https://wiki.archlinux.org/api.php?action=feedcontributions&user=EUA&feedformat=atomArchWiki - User contributions [en]2024-03-28T12:12:04ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Lm_sensors&diff=671774Lm sensors2021-05-18T00:09:13Z<p>EUA: Addition if DIMM Temperature Sensors</p>
<hr />
<div>{{DISPLAYTITLE:lm_sensors}}<br />
[[Category:System monitors]]<br />
[[Category:CPU]]<br />
[[cs:Lm sensors]]<br />
[[de:Lm sensors]]<br />
[[es:Lm sensors]]<br />
[[ja:Lm sensors]]<br />
[[pt:Lm sensors]]<br />
[[ru:Lm sensors]]<br />
[[zh-hans:Lm sensors]]<br />
[[zh-hant:Lm sensors]]<br />
{{Related articles start}}<br />
{{Related|Fan speed control}}<br />
{{Related|hddtemp}}<br />
{{Related|monitorix}}<br />
{{Related articles end}}<br />
[http://lm-sensors.org/ lm_sensors] (Linux monitoring sensors) is a free and open-source application that provides tools and drivers for monitoring temperatures, voltage, and fans. This document explains how to install, configure, and use lm_sensors.<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|lm_sensors}} package.<br />
<br />
{{Note|More documentation is at the [https://github.com/groeck/lm-sensors/tree/master/doc GitHub repository]. In the future these may be installed, see {{Bug|48354}}.}}<br />
<br />
== Setup ==<br />
<br />
Use ''sensors-detect'' as root to detect and generate a list of kernel modules:<br />
<br />
{{Warning|Do not use anything other than the default options (by just hitting {{ic|Enter}}), unless you know exactly what you are doing. See [[#Laptop screen issues after running sensors-detect]].}}<br />
<br />
# sensors-detect<br />
<br />
It will ask to probe for various hardware. The "safe" answers are the defaults, so just hitting {{ic|Enter}} to all the questions will generally not cause any problems. This will create the {{ic|/etc/conf.d/lm_sensors}} configuration file which is used by {{ic|lm_sensors.service}} to automatically load kernel modules on boot.<br />
<br />
When the detection is finished, a summary of the probes is presented.<br />
<br />
Example:<br />
<br />
{{hc|# sensors-detect|<nowiki><br />
This program will help you determine which kernel modules you need<br />
to load to use lm_sensors most effectively. It is generally safe<br />
and recommended to accept the default answers to all questions,<br />
unless you know what you're doing.<br />
<br />
Some south bridges, CPUs or memory controllers contain embedded sensors.<br />
Do you want to scan for them? This is totally safe. (YES/no): <br />
Module cpuid loaded successfully.<br />
Silicon Integrated Systems SIS5595... No<br />
VIA VT82C686 Integrated Sensors... No<br />
VIA VT8231 Integrated Sensors... No<br />
AMD K8 thermal sensors... No<br />
AMD Family 10h thermal sensors... No<br />
<br />
...<br />
<br />
Now follows a summary of the probes I have just done.<br />
Just press ENTER to continue: <br />
<br />
Driver `coretemp':<br />
* Chip `Intel digital thermal sensor' (confidence: 9)<br />
<br />
Driver `lm90':<br />
* Bus `SMBus nForce2 adapter at 4d00'<br />
Busdriver `i2c_nforce2', I2C address 0x4c<br />
Chip `Winbond W83L771AWG/ASG' (confidence: 6)<br />
<br />
Do you want to overwrite /etc/conf.d/lm_sensors? (YES/no): <br />
ln -s '/usr/lib/systemd/system/lm_sensors.service' '/etc/systemd/system/multi-user.target.wants/lm_sensors.service'<br />
Unloading i2c-dev... OK<br />
Unloading cpuid... OK<br />
</nowiki>}}<br />
<br />
{{Note|A systemd service is automatically enabled if users answer '''YES''' when asked about generating {{ic|/etc/conf.d/lm_sensors}}. Answering '''YES''' also automatically starts the service.}}<br />
<br />
== Running sensors ==<br />
<br />
Example running {{ic|sensors}}:<br />
<br />
{{hc|$ sensors|<nowiki><br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core 0: +35.0°C (crit = +105.0°C)<br />
Core 1: +32.0°C (crit = +105.0°C)<br />
<br />
w83l771-i2c-0-4c<br />
Adapter: SMBus nForce2 adapter at 4d00<br />
temp1: +28.0°C (low = -40.0°C, high = +70.0°C)<br />
(crit = +85.0°C, hyst = +75.0°C)<br />
temp2: +37.4°C (low = -40.0°C, high = +70.0°C)<br />
(crit = +110.0°C, hyst = +100.0°C)<br />
</nowiki>}}<br />
<br />
=== Adding DIMM Temperature sensors ===<br />
To fing the temperature sensors of DIMMs, install the {{pkg|i2c-tools}} package. Once installed, load the {{ic|i2c-dev}} [[kernel module]].<br />
<br />
modprobe i2c-dev<br />
<br />
Than search buses with this command.<br />
<br />
i2cdetect -l<br />
<br />
This will show the SMBuses like:<br />
<br />
i2c-1 smbus SMBus PIIX4 adapter port 2 at 0b00 SMBus adapter<br />
i2c-2 smbus SMBus PIIX4 adapter port 1 at 0b20 SMBus adapter<br />
i2c-0 smbus SMBus PIIX4 adapter port 0 at 0b00 SMBus adapter<br />
<br />
In my system, RAM sticks connected to the bus is SMBus 0. <br />
{{ic|i2cdetect}} command will show the devices that connected to the bus. The "-y 0" argument means use i2c-0 smbus.<br />
You can check other buses if needed.<br />
<br />
i2cdetect -y 0<br />
<br />
command will gives the table:<br />
<br />
0 1 2 3 4 5 6 7 8 9 a b c d e f<br />
00: -- -- -- -- 0c -- -- -- <br />
10: 10 -- -- -- -- -- -- -- 18 19 -- -- -- -- -- -- <br />
20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- <br />
30: -- -- -- -- -- -- 36 -- -- -- -- -- -- -- -- -- <br />
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 4f <br />
50: 50 51 -- -- -- -- -- -- -- -- -- -- -- -- -- -- <br />
60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- <br />
70: -- -- -- -- -- -- -- 77 <br />
<br />
RAM SPD's are start from address 0x50 and RAM temp sensors start from 0x18 at same bus.<br />
In my system, there are 2 DIMMs available. So address of 0x18 and 0x19 are DIMMs temp sensors.<br />
<br />
After found this info, to read temperatures of RAM sticks, we need {{ic|jc42}} [[kernel module]] loaded.<br />
After that you need to tell to module that which addresses are need to used.<br />
Process is writing <module name> <address> to smbus <path>.<br />
<br />
modprobe jc42<br />
echo jc42 0x18 > /sys/bus/i2c/devices/i2c-0/new_device<br />
echo jc42 0x19 > /sys/bus/i2c/devices/i2c-0/new_device<br />
<br />
After that your ram sticks temperature will be visible on {{ic|sensors}} command<br />
<br />
jc42-i2c-0-19<br />
Adapter: SMBus PIIX4 adapter port 0 at 0b00<br />
temp1: +50.7°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
jc42-i2c-0-18<br />
Adapter: SMBus PIIX4 adapter port 0 at 0b00<br />
temp1: +51.8°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
<br />
=== Reading SPD values from memory modules (optional) ===<br />
<br />
To read the SPD timing values from memory modules, install the {{pkg|i2c-tools}} package. Once installed, load the {{ic|eeprom}} [[kernel module]].<br />
<br />
# modprobe eeprom<br />
<br />
Finally, view memory information with {{ic|decode-dimms}}.<br />
<br />
Here is partial output from one machine:<br />
<br />
{{hc|# decode-dimms|<nowiki><br />
Memory Serial Presence Detect Decoder<br />
By Philip Edelbrock, Christian Zuckschwerdt, Burkart Lingner,<br />
Jean Delvare, Trent Piepho and others<br />
<br />
<br />
Decoding EEPROM: /sys/bus/i2c/drivers/eeprom/0-0050<br />
Guessing DIMM is in bank 1<br />
<br />
---=== SPD EEPROM Information ===---<br />
EEPROM CRC of bytes 0-116 OK (0x583F)<br />
# of bytes written to SDRAM EEPROM 176<br />
Total number of bytes in EEPROM 512<br />
Fundamental Memory type DDR3 SDRAM<br />
Module Type UDIMM<br />
<br />
---=== Memory Characteristics ===---<br />
Fine time base 2.500 ps<br />
Medium time base 0.125 ns<br />
Maximum module speed 1066MHz (PC3-8533)<br />
Size 2048 MB<br />
Banks x Rows x Columns x Bits 8 x 14 x 10 x 64<br />
Ranks 2<br />
SDRAM Device Width 8 bits<br />
tCL-tRCD-tRP-tRAS 7-7-7-33<br />
Supported CAS Latencies (tCL) 8T, 7T, 6T, 5T<br />
<br />
---=== Timing Parameters ===---<br />
Minimum Write Recovery time (tWR) 15.000 ns<br />
Minimum Row Active to Row Active Delay (tRRD) 7.500 ns<br />
Minimum Active to Auto-Refresh Delay (tRC) 49.500 ns<br />
Minimum Recovery Delay (tRFC) 110.000 ns<br />
Minimum Write to Read CMD Delay (tWTR) 7.500 ns<br />
Minimum Read to Pre-charge CMD Delay (tRTP) 7.500 ns<br />
Minimum Four Activate Window Delay (tFAW) 30.000 ns<br />
<br />
---=== Optional Features ===---<br />
Operable voltages 1.5V<br />
RZQ/6 supported? Yes<br />
RZQ/7 supported? Yes<br />
DLL-Off Mode supported? No<br />
Operating temperature range 0-85C<br />
Refresh Rate in extended temp range 1X<br />
Auto Self-Refresh? Yes<br />
On-Die Thermal Sensor readout? No<br />
Partial Array Self-Refresh? No<br />
Thermal Sensor Accuracy Not implemented<br />
SDRAM Device Type Standard Monolithic<br />
<br />
---=== Physical Characteristics ===---<br />
Module Height (mm) 15<br />
Module Thickness (mm) 1 front, 1 back<br />
Module Width (mm) 133.5<br />
Module Reference Card B<br />
<br />
---=== Manufacturer Data ===---<br />
Module Manufacturer Invalid<br />
Manufacturing Location Code 0x02<br />
Part Number OCZ3G1600LV2G <br />
<br />
...<br />
</nowiki>}}<br />
<br />
== Using sensor data ==<br />
<br />
=== Graphical front-ends ===<br />
<br />
There are a variety of front-ends for sensors data.<br />
<br />
* {{App|psensor|GTK application for monitoring hardware sensors, including temperatures and fan speeds. Monitors motherboard and CPU (using lm-sensors), Nvidia GPUs (using XNVCtrl), and harddisks (using [[hddtemp]] or libatasmart).|https://wpitchoune.net/psensor/|{{Pkg|psensor}}}}<br />
* {{App|xsensors|X11 interface to lm_sensors.|https://linuxhardware.org/xsensors/|{{Pkg|xsensors}}}}<br />
<br />
For specific [[Desktop environments]]:<br />
<br />
* {{App|Freon (GNOME Shell extension)|Extension for displaying CPU temperature, disk temperature, video card temperature , voltage and fan RPM in [[GNOME]] Shell.|https://github.com/UshakovVasilii/gnome-shell-extension-freon|{{AUR|gnome-shell-extension-freon}}}}<br />
* {{App|GNOME Sensors Applet|Applet for the [[GNOME]] Panel to display readings from hardware sensors, including CPU temperature, fan speeds and voltage readings.|http://sensors-applet.sourceforge.net/|{{Pkg|sensors-applet}}}}<br />
* {{App|lm-sensors (LXPanel plugin)|Monitor temperature/voltages/fan speeds in [[LXDE]] through lm-sensors.|https://danamlund.dk/sensors_lxpanel_plugin/|{{AUR|sensors-lxpanel-plugin}}}}<br />
* {{App|MATE Sensors Applet|Display readings from hardware sensors in your [[MATE]] panel.|https://github.com/mate-desktop/mate-sensors-applet|{{Pkg|mate-sensors-applet}}}}<br />
* {{App|Sensors (Xfce4 panel plugin)|Hardware sensors plugin for the [[Xfce]] panel.|https://goodies.xfce.org/projects/panel-plugins/xfce4-sensors-plugin|{{Pkg|xfce4-sensors-plugin}}}}<br />
* {{App|Thermal Monitor (Plasma 5 applet)|[[KDE]] Plasma applet for monitoring CPU, GPU and other available temperature sensors.|https://gitlab.com/agurenko/plasma-applet-thermal-monitor|{{AUR|plasma5-applets-thermal-monitor-git}}}}<br />
<br />
=== sensord ===<br />
<br />
There is an optional daemon called ''sensord'' (included with the {{Pkg|lm_sensors}} package) which can log data to a round robin database (rrd) and later visualize graphically. See the {{man|8|sensord}} man page for details.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Adjusting values ===<br />
<br />
In some cases, the data displayed might be incorrect or users may wish to rename the output. Use cases include:<br />
<br />
* Incorrect temperature values due to a wrong offset (i.e. temps are reported 20 °C higher than actual).<br />
* Users wish to rename the output of some sensors.<br />
* The cores might be displayed in an incorrect order.<br />
<br />
All of the above (and more) can be adjusted by overriding the package provides settings in {{ic|/etc/sensors3.conf}} by creating {{ic|/etc/sensors.d/''foo''}} wherein any number of tweaks will override the default values. It is recommended to rename 'foo' to the motherboard brand and model but this naming nomenclature is optional.<br />
<br />
{{Note|Do not edit {{ic|/etc/sensors3.conf}} directly since package updates will overwrite any changes thus losing them.}}<br />
<br />
==== Example 1. Adjusting temperature offsets ====<br />
<br />
This is a real example on a Zotac ION-ITX-A-U motherboard. The coretemp values are off by 20 °C (too high) and are adjusted down to Intel specs.<br />
<br />
{{hc|$ sensors|<nowiki><br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core 0: +57.0°C (crit = +125.0°C)<br />
Core 1: +55.0°C (crit = +125.0°C)<br />
...<br />
</nowiki>}}<br />
<br />
Run {{ic|sensors}} with the {{ic|-u}} switch to see what options are available for each physical chip (raw mode):<br />
<br />
{{hc|$ sensors -u|<nowiki><br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core 0:<br />
temp2_input: 57.000<br />
temp2_crit: 125.000<br />
temp2_crit_alarm: 0.000<br />
Core 1:<br />
temp3_input: 55.000<br />
temp3_crit: 125.000<br />
temp3_crit_alarm: 0.000<br />
...<br />
</nowiki>}}<br />
<br />
Create the following file overriding the default values:<br />
<br />
{{hc|/etc/sensors.d/Zotac-IONITX-A-U|<nowiki><br />
chip "coretemp-isa-0000"<br />
label temp2 "Core 0"<br />
compute temp2 @-20,@-20<br />
<br />
label temp3 "Core 1"<br />
compute temp3 @-20,@-20<br />
</nowiki>}}<br />
<br />
Now invoking {{ic|sensors}} shows the adjust values:<br />
<br />
{{hc|$ sensors|<nowiki><br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core 0: +37.0°C (crit = +105.0°C)<br />
Core 1: +35.0°C (crit = +105.0°C)<br />
...<br />
</nowiki>}}<br />
<br />
==== Example 2. Renaming labels ====<br />
<br />
This is a real example on an Asus A7M266. The user wishes more verbose names for the temperature labels {{ic|temp1}} and {{ic|temp2}}:<br />
<br />
{{hc|$ sensors|<nowiki><br />
as99127f-i2c-0-2d<br />
Adapter: SMBus Via Pro adapter at e800<br />
...<br />
temp1: +35.0°C (high = +0.0°C, hyst = -128.0°C)<br />
temp2: +47.5°C (high = +100.0°C, hyst = +75.0°C)<br />
...<br />
</nowiki>}}<br />
<br />
Create the following file to override the default values:<br />
<br />
{{hc|/etc/sensors.d/Asus_A7M266|<nowiki><br />
chip "as99127f-*"<br />
label temp1 "Mobo Temp"<br />
label temp2 "CPU0 Temp"<br />
</nowiki>}}<br />
<br />
Now invoking {{ic|sensors}} shows the adjust values:<br />
<br />
{{hc|$ sensors|<nowiki><br />
as99127f-i2c-0-2d<br />
Adapter: SMBus Via Pro adapter at e800<br />
...<br />
Mobo Temp: +35.0°C (high = +0.0°C, hyst = -128.0°C)<br />
CPU0 Temp: +47.5°C (high = +100.0°C, hyst = +75.0°C)<br />
...<br />
</nowiki>}}<br />
<br />
==== Example 3. Renumbering cores for multi-CPU systems ====<br />
<br />
This is a real example on an HP Z600 workstation with dual Xeons. The actual numbering of physical cores is incorrect: numbered 0, 1, 9, 10 which is repeated into the second CPU. Most users expect the core temperatures to report out in sequential order, i.e. 0,1,2,3,4,5,6,7.<br />
<br />
{{hc|$ sensors|<nowiki><br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core 0: +65.0°C (high = +85.0°C, crit = +95.0°C)<br />
Core 1: +65.0°C (high = +85.0°C, crit = +95.0°C)<br />
Core 9: +66.0°C (high = +85.0°C, crit = +95.0°C)<br />
Core 10: +66.0°C (high = +85.0°C, crit = +95.0°C)<br />
<br />
coretemp-isa-0004<br />
Adapter: ISA adapter<br />
Core 0: +54.0°C (high = +85.0°C, crit = +95.0°C)<br />
Core 1: +56.0°C (high = +85.0°C, crit = +95.0°C)<br />
Core 9: +60.0°C (high = +85.0°C, crit = +95.0°C)<br />
Core 10: +61.0°C (high = +85.0°C, crit = +95.0°C)<br />
...<br />
</nowiki>}}<br />
<br />
Again, run {{ic|sensors}} with the {{ic|-u}} switch to see what options are available for each physical chip:<br />
<br />
{{hc|$ sensors -u coretemp-isa-0000|<nowiki><br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core 0:<br />
temp2_input: 61.000<br />
temp2_max: 85.000<br />
temp2_crit: 95.000<br />
temp2_crit_alarm: 0.000<br />
Core 1:<br />
temp3_input: 61.000<br />
temp3_max: 85.000<br />
temp3_crit: 95.000<br />
temp3_crit_alarm: 0.000<br />
Core 9:<br />
temp11_input: 62.000<br />
temp11_max: 85.000<br />
temp11_crit: 95.000<br />
Core 10:<br />
temp12_input: 63.000<br />
temp12_max: 85.000<br />
temp12_crit: 95.000<br />
</nowiki>}}<br />
<br />
{{hc|$ sensors -u coretemp-isa-0004|<nowiki><br />
coretemp-isa-0004<br />
Adapter: ISA adapter<br />
Core 0:<br />
temp2_input: 53.000<br />
temp2_max: 85.000<br />
temp2_crit: 95.000<br />
temp2_crit_alarm: 0.000<br />
Core 1:<br />
temp3_input: 54.000<br />
temp3_max: 85.000<br />
temp3_crit: 95.000<br />
temp3_crit_alarm: 0.000<br />
Core 9:<br />
temp11_input: 59.000<br />
temp11_max: 85.000<br />
temp11_crit: 95.000<br />
Core 10:<br />
temp12_input: 59.000<br />
temp12_max: 85.000<br />
temp12_crit: 95.000<br />
...<br />
</nowiki>}}<br />
<br />
Create the following file overriding the default values:<br />
<br />
{{hc|/etc/sensors.d/HP_Z600|<nowiki><br />
chip "coretemp-isa-0000"<br />
label temp2 "Core 0"<br />
label temp3 "Core 1"<br />
label temp11 "Core 2"<br />
label temp12 "Core 3"<br />
<br />
chip "coretemp-isa-0004"<br />
label temp2 "Core 4"<br />
label temp3 "Core 5"<br />
label temp11 "Core 6"<br />
label temp12 "Core 7"</nowiki>}}<br />
<br />
Now invoking {{ic|sensors}} shows the adjust values:<br />
<br />
{{hc|$ sensors|<nowiki><br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core0: +64.0°C (high = +85.0°C, crit = +95.0°C)<br />
Core1: +63.0°C (high = +85.0°C, crit = +95.0°C)<br />
Core2: +65.0°C (high = +85.0°C, crit = +95.0°C)<br />
Core3: +66.0°C (high = +85.0°C, crit = +95.0°C)<br />
<br />
coretemp-isa-0004<br />
Adapter: ISA adapter<br />
Core4: +53.0°C (high = +85.0°C, crit = +95.0°C)<br />
Core5: +54.0°C (high = +85.0°C, crit = +95.0°C)<br />
Core6: +59.0°C (high = +85.0°C, crit = +95.0°C)<br />
Core7: +60.0°C (high = +85.0°C, crit = +95.0°C)<br />
...<br />
</nowiki>}}<br />
<br />
=== Automatic lm_sensors deployment ===<br />
<br />
Users wishing to deploy lm_sensors on multiple machines can use the following to accept the defaults to all questions:<br />
<br />
# sensors-detect --auto<br />
<br />
== Troubleshooting ==<br />
<br />
=== K10Temp module ===<br />
<br />
Some K10 processors have issues with their temperature sensor. From the kernel documentation ({{ic|linux-&lt;version&gt;/Documentation/hwmon/k10temp}}):<br />
<br />
:''All these processors have a sensor, but on those for Socket F or AM2+, the sensor may return inconsistent values (erratum 319). The driver will refuse to load on these revisions unless users specify the {{ic|1=force=1}} module parameter.''<br />
<br />
:''Due to technical reasons, the driver can detect only the mainboard's socket type, not the processor's actual capabilities. Therefore, users of an AM3 processor on an AM2+ mainboard, can safely use the {{ic|1=force=1}} parameter.''<br />
<br />
On affected machines the module will report "unreliable CPU thermal sensor; monitoring disabled". To force monitoring anyway, you can run the following:<br />
<br />
# rmmod k10temp<br />
# modprobe k10temp force=1<br />
<br />
Confirm that the sensor is in fact valid and reliable. If it is, can edit {{ic|/etc/modprobe.d/k10temp.conf}} and add:<br />
<br />
options k10temp force=1<br />
<br />
This will allow the module to load at boot.<br />
<br />
=== Asus B450M-A/A320M-K/A320M-K-BR motherboards ===<br />
<br />
These motherboards use a IT8655E chip, which is not supported by the it87 kernel driver, as of Nov 2020 [https://www.kernel.org/doc/html/latest/hwmon/it87.html]. However, it is supported by the upstream version of the kernel driver [https://github.com/bbqlinux/it87/blob/master/it87.c#L22]. The [[DKMS]] variant is contained in {{AUR|it87-dkms-git}}.<br />
<br />
=== Asus B450/X399/X470 motherboards with AM4 Socket ===<br />
<br />
Some recent Asus motherboards use a ITE IT8665E chip, accessing the temperature, fan and voltage sensors may require the {{ic|asus-wmi-sensors}} module. [[Install]] {{AUR|asus-wmi-sensors-dkms-git}} and load the {{ic|asus-wmi-sensors}} [[kernel module]], the module uses the UEFI interface and may require a BIOS update on some boards [https://github.com/electrified/asus-wmi-sensors#supported-hardware].<br />
<br />
Alternatively, the {{ic|it87}} module reads the values from the chip directly, install {{AUR|it87-dkms-git}} and load the {{ic|it87}} [[kernel module]].<br />
<br />
=== Asus H97/Z97/Z170/X570 motherboards ===<br />
<br />
With some recent Asus motherboards, fan and voltage sensor access may require the {{ic|nct6775}} [[kernel module]] to be loaded.<br />
<br />
Additionally, add to the kernel boot parameters:<br />
<br />
acpi_enforce_resources=lax<br />
<br />
=== Gigabyte B250/Z370/B450M motherboards ===<br />
<br />
Some Gigabyte motherboards use the ITE IT8686E chip, which is not supported by the it87 kernel driver, as of May 2019 [https://www.kernel.org/doc/html/latest/hwmon/it87.html]. However, it is supported by the upstream version of the kernel driver [https://github.com/bbqlinux/it87/blob/master/it87.c#L24]. The [[DKMS]] variant is contained in {{AUR|it87-dkms-git}}. As with [[#Asus H97/Z97/Z170/X570 motherboards]], a [[kernel parameter]] is required before attempting to install the module:<br />
<br />
acpi_enforce_resources=lax<br />
<br />
Furthermore, supply the id of the chip when loading the module as follows:<br />
<br />
# modprobe it87 force_id=0x8686<br />
<br />
Or you can [[Kernel_modules|load the module]] during boot process by creating the following two files:<br />
<br />
{{hc|/etc/modules-load.d/it87.conf|<br />
it87<br />
}}<br />
<br />
{{hc|/etc/modprobe.d/it87.conf|<nowiki><br />
options it87 force_id=0x8686<br />
</nowiki>}}<br />
<br />
Once the module is loaded you can use the ''sensors'' tool to probe the chip.<br />
Now you can also use [[fancontrol]] to control the speed step of your case fan. <br />
<br />
Optionally installation of {{AUR|zenpower-dkms}} may allow greater fine tuning of the motherboard's cooling system. However, it does disable the default k10temp module.<br />
<br />
=== Gigabyte GA-J1900N-D3V ===<br />
<br />
This motherboard uses the ITE IT8620E chip (useful also to read voltages, mainboard temp, fan speed). As of October 2014, lm_sensors has no driver support for chip ITE IT8620E [https://hwmon.wiki.kernel.org/device_support_status_g_i] [http://comments.gmane.org/gmane.linux.drivers.sensors/35168]. lm_sensors developers had a report that the chip is somewhat compatible with the IT8728F for the hardware monitoring part. However, as of August 2016, [https://www.kernel.org/doc/html/latest/hwmon/it87.html] lists the IT8620E as supported.<br />
<br />
You can load the module at runtime with modprobe:<br />
<br />
$ modprobe it87 force_id=0x8728<br />
<br />
Or you can [[Kernel modules|load the modules]] during boot process by creating the following two files:<br />
<br />
{{hc|/etc/modules-load.d/it87.conf|2=<br />
it87<br />
}}<br />
<br />
{{hc|/etc/modprobe.d/it87.conf|2=<br />
options it87 force_id=0x8603<br />
}}<br />
<br />
Once the module is loaded you can use the ''sensors'' tool to probe the chip.<br />
<br />
Now you can also use [[fancontrol]] to control the speedsteps of your case fan.<br />
<br />
=== Laptop screen issues after running sensors-detect ===<br />
<br />
This is caused by lm-sensors messing with the Vcom values of the screen while probing for sensors. It has been discussed and solved at the forums already: https://bbs.archlinux.org/viewtopic.php?id=193048. However, make sure to read through the thread carefully before running any of the suggested commands.<br />
<br />
=== i2c bus errors on AMD Navi 2 GPUs ===<br />
<br />
There is currently a bug in the way the kernel handles reading the i2c bus on AMD Navi 2 GPUs. The bus currently can only be used with EEPROMs and trying to use it with other devices will cause it to fail. This can cause crashes, black screens, and even cause the card to behave oddly like unable to switch power states. Its currently advised not to scan the i2c bus if you have a Navi 2 based card. You can read more here: https://gitlab.freedesktop.org/drm/amd/-/issues/1470</div>EUAhttps://wiki.archlinux.org/index.php?title=OpenDKIM&diff=469783OpenDKIM2017-03-05T04:03:41Z<p>EUA: Add the socket directory and set its credentials</p>
<hr />
<div>[[Category:Mail server]]<br />
[[ja:OpenDKIM]]<br />
DomainKeys Identified Mail (DKIM) is a digital email signing/verification technology, which is supported by most common mail providers, including Yahoo, Google and Outlook.com.<br />
<br />
== The idea ==<br />
<br />
Basically DKIM means digitally signing all messages on the server to verify the message actually was sent from the domain in question and is not spam or phishing (and has not been modified).<br />
<br />
*The sender's mail server signs outgoing email with the private key.<br />
<br />
*When the message arrives, the receiver (or his server) requests the public key from the domain's DNS and verifies the signature.<br />
<br />
This ensures the message was sent from a server whose private key matches the domain's public key.<br />
<br />
For more info see [http://tools.ietf.org/html/rfc6376 RFC 6376]<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|opendkim}} package.<br />
<br />
== Configuration ==<br />
<br />
The main configuration file for the signing service is {{ic|/etc/opendkim.conf}}.<br />
<br />
* Copy/move the sample configuration file {{ic|/etc/opendkim/opendkim.conf.sample}} to {{ic|/etc/opendkim/opendkim.conf}} and change the following options:<br />
{{hc|/etc/opendkim/opendkim.conf|<br />
Domain example.com<br />
KeyFile /path/to/keys/server1.private<br />
Selector myselector<br />
Socket inet:8891@localhost<br />
UserID opendkim<br />
}}<br />
* To generate a secret signing key, you need to specify the domain used to send mails and a selector which is used to refer to the key. You may choose anything you like, see the RFC for details, but alpha-numeric strings should be OK:<br />
$ opendkim-genkey -r -s myselector -d example.com<br />
<br />
* Sometimes mails get reformatted on their way (e.g. tab exchanged for spaces), rendering the DKIM signature invalid. To prevent trivial reformatting in header and body destroying trust, there is ''Canonicalization'', a policy stating how strict formatting is to be conserved. Available settings are ''simple'' for no reformatting allowed and ''relaxed'' for some reformatting allowed. For details see [http://dkim.org/specs/rfc4871-dkimbase.html#canonicalization]. These can be set individually for header and body:<br />
{{hc|/etc/opendkim/opendkim.conf|<br />
...<br />
Canonicalization relaxed/simple<br />
...<br />
}}<br />
This example allows some reformatting of the header but not in the message body. Default settings for openDKIM are ''simple/simple''.<br />
<br />
* Other configuration options are available. Make sure to read the documentation.<br />
<br />
* Enable and start the {{ic|opendkim.service}}. Read [[Daemons]] for more information.<br />
<br />
== DNS Record ==<br />
<br />
Add a '''DNS TXT''' record with your selector and public key. The correct record is generated with the private key and can be found in {{ic|myselector.txt}} in the same location as the private key.<br />
<br />
Example:<br />
myselector._domainkey IN TXT "v=DKIM1; k=rsa; s=email; p=...................."<br />
There are several other switches available for the record (see [http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text RFC4871]), the most interesting might be the {{ic|<nowiki>t=y</nowiki>}} which enables testing mode, signaling a checking receiver that the mail must not be treated differently from an unsigned mail, regardless of the state of the signature.<br />
<br />
Check that your DNS record has been correctly updated:<br />
host -t TXT myselector._domainkey.example.com<br />
You may also check that your DKIM DNS record is properly formated using one of the [http://dkimcore.org/tools/ DKIM Key checkers] available on the web.<br />
<br />
== Postfix integration ==<br />
<br />
Either add the following lines to {{ic|main.cf}}:<br />
non_smtpd_milters=inet:127.0.0.1:8891<br />
smtpd_milters=inet:127.0.0.1:8891<br />
<br />
Or change smtpd options in {{ic|master.cf}}:<br />
smtp inet n - n - - smtpd<br />
-o smtpd_client_connection_count_limit=10<br />
-o smtpd_milters=inet:127.0.0.1:8891<br />
<br />
submission inet n - n - - smtpd<br />
-o smtpd_enforce_tls=no<br />
-o smtpd_sasl_auth_enable=yes<br />
-o smtpd_client_restrictions=permit_sasl_authenticated,reject<br />
-o smtpd_sasl_path=smtpd<br />
-o cyrus_sasl_config_path=/etc/sasl2<br />
-o smtpd_milters=inet:127.0.0.1:8891<br />
<br />
== Sendmail integration ==<br />
<br />
Edit the {{ic|sendmail.mc}} file and add the following line, '''after the last line''' starting with {{ic|FEATURE}}:<br />
<br />
{{hc|/etc/mail/sendmail.mc|<nowiki><br />
INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@localhost')<br />
</nowiki>}}<br />
<br />
Rebuild the {{ic|sendmail.cf}} file with:<br />
<br />
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf<br />
<br />
And then restart the {{ic|sendmail.service}}. Read [[Daemons]] for more details.<br />
<br />
==Multiple domains==<br />
<br />
If you are providing mail server service to multiple virtual domains on the same server, you will need to modify the basic configuration as below:<br />
<br />
Provide these directives in {{ic|/etc/opendkim/opendkim.conf}}:<br />
KeyTable refile:/etc/opendkim/KeyTable<br />
SigningTable refile:/etc/opendkim/SigningTable<br />
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts<br />
InternalHosts refile:/etc/opendkim/TrustedHosts<br />
<br />
Create the following two files to tell opendkim where to find the correct keys. You can use the same key for all the domains or generate a key for each domain. Make changes to match your settings. Add more lines as needed.<br />
{{hc|/etc/opendkim/KeyTable| <br />
myselector._domainkey.example1.com example1.com:myselector:/etc/opendkim/myselector.private<br />
myselector._domainkey.example2.com example2.com:myselector:/etc/opendkim/myselector.private<br />
...<br />
}}<br />
<br />
{{hc|/etc/opendkim/SigningTable|<br />
*@example1.com myselector._domainkey.example1.com<br />
*@example2.com myselector._domainkey.example2.com<br />
...<br />
}}<br />
<br />
An existent {{ic|/etc/opendkim/TrustedHosts}} file tells opendkim who to let use your keys. This is referenced by the {{ic|ExternalIgnoreList}} directive in your conf file. Opendkim will ignore this list of hosts when verifying incoming mail. And, because it is also referenced by the {{ic|InternalHosts}} directive, this same list of hosts will be considered “internal,” and opendkim will sign their outgoing mail. Example: <br />
{{ic|/etc/opendkim/TrustedHosts|<br />
127.0.0.1<br />
::1<br />
hostname.example1.com<br />
example1.com<br />
hostname.example2.com<br />
example2.com<br />
...<br />
}}<br />
<br />
Change ownership of all files to opendkim:<br />
# chown -R opendkim:mail /etc/opendkim<br />
<br />
Add a DNS TXT record with your selector and public key for each of the domains.<br />
<br />
You can now [[restart]] opendkim.<br />
<br />
== Security ==<br />
<br />
The default configuration for the OpenDKIM daemon is less than ideal from a security point of view (all those are minor security issues):<br />
* The OpenDKIM daemon does not need to run as {{ic|root}} at all (the configuration suggested earlier will have OpenDKIM drop {{ic|root}} privileges by itself, but systemd can do this too and much earlier).<br />
* If your mail daemon is on the same host as the OpenDKIM daemon, there is no need for localhost tcp sockets and unix sockets may be used instead, allowing classic user/group access controls.<br />
* OpenDKIM is using the {{ic|/tmp}} folder by default whereas it could use its own folder with additional access restrictions.<br />
<br />
The following configuration files will fix most of those issues (assuming you are using Postfix) and drop some unnecessary options in the systemd service unit:<br />
{{hc|/etc/opendkim/opendkim.conf|<br />
BaseDirectory /var/lib/opendkim<br />
Domain example.com<br />
KeyFile /etc/opendkim/myselector.private<br />
Selector myselector<br />
Socket local:/run/opendkim/opendkim.sock<br />
Syslog Yes<br />
TemporaryDirectory /run/opendkim<br />
UMask 002<br />
}}<br />
<br />
{{hc|/etc/systemd/system/opendkim.service|<nowiki><br />
[Unit]<br />
Description=OpenDKIM daemon<br />
After=network.target remote-fs.target nss-lookup.target<br />
<br />
[Service]<br />
Type=forking<br />
User=opendkim<br />
Group=postfix<br />
ExecStart=/usr/bin/opendkim -x /etc/opendkim/opendkim.conf<br />
RuntimeDirectory=opendkim<br />
RuntimeDirectoryMode=0750<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
<br />
Add the socket directory and set its credentials:<br />
<br />
# mkdir /run/opendkim<br />
# chown opendkim:mail /run/opendkim<br />
<br />
Edit {{ic|/etc/postfix/main.cf}} accordingly to make Postfix listen to this unix socket:<br />
{{hc|/etc/postfix/main.cf|<nowiki><br />
smtpd_milters = unix:/run/opendkim/opendkim.sock<br />
non_smtpd_milters = unix:/run/opendkim/opendkim.sock<br />
</nowiki>}}<br />
<br />
<br />
== Notes ==<br />
While you are about to fight spam and increase people's trust in your server, you might want to take a look at [[wikipedia:Sender Policy Framework|Sender Policy Framework]], which basically means adding a DNS Record stating which servers are authorized to send email for your domain.</div>EUAhttps://wiki.archlinux.org/index.php?title=Virtual_user_mail_system_with_Postfix,_Dovecot_and_Roundcube&diff=468809Virtual user mail system with Postfix, Dovecot and Roundcube2017-02-21T23:54:02Z<p>EUA: enable STARTTLS for outgoing emails also!</p>
<hr />
<div>[[Category:Mail server]]<br />
[[ja:仮想ユーザーメールシステム]]<br />
{{Related articles start}}<br />
{{Related|Courier MTA}}<br />
{{Related|OpenDKIM}}<br />
{{Related|Postfix}}<br />
{{Related|SOGo}}<br />
{{Related articles end}}<br />
This article describes how to set up a complete virtual user mail system on an Arch Linux system in the simplest manner possible. However, since a mail system consists of many complex components, quite a bit of configuration will still be necessary. <br />
<br />
Roughly, the components used in this article are Postfix as the mail server, Dovecot as the IMAP server, Roundcube as the webmail interface and PostfixAdmin as the administration interface to manage it all.<br />
<br />
In the end, the provided solution will allow you to use the best currently available security mechanisms, you will be able to send mails using SMTP and SMTPS and receive mails using POP3, POP3S, IMAP and IMAPS. Additionally, configuration will be easy thanks to PostfixAdmin and users will be able to login using Roundcube. What a deal!<br />
<br />
== Installation ==<br />
Before you start, you must have both a working MySQL server as described in [[MySQL]] and a working Postfix server as described in [[Postfix]].<br />
<br />
[[Install]] the {{Pkg|dovecot}} and {{Pkg|roundcubemail}} packages.<br />
<br />
== Configuration ==<br />
=== User ===<br />
For security reasons, a new user should be created to store the mails:<br />
# groupadd -g 5000 vmail<br />
# useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail<br />
A gid and uid of 5000 is used in both cases so that we do not run into conflicts with regular users. All your mail will then be stored in {{ic|/home/vmail}}. You could change the home directory to something like {{ic|/var/mail/vmail}} but be careful to change this in any configuration below as well.<br />
<br />
=== Database ===<br />
You will need to create an empty database and corresponding user. In this article, the user ''postfix_user'' will have read/write access to the database ''postfix_db'' using ''hunter2'' as password. You are expected to create the database and user yourself, and give the user permission to use the database, as shown in the following code.<br />
<br />
{{hc|$ mysql -u root -p|<br />
CREATE DATABASE postfix_db;<br />
GRANT ALL ON postfix_db.* TO 'postfix_user'@'localhost' IDENTIFIED BY 'hunter2';<br />
FLUSH PRIVILEGES;<br />
}}<br />
<br />
{{Expansion|Further manual database installation is missing. So far, the only way to follow this article is by installing PostfixAdmin with Apache, MySQL and PHP.}}<br />
<br />
Now you can go to the PostfixAdmin's setup page, let PostfixAdmin create the needed tables and create the users in there.<br />
<br />
==== PostfixAdmin ====<br />
See [[Postfix#PostfixAdmin]].<br />
<br />
=== SSL certificate ===<br />
You will need a SSL certificate for all encrypted mail communications (SMTPS/IMAPS/POP3S). If you do not have one, create one:<br />
# cd /etc/ssl/private/<br />
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout vmail.key -out vmail.crt -days 1460 #days are optional<br />
# chmod 400 vmail.key<br />
# chmod 444 vmail.crt<br />
<br />
=== Postfix ===<br />
<br />
==== SMTPS ====<br />
<br />
Enable secure SMTP as described in [[Postfix#Secure SMTP]]. <br />
<br />
==== Prerequisites ====<br />
<br />
Before you copy&paste the configuration below, check if {{ic|relay_domains}} has already been already set. If you leave more than one active, you will receive warnings during runtime.<br />
<br />
{{Warning|{{ic|<nowiki>relay_domains</nowiki>}} can be dangerous. You usually do not want Postfix to forward mail of strangers. {{ic|<nowiki>$mydestination</nowiki>}} is a sane default value. Double check it's value before running postfix! See http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_to}} <br />
<br />
Also check if your SSL certificate paths are set right in all upcoming config examples.<br />
<br />
==== Setting up Postfix ====<br />
<br />
To {{ic|/etc/postfix/main.cf}} append:<br />
relay_domains = $mydestination<br />
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf<br />
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf<br />
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf<br />
virtual_mailbox_base = /home/vmail<br />
virtual_mailbox_limit = 512000000<br />
virtual_minimum_uid = 5000<br />
virtual_transport = virtual<br />
virtual_uid_maps = static:5000<br />
virtual_gid_maps = static:5000<br />
local_transport = virtual<br />
local_recipient_maps = $virtual_mailbox_maps<br />
transport_maps = hash:/etc/postfix/transport<br />
<br />
smtpd_sasl_auth_enable = yes<br />
smtpd_sasl_type = dovecot<br />
smtpd_sasl_path = /var/run/dovecot/auth-client<br />
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br />
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br />
smtpd_sasl_security_options = noanonymous<br />
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options<br />
smtpd_tls_security_level = may<br />
smtpd_tls_auth_only = yes<br />
smtpd_tls_received_header = yes<br />
smtpd_tls_cert_file = /etc/ssl/private/vmail.crt<br />
smtpd_tls_key_file = /etc/ssl/private/vmail.key<br />
smtpd_sasl_local_domain = $mydomain<br />
broken_sasl_auth_clients = yes<br />
smtpd_tls_loglevel = 1<br />
smtp_tls_security_level = may<br />
smtp_tls_loglevel = 1<br />
<br />
* In the configuration above {{ic|virtual_mailbox_domains}} is a list of the domains that you want to receive mail for. This CANNOT contain the domain that is set in {{ic|mydestination}}. That is why we left {{ic|mydestination}} to be localhost only.<br />
<br />
* {{ic|virtual_mailbox_maps}} will contain the information of virtual users and their mailbox locations. We are using a hash file to store the more permanent maps, and these will then override the forwards in the MySQL database.<br />
<br />
* {{ic|virtual_mailbox_base}} is the base directory where the virtual mailboxes will be stored.<br />
<br />
The {{ic|virtual_uid_maps}} and {{ic|virtual_gid_maps}} are the real system user IDs that the virtual mails will be owned by. This is for storage purposes. <br />
<br />
{{note|Since we will be using a web interface (Roundcube), and do not want people accessing this by any other means, we will be creating this account later without providing any login access.}}<br />
<br />
==== Create the file structure ====<br />
<br />
Those new additional settings reference a lot of files that do not even exist yet. We will create them with the following steps.<br />
<br />
If you were setting up your database with PostfixAdmin and created the database schema through PostfixAdmin, you can create the following files. Do not forget to change the password:<br />
<br />
{{hc|/etc/postfix/virtual_alias_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = alias<br />
select_field = goto<br />
where_field = address<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_domains.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = domain<br />
select_field = domain<br />
where_field = domain<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = mailbox<br />
select_field = maildir<br />
where_field = username<br />
</nowiki>}}<br />
<br />
{{Note | For setups without using PostfixAdmin, create the following files.}}<br />
<br />
{{hc|/etc/postfix/virtual_alias_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = domains<br />
select_field = virtual<br />
where_field = domain<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_domains.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = forwardings<br />
select_field = destination<br />
where_field = source<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = users<br />
select_field = concat(domain,'/',email,'/')<br />
where_field = email<br />
</nowiki>}}<br />
<br />
Run ''postmap'' on ''transport'' to generate its db:<br />
# postmap /etc/postfix/transport<br />
<br />
=== Dovecot ===<br />
<br />
Instead of using the provided Dovecot example config file, we'll create our own {{ic|/etc/dovecot/dovecot.conf}}. Please note that the user and group here might be vmail '''instead of postfix'''!<br />
<br />
{{hc|/etc/dovecot/dovecot.conf|<nowiki><br />
protocols = imap pop3<br />
auth_mechanisms = plain<br />
passdb {<br />
driver = sql<br />
args = /etc/dovecot/dovecot-sql.conf<br />
}<br />
userdb {<br />
driver = sql<br />
args = /etc/dovecot/dovecot-sql.conf<br />
}<br />
<br />
service auth {<br />
unix_listener auth-client {<br />
group = postfix<br />
mode = 0660<br />
user = postfix<br />
}<br />
user = root<br />
}<br />
<br />
mail_home = /home/vmail/%d/%n<br />
mail_location = maildir:~<br />
<br />
ssl_cert = </etc/ssl/private/vmail.crt<br />
ssl_key = </etc/ssl/private/vmail.key<br />
</nowiki>}}<br />
<br />
{{note|If you instead want to modify {{ic|dovecot.conf.sample}}, beware that the default configuration file imports the content of {{ic|conf.d/*.conf}}. Those files call other files that aren't present in our configuration.}}<br />
<br />
Now we create {{ic|/etc/dovecot/dovecot-sql.conf}}, which we just referenced in the config above. Use the following contents and check if everything is set accordingly to your system's configuration.<br />
<br />
If you used PostfixAdmin, then you add the following:<br />
<br />
{{hc|/etc/dovecot/dovecot-sql.conf|<nowiki><br />
driver = mysql<br />
connect = host=localhost dbname=postfix_db user=postfix_user password=hunter2<br />
# It is highly recommended to not use deprecated MD5-CRYPT. Read more at http://wiki2.dovecot.org/Authentication/PasswordSchemes<br />
default_pass_scheme = SHA512-CRYPT<br />
# Get the mailbox<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'<br />
# Get the password<br />
password_query = SELECT username as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'<br />
# If using client certificates for authentication, comment the above and uncomment the following<br />
#password_query = SELECT null AS password, ‘%u’ AS user<br />
</nowiki>}}<br />
<br />
Without having used PostfixAdmin you can use:<br />
<br />
{{hc|/etc/dovecot/dovecot-sql.conf|<nowiki><br />
driver = mysql<br />
connect = host=localhost dbname=postfix_db user=postfix_user password=hunter2<br />
# It is highly recommended to not use deprecated MD5-CRYPT. Read more at http://wiki2.dovecot.org/Authentication/PasswordSchemes<br />
default_pass_scheme = SHA512-CRYPT<br />
# Get the mailbox<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM users WHERE email = '%u'<br />
# Get the password<br />
password_query = SELECT email as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM users WHERE email = '%u'<br />
# If using client certificates for authentication, comment the above and uncomment the following<br />
#password_query = SELECT null AS password, ‘%u’ AS user<br />
</nowiki>}}<br />
<br />
{{tip | Visit http://wiki2.dovecot.org/Variables to learn more about Dovecot variables.}}<br />
<br />
=== PostfixAdmin ===<br />
See [[Postfix#PostfixAdmin]].<br />
<br />
Note: To match the configuration in this file, config.inc.php should contain the following.<br />
<br />
# /etc/postfixadmin/config.inc.php<br />
...<br />
$CONF['domain_path'] = 'YES';<br />
$CONF['domain_in_mailbox'] = 'NO';<br />
...<br />
<br />
=== Roundcube ===<br />
<br />
Make sure that both the {{ic|pdo_mysql.so}} extension and {{ic|iconv.so}} extension are uncommented in your {{ic|php.ini}} file. Also check the {{ic|.htaccess}} for access restrictions. Assuming that localhost is your current host, navigate a browser to {{ic|http://localhost/roundcube/installer/}} and follow the instructions. <br />
<br />
Roundcube needs a separate database to work. You should not use the same database for Roundcube and PostfixAdmin. Create a second database {{ic|roundcube_db}} and a new user named {{ic|roundcube_user}}.<br />
<br />
While running the installer ...<br />
<br />
* Make sure to address of the IMAP host is {{ic|ssl://localhost/}} or {{ic|tls://localhost/}} and not just {{ic|localhost}}. <br />
* Use port {{ic|993}}. Likewise with SMTP. <br />
* Make sure to provide {{ic|ssl://localhost/}} with port {{ic|465}} if you used the wrapper mode<br />
* and use {{ic|tls://localhost/}} port {{ic|587}} if you used the proper TLS mode. <br />
* See [[#Postfix|here]] for an explanation on that.<br />
<br />
The post install process is similar to any other webapp like [[PhpMyAdmin]] or PostFixAdmin. The configuration file is in {{ic|/etc/webapps/roundcubemail/config/config.inc.php}} which works as an override over {{ic|default.inc.php}}.<br />
<br />
==== Apache configuration ====<br />
<br />
If you are using Apache, copy the example configuration file to your webserver configuration directory.<br />
<br />
# cp /etc/webapps/roundcubemail/apache.conf /etc/httpd/conf/extra/httpd-roundcubemail.conf<br />
<br />
Add the following line in<br />
<br />
{{hc|/etc/httpd/conf/httpd.conf|<nowiki><br />
Include conf/extra/httpd-roundcubemail.conf<br />
</nowiki>}}<br />
<br />
==== Roundcube: Change Password Plugin ====<br />
<br />
To let users change their passwords from within Roundcube, do the following:<br />
<br />
Enable the password plugin by adding this line to<br />
<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$rcmail_config['plugins'] = array('password');<br />
</nowiki>}}<br />
<br />
Configure the password plugin and make sure you alter the settings accordingly:<br />
<br />
{{hc|/usr/share/webapps/roundcubemail/plugins/password/config.inc.php|<nowiki><br />
$config['password_driver'] = 'sql';<br />
$config['password_db_dsn'] = 'mysql://<postfix_database_user>:<password>@localhost/<postfix_database_name>';<br />
## for dovecot salted passwords only<br />
# $config['password_dovecotpw'] = 'doveadm pw';<br />
# $config['password_dovecotpw_method'] = 'SHA512-CRYPT';<br />
# $config['password_dovecotpw_with_method'] = true;<br />
$config['password_query'] = 'UPDATE mailbox SET password=%c WHERE username=%u';<br />
</nowiki>}}<br />
<br />
== Fire it up ==<br />
All necessary daemons should be started in order to test the configuration. [[Start]] both {{ic|postfix}} and {{ic|dovecot}}.<br />
<br />
Now for testing purposes, create a domain and mail account in PostfixAdmin. Try to login to this account using Roundcube. Now send yourself a mail.<br />
<br />
== Optional Items ==<br />
Although these items are not required, they definitely add more completeness to your setup<br />
<br />
=== Quota ===<br />
To enable mailbox quota support by dovecot, do the following: <br />
*First add the following lines to /etc/dovecot/dovecot.conf<br />
dict {<br />
quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext<br />
}<br />
service dict {<br />
unix_listener dict {<br />
group = vmail<br />
mode = 0660<br />
user = vmail<br />
}<br />
user = root<br />
}<br />
service quota-warning {<br />
executable = script /usr/local/bin/quota-warning.sh<br />
user = vmail<br />
unix_listener quota-warning {<br />
group = vmail<br />
mode = 0660<br />
user = vmail<br />
}<br />
} <br />
mail_plugins=quota<br />
protocol pop3 {<br />
mail_plugins = quota<br />
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh<br />
pop3_uidl_format = %08Xu%08Xv<br />
}<br />
protocol lda {<br />
mail_plugins = quota<br />
postmaster_address = postmaster@yourdomain.com<br />
}<br />
protocol imap {<br />
mail_plugins = $mail_plugins imap_quota<br />
mail_plugin_dir = /usr/lib/dovecot/modules<br />
}<br />
plugin {<br />
quota = dict:User quota::proxy::quotadict<br />
quota_rule2 = Trash:storage=+10%%<br />
quota_warning = storage=100%% quota-warning +100 %u<br />
quota_warning2 = storage=95%% quota-warning +95 %u<br />
quota_warning3 = storage=80%% quota-warning +80 %u<br />
quota_warning4 = -storage=100%% quota-warning -100 %u # user is no longer over quota<br />
}<br />
<br />
*Create a new file /etc/dovecot/dovecot-dict-sql.conf.ext with the following code:<br />
connect = host=localhost dbname=yourdb user=youruser password=yourpassword<br />
map {<br />
pattern = priv/quota/storage<br />
table = quota2<br />
username_field = username<br />
value_field = bytes<br />
}<br />
map {<br />
pattern = priv/quota/messages<br />
table = quota2<br />
username_field = username<br />
value_field = messages<br />
}<br />
*Create a warning script /usr/local/bin/quota-warning.sh and make sure it is executable. This warning script works with postfix lmtp configuration as well.<br />
<pre> #!/bin/sh<br />
BOUNDARY="$1"<br />
USER="$2"<br />
MSG=""<br />
if [[ "$BOUNDARY" = "+100" ]]; then<br />
MSG="Your mailbox is now overfull (>100%). In order for your account to continue functioning properly, you need to remove some emails NOW."<br />
elif [[ "$BOUNDARY" = "+95" ]]; then<br />
MSG="Your mailbox is now over 95% full. Please remove some emails ASAP."<br />
elif [[ "$BOUNDARY" = "+80" ]]; then<br />
MSG="Your mailbox is now over 80% full. Please consider removing some emails to save space."<br />
elif [[ "$BOUNDARY" = "-100" ]]; then<br />
MSG="Your mailbox is now back to normal (<100%)."<br />
fi<br />
<br />
cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"<br />
From: postmaster@yourdomain.com<br />
Subject: Email Account Quota Warning<br />
<br />
Dear User,<br />
<br />
$MSG<br />
<br />
Best regards,<br />
Your Mail System<br />
EOF<br />
</pre><br />
<br />
*Edit the user_query line and add iterat_query in dovecot-sql.conf as following:<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'<br />
iterate_query = SELECT username AS user FROM mailbox<br />
*Set up LDA as described above under SpamAssassin. If you're not using SpamAssassin, the pipe should look like this in /etc/postfix/master.cf :<br />
dovecot unix - n n - - pipe<br />
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}<br />
As above activate it in Postfix main.cf<br />
virtual_transport = dovecot<br />
*You can set up quota per each mailbox in postfixadmin. Make sure the relevant lines in config.inc.php look like this:<br />
$CONF['quota'] = 'YES';<br />
$CONF['quota_multiplier'] = '1024000';<br />
<br />
Restart postfix and dovecot services. If things go well, you should be able to list all users' quota and usage by the this command:<br />
doveadm quota get -A<br />
You should be able to see the quota in roundcube too.<br />
<br />
== Sidenotes ==<br />
<br />
=== Alternative vmail folder structure ===<br />
<br />
Instead of having a directory structure like {{ic|/home/vmail/example.com/user@example.com}} you can have cleaner subdirectories (without the additional domain name) by replacing {{ic|select_field}} and {{ic|where_field}} with:<br />
{{bc|1=query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'}}<br />
<br />
<br />
== Troubleshooting ==<br />
<br />
=== IMAP/POP3 client failing to receive mails ===<br />
<br />
If you get similar errors, take a look into {{ic|/var/log/mail.log}} or use {{ic|journalctl -xn --unit postfix.service}} to find out more.<br />
<br />
It may turn out that the Maildir {{ic|/home/vmail/mail@domain.tld}} is just being created if there is at least one email waiting. Otherwise there wouldn't be any need for the directory creation before.<br />
<br />
<br />
=== Roundcube not able to delete emails or view any 'standard' folders ===<br />
<br />
Ensure that the Roundcube config.inc.php file contains the following:<br />
<br />
{{bc|1=<br />
$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');<br />
$rcmail_config['create_default_folders'] = true;<br />
$rcmail_config['protect_default_folders'] = true;<br />
}}</div>EUA