.virtual/virtualdomain.tld/html/squirrelmail/src/configtest.php on line 303<br />
}}<br />
Then edit {{ic|/etc/httpd/httpd.conf}}, and in the section:<br />
<Directory "/home/httpd/site.virtual/virtualdomain.tld/html"><br />
add:<br />
php_admin_value open_basedir /home/httpd/site.virtual/virtualdomain.tld/html:/var/lib/squirrelmail/<br />
<br />
If you get an error similar to:<br />
Unknown user or password incorrect.<br />
You may have to create your user directories within vmailer like so:<br />
<br />
$ mkdir -p /home/vmailer/''mydomain.com''/username''<br />
$ mkdir /home/vmailer/''mydomain.com''/username''/cur<br />
$ mkdir /home/vmailer/''mydomain.com''/username''/new<br />
$ mkdir /home/vmailer/''mydomain.com''/username''/tmp<br />
$ chmod -R 750 /home/vmailer<br />
$ chown -R vmailer.vmail /home/vmailer<br />
<br />
where ''mydomain.com''/''username'' is the ''domain''/''username'' given within MySQL.<br />
<br />
== See also==<br />
<br />
*[http://linox.be/index.php/2005/07/13/44/ Out of Office] for Squirrelmail<br />
*[https://help.ubuntu.com/community/Postfix Postfix Ubuntu documentation]<br />
*[http://www.gelens.org/archlinux-mailserver/ A simple mailserver on Arch Linux]<br />
*[http://sherlock.heroku.com/blog/2012/02/03/setting-up-postfix-to-use-gmail-as-an-smtp-relay-host-in-archlinux/ Use Gmail as an SMTP relay]</div>ChemicalRascal