https://wiki.archlinux.org/api.php?action=feedcontributions&user=Guiguan&feedformat=atomArchWiki - User contributions [en]2024-03-29T09:18:10ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Virtual_user_mail_system_with_Postfix,_Dovecot_and_Roundcube&diff=398405Virtual user mail system with Postfix, Dovecot and Roundcube2015-09-05T15:50:44Z<p>Guiguan: /* fixed a quota warning script bug and improved its info feedback */</p>
<hr />
<div>[[Category:Mail server]]<br />
{{Related articles start}}<br />
{{Related|Postfix}}<br />
{{Related|Courier MTA}}<br />
{{Related|OpenDKIM}}<br />
{{Related articles end}}<br />
This article describes how to set up a complete virtual user mail system on an Arch Linux system in the simplest manner possible. However, since a mail system consists of many complex components, quite a bit of configuration will still be necessary. <br />
<br />
Roughly, the components used in this article are Postfix as the mail server, Dovecot as the IMAP server, Roundcube as the webmail interface and PostfixAdmin as the administration interface to manage it all.<br />
<br />
In the end, the provided solution will allow you to use the best currently available security mechanisms, you will be able to send mails using SMTP and SMTPS and receive mails using POP3, POP3S, IMAP and IMAPS. Additionally, configuration will be easy thanks to PostfixAdmin and users will be able to login using Roundcube. What a deal!<br />
<br />
== Installation ==<br />
Before you start, you must have both a working MySQL server as described in [[MySQL]] and a working Postfix server as described in [[Postfix]].<br />
<br />
[[Install]] the {{Pkg|dovecot}} and {{Pkg|roundcubemail}} packages.<br />
<br />
== Configuration ==<br />
=== User ===<br />
For security reasons, a new user should be created to store the mails:<br />
# groupadd -g 5000 vmail<br />
# useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail<br />
A gid and uid of 5000 is used in both cases so that we do not run into conflicts with regular users. All your mail will then be stored in {{ic|/home/vmail}}. You could change the home directory to something like {{ic|/var/mail/vmail}} but be careful to change this in any configuration below as well.<br />
<br />
=== Database ===<br />
You will need to create an empty database and corresponding user. In this article, the user ''postfix_user'' will have read/write access to the database ''postfix_db'' using ''hunter2'' as password. You are expected to create the database and user yourself, and give the user permission to use the database, as shown in the following code.<br />
<br />
{{hc|$ mysql -u root -p|<br />
CREATE DATABASE postfix_db;<br />
GRANT ALL ON postfix_db.* TO 'postfix_user'@'localhost' IDENTIFIED BY 'hunter2';<br />
FLUSH PRIVILEGES;<br />
}}<br />
<br />
{{Expansion|Further manual database installation is missing. So far, the only way to follow this article is by installing PostfixAdmin with Apache, MySQL and PHP.}}<br />
<br />
Now you can go to the PostfixAdmin's setup page, let PostfixAdmin create the needed tables and create the users in there.<br />
<br />
==== PostfixAdmin ====<br />
See [[Postfix#PostfixAdmin]].<br />
<br />
=== SSL certificate ===<br />
You will need a SSL certificate for all encrypted mail communications (SMTPS/IMAPS/POP3S). If you do not have one, create one:<br />
# cd /etc/ssl/private/<br />
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout vmail.key -out vmail.crt -days 1460 #days are optional<br />
# chmod 400 vmail.key<br />
# chmod 444 vmail.crt<br />
<br />
=== Postfix ===<br />
<br />
==== SMTPS ====<br />
<br />
Enable secure SMTP as described in [[Postfix#Secure SMTP]]. <br />
<br />
==== Prerequisites ====<br />
<br />
Before you copy&paste the configuration below, check if {{ic|relay_domains}} has already been already set. If you leave more than one active, you will receive warnings during runtime.<br />
<br />
{{Warning|{{ic|<nowiki>relay_domains</nowiki>}} can be dangerous. You usually do not want Postfix to forward mail of strangers. {{ic|<nowiki>$mydestination</nowiki>}} is a sane default value. Double check it's value before running postfix! See http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_to}} <br />
<br />
Also check if your SSL certificate paths are set right in all upcoming config examples.<br />
<br />
==== Setting up Postfix ====<br />
<br />
To {{ic|/etc/postfix/main.cf}} append:<br />
relay_domains = $mydestination<br />
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf<br />
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf<br />
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf<br />
virtual_mailbox_base = /home/vmail<br />
virtual_mailbox_limit = 512000000<br />
virtual_minimum_uid = 5000<br />
virtual_transport = virtual<br />
virtual_uid_maps = static:5000<br />
virtual_gid_maps = static:5000<br />
local_transport = virtual<br />
local_recipient_maps = $virtual_mailbox_maps<br />
transport_maps = hash:/etc/postfix/transport<br />
<br />
smtpd_sasl_auth_enable = yes<br />
smtpd_sasl_type = dovecot<br />
smtpd_sasl_path = /var/run/dovecot/auth-client<br />
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br />
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br />
smtpd_sasl_security_options = noanonymous<br />
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options<br />
smtpd_use_tls = yes<br />
smtpd_tls_security_level = may<br />
smtpd_tls_auth_only = yes<br />
smtpd_tls_received_header = yes<br />
smtpd_tls_cert_file = /etc/ssl/private/vmail.crt<br />
smtpd_tls_key_file = /etc/ssl/private/vmail.key<br />
smtpd_sasl_local_domain = $mydomain<br />
broken_sasl_auth_clients = yes<br />
smtpd_tls_loglevel = 1<br />
<br />
* In the configuration above {{ic|virtual_mailbox_domains}} is a list of the domains that you want to receive mail for. This CANNOT contain the domain that is set in {{ic|mydestination}}. That is why we left {{ic|mydestination}} to be localhost only.<br />
<br />
* {{ic|virtual_mailbox_maps}} will contain the information of virtual users and their mailbox locations. We are using a hash file to store the more permanent maps, and these will then override the forwards in the MySQL database.<br />
<br />
* {{ic|virtual_mailbox_base}} is the base directory where the virtual mailboxes will be stored.<br />
<br />
The {{ic|virtual_uid_maps}} and {{ic|virtual_gid_maps}} are the real system user IDs that the virtual mails will be owned by. This is for storage purposes. <br />
<br />
{{note|Since we will be using a web interface (Roundcube), and do not want people accessing this by any other means, we will be creating this account later without providing any login access.}}<br />
<br />
==== Create the file structure ====<br />
<br />
Those new additional settings reference a lot of files that do not even exist yet. We will create them with the following steps.<br />
<br />
If you were setting up your database with PostfixAdmin and created the database schema through PostfixAdmin, you can create the following files. Do not forget to change the password:<br />
<br />
{{hc|/etc/postfix/virtual_alias_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = alias<br />
select_field = goto<br />
where_field = address<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_domains.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = domain<br />
select_field = domain<br />
where_field = domain<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = mailbox<br />
select_field = maildir<br />
where_field = username<br />
</nowiki>}}<br />
<br />
{{Note | For setups without using PostfixAdmin, create the following files.}}<br />
<br />
{{hc|/etc/postfix/virtual_alias_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = domains<br />
select_field = virtual<br />
where_field = domain<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_domains.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = forwardings<br />
select_field = destination<br />
where_field = source<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = users<br />
select_field = concat(domain,'/',email,'/')<br />
where_field = email<br />
</nowiki>}}<br />
<br />
Run ''postmap'' on ''transport'' to generate its db:<br />
# postmap /etc/postfix/transport<br />
<br />
=== Dovecot ===<br />
<br />
Instead of using the provided Dovecot example config file, we'll create our own {{ic|/etc/dovecot/dovecot.conf}}.<br />
<br />
{{hc|/etc/dovecot/dovecot.conf|<nowiki><br />
protocols = imap pop3<br />
auth_mechanisms = plain<br />
passdb {<br />
driver = sql<br />
args = /etc/dovecot/dovecot-sql.conf<br />
}<br />
userdb {<br />
driver = sql<br />
args = /etc/dovecot/dovecot-sql.conf<br />
}<br />
<br />
service auth {<br />
unix_listener auth-client {<br />
group = postfix<br />
mode = 0660<br />
user = postfix<br />
}<br />
user = root<br />
}<br />
<br />
mail_home = /home/vmail/%d/%n<br />
mail_location = maildir:~<br />
<br />
ssl_cert = </etc/ssl/private/vmail.crt<br />
ssl_key = </etc/ssl/private/vmail.key<br />
</nowiki>}}<br />
<br />
{{note|If you instead want to modify {{ic|dovecot.conf.sample}}, beware that the default configuration file imports the content of {{ic|conf.d/*.conf}}. Those files call other files that aren't present in our configuration.}}<br />
<br />
Now we create {{ic|/etc/dovecot/dovecot-sql.conf}}, which we just referenced in the config above. Use the following contents and check if everything is set accordingly to your system's configuration.<br />
<br />
If you used PostfixAdmin, then you add the following:<br />
<br />
{{hc|/etc/dovecot/dovecot-sql.conf|<nowiki><br />
driver = mysql<br />
connect = host=localhost dbname=postfix_db user=postfix_user password=hunter2<br />
# It is highly recommended to not use deprecated MD5-CRYPT. Read more at http://wiki2.dovecot.org/Authentication/PasswordSchemes<br />
default_pass_scheme = SHA512-CRYPT<br />
# Get the mailbox<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'<br />
# Get the password<br />
password_query = SELECT username as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'<br />
# If using client certificates for authentication, comment the above and uncomment the following<br />
#password_query = SELECT null AS password, ‘%u’ AS user<br />
</nowiki>}}<br />
<br />
Without having used PostfixAdmin you can use:<br />
<br />
{{hc|/etc/dovecot/dovecot-sql.conf|<nowiki><br />
driver = mysql<br />
connect = host=localhost dbname=postfix_db user=postfix_user password=hunter2<br />
# It is highly recommended to not use deprecated MD5-CRYPT. Read more at http://wiki2.dovecot.org/Authentication/PasswordSchemes<br />
default_pass_scheme = SHA512-CRYPT<br />
# Get the mailbox<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM users WHERE email = '%u'<br />
# Get the password<br />
password_query = SELECT email as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM users WHERE email = '%u'<br />
# If using client certificates for authentication, comment the above and uncomment the following<br />
#password_query = SELECT null AS password, ‘%u’ AS user<br />
</nowiki>}}<br />
<br />
{{tip | Visit http://wiki2.dovecot.org/Variables to learn more about Dovecot variables.}}<br />
<br />
=== PostfixAdmin ===<br />
See [[Postfix#PostfixAdmin]].<br />
<br />
=== Roundcube ===<br />
<br />
Make sure that both the {{ic|pdo_mysql.so}} extension and {{ic|iconv.so}} extension are uncommented in your {{ic|php.ini}} file. Also check the {{ic|.htaccess}} for access restrictions. Assuming that localhost is your current host, navigate a browser to {{ic|http://localhost/roundcube/installer/}} and follow the instructions. <br />
<br />
Roundcube needs a separate database to work. You should not use the same database for Roundcube and PostfixAdmin. Create a second database {{ic|roundcube_db}} and a new user named {{ic|roundcube_user}}.<br />
<br />
While running the installer ...<br />
<br />
* Make sure to address of the IMAP host is {{ic|ssl://localhost/}} or {{ic|tls://localhost/}} and not just {{ic|localhost}}. <br />
* Use port {{ic|993}}. Likewise with SMTP. <br />
* Make sure to provide {{ic|ssl://localhost/}} with port {{ic|465}} if you used the wrapper mode<br />
* and use {{ic|tls://localhost/}} port {{ic|587}} if you used the proper TLS mode. <br />
* See [[#Postfix|here]] for an explanation on that.<br />
<br />
The post install process is similar to any other webapp like [[PhpMyAdmin]] or PostFixAdmin. The configuration file is in {{ic|/etc/webapps/roundcubemail/config/config.inc.php}} which works as an override over {{ic|default.inc.php}}.<br />
<br />
==== Apache configuration ====<br />
<br />
If you are using Apache, copy the example configuration file to your webserver configuration directory.<br />
<br />
# cp /etc/webapps/roundcubemail/apache.conf /etc/httpd/conf/extra/httpd-roundcubemail.conf<br />
<br />
Add the following line in<br />
<br />
{{hc|/etc/httpd/conf/httpd.conf|<nowiki><br />
Include conf/extra/httpd-roundcubemail.conf<br />
</nowiki>}}<br />
<br />
==== Roundcube: Change Password Plugin ====<br />
<br />
To let users change their passwords from within Roundcube, do the following:<br />
<br />
Enable the password plugin by adding this line to<br />
<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$rcmail_config['plugins'] = array('password');<br />
</nowiki>}}<br />
<br />
Configure the password plugin and make sure you alter the settings accordingly:<br />
<br />
{{hc|/usr/share/webapps/roundcubemail/plugins/password/config.inc.php|<nowiki><br />
$config['password_driver'] = 'sql';<br />
$config['password_db_dsn'] = 'mysql://<postfix_database_user>:<password>@localhost/<postfix_database_name>';<br />
$config['password_query'] = 'UPDATE mailbox SET password=%c WHERE username=%u';<br />
</nowiki>}}<br />
<br />
== Fire it up ==<br />
All necessary daemons should be started in order to test the configuration. [[Start]] both {{ic|postfix}} and {{ic|dovecot}}.<br />
<br />
Now for testing purposes, create a domain and mail account in PostfixAdmin. Try to login to this account using Roundcube. Now send yourself a mail.<br />
<br />
== Optional Items ==<br />
Although these items are not required, they definitely add more completeness to your setup<br />
<br />
=== Quota ===<br />
To enable mailbox quota support by dovecot, do the following: <br />
*First add the following lines to /etc/dovecot/dovecot.conf<br />
dict {<br />
quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext<br />
}<br />
service dict {<br />
unix_listener dict {<br />
group = vmail<br />
mode = 0660<br />
user = vmail<br />
}<br />
user = root<br />
}<br />
service quota-warning {<br />
executable = script /usr/local/bin/quota-warning.sh<br />
user = vmail<br />
unix_listener quota-warning {<br />
group = vmail<br />
mode = 0660<br />
user = vmail<br />
}<br />
} <br />
mail_plugins=quota<br />
protocol pop3 {<br />
mail_plugins = quota<br />
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh<br />
pop3_uidl_format = %08Xu%08Xv<br />
}<br />
protocol lda {<br />
mail_plugins = quota<br />
postmaster_address = postmaster@yourdomain.com<br />
}<br />
protocol imap {<br />
mail_plugins = $mail_plugins imap_quota<br />
mail_plugin_dir = /usr/lib/dovecot/modules<br />
}<br />
plugin {<br />
quota = dict:User quota::proxy::quotadict<br />
quota_rule2 = Trash:storage=+10%%<br />
quota_warning = storage=100%% quota-warning +100 %u<br />
quota_warning2 = storage=95%% quota-warning +95 %u<br />
quota_warning3 = storage=80%% quota-warning +80 %u<br />
quota_warning4 = -storage=100%% quota-warning -100 %u # user is no longer over quota<br />
}<br />
<br />
*Create a new file /etc/dovecot/dovecot-dict-sql.conf.ext with the following code:<br />
connect = host=localhost dbname=yourdb user=youruser password=yourpassword<br />
map {<br />
pattern = priv/quota/storage<br />
table = quota2<br />
username_field = username<br />
value_field = bytes<br />
}<br />
map {<br />
pattern = priv/quota/messages<br />
table = quota2<br />
username_field = username<br />
value_field = messages<br />
}<br />
*Create a warning script /usr/local/bin/quota-warning.sh and make sure it is executable. This warning script works with postfix lmtp configuration as well.<br />
<pre> #!/bin/sh<br />
BOUNDARY="$1"<br />
USER="$2"<br />
MSG=""<br />
if [[ "$BOUNDARY" = "+100" ]]; then<br />
MSG="Your mailbox is now overfull (>100%). In order for your account to continue functioning properly, you need to remove some emails NOW."<br />
elif [[ "$BOUNDARY" = "+95" ]]; then<br />
MSG="Your mailbox is now over 95% full. Please remove some emails ASAP."<br />
elif [[ "$BOUNDARY" = "+80" ]]; then<br />
MSG="Your mailbox is now over 80% full. Please consider removing some emails to save space."<br />
elif [[ "$BOUNDARY" = "-100" ]]; then<br />
MSG="Your mailbox is now back to normal (<100%)."<br />
fi<br />
<br />
cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"<br />
From: postmaster@yourdomain.com<br />
Subject: Email Account Quota Warning<br />
<br />
Dear User,<br />
<br />
$MSG<br />
<br />
Best regards,<br />
Your Mail System<br />
EOF<br />
</pre><br />
<br />
*Edit the user_query line and add iterat_query in dovecot-sql.conf as following:<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'<br />
iterate_query = SELECT username AS user FROM mailbox<br />
*Set up LDA as described above under SpamAssassin. If you're not using SpamAssassin, the pipe should look like this in /etc/postfix/master.cf :<br />
dovecot unix - n n - - pipe<br />
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}<br />
As above activate it in Postfix main.cf<br />
virtual_transport = dovecot<br />
*You can set up quota per each mailbox in postfixadmin. Make sure the relevant lines in config.inc.php look like this:<br />
$CONF['quota'] = 'YES';<br />
$CONF['quota_multiplier'] = '1024000';<br />
<br />
Restart postfix and dovecot services. If things go well, you should be able to list all users' quota and usage by the this command:<br />
doveadm quota get -A<br />
You should be able to see the quota in roundcube too.<br />
<br />
== Sidenotes ==<br />
<br />
=== Alternative vmail folder structure ===<br />
<br />
Instead of having a directory structure like {{ic|/home/vmail/example.com/user@example.com}} you can have cleaner subdirectories (without the additional domain name) by replacing {{ic|select_field}} and {{ic|where_field}} with:<br />
{{bc|1=query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'}}<br />
<br />
<br />
== Troubleshooting ==<br />
<br />
=== IMAP/POP3 client failing to receive mails ===<br />
<br />
If you get similar errors, take a look into {{ic|/var/log/mail.log}} or use {{ic|journalctl -xn --unit postfix.service}} to find out more.<br />
<br />
It may turn out that the Maildir {{ic|/home/vmail/mail@domain.tld}} is just being created if there is at least one email waiting. Otherwise there wouldn't be any need for the directory creation before.</div>Guiguanhttps://wiki.archlinux.org/index.php?title=Virtual_user_mail_system_with_Postfix,_Dovecot_and_Roundcube&diff=398397Virtual user mail system with Postfix, Dovecot and Roundcube2015-09-05T15:43:32Z<p>Guiguan: /* Quota */</p>
<hr />
<div>[[Category:Mail server]]<br />
{{Related articles start}}<br />
{{Related|Postfix}}<br />
{{Related|Courier MTA}}<br />
{{Related|OpenDKIM}}<br />
{{Related articles end}}<br />
This article describes how to set up a complete virtual user mail system on an Arch Linux system in the simplest manner possible. However, since a mail system consists of many complex components, quite a bit of configuration will still be necessary. <br />
<br />
Roughly, the components used in this article are Postfix as the mail server, Dovecot as the IMAP server, Roundcube as the webmail interface and PostfixAdmin as the administration interface to manage it all.<br />
<br />
In the end, the provided solution will allow you to use the best currently available security mechanisms, you will be able to send mails using SMTP and SMTPS and receive mails using POP3, POP3S, IMAP and IMAPS. Additionally, configuration will be easy thanks to PostfixAdmin and users will be able to login using Roundcube. What a deal!<br />
<br />
== Installation ==<br />
Before you start, you must have both a working MySQL server as described in [[MySQL]] and a working Postfix server as described in [[Postfix]].<br />
<br />
[[Install]] the {{Pkg|dovecot}} and {{Pkg|roundcubemail}} packages.<br />
<br />
== Configuration ==<br />
=== User ===<br />
For security reasons, a new user should be created to store the mails:<br />
# groupadd -g 5000 vmail<br />
# useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail<br />
A gid and uid of 5000 is used in both cases so that we do not run into conflicts with regular users. All your mail will then be stored in {{ic|/home/vmail}}. You could change the home directory to something like {{ic|/var/mail/vmail}} but be careful to change this in any configuration below as well.<br />
<br />
=== Database ===<br />
You will need to create an empty database and corresponding user. In this article, the user ''postfix_user'' will have read/write access to the database ''postfix_db'' using ''hunter2'' as password. You are expected to create the database and user yourself, and give the user permission to use the database, as shown in the following code.<br />
<br />
{{hc|$ mysql -u root -p|<br />
CREATE DATABASE postfix_db;<br />
GRANT ALL ON postfix_db.* TO 'postfix_user'@'localhost' IDENTIFIED BY 'hunter2';<br />
FLUSH PRIVILEGES;<br />
}}<br />
<br />
{{Expansion|Further manual database installation is missing. So far, the only way to follow this article is by installing PostfixAdmin with Apache, MySQL and PHP.}}<br />
<br />
Now you can go to the PostfixAdmin's setup page, let PostfixAdmin create the needed tables and create the users in there.<br />
<br />
==== PostfixAdmin ====<br />
See [[Postfix#PostfixAdmin]].<br />
<br />
=== SSL certificate ===<br />
You will need a SSL certificate for all encrypted mail communications (SMTPS/IMAPS/POP3S). If you do not have one, create one:<br />
# cd /etc/ssl/private/<br />
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout vmail.key -out vmail.crt -days 1460 #days are optional<br />
# chmod 400 vmail.key<br />
# chmod 444 vmail.crt<br />
<br />
=== Postfix ===<br />
<br />
==== SMTPS ====<br />
<br />
Enable secure SMTP as described in [[Postfix#Secure SMTP]]. <br />
<br />
==== Prerequisites ====<br />
<br />
Before you copy&paste the configuration below, check if {{ic|relay_domains}} has already been already set. If you leave more than one active, you will receive warnings during runtime.<br />
<br />
{{Warning|{{ic|<nowiki>relay_domains</nowiki>}} can be dangerous. You usually do not want Postfix to forward mail of strangers. {{ic|<nowiki>$mydestination</nowiki>}} is a sane default value. Double check it's value before running postfix! See http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_to}} <br />
<br />
Also check if your SSL certificate paths are set right in all upcoming config examples.<br />
<br />
==== Setting up Postfix ====<br />
<br />
To {{ic|/etc/postfix/main.cf}} append:<br />
relay_domains = $mydestination<br />
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf<br />
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf<br />
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf<br />
virtual_mailbox_base = /home/vmail<br />
virtual_mailbox_limit = 512000000<br />
virtual_minimum_uid = 5000<br />
virtual_transport = virtual<br />
virtual_uid_maps = static:5000<br />
virtual_gid_maps = static:5000<br />
local_transport = virtual<br />
local_recipient_maps = $virtual_mailbox_maps<br />
transport_maps = hash:/etc/postfix/transport<br />
<br />
smtpd_sasl_auth_enable = yes<br />
smtpd_sasl_type = dovecot<br />
smtpd_sasl_path = /var/run/dovecot/auth-client<br />
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br />
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br />
smtpd_sasl_security_options = noanonymous<br />
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options<br />
smtpd_use_tls = yes<br />
smtpd_tls_security_level = may<br />
smtpd_tls_auth_only = yes<br />
smtpd_tls_received_header = yes<br />
smtpd_tls_cert_file = /etc/ssl/private/vmail.crt<br />
smtpd_tls_key_file = /etc/ssl/private/vmail.key<br />
smtpd_sasl_local_domain = $mydomain<br />
broken_sasl_auth_clients = yes<br />
smtpd_tls_loglevel = 1<br />
<br />
* In the configuration above {{ic|virtual_mailbox_domains}} is a list of the domains that you want to receive mail for. This CANNOT contain the domain that is set in {{ic|mydestination}}. That is why we left {{ic|mydestination}} to be localhost only.<br />
<br />
* {{ic|virtual_mailbox_maps}} will contain the information of virtual users and their mailbox locations. We are using a hash file to store the more permanent maps, and these will then override the forwards in the MySQL database.<br />
<br />
* {{ic|virtual_mailbox_base}} is the base directory where the virtual mailboxes will be stored.<br />
<br />
The {{ic|virtual_uid_maps}} and {{ic|virtual_gid_maps}} are the real system user IDs that the virtual mails will be owned by. This is for storage purposes. <br />
<br />
{{note|Since we will be using a web interface (Roundcube), and do not want people accessing this by any other means, we will be creating this account later without providing any login access.}}<br />
<br />
==== Create the file structure ====<br />
<br />
Those new additional settings reference a lot of files that do not even exist yet. We will create them with the following steps.<br />
<br />
If you were setting up your database with PostfixAdmin and created the database schema through PostfixAdmin, you can create the following files. Do not forget to change the password:<br />
<br />
{{hc|/etc/postfix/virtual_alias_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = alias<br />
select_field = goto<br />
where_field = address<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_domains.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = domain<br />
select_field = domain<br />
where_field = domain<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = mailbox<br />
select_field = maildir<br />
where_field = username<br />
</nowiki>}}<br />
<br />
{{Note | For setups without using PostfixAdmin, create the following files.}}<br />
<br />
{{hc|/etc/postfix/virtual_alias_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = domains<br />
select_field = virtual<br />
where_field = domain<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_domains.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = forwardings<br />
select_field = destination<br />
where_field = source<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = users<br />
select_field = concat(domain,'/',email,'/')<br />
where_field = email<br />
</nowiki>}}<br />
<br />
Run ''postmap'' on ''transport'' to generate its db:<br />
# postmap /etc/postfix/transport<br />
<br />
=== Dovecot ===<br />
<br />
Instead of using the provided Dovecot example config file, we'll create our own {{ic|/etc/dovecot/dovecot.conf}}.<br />
<br />
{{hc|/etc/dovecot/dovecot.conf|<nowiki><br />
protocols = imap pop3<br />
auth_mechanisms = plain<br />
passdb {<br />
driver = sql<br />
args = /etc/dovecot/dovecot-sql.conf<br />
}<br />
userdb {<br />
driver = sql<br />
args = /etc/dovecot/dovecot-sql.conf<br />
}<br />
<br />
service auth {<br />
unix_listener auth-client {<br />
group = postfix<br />
mode = 0660<br />
user = postfix<br />
}<br />
user = root<br />
}<br />
<br />
mail_home = /home/vmail/%d/%n<br />
mail_location = maildir:~<br />
<br />
ssl_cert = </etc/ssl/private/vmail.crt<br />
ssl_key = </etc/ssl/private/vmail.key<br />
</nowiki>}}<br />
<br />
{{note|If you instead want to modify {{ic|dovecot.conf.sample}}, beware that the default configuration file imports the content of {{ic|conf.d/*.conf}}. Those files call other files that aren't present in our configuration.}}<br />
<br />
Now we create {{ic|/etc/dovecot/dovecot-sql.conf}}, which we just referenced in the config above. Use the following contents and check if everything is set accordingly to your system's configuration.<br />
<br />
If you used PostfixAdmin, then you add the following:<br />
<br />
{{hc|/etc/dovecot/dovecot-sql.conf|<nowiki><br />
driver = mysql<br />
connect = host=localhost dbname=postfix_db user=postfix_user password=hunter2<br />
# It is highly recommended to not use deprecated MD5-CRYPT. Read more at http://wiki2.dovecot.org/Authentication/PasswordSchemes<br />
default_pass_scheme = SHA512-CRYPT<br />
# Get the mailbox<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'<br />
# Get the password<br />
password_query = SELECT username as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'<br />
# If using client certificates for authentication, comment the above and uncomment the following<br />
#password_query = SELECT null AS password, ‘%u’ AS user<br />
</nowiki>}}<br />
<br />
Without having used PostfixAdmin you can use:<br />
<br />
{{hc|/etc/dovecot/dovecot-sql.conf|<nowiki><br />
driver = mysql<br />
connect = host=localhost dbname=postfix_db user=postfix_user password=hunter2<br />
# It is highly recommended to not use deprecated MD5-CRYPT. Read more at http://wiki2.dovecot.org/Authentication/PasswordSchemes<br />
default_pass_scheme = SHA512-CRYPT<br />
# Get the mailbox<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM users WHERE email = '%u'<br />
# Get the password<br />
password_query = SELECT email as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM users WHERE email = '%u'<br />
# If using client certificates for authentication, comment the above and uncomment the following<br />
#password_query = SELECT null AS password, ‘%u’ AS user<br />
</nowiki>}}<br />
<br />
{{tip | Visit http://wiki2.dovecot.org/Variables to learn more about Dovecot variables.}}<br />
<br />
=== PostfixAdmin ===<br />
See [[Postfix#PostfixAdmin]].<br />
<br />
=== Roundcube ===<br />
<br />
Make sure that both the {{ic|pdo_mysql.so}} extension and {{ic|iconv.so}} extension are uncommented in your {{ic|php.ini}} file. Also check the {{ic|.htaccess}} for access restrictions. Assuming that localhost is your current host, navigate a browser to {{ic|http://localhost/roundcube/installer/}} and follow the instructions. <br />
<br />
Roundcube needs a separate database to work. You should not use the same database for Roundcube and PostfixAdmin. Create a second database {{ic|roundcube_db}} and a new user named {{ic|roundcube_user}}.<br />
<br />
While running the installer ...<br />
<br />
* Make sure to address of the IMAP host is {{ic|ssl://localhost/}} or {{ic|tls://localhost/}} and not just {{ic|localhost}}. <br />
* Use port {{ic|993}}. Likewise with SMTP. <br />
* Make sure to provide {{ic|ssl://localhost/}} with port {{ic|465}} if you used the wrapper mode<br />
* and use {{ic|tls://localhost/}} port {{ic|587}} if you used the proper TLS mode. <br />
* See [[#Postfix|here]] for an explanation on that.<br />
<br />
The post install process is similar to any other webapp like [[PhpMyAdmin]] or PostFixAdmin. The configuration file is in {{ic|/etc/webapps/roundcubemail/config/config.inc.php}} which works as an override over {{ic|default.inc.php}}.<br />
<br />
==== Apache configuration ====<br />
<br />
If you are using Apache, copy the example configuration file to your webserver configuration directory.<br />
<br />
# cp /etc/webapps/roundcubemail/apache.conf /etc/httpd/conf/extra/httpd-roundcubemail.conf<br />
<br />
Add the following line in<br />
<br />
{{hc|/etc/httpd/conf/httpd.conf|<nowiki><br />
Include conf/extra/httpd-roundcubemail.conf<br />
</nowiki>}}<br />
<br />
==== Roundcube: Change Password Plugin ====<br />
<br />
To let users change their passwords from within Roundcube, do the following:<br />
<br />
Enable the password plugin by adding this line to<br />
<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$rcmail_config['plugins'] = array('password');<br />
</nowiki>}}<br />
<br />
Configure the password plugin and make sure you alter the settings accordingly:<br />
<br />
{{hc|/usr/share/webapps/roundcubemail/plugins/password/config.inc.php|<nowiki><br />
$config['password_driver'] = 'sql';<br />
$config['password_db_dsn'] = 'mysql://<postfix_database_user>:<password>@localhost/<postfix_database_name>';<br />
$config['password_query'] = 'UPDATE mailbox SET password=%c WHERE username=%u';<br />
</nowiki>}}<br />
<br />
== Fire it up ==<br />
All necessary daemons should be started in order to test the configuration. [[Start]] both {{ic|postfix}} and {{ic|dovecot}}.<br />
<br />
Now for testing purposes, create a domain and mail account in PostfixAdmin. Try to login to this account using Roundcube. Now send yourself a mail.<br />
<br />
== Optional Items ==<br />
Although these items are not required, they definitely add more completeness to your setup<br />
<br />
=== Quota ===<br />
To enable mailbox quota support by dovecot, do the following: <br />
*First add the following lines to /etc/dovecot/dovecot.conf<br />
dict {<br />
quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext<br />
}<br />
service dict {<br />
unix_listener dict {<br />
group = vmail<br />
mode = 0660<br />
user = vmail<br />
}<br />
user = root<br />
}<br />
service quota-warning {<br />
executable = script /usr/local/bin/quota-warning.sh<br />
user = vmail<br />
unix_listener quota-warning {<br />
group = vmail<br />
mode = 0660<br />
user = vmail<br />
}<br />
} <br />
mail_plugins=quota<br />
protocol pop3 {<br />
mail_plugins = quota<br />
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh<br />
pop3_uidl_format = %08Xu%08Xv<br />
}<br />
protocol lda {<br />
mail_plugins = quota<br />
postmaster_address = postmaster@yourdomain.com<br />
}<br />
protocol imap {<br />
mail_plugins = $mail_plugins imap_quota<br />
mail_plugin_dir = /usr/lib/dovecot/modules<br />
}<br />
plugin {<br />
quota = dict:User quota::proxy::quotadict<br />
quota_rule2 = Trash:storage=+10%%<br />
quota_warning = storage=100%% quota-warning +100 %u<br />
quota_warning2 = storage=95%% quota-warning +95 %u<br />
quota_warning3 = storage=80%% quota-warning +80 %u<br />
quota_warning4 = -storage=100%% quota-warning -100 %u # user is no longer over quota<br />
}<br />
<br />
*Create a new file /etc/dovecot/dovecot-dict-sql.conf.ext with the following code:<br />
connect = host=localhost dbname=yourdb user=youruser password=yourpassword<br />
map {<br />
pattern = priv/quota/storage<br />
table = quota2<br />
username_field = username<br />
value_field = bytes<br />
}<br />
map {<br />
pattern = priv/quota/messages<br />
table = quota2<br />
username_field = username<br />
value_field = messages<br />
}<br />
*Create a warning script /usr/local/bin/quota-warning.sh and make sure it is executable. This warning script works with postfix lmtp configuration as well.<br />
#!/bin/sh<br />
BOUNDARY="$1"<br />
USER="$2"<br />
MSG=""<br />
if [[ "$BOUNDARY" = "+100" ]]; then<br />
MSG="Your mailbox is now overfull (>100%). In order for your account to continue functioning properly, you need to remove some emails NOW."<br />
elif [[ "$BOUNDARY" = "+95" ]]; then<br />
MSG="Your mailbox is now over 95% full. Please remove some emails ASAP."<br />
elif [[ "$BOUNDARY" = "+80" ]]; then<br />
MSG="Your mailbox is now over 80% full. Please consider removing some emails to save space."<br />
elif [[ "$BOUNDARY" = "-100" ]]; then<br />
MSG="Your mailbox is now back to normal (<100%)."<br />
fi<br />
<br />
cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"<br />
From: postmaster@yourdomain.com<br />
Subject: Email Account Quota Warning<br />
<br />
THIS MESSAGE IS AUTOMATICALLY GENERATED BY THE MAIL SYSTEM. DO NOT REPLY TO IT.<br />
<br />
Dear User,<br />
<br />
$MSG<br />
<br />
Best regards,<br />
Your Mail System<br />
EOF<br />
<br />
*Edit the user_query line and add iterat_query in dovecot-sql.conf as following:<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'<br />
iterate_query = SELECT username AS user FROM mailbox<br />
*Set up LDA as described above under SpamAssassin. If you're not using SpamAssassin, the pipe should look like this in /etc/postfix/master.cf :<br />
dovecot unix - n n - - pipe<br />
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}<br />
As above activate it in Postfix main.cf<br />
virtual_transport = dovecot<br />
*You can set up quota per each mailbox in postfixadmin. Make sure the relevant lines in config.inc.php look like this:<br />
$CONF['quota'] = 'YES';<br />
$CONF['quota_multiplier'] = '1024000';<br />
<br />
Restart postfix and dovecot services. If things go well, you should be able to list all users' quota and usage by the this command:<br />
doveadm quota get -A<br />
You should be able to see the quota in roundcube too.<br />
<br />
== Sidenotes ==<br />
<br />
=== Alternative vmail folder structure ===<br />
<br />
Instead of having a directory structure like {{ic|/home/vmail/example.com/user@example.com}} you can have cleaner subdirectories (without the additional domain name) by replacing {{ic|select_field}} and {{ic|where_field}} with:<br />
{{bc|1=query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'}}<br />
<br />
<br />
== Troubleshooting ==<br />
<br />
=== IMAP/POP3 client failing to receive mails ===<br />
<br />
If you get similar errors, take a look into {{ic|/var/log/mail.log}} or use {{ic|journalctl -xn --unit postfix.service}} to find out more.<br />
<br />
It may turn out that the Maildir {{ic|/home/vmail/mail@domain.tld}} is just being created if there is at least one email waiting. Otherwise there wouldn't be any need for the directory creation before.</div>Guiguanhttps://wiki.archlinux.org/index.php?title=Virtual_user_mail_system_with_Postfix,_Dovecot_and_Roundcube&diff=398394Virtual user mail system with Postfix, Dovecot and Roundcube2015-09-05T15:41:51Z<p>Guiguan: /* Quota */</p>
<hr />
<div>[[Category:Mail server]]<br />
{{Related articles start}}<br />
{{Related|Postfix}}<br />
{{Related|Courier MTA}}<br />
{{Related|OpenDKIM}}<br />
{{Related articles end}}<br />
This article describes how to set up a complete virtual user mail system on an Arch Linux system in the simplest manner possible. However, since a mail system consists of many complex components, quite a bit of configuration will still be necessary. <br />
<br />
Roughly, the components used in this article are Postfix as the mail server, Dovecot as the IMAP server, Roundcube as the webmail interface and PostfixAdmin as the administration interface to manage it all.<br />
<br />
In the end, the provided solution will allow you to use the best currently available security mechanisms, you will be able to send mails using SMTP and SMTPS and receive mails using POP3, POP3S, IMAP and IMAPS. Additionally, configuration will be easy thanks to PostfixAdmin and users will be able to login using Roundcube. What a deal!<br />
<br />
== Installation ==<br />
Before you start, you must have both a working MySQL server as described in [[MySQL]] and a working Postfix server as described in [[Postfix]].<br />
<br />
[[Install]] the {{Pkg|dovecot}} and {{Pkg|roundcubemail}} packages.<br />
<br />
== Configuration ==<br />
=== User ===<br />
For security reasons, a new user should be created to store the mails:<br />
# groupadd -g 5000 vmail<br />
# useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail<br />
A gid and uid of 5000 is used in both cases so that we do not run into conflicts with regular users. All your mail will then be stored in {{ic|/home/vmail}}. You could change the home directory to something like {{ic|/var/mail/vmail}} but be careful to change this in any configuration below as well.<br />
<br />
=== Database ===<br />
You will need to create an empty database and corresponding user. In this article, the user ''postfix_user'' will have read/write access to the database ''postfix_db'' using ''hunter2'' as password. You are expected to create the database and user yourself, and give the user permission to use the database, as shown in the following code.<br />
<br />
{{hc|$ mysql -u root -p|<br />
CREATE DATABASE postfix_db;<br />
GRANT ALL ON postfix_db.* TO 'postfix_user'@'localhost' IDENTIFIED BY 'hunter2';<br />
FLUSH PRIVILEGES;<br />
}}<br />
<br />
{{Expansion|Further manual database installation is missing. So far, the only way to follow this article is by installing PostfixAdmin with Apache, MySQL and PHP.}}<br />
<br />
Now you can go to the PostfixAdmin's setup page, let PostfixAdmin create the needed tables and create the users in there.<br />
<br />
==== PostfixAdmin ====<br />
See [[Postfix#PostfixAdmin]].<br />
<br />
=== SSL certificate ===<br />
You will need a SSL certificate for all encrypted mail communications (SMTPS/IMAPS/POP3S). If you do not have one, create one:<br />
# cd /etc/ssl/private/<br />
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout vmail.key -out vmail.crt -days 1460 #days are optional<br />
# chmod 400 vmail.key<br />
# chmod 444 vmail.crt<br />
<br />
=== Postfix ===<br />
<br />
==== SMTPS ====<br />
<br />
Enable secure SMTP as described in [[Postfix#Secure SMTP]]. <br />
<br />
==== Prerequisites ====<br />
<br />
Before you copy&paste the configuration below, check if {{ic|relay_domains}} has already been already set. If you leave more than one active, you will receive warnings during runtime.<br />
<br />
{{Warning|{{ic|<nowiki>relay_domains</nowiki>}} can be dangerous. You usually do not want Postfix to forward mail of strangers. {{ic|<nowiki>$mydestination</nowiki>}} is a sane default value. Double check it's value before running postfix! See http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_to}} <br />
<br />
Also check if your SSL certificate paths are set right in all upcoming config examples.<br />
<br />
==== Setting up Postfix ====<br />
<br />
To {{ic|/etc/postfix/main.cf}} append:<br />
relay_domains = $mydestination<br />
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf<br />
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf<br />
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf<br />
virtual_mailbox_base = /home/vmail<br />
virtual_mailbox_limit = 512000000<br />
virtual_minimum_uid = 5000<br />
virtual_transport = virtual<br />
virtual_uid_maps = static:5000<br />
virtual_gid_maps = static:5000<br />
local_transport = virtual<br />
local_recipient_maps = $virtual_mailbox_maps<br />
transport_maps = hash:/etc/postfix/transport<br />
<br />
smtpd_sasl_auth_enable = yes<br />
smtpd_sasl_type = dovecot<br />
smtpd_sasl_path = /var/run/dovecot/auth-client<br />
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br />
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br />
smtpd_sasl_security_options = noanonymous<br />
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options<br />
smtpd_use_tls = yes<br />
smtpd_tls_security_level = may<br />
smtpd_tls_auth_only = yes<br />
smtpd_tls_received_header = yes<br />
smtpd_tls_cert_file = /etc/ssl/private/vmail.crt<br />
smtpd_tls_key_file = /etc/ssl/private/vmail.key<br />
smtpd_sasl_local_domain = $mydomain<br />
broken_sasl_auth_clients = yes<br />
smtpd_tls_loglevel = 1<br />
<br />
* In the configuration above {{ic|virtual_mailbox_domains}} is a list of the domains that you want to receive mail for. This CANNOT contain the domain that is set in {{ic|mydestination}}. That is why we left {{ic|mydestination}} to be localhost only.<br />
<br />
* {{ic|virtual_mailbox_maps}} will contain the information of virtual users and their mailbox locations. We are using a hash file to store the more permanent maps, and these will then override the forwards in the MySQL database.<br />
<br />
* {{ic|virtual_mailbox_base}} is the base directory where the virtual mailboxes will be stored.<br />
<br />
The {{ic|virtual_uid_maps}} and {{ic|virtual_gid_maps}} are the real system user IDs that the virtual mails will be owned by. This is for storage purposes. <br />
<br />
{{note|Since we will be using a web interface (Roundcube), and do not want people accessing this by any other means, we will be creating this account later without providing any login access.}}<br />
<br />
==== Create the file structure ====<br />
<br />
Those new additional settings reference a lot of files that do not even exist yet. We will create them with the following steps.<br />
<br />
If you were setting up your database with PostfixAdmin and created the database schema through PostfixAdmin, you can create the following files. Do not forget to change the password:<br />
<br />
{{hc|/etc/postfix/virtual_alias_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = alias<br />
select_field = goto<br />
where_field = address<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_domains.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = domain<br />
select_field = domain<br />
where_field = domain<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = mailbox<br />
select_field = maildir<br />
where_field = username<br />
</nowiki>}}<br />
<br />
{{Note | For setups without using PostfixAdmin, create the following files.}}<br />
<br />
{{hc|/etc/postfix/virtual_alias_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = domains<br />
select_field = virtual<br />
where_field = domain<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_domains.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = forwardings<br />
select_field = destination<br />
where_field = source<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = users<br />
select_field = concat(domain,'/',email,'/')<br />
where_field = email<br />
</nowiki>}}<br />
<br />
Run ''postmap'' on ''transport'' to generate its db:<br />
# postmap /etc/postfix/transport<br />
<br />
=== Dovecot ===<br />
<br />
Instead of using the provided Dovecot example config file, we'll create our own {{ic|/etc/dovecot/dovecot.conf}}.<br />
<br />
{{hc|/etc/dovecot/dovecot.conf|<nowiki><br />
protocols = imap pop3<br />
auth_mechanisms = plain<br />
passdb {<br />
driver = sql<br />
args = /etc/dovecot/dovecot-sql.conf<br />
}<br />
userdb {<br />
driver = sql<br />
args = /etc/dovecot/dovecot-sql.conf<br />
}<br />
<br />
service auth {<br />
unix_listener auth-client {<br />
group = postfix<br />
mode = 0660<br />
user = postfix<br />
}<br />
user = root<br />
}<br />
<br />
mail_home = /home/vmail/%d/%n<br />
mail_location = maildir:~<br />
<br />
ssl_cert = </etc/ssl/private/vmail.crt<br />
ssl_key = </etc/ssl/private/vmail.key<br />
</nowiki>}}<br />
<br />
{{note|If you instead want to modify {{ic|dovecot.conf.sample}}, beware that the default configuration file imports the content of {{ic|conf.d/*.conf}}. Those files call other files that aren't present in our configuration.}}<br />
<br />
Now we create {{ic|/etc/dovecot/dovecot-sql.conf}}, which we just referenced in the config above. Use the following contents and check if everything is set accordingly to your system's configuration.<br />
<br />
If you used PostfixAdmin, then you add the following:<br />
<br />
{{hc|/etc/dovecot/dovecot-sql.conf|<nowiki><br />
driver = mysql<br />
connect = host=localhost dbname=postfix_db user=postfix_user password=hunter2<br />
# It is highly recommended to not use deprecated MD5-CRYPT. Read more at http://wiki2.dovecot.org/Authentication/PasswordSchemes<br />
default_pass_scheme = SHA512-CRYPT<br />
# Get the mailbox<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'<br />
# Get the password<br />
password_query = SELECT username as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'<br />
# If using client certificates for authentication, comment the above and uncomment the following<br />
#password_query = SELECT null AS password, ‘%u’ AS user<br />
</nowiki>}}<br />
<br />
Without having used PostfixAdmin you can use:<br />
<br />
{{hc|/etc/dovecot/dovecot-sql.conf|<nowiki><br />
driver = mysql<br />
connect = host=localhost dbname=postfix_db user=postfix_user password=hunter2<br />
# It is highly recommended to not use deprecated MD5-CRYPT. Read more at http://wiki2.dovecot.org/Authentication/PasswordSchemes<br />
default_pass_scheme = SHA512-CRYPT<br />
# Get the mailbox<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM users WHERE email = '%u'<br />
# Get the password<br />
password_query = SELECT email as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM users WHERE email = '%u'<br />
# If using client certificates for authentication, comment the above and uncomment the following<br />
#password_query = SELECT null AS password, ‘%u’ AS user<br />
</nowiki>}}<br />
<br />
{{tip | Visit http://wiki2.dovecot.org/Variables to learn more about Dovecot variables.}}<br />
<br />
=== PostfixAdmin ===<br />
See [[Postfix#PostfixAdmin]].<br />
<br />
=== Roundcube ===<br />
<br />
Make sure that both the {{ic|pdo_mysql.so}} extension and {{ic|iconv.so}} extension are uncommented in your {{ic|php.ini}} file. Also check the {{ic|.htaccess}} for access restrictions. Assuming that localhost is your current host, navigate a browser to {{ic|http://localhost/roundcube/installer/}} and follow the instructions. <br />
<br />
Roundcube needs a separate database to work. You should not use the same database for Roundcube and PostfixAdmin. Create a second database {{ic|roundcube_db}} and a new user named {{ic|roundcube_user}}.<br />
<br />
While running the installer ...<br />
<br />
* Make sure to address of the IMAP host is {{ic|ssl://localhost/}} or {{ic|tls://localhost/}} and not just {{ic|localhost}}. <br />
* Use port {{ic|993}}. Likewise with SMTP. <br />
* Make sure to provide {{ic|ssl://localhost/}} with port {{ic|465}} if you used the wrapper mode<br />
* and use {{ic|tls://localhost/}} port {{ic|587}} if you used the proper TLS mode. <br />
* See [[#Postfix|here]] for an explanation on that.<br />
<br />
The post install process is similar to any other webapp like [[PhpMyAdmin]] or PostFixAdmin. The configuration file is in {{ic|/etc/webapps/roundcubemail/config/config.inc.php}} which works as an override over {{ic|default.inc.php}}.<br />
<br />
==== Apache configuration ====<br />
<br />
If you are using Apache, copy the example configuration file to your webserver configuration directory.<br />
<br />
# cp /etc/webapps/roundcubemail/apache.conf /etc/httpd/conf/extra/httpd-roundcubemail.conf<br />
<br />
Add the following line in<br />
<br />
{{hc|/etc/httpd/conf/httpd.conf|<nowiki><br />
Include conf/extra/httpd-roundcubemail.conf<br />
</nowiki>}}<br />
<br />
==== Roundcube: Change Password Plugin ====<br />
<br />
To let users change their passwords from within Roundcube, do the following:<br />
<br />
Enable the password plugin by adding this line to<br />
<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$rcmail_config['plugins'] = array('password');<br />
</nowiki>}}<br />
<br />
Configure the password plugin and make sure you alter the settings accordingly:<br />
<br />
{{hc|/usr/share/webapps/roundcubemail/plugins/password/config.inc.php|<nowiki><br />
$config['password_driver'] = 'sql';<br />
$config['password_db_dsn'] = 'mysql://<postfix_database_user>:<password>@localhost/<postfix_database_name>';<br />
$config['password_query'] = 'UPDATE mailbox SET password=%c WHERE username=%u';<br />
</nowiki>}}<br />
<br />
== Fire it up ==<br />
All necessary daemons should be started in order to test the configuration. [[Start]] both {{ic|postfix}} and {{ic|dovecot}}.<br />
<br />
Now for testing purposes, create a domain and mail account in PostfixAdmin. Try to login to this account using Roundcube. Now send yourself a mail.<br />
<br />
== Optional Items ==<br />
Although these items are not required, they definitely add more completeness to your setup<br />
<br />
=== Quota ===<br />
To enable mailbox quota support by dovecot, do the following: <br />
*First add the following lines to /etc/dovecot/dovecot.conf<br />
dict {<br />
quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext<br />
}<br />
service dict {<br />
unix_listener dict {<br />
group = vmail<br />
mode = 0660<br />
user = vmail<br />
}<br />
user = root<br />
}<br />
service quota-warning {<br />
executable = script /usr/local/bin/quota-warning.sh<br />
user = vmail<br />
unix_listener quota-warning {<br />
group = vmail<br />
mode = 0660<br />
user = vmail<br />
}<br />
} <br />
mail_plugins=quota<br />
protocol pop3 {<br />
mail_plugins = quota<br />
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh<br />
pop3_uidl_format = %08Xu%08Xv<br />
}<br />
protocol lda {<br />
mail_plugins = quota<br />
postmaster_address = postmaster@yourdomain.com<br />
}<br />
protocol imap {<br />
mail_plugins = $mail_plugins imap_quota<br />
mail_plugin_dir = /usr/lib/dovecot/modules<br />
}<br />
plugin {<br />
quota = dict:User quota::proxy::quotadict<br />
quota_rule2 = Trash:storage=+10%%<br />
quota_warning = storage=100%% quota-warning +100 %u<br />
quota_warning2 = storage=95%% quota-warning +95 %u<br />
quota_warning3 = storage=80%% quota-warning +80 %u<br />
quota_warning4 = -storage=100%% quota-warning -100 %u # user is no longer over quota<br />
}<br />
<br />
*Create a new file /etc/dovecot/dovecot-dict-sql.conf.ext with the following code:<br />
connect = host=localhost dbname=yourdb user=youruser password=yourpassword<br />
map {<br />
pattern = priv/quota/storage<br />
table = quota2<br />
username_field = username<br />
value_field = bytes<br />
}<br />
map {<br />
pattern = priv/quota/messages<br />
table = quota2<br />
username_field = username<br />
value_field = messages<br />
}<br />
*Create a warning script /usr/local/bin/quota-warning.sh and make sure it is executable. This warning script works with postfix lmtp configuration as well.<br />
#!/bin/sh<br />
BOUNDARY="$1"<br />
USER="$2"<br />
MSG=""<br />
if [[ "$BOUNDARY" = "+100" ]]; then<br />
MSG="Your mailbox is now overfull (>100%). In order for your account to continue functioning properly, you need to remove some emails NOW."<br />
elif [[ "$BOUNDARY" = "+95" ]]; then<br />
MSG="Your mailbox is now over 95% full. Please remove some emails ASAP."<br />
elif [[ "$BOUNDARY" = "+80" ]]; then<br />
MSG="Your mailbox is now over 80% full. Please consider removing some emails to save space."<br />
elif [[ "$BOUNDARY" = "-100" ]]; then<br />
MSG="Your mailbox is now back to normal (<100%)."<br />
fi<br />
<br />
cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"<br />
From: postmaster@yourdomain.com<br />
Subject: Email Account Quota Warning<br />
<br />
THIS MESSAGE IS AUTOMATICALLY GENERATED BY THE MAIL SYSTEM. DO NOT REPLY TO IT.<br />
<br />
Dear User,<br />
<br />
$MSG<br />
<br />
Best regards,<br />
Your Mail System<br />
EOF<br />
<br />
*Edit the user_query line and add iterat_query in dovecot-sql.conf as following:<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'<br />
iterate_query = SELECT username AS user FROM mailbox<br />
*Set up LDA as described above under SpamAssassin. If you're not using SpamAssassin, the pipe should look like this in /etc/postfix/master.cf :<br />
dovecot unix - n n - - pipe<br />
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}<br />
As above activate it in Postfix main.cf<br />
virtual_transport = dovecot<br />
*You can set up quota per each mailbox in postfixadmin. Make sure the relevant lines in config.inc.php look like this:<br />
$CONF['quota'] = 'YES';<br />
$CONF['quota_multiplier'] = '1024000';<br />
<br />
Restart postfix and dovecot services. If things go well, you should be able to list all users' quota and usage by the this command:<br />
doveadm quota get -A<br />
You should be able to see the quota in roundcube too.<br />
<br />
== Sidenotes ==<br />
<br />
=== Alternative vmail folder structure ===<br />
<br />
Instead of having a directory structure like {{ic|/home/vmail/example.com/user@example.com}} you can have cleaner subdirectories (without the additional domain name) by replacing {{ic|select_field}} and {{ic|where_field}} with:<br />
{{bc|1=query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'}}<br />
<br />
<br />
== Troubleshooting ==<br />
<br />
=== IMAP/POP3 client failing to receive mails ===<br />
<br />
If you get similar errors, take a look into {{ic|/var/log/mail.log}} or use {{ic|journalctl -xn --unit postfix.service}} to find out more.<br />
<br />
It may turn out that the Maildir {{ic|/home/vmail/mail@domain.tld}} is just being created if there is at least one email waiting. Otherwise there wouldn't be any need for the directory creation before.</div>Guiguanhttps://wiki.archlinux.org/index.php?title=Parallels_Desktop&diff=397053Parallels Desktop2015-09-01T12:23:19Z<p>Guiguan: /* Required Kernel & Xorg versions */</p>
<hr />
<div>[[Category:Hypervisors]]<br />
[[ja:Parallels]]<br />
{{Poor writing|Instructions do not comply to [[Help:Style]].}}<br />
{{Related articles start}}<br />
{{Related|VMware}}<br />
{{Related|VirtualBox}}<br />
{{Related articles end}}<br />
<br />
[http://www.parallels.com/products/desktop Parallels] Desktop is a hypervisor for Mac OSX which allows users to install a variety of operating systems as "virtual machines" (guests) on the host system, reducing the need for managing multiple physical machines. A more complete description on virtualization can be found at [http://en.wikipedia.org/wiki/Hardware_virtualization Wikipedia].<br />
<br />
== Installation of Arch as a guest ==<br />
<br />
Parallels Desktop supports Linux guests out of the box, but only offers support for a few Linux distributions - excluding Arch Linux. This means the installation of Parallels tools have not been tested by the vendor, and requires some manual intervention to work under Arch. If you do not wish to use Parallels tools, installation is as simple as choosing "other linux" when creating a new virtual machine and proceeding as you would on any real machine.<br />
<br />
== Parallels Tools ==<br />
<br />
=== Overview ===<br />
<br />
To improve interoperability between the host and the guest operating systems, Parallels provides a package called "Parallels tools" which contains kernel modules and userspace utilities. See [http://download.parallels.com/desktop/v6/docs/en/Parallels_Desktop_Users_Guide/22272.htm Parallels Tools Overview] for a list of its features.<br />
<br />
This article assumes users want to make full use of the tools, including Xorg configuration. If you are running a headless server, you can skip over the sections relating to X.<br />
<br />
When referring to the version of parallel tools the form is <Parallels.Version>.<Tools Version>. For example: 9.0.24237.1028877 corresponds to Parallels version 9.0.24237 with tools version 1028877<br />
<br />
=== Required Kernel & Xorg versions ===<br />
<br />
The tools installer uses binaries which can sometimes be incompatible with the latest version of Xorg or kernels in the Arch repository.<br />
<br />
Different versions have different software requirements:<br />
<br />
* 9.0.24229.991745 needs 3.13.8 (or possibly a later 3.13.y) (3.14 is known to show a black screen and freeze the system) and xorg 1.15.y or earlier<br />
* 9.0.24237.1028877 works with Arch's 3.14.15-1-lts (newer versions may work) and xorg 1.15.y or earlier<br />
* 11.0.0.31193 works on the latest Arch 4.1.6-1 and xorg 1.17.2-4<br />
<br />
And there are different ways to obtain them:<br />
<br />
* linux 3.13.8 can be obtained from the [[Arch Rollback Machine]]<br />
* linux 3.14.15 is the current linux-lts, so just install that and regenerate your grub config.<br />
* xorg 1.15.y can be obtained using the instructions & repo from [[AMD Catalyst]].<br />
<br />
Repository settings for /etc/pacman.conf (for 3.13.8)<br />
[core]<br />
#Include = /etc/pacman.d/mirrorlist<br />
SigLevel = PackageRequired<br />
Server = http://seblu.net/a/arm/2014/04/09/$repo/os/$arch<br />
[extra]<br />
#Include = /etc/pacman.d/mirrorlist<br />
SigLevel = PackageRequired<br />
Server = http://seblu.net/a/arm/2014/04/09/$repo/os/$arch<br />
<br />
See also [[Downgrading_packages#Downgrading_the_kernel]].<br />
<br />
=== Configuring Xorg ===<br />
<br />
The Parallels tools installer will take care of configuring Xorg, so just follow the instructions at [[Xorg]] to install the relevant packages on your system. Install the {{Pkg|xf86-video-vesa}} package to use the vesa driver.<br />
<br />
=== Preparing dependencies ===<br />
<br />
The installation script expects to find your init-scripts in {{ic|/etc/init.d/}} and will fail if it's not present. Since Arch uses systemd, create a symlink to the systemd scripts directory and set the def_sysconfdir variable:<br />
<br />
{{bc|# ln -sf /usr/lib/systemd/scripts/ /etc/init.d}}<br />
<br />
{{bc|1=# export def_sysconfdir=/etc/init.d}}<br />
<br />
The installation script also expects the file {{ic|/etc/X11/xorg.conf}}. We can just create an empty file, as it will automatically be configured by the installer:<br />
<br />
{{bc|# touch /etc/X11/xorg.conf}}<br />
<br />
Then, you need to install standard build utilities, python2, and kernel headers:<br />
<br />
{{bc|# pacman -S base-devel python2 linux-headers}}<br />
<br />
depends on your Parallels version, you may have to install {{ic|linux-lts-headers}} instead of {{ic|linux-headers}}.<br />
<br />
Finally, create a temporary symbolic link to python 2. Remove this link after the installation process.<br />
<br />
{{bc|# ln -sf /usr/bin/python2 /usr/local/bin/python}}<br />
<br />
=== Installing Parallels tools ===<br />
<br />
Choose "install Parallels Tools" from the "Virtual Machine" menu. Parallels Tools are located on a cd-image, which will be connected to your virtual machine. You have to mount it first:<br />
<br />
{{bc|# mount /dev/cdrom /mnt/cdrom}}<br />
<br />
Now you can proceed to install Parallels tools using the installation script as follows:<br />
<br />
{{bc|# cd /mnt/cdrom}}<br />
<br />
{{bc|# ./install}}<br />
<br />
=== Systemd Configuration ===<br />
<br />
The Parallels tools daemon should be started at boot, so create a service file like the following:<br />
<br />
{{hc|1=/usr/lib/systemd/system/parallels-tools.service|2=<br />
[Unit]<br />
Description=Parallels Tools<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/lib/systemd/scripts/prltoolsd start<br />
ExecStop=/usr/lib/systemd/scripts/prltoolsd stop<br />
RemainAfterExit=yes<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
[[Enable]] the {{ic|parallels-tools.service}} service. Reboot the system and Parallels tools should now be installed and working.<br />
<br />
=== Using the Tools ===<br />
<br />
==== Sharing Folders ====<br />
<br />
You can specify which folders on your hosts system you would like to share with your guests under "virtual machine > configuration > sharing".<br />
Then you mount a shared folder like this:<br />
<br />
{{bc|# mount -t prl_fs ''name_of_share'' ''/mnt/name_of_share''}}<br />
<br />
==== Dynamic Display Resolution ====<br />
<br />
A very helpful tool is {{ic|prlcc}}. It changes the resolution of the display (in the guest - not the host) automatically when your resize your window. If this tool is not running, the contents of the window gets stretched or shrunken.<br />
prlcc is usually started automatically and runs in the background. If not, run the following (or place it in a configuration file like /etc/X11/xinit/xinitrc.d/90-prlcc):<br />
<br />
{{bc|$ prlcc &}}<br />
<br />
=== Future work ===<br />
<br />
In general, updating system packages like the linux kernel or Xorg can break Parallels tools and you will need to re-install them. In some cases, new packages will be incompatible with the tools and they will stop working - in that case you will need to roll back the newly installed packages and wait until Parallels releases a new product build before updating your guest (in the hope they have resolved any previous incompatibilities).</div>Guiguanhttps://wiki.archlinux.org/index.php?title=Talk:Parallels_Desktop&diff=397050Talk:Parallels Desktop2015-09-01T12:21:52Z<p>Guiguan: /* "Preparations" */</p>
<hr />
<div>== "Preparations" ==<br />
<br />
[[Parallels#Preparing_dependencies]] is problematic. Is the installer "script" a compiled binary, or an actual shell script? -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 12:16, 1 September 2015 (UTC)<br />
<br />
It's a shell script supplied in prl-tools-lin.iso [[User:Guiguan|Guiguan]] ([[User talk:Guiguan|talk]]) 12:21, 1 September 2015 (UTC)</div>Guiguanhttps://wiki.archlinux.org/index.php?title=Parallels_Desktop&diff=397038Parallels Desktop2015-09-01T12:07:49Z<p>Guiguan: </p>
<hr />
<div>[[Category:Hypervisors]]<br />
[[ja:Parallels]]<br />
{{Poor writing|Instructions do not comply to [[Help:Style]].}}<br />
{{Related articles start}}<br />
{{Related|VMware}}<br />
{{Related|VirtualBox}}<br />
{{Related articles end}}<br />
<br />
[http://www.parallels.com/products/desktop Parallels] Desktop is a hypervisor for Mac OSX which allows users to install a variety of operating systems as "virtual machines" (guests) on the host system, reducing the need for managing multiple physical machines. A more complete description on virtualization can be found at [http://en.wikipedia.org/wiki/Hardware_virtualization Wikipedia].<br />
<br />
== Installation of Arch as a guest ==<br />
<br />
Parallels Desktop supports Linux guests out of the box, but only offers support for a few Linux distributions - excluding Arch Linux. This means the installation of Parallels tools have not been tested by the vendor, and requires some manual intervention to work under Arch. If you do not wish to use Parallels tools, installation is as simple as choosing "other linux" when creating a new virtual machine and proceeding as you would on any real machine.<br />
<br />
== Parallels Tools ==<br />
<br />
=== Overview ===<br />
<br />
To improve interoperability between the host and the guest operating systems, Parallels provides a package called "Parallels tools" which contains kernel modules and userspace utilities. [http://download.parallels.com/desktop/v6/docs/en/Parallels_Desktop_Users_Guide/22272.htm Here] is a list of its features.<br />
<br />
This article assumes users want to make full use of the tools, including Xorg configuration. If you are running a headless server, you can skip over the sections relating to X.<br />
<br />
When referring to the version of parallel tools the form is <Parallels.Version>.<Tools Version>. For example: 9.0.24237.1028877 corresponds to Parallels version 9.0.24237 with tools version 1028877<br />
<br />
=== Required Kernel & Xorg versions ===<br />
<br />
The tools installer uses binaries which can sometimes be incompatible with the latest version of Xorg or kernels in the Arch repository.<br />
<br />
Different versions have different software requirements:<br />
<br />
* 9.0.24229.991745 needs 3.13.8 (or possibly a later 3.13.y) (3.14 is known to show a black screen and freeze the system) and xorg 1.15.y or earlier<br />
* 9.0.24237.1028877 works with Arch's 3.14.15-1-lts (newer versions may work) and xorg 1.15.y or earlier<br />
* 11.0.0-31193 works on the latest Arch 4.1.6-1 and xorg 1.17.2-4<br />
<br />
And there are different ways to obtain them:<br />
<br />
* linux 3.13.8 can be obtained from the [[Arch Rollback Machine]]<br />
* linux 3.14.15 is the current linux-lts, so just install that and regenerate your grub config.<br />
* xorg 1.15.y can be obtained using the instructions & repo from [[AMD Catalyst]].<br />
<br />
Repository settings for /etc/pacman.conf (for 3.13.8)<br />
[core]<br />
#Include = /etc/pacman.d/mirrorlist<br />
SigLevel = PackageRequired<br />
Server = http://seblu.net/a/arm/2014/04/09/$repo/os/$arch<br />
[extra]<br />
#Include = /etc/pacman.d/mirrorlist<br />
SigLevel = PackageRequired<br />
Server = http://seblu.net/a/arm/2014/04/09/$repo/os/$arch<br />
<br />
If you are downgrading the kernel (instead of using the rollback machine during arch install), run:<br />
<br />
{{bc|#pacman -Syy}}<br />
<br />
{{bc|#pacman -S linux}}<br />
<br />
=== Configuring Xorg ===<br />
<br />
The Parallels tools installer will take care of configuring Xorg, so just follow the instructions at [[Xorg]] to install the relevant packages on your system.<br />
You will need to use the {{ic|xf86-video-vesa}} video driver:<br />
<br />
{{bc|# pacman -S xf86-video-vesa}}<br />
<br />
=== Preparing dependencies ===<br />
<br />
The installation script expects to find your init-scripts in {{ic|/etc/init.d/}} and will fail if it's not present. Since Arch uses systemd, create a symlink to the systemd scripts directory and set the def_sysconfdir variable:<br />
<br />
{{bc|# ln -sf /usr/lib/systemd/scripts/ /etc/init.d}}<br />
<br />
{{bc|1=# export def_sysconfdir=/etc/init.d}}<br />
<br />
The installation script also expects the file {{ic|/etc/X11/xorg.conf}}. We can just create an empty file, as it will automatically be configured by the installer:<br />
<br />
{{bc|# touch /etc/X11/xorg.conf}}<br />
<br />
Then, you need to install standard build utilities, python2, and kernel headers:<br />
<br />
{{bc|#pacman -S base-devel python2 linux-headers}}<br />
<br />
depends on your Parallels version, you may have to install {{ic|linux-lts-headers}} instead of {{ic|linux-headers}}.<br />
<br />
Finally, temporarily link python 2. You can relink this back to python 3 after the installation process.<br />
<br />
{{bc|#ln -sf /usr/bin/python2 /usr/bin/python}}<br />
<br />
=== Installing Parallels tools ===<br />
<br />
Choose "install Parallels Tools" from the "Virtual Machine" menu. Parallels Tools are located on a cd-image, which will be connected to your virtual machine. You have to mount it first:<br />
<br />
{{bc|# mount /dev/cdrom /mnt/cdrom}}<br />
<br />
Now you can proceed to install Parallels tools using the installation script as follows:<br />
<br />
{{bc|# cd /mnt/cdrom}}<br />
<br />
{{bc|# ./install}}<br />
<br />
=== Systemd Configuration ===<br />
<br />
The Parallels tools daemon should be started at boot, so create a service file like the following:<br />
<br />
/usr/lib/systemd/system/parallels-tools.service<br />
[Unit]<br />
Description=Parallels Tools<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/lib/systemd/scripts/prltoolsd start<br />
ExecStop=/usr/lib/systemd/scripts/prltoolsd stop<br />
RemainAfterExit=yes<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
And enable the service:<br />
<br />
{{bc|# systemctl enable parallels-tools.service}}<br />
<br />
You can now reboot your system and Parallels tools should be installed and working.<br />
<br />
=== Using the Tools ===<br />
<br />
==== Sharing Folders ====<br />
<br />
You can specify which folders on your hosts system you would like to share with your guests under "virtual machine > configuration > sharing".<br />
Then you mount a shared folder like this:<br />
<br />
{{bc|# mount -t prl_fs ''name_of_share'' ''/mnt/name_of_share''}}<br />
<br />
==== Dynamic Display Resolution ====<br />
<br />
A very helpful tool is {{ic|prlcc}}. It changes the resolution of your display (in the guest - not the host) automatically when your resize your window. If this tool is not running, the contents of the window gets stretched or shrunken.<br />
prlcc is usually started automatically and runs in the background. If not, run the following (or place it in a configuration file like /etc/X11/xinit/xinitrc.d/90-prlcc):<br />
<br />
{{bc|$ prlcc &}}<br />
<br />
=== Future work ===<br />
<br />
In general, updating system packages like the linux kernel or Xorg can break Parallels tools and you will need to re-install them. In some cases, new packages will be incompatible with the tools and they will stop working - in that case you will need to roll back the newly installed packages and wait until Parallels releases a new product build before updating your guest (in the hope they have resolved any previous incompatibilities).</div>Guiguanhttps://wiki.archlinux.org/index.php?title=Parallels_Desktop&diff=397036Parallels Desktop2015-09-01T12:07:00Z<p>Guiguan: /* Preparing dependencies */</p>
<hr />
<div>[[Category:Hypervisors]]<br />
[[ja:Parallels]]<br />
{{Poor writing|Instructions do not comply to [[Help:Style]].}}<br />
{{Related articles start}}<br />
{{Related|VMware}}<br />
{{Related|VirtualBox}}<br />
{{Related articles end}}<br />
<br />
[http://www.parallels.com/products/desktop Parallels] Desktop is a hypervisor for Mac OSX which allows users to install a variety of operating systems as "virtual machines" (guests) on the host system, reducing the need for managing multiple physical machines. A more complete description on virtualization can be found at [http://en.wikipedia.org/wiki/Hardware_virtualization Wikipedia].<br />
At the moment of writing, Parallels Desktop is at version 9 and the mainline linux kernel is 3.15-rc5 while 3.14.4 is considered stable.<br />
<br />
== Installation of Arch as a guest ==<br />
<br />
Parallels Desktop supports Linux guests out of the box, but only offers support for a few Linux distributions - excluding Arch Linux. This means the installation of Parallels tools have not been tested by the vendor, and requires some manual intervention to work under Arch. If you do not wish to use Parallels tools, installation is as simple as choosing "other linux" when creating a new virtual machine and proceeding as you would on any real machine.<br />
<br />
== Parallels Tools ==<br />
<br />
=== Overview ===<br />
<br />
To improve interoperability between the host and the guest operating systems, Parallels provides a package called "Parallels tools" which contains kernel modules and userspace utilities. [http://download.parallels.com/desktop/v6/docs/en/Parallels_Desktop_Users_Guide/22272.htm Here] is a list of its features.<br />
<br />
This article assumes users want to make full use of the tools, including Xorg configuration. If you are running a headless server, you can skip over the sections relating to X.<br />
<br />
When referring to the version of parallel tools the form is <Parallels.Version>.<Tools Version>. For example: 9.0.24237.1028877 corresponds to Parallels version 9.0.24237 with tools version 1028877<br />
<br />
=== Required Kernel & Xorg versions ===<br />
<br />
The tools installer uses binaries which can sometimes be incompatible with the latest version of Xorg or kernels in the Arch repository.<br />
<br />
Different versions have different software requirements:<br />
<br />
* 9.0.24229.991745 needs 3.13.8 (or possibly a later 3.13.y) (3.14 is known to show a black screen and freeze the system) and xorg 1.15.y or earlier<br />
* 9.0.24237.1028877 works with Arch's 3.14.15-1-lts (newer versions may work) and xorg 1.15.y or earlier<br />
* 11.0.0-31193 works on the latest Arch 4.1.6-1 and xorg 1.17.2-4<br />
<br />
And there are different ways to obtain them:<br />
<br />
* linux 3.13.8 can be obtained from the [[Arch Rollback Machine]]<br />
* linux 3.14.15 is the current linux-lts, so just install that and regenerate your grub config.<br />
* xorg 1.15.y can be obtained using the instructions & repo from [[AMD Catalyst]].<br />
<br />
Repository settings for /etc/pacman.conf (for 3.13.8)<br />
[core]<br />
#Include = /etc/pacman.d/mirrorlist<br />
SigLevel = PackageRequired<br />
Server = http://seblu.net/a/arm/2014/04/09/$repo/os/$arch<br />
[extra]<br />
#Include = /etc/pacman.d/mirrorlist<br />
SigLevel = PackageRequired<br />
Server = http://seblu.net/a/arm/2014/04/09/$repo/os/$arch<br />
<br />
If you are downgrading the kernel (instead of using the rollback machine during arch install), run:<br />
<br />
{{bc|#pacman -Syy}}<br />
<br />
{{bc|#pacman -S linux}}<br />
<br />
=== Configuring Xorg ===<br />
<br />
The Parallels tools installer will take care of configuring Xorg, so just follow the instructions at [[Xorg]] to install the relevant packages on your system.<br />
You will need to use the {{ic|xf86-video-vesa}} video driver:<br />
<br />
{{bc|# pacman -S xf86-video-vesa}}<br />
<br />
=== Preparing dependencies ===<br />
<br />
The installation script expects to find your init-scripts in {{ic|/etc/init.d/}} and will fail if it's not present. Since Arch uses systemd, create a symlink to the systemd scripts directory and set the def_sysconfdir variable:<br />
<br />
{{bc|# ln -sf /usr/lib/systemd/scripts/ /etc/init.d}}<br />
<br />
{{bc|1=# export def_sysconfdir=/etc/init.d}}<br />
<br />
The installation script also expects the file {{ic|/etc/X11/xorg.conf}}. We can just create an empty file, as it will automatically be configured by the installer:<br />
<br />
{{bc|# touch /etc/X11/xorg.conf}}<br />
<br />
Then, you need to install standard build utilities, python2, and kernel headers:<br />
<br />
{{bc|#pacman -S base-devel python2 linux-headers}}<br />
<br />
depends on your Parallels version, you may have to install {{ic|linux-lts-headers}} instead of {{ic|linux-headers}}.<br />
<br />
Finally, temporarily link python 2. You can relink this back to python 3 after the installation process.<br />
<br />
{{bc|#ln -sf /usr/bin/python2 /usr/bin/python}}<br />
<br />
=== Installing Parallels tools ===<br />
<br />
Choose "install Parallels Tools" from the "Virtual Machine" menu. Parallels Tools are located on a cd-image, which will be connected to your virtual machine. You have to mount it first:<br />
<br />
{{bc|# mount /dev/cdrom /mnt/cdrom}}<br />
<br />
Now you can proceed to install Parallels tools using the installation script as follows:<br />
<br />
{{bc|# cd /mnt/cdrom}}<br />
<br />
{{bc|# ./install}}<br />
<br />
=== Systemd Configuration ===<br />
<br />
The Parallels tools daemon should be started at boot, so create a service file like the following:<br />
<br />
/usr/lib/systemd/system/parallels-tools.service<br />
[Unit]<br />
Description=Parallels Tools<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/lib/systemd/scripts/prltoolsd start<br />
ExecStop=/usr/lib/systemd/scripts/prltoolsd stop<br />
RemainAfterExit=yes<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
And enable the service:<br />
<br />
{{bc|# systemctl enable parallels-tools.service}}<br />
<br />
You can now reboot your system and Parallels tools should be installed and working.<br />
<br />
=== Using the Tools ===<br />
<br />
==== Sharing Folders ====<br />
<br />
You can specify which folders on your hosts system you would like to share with your guests under "virtual machine > configuration > sharing".<br />
Then you mount a shared folder like this:<br />
<br />
{{bc|# mount -t prl_fs ''name_of_share'' ''/mnt/name_of_share''}}<br />
<br />
==== Dynamic Display Resolution ====<br />
<br />
A very helpful tool is {{ic|prlcc}}. It changes the resolution of your display (in the guest - not the host) automatically when your resize your window. If this tool is not running, the contents of the window gets stretched or shrunken.<br />
prlcc is usually started automatically and runs in the background. If not, run the following (or place it in a configuration file like /etc/X11/xinit/xinitrc.d/90-prlcc):<br />
<br />
{{bc|$ prlcc &}}<br />
<br />
=== Future work ===<br />
<br />
In general, updating system packages like the linux kernel or Xorg can break Parallels tools and you will need to re-install them. In some cases, new packages will be incompatible with the tools and they will stop working - in that case you will need to roll back the newly installed packages and wait until Parallels releases a new product build before updating your guest (in the hope they have resolved any previous incompatibilities).</div>Guiguanhttps://wiki.archlinux.org/index.php?title=Parallels_Desktop&diff=397031Parallels Desktop2015-09-01T12:01:10Z<p>Guiguan: /* Preparing dependencies */</p>
<hr />
<div>[[Category:Hypervisors]]<br />
[[ja:Parallels]]<br />
{{Poor writing|Instructions do not comply to [[Help:Style]].}}<br />
{{Related articles start}}<br />
{{Related|VMware}}<br />
{{Related|VirtualBox}}<br />
{{Related articles end}}<br />
<br />
[http://www.parallels.com/products/desktop Parallels] Desktop is a hypervisor for Mac OSX which allows users to install a variety of operating systems as "virtual machines" (guests) on the host system, reducing the need for managing multiple physical machines. A more complete description on virtualization can be found at [http://en.wikipedia.org/wiki/Hardware_virtualization Wikipedia].<br />
At the moment of writing, Parallels Desktop is at version 9 and the mainline linux kernel is 3.15-rc5 while 3.14.4 is considered stable.<br />
<br />
== Installation of Arch as a guest ==<br />
<br />
Parallels Desktop supports Linux guests out of the box, but only offers support for a few Linux distributions - excluding Arch Linux. This means the installation of Parallels tools have not been tested by the vendor, and requires some manual intervention to work under Arch. If you do not wish to use Parallels tools, installation is as simple as choosing "other linux" when creating a new virtual machine and proceeding as you would on any real machine.<br />
<br />
== Parallels Tools ==<br />
<br />
=== Overview ===<br />
<br />
To improve interoperability between the host and the guest operating systems, Parallels provides a package called "Parallels tools" which contains kernel modules and userspace utilities. [http://download.parallels.com/desktop/v6/docs/en/Parallels_Desktop_Users_Guide/22272.htm Here] is a list of its features.<br />
<br />
This article assumes users want to make full use of the tools, including Xorg configuration. If you are running a headless server, you can skip over the sections relating to X.<br />
<br />
When referring to the version of parallel tools the form is <Parallels.Version>.<Tools Version>. For example: 9.0.24237.1028877 corresponds to Parallels version 9.0.24237 with tools version 1028877<br />
<br />
=== Required Kernel & Xorg versions ===<br />
<br />
The tools installer uses binaries which can sometimes be incompatible with the latest version of Xorg or kernels in the Arch repository.<br />
<br />
Different versions have different software requirements:<br />
<br />
* 9.0.24229.991745 needs 3.13.8 (or possibly a later 3.13.y) (3.14 is known to show a black screen and freeze the system) and xorg 1.15.y or earlier<br />
* 9.0.24237.1028877 works with Arch's 3.14.15-1-lts (newer versions may work) and xorg 1.15.y or earlier<br />
* 11.0.0-31193 works on the latest Arch 4.1.6-1 and xorg 1.17.2-4<br />
<br />
And there are different ways to obtain them:<br />
<br />
* linux 3.13.8 can be obtained from the [[Arch Rollback Machine]]<br />
* linux 3.14.15 is the current linux-lts, so just install that and regenerate your grub config.<br />
* xorg 1.15.y can be obtained using the instructions & repo from [[AMD Catalyst]].<br />
<br />
Repository settings for /etc/pacman.conf (for 3.13.8)<br />
[core]<br />
#Include = /etc/pacman.d/mirrorlist<br />
SigLevel = PackageRequired<br />
Server = http://seblu.net/a/arm/2014/04/09/$repo/os/$arch<br />
[extra]<br />
#Include = /etc/pacman.d/mirrorlist<br />
SigLevel = PackageRequired<br />
Server = http://seblu.net/a/arm/2014/04/09/$repo/os/$arch<br />
<br />
If you are downgrading the kernel (instead of using the rollback machine during arch install), run:<br />
<br />
{{bc|#pacman -Syy}}<br />
<br />
{{bc|#pacman -S linux}}<br />
<br />
=== Configuring Xorg ===<br />
<br />
The Parallels tools installer will take care of configuring Xorg, so just follow the instructions at [[Xorg]] to install the relevant packages on your system.<br />
You will need to use the {{ic|xf86-video-vesa}} video driver:<br />
<br />
{{bc|# pacman -S xf86-video-vesa}}<br />
<br />
=== Preparing dependencies ===<br />
<br />
The installation script expects to find your init-scripts in {{ic|/etc/init.d/}} and will fail if it's not present. Since Arch uses systemd, create a symlink to the systemd scripts directory and set the def_sysconfdir variable:<br />
<br />
{{bc|# ln -sf /usr/lib/systemd/scripts/ /etc/init.d}}<br />
<br />
{{bc|1=# export def_sysconfdir=/etc/init.d}}<br />
<br />
The installation script also expects the file {{ic|/etc/X11/xorg.conf}}. We can just create an empty file, as it will automatically be configured by the installer:<br />
<br />
{{bc|# touch /etc/X11/xorg.conf}}<br />
<br />
Lastly, you need to install standard build utilities, python2, and kernel headers:<br />
<br />
{{bc|#pacman -S base-devel python2 linux-headers}}<br />
<br />
depends on your Parallels version, you may have to install {{ic|linux-lts-headers}} instead of {{ic|linux-headers}}.<br />
<br />
{{bc|#ln -sf /usr/bin/python2 /usr/bin/python}}<br />
<br />
=== Installing Parallels tools ===<br />
<br />
Choose "install Parallels Tools" from the "Virtual Machine" menu. Parallels Tools are located on a cd-image, which will be connected to your virtual machine. You have to mount it first:<br />
<br />
{{bc|# mount /dev/cdrom /mnt/cdrom}}<br />
<br />
Now you can proceed to install Parallels tools using the installation script as follows:<br />
<br />
{{bc|# cd /mnt/cdrom}}<br />
<br />
{{bc|# ./install}}<br />
<br />
=== Systemd Configuration ===<br />
<br />
The Parallels tools daemon should be started at boot, so create a service file like the following:<br />
<br />
/usr/lib/systemd/system/parallels-tools.service<br />
[Unit]<br />
Description=Parallels Tools<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/lib/systemd/scripts/prltoolsd start<br />
ExecStop=/usr/lib/systemd/scripts/prltoolsd stop<br />
RemainAfterExit=yes<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
And enable the service:<br />
<br />
{{bc|# systemctl enable parallels-tools.service}}<br />
<br />
You can now reboot your system and Parallels tools should be installed and working.<br />
<br />
=== Using the Tools ===<br />
<br />
==== Sharing Folders ====<br />
<br />
You can specify which folders on your hosts system you would like to share with your guests under "virtual machine > configuration > sharing".<br />
Then you mount a shared folder like this:<br />
<br />
{{bc|# mount -t prl_fs ''name_of_share'' ''/mnt/name_of_share''}}<br />
<br />
==== Dynamic Display Resolution ====<br />
<br />
A very helpful tool is {{ic|prlcc}}. It changes the resolution of your display (in the guest - not the host) automatically when your resize your window. If this tool is not running, the contents of the window gets stretched or shrunken.<br />
prlcc is usually started automatically and runs in the background. If not, run the following (or place it in a configuration file like /etc/X11/xinit/xinitrc.d/90-prlcc):<br />
<br />
{{bc|$ prlcc &}}<br />
<br />
=== Future work ===<br />
<br />
In general, updating system packages like the linux kernel or Xorg can break Parallels tools and you will need to re-install them. In some cases, new packages will be incompatible with the tools and they will stop working - in that case you will need to roll back the newly installed packages and wait until Parallels releases a new product build before updating your guest (in the hope they have resolved any previous incompatibilities).</div>Guiguanhttps://wiki.archlinux.org/index.php?title=Parallels_Desktop&diff=397027Parallels Desktop2015-09-01T11:58:47Z<p>Guiguan: /* Required Kernel & Xorg versions */</p>
<hr />
<div>[[Category:Hypervisors]]<br />
[[ja:Parallels]]<br />
{{Poor writing|Instructions do not comply to [[Help:Style]].}}<br />
{{Related articles start}}<br />
{{Related|VMware}}<br />
{{Related|VirtualBox}}<br />
{{Related articles end}}<br />
<br />
[http://www.parallels.com/products/desktop Parallels] Desktop is a hypervisor for Mac OSX which allows users to install a variety of operating systems as "virtual machines" (guests) on the host system, reducing the need for managing multiple physical machines. A more complete description on virtualization can be found at [http://en.wikipedia.org/wiki/Hardware_virtualization Wikipedia].<br />
At the moment of writing, Parallels Desktop is at version 9 and the mainline linux kernel is 3.15-rc5 while 3.14.4 is considered stable.<br />
<br />
== Installation of Arch as a guest ==<br />
<br />
Parallels Desktop supports Linux guests out of the box, but only offers support for a few Linux distributions - excluding Arch Linux. This means the installation of Parallels tools have not been tested by the vendor, and requires some manual intervention to work under Arch. If you do not wish to use Parallels tools, installation is as simple as choosing "other linux" when creating a new virtual machine and proceeding as you would on any real machine.<br />
<br />
== Parallels Tools ==<br />
<br />
=== Overview ===<br />
<br />
To improve interoperability between the host and the guest operating systems, Parallels provides a package called "Parallels tools" which contains kernel modules and userspace utilities. [http://download.parallels.com/desktop/v6/docs/en/Parallels_Desktop_Users_Guide/22272.htm Here] is a list of its features.<br />
<br />
This article assumes users want to make full use of the tools, including Xorg configuration. If you are running a headless server, you can skip over the sections relating to X.<br />
<br />
When referring to the version of parallel tools the form is <Parallels.Version>.<Tools Version>. For example: 9.0.24237.1028877 corresponds to Parallels version 9.0.24237 with tools version 1028877<br />
<br />
=== Required Kernel & Xorg versions ===<br />
<br />
The tools installer uses binaries which can sometimes be incompatible with the latest version of Xorg or kernels in the Arch repository.<br />
<br />
Different versions have different software requirements:<br />
<br />
* 9.0.24229.991745 needs 3.13.8 (or possibly a later 3.13.y) (3.14 is known to show a black screen and freeze the system) and xorg 1.15.y or earlier<br />
* 9.0.24237.1028877 works with Arch's 3.14.15-1-lts (newer versions may work) and xorg 1.15.y or earlier<br />
* 11.0.0-31193 works on the latest Arch 4.1.6-1 and xorg 1.17.2-4<br />
<br />
And there are different ways to obtain them:<br />
<br />
* linux 3.13.8 can be obtained from the [[Arch Rollback Machine]]<br />
* linux 3.14.15 is the current linux-lts, so just install that and regenerate your grub config.<br />
* xorg 1.15.y can be obtained using the instructions & repo from [[AMD Catalyst]].<br />
<br />
Repository settings for /etc/pacman.conf (for 3.13.8)<br />
[core]<br />
#Include = /etc/pacman.d/mirrorlist<br />
SigLevel = PackageRequired<br />
Server = http://seblu.net/a/arm/2014/04/09/$repo/os/$arch<br />
[extra]<br />
#Include = /etc/pacman.d/mirrorlist<br />
SigLevel = PackageRequired<br />
Server = http://seblu.net/a/arm/2014/04/09/$repo/os/$arch<br />
<br />
If you are downgrading the kernel (instead of using the rollback machine during arch install), run:<br />
<br />
{{bc|#pacman -Syy}}<br />
<br />
{{bc|#pacman -S linux}}<br />
<br />
=== Configuring Xorg ===<br />
<br />
The Parallels tools installer will take care of configuring Xorg, so just follow the instructions at [[Xorg]] to install the relevant packages on your system.<br />
You will need to use the {{ic|xf86-video-vesa}} video driver:<br />
<br />
{{bc|# pacman -S xf86-video-vesa}}<br />
<br />
=== Preparing dependencies ===<br />
<br />
The installation script expects to find your init-scripts in {{ic|/etc/init.d/}} and will fail if it's not present. Since Arch uses systemd, create a symlink to the systemd scripts directory and set the def_sysconfdir variable:<br />
<br />
{{bc|# ln -sf /usr/lib/systemd/scripts/ /etc/init.d}}<br />
<br />
{{bc|1=# export def_sysconfdir=/etc/init.d}}<br />
<br />
The installation script also expects the file {{ic|/etc/X11/xorg.conf}}. We can just create an empty file, as it will automatically be configured by the installer:<br />
<br />
{{bc|# touch /etc/X11/xorg.conf}}<br />
<br />
Lastly, you need to install standard build utilities, python2, and kernel headers:<br />
<br />
{{bc|#pacman -S base-devel python2 linux-headers}}<br />
<br />
{{bc|#ln -sf /usr/bin/python2 /usr/bin/python}}<br />
<br />
=== Installing Parallels tools ===<br />
<br />
Choose "install Parallels Tools" from the "Virtual Machine" menu. Parallels Tools are located on a cd-image, which will be connected to your virtual machine. You have to mount it first:<br />
<br />
{{bc|# mount /dev/cdrom /mnt/cdrom}}<br />
<br />
Now you can proceed to install Parallels tools using the installation script as follows:<br />
<br />
{{bc|# cd /mnt/cdrom}}<br />
<br />
{{bc|# ./install}}<br />
<br />
=== Systemd Configuration ===<br />
<br />
The Parallels tools daemon should be started at boot, so create a service file like the following:<br />
<br />
/usr/lib/systemd/system/parallels-tools.service<br />
[Unit]<br />
Description=Parallels Tools<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/lib/systemd/scripts/prltoolsd start<br />
ExecStop=/usr/lib/systemd/scripts/prltoolsd stop<br />
RemainAfterExit=yes<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
And enable the service:<br />
<br />
{{bc|# systemctl enable parallels-tools.service}}<br />
<br />
You can now reboot your system and Parallels tools should be installed and working.<br />
<br />
=== Using the Tools ===<br />
<br />
==== Sharing Folders ====<br />
<br />
You can specify which folders on your hosts system you would like to share with your guests under "virtual machine > configuration > sharing".<br />
Then you mount a shared folder like this:<br />
<br />
{{bc|# mount -t prl_fs ''name_of_share'' ''/mnt/name_of_share''}}<br />
<br />
==== Dynamic Display Resolution ====<br />
<br />
A very helpful tool is {{ic|prlcc}}. It changes the resolution of your display (in the guest - not the host) automatically when your resize your window. If this tool is not running, the contents of the window gets stretched or shrunken.<br />
prlcc is usually started automatically and runs in the background. If not, run the following (or place it in a configuration file like /etc/X11/xinit/xinitrc.d/90-prlcc):<br />
<br />
{{bc|$ prlcc &}}<br />
<br />
=== Future work ===<br />
<br />
In general, updating system packages like the linux kernel or Xorg can break Parallels tools and you will need to re-install them. In some cases, new packages will be incompatible with the tools and they will stop working - in that case you will need to roll back the newly installed packages and wait until Parallels releases a new product build before updating your guest (in the hope they have resolved any previous incompatibilities).</div>Guiguanhttps://wiki.archlinux.org/index.php?title=Parallels_Desktop&diff=396915Parallels Desktop2015-09-01T08:28:57Z<p>Guiguan: /* Preparing dependencies */</p>
<hr />
<div>[[Category:Hypervisors]]<br />
[[ja:Parallels]]<br />
{{Poor writing|Instructions do not comply to [[Help:Style]].}}<br />
{{Related articles start}}<br />
{{Related|VMware}}<br />
{{Related|VirtualBox}}<br />
{{Related articles end}}<br />
<br />
[http://www.parallels.com/products/desktop Parallels] Desktop is a hypervisor for Mac OSX which allows users to install a variety of operating systems as "virtual machines" (guests) on the host system, reducing the need for managing multiple physical machines. A more complete description on virtualization can be found at [http://en.wikipedia.org/wiki/Hardware_virtualization Wikipedia].<br />
At the moment of writing, Parallels Desktop is at version 9 and the mainline linux kernel is 3.15-rc5 while 3.14.4 is considered stable.<br />
<br />
== Installation of Arch as a guest ==<br />
<br />
Parallels Desktop supports Linux guests out of the box, but only offers support for a few Linux distributions - excluding Arch Linux. This means the installation of Parallels tools have not been tested by the vendor, and requires some manual intervention to work under Arch. If you do not wish to use Parallels tools, installation is as simple as choosing "other linux" when creating a new virtual machine and proceeding as you would on any real machine.<br />
<br />
== Parallels Tools ==<br />
<br />
=== Overview ===<br />
<br />
To improve interoperability between the host and the guest operating systems, Parallels provides a package called "Parallels tools" which contains kernel modules and userspace utilities. [http://download.parallels.com/desktop/v6/docs/en/Parallels_Desktop_Users_Guide/22272.htm Here] is a list of its features.<br />
<br />
This article assumes users want to make full use of the tools, including Xorg configuration. If you are running a headless server, you can skip over the sections relating to X.<br />
<br />
When referring to the version of parallel tools the form is <Parallels.Version>.<Tools Version>. For example: 9.0.24237.1028877 corresponds to Parallels version 9.0.24237 with tools version 1028877<br />
<br />
=== Required Kernel & Xorg versions ===<br />
<br />
The tools installer uses binaries which can sometimes be incompatible with the latest version of Xorg or kernels in the Arch repository.<br />
<br />
Different versions have different software requirements:<br />
<br />
* 9.0.24229.991745 needs 3.13.8 (or possibly a later 3.13.y) (3.14 is known to show a black screen and freeze the system) and xorg 1.15.y or earlier<br />
* 9.0.24237.1028877 works with Arch's 3.14.15-1-lts (newer versions may work) and xorg 1.15.y or earlier<br />
<br />
And there are different ways to obtain them:<br />
<br />
* linux 3.13.8 can be obtained from the [[Arch Rollback Machine]]<br />
* linux 3.14.15 is the current linux-lts, so just install that and regenerate your grub config.<br />
* xorg 1.15.y can be obtained using the instructions & repo from [[AMD Catalyst]].<br />
<br />
Repository settings for /etc/pacman.conf (for 3.13.8)<br />
[core]<br />
#Include = /etc/pacman.d/mirrorlist<br />
SigLevel = PackageRequired<br />
Server = http://seblu.net/a/arm/2014/04/09/$repo/os/$arch<br />
[extra]<br />
#Include = /etc/pacman.d/mirrorlist<br />
SigLevel = PackageRequired<br />
Server = http://seblu.net/a/arm/2014/04/09/$repo/os/$arch<br />
<br />
If you are downgrading the kernel (instead of using the rollback machine during arch install), run:<br />
<br />
{{bc|#pacman -Syy}}<br />
<br />
{{bc|#pacman -S linux}}<br />
<br />
=== Configuring Xorg ===<br />
<br />
The Parallels tools installer will take care of configuring Xorg, so just follow the instructions at [[Xorg]] to install the relevant packages on your system.<br />
You will need to use the {{ic|xf86-video-vesa}} video driver:<br />
<br />
{{bc|# pacman -S xf86-video-vesa}}<br />
<br />
=== Preparing dependencies ===<br />
<br />
The installation script expects to find your init-scripts in {{ic|/etc/init.d/}} and will fail if it's not present. Since Arch uses systemd, create a symlink to the systemd scripts directory and set the def_sysconfdir variable:<br />
<br />
{{bc|# ln -sf /usr/lib/systemd/scripts/ /etc/init.d}}<br />
<br />
{{bc|1=# export def_sysconfdir=/etc/init.d}}<br />
<br />
The installation script also expects the file {{ic|/etc/X11/xorg.conf}}. We can just create an empty file, as it will automatically be configured by the installer:<br />
<br />
{{bc|# touch /etc/X11/xorg.conf}}<br />
<br />
Lastly, you need to install standard build utilities, python2, and kernel headers:<br />
<br />
{{bc|#pacman -S base-devel python2 linux-headers}}<br />
<br />
{{bc|#ln -sf /usr/bin/python2 /usr/bin/python}}<br />
<br />
=== Installing Parallels tools ===<br />
<br />
Choose "install Parallels Tools" from the "Virtual Machine" menu. Parallels Tools are located on a cd-image, which will be connected to your virtual machine. You have to mount it first:<br />
<br />
{{bc|# mount /dev/cdrom /mnt/cdrom}}<br />
<br />
Now you can proceed to install Parallels tools using the installation script as follows:<br />
<br />
{{bc|# cd /mnt/cdrom}}<br />
<br />
{{bc|# ./install}}<br />
<br />
=== Systemd Configuration ===<br />
<br />
The Parallels tools daemon should be started at boot, so create a service file like the following:<br />
<br />
/usr/lib/systemd/system/parallels-tools.service<br />
[Unit]<br />
Description=Parallels Tools<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/lib/systemd/scripts/prltoolsd start<br />
ExecStop=/usr/lib/systemd/scripts/prltoolsd stop<br />
RemainAfterExit=yes<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
And enable the service:<br />
<br />
{{bc|# systemctl enable parallels-tools.service}}<br />
<br />
You can now reboot your system and Parallels tools should be installed and working.<br />
<br />
=== Using the Tools ===<br />
<br />
==== Sharing Folders ====<br />
<br />
You can specify which folders on your hosts system you would like to share with your guests under "virtual machine > configuration > sharing".<br />
Then you mount a shared folder like this:<br />
<br />
{{bc|# mount -t prl_fs ''name_of_share'' ''/mnt/name_of_share''}}<br />
<br />
==== Dynamic Display Resolution ====<br />
<br />
A very helpful tool is {{ic|prlcc}}. It changes the resolution of your display (in the guest - not the host) automatically when your resize your window. If this tool is not running, the contents of the window gets stretched or shrunken.<br />
prlcc is usually started automatically and runs in the background. If not, run the following (or place it in a configuration file like /etc/X11/xinit/xinitrc.d/90-prlcc):<br />
<br />
{{bc|$ prlcc &}}<br />
<br />
=== Future work ===<br />
<br />
In general, updating system packages like the linux kernel or Xorg can break Parallels tools and you will need to re-install them. In some cases, new packages will be incompatible with the tools and they will stop working - in that case you will need to roll back the newly installed packages and wait until Parallels releases a new product build before updating your guest (in the hope they have resolved any previous incompatibilities).</div>Guiguanhttps://wiki.archlinux.org/index.php?title=Amavis&diff=394093Amavis2015-08-27T13:59:42Z<p>Guiguan: /* Basic Configuration */</p>
<hr />
<div>[[Category:Mail server]]<br />
{{Related articles start}}<br />
{{Related|ClamAV}}<br />
{{Related|Postfix}}<br />
{{Related|Dovecot}}<br />
{{Related articles end}}<br />
<br />
From [http://www.ijs.si/software/amavisd/ Amavis's site]:<br />
:''amavisd-new is a high-performance interface between mailer (MTA) and content checkers: virus scanners, and/or SpamAssassin. It is written in Perl for maintainability, without paying a significant price for speed. It talks to MTA via (E)SMTP or LMTP, or by using helper programs. Best with Postfix, fine with dual-sendmail setup and Exim v4, works with sendmail/milter, or with any MTA as a SMTP relay.''<br />
<br />
== Installation and Setup ==<br />
<br />
In this setup it is assumed that you are using [[ClamAV]] as anti-virus scanner.<br />
* Install {{AUR|amavisd-new}} from the [[AUR]]. You would be wise to also install optdepends such as {{Pkg|p7zip}} and {{Pkg|unrar}} so your filters can actually see inside compressed files.<br />
* Install {{pkg|clamav}} from the [[official repositories]].<br />
<br />
=== Basic Configuration ===<br />
<br />
If your hostname is not a FQDN, you must set {{ic|$myhostname}} and {{ic|$mydomain}} accordingly in {{ic|/etc/amavisd/amavisd.conf}}.<br />
<br />
You can enable [[ClamAV]] support by commenting out the following lines (do not forget to put the same {{ic|clamd.sock}} as in {{ic|/etc/clamav/clamd.sock}}):<br />
{{bc|<nowiki><br />
# ### http://www.clamav.net/<br />
['ClamAV-clamd',<br />
\&ask_daemon, ["CONTSCAN {}\n", "/var/lib/clamav/clamd.sock"],<br />
qr/\bOK$/m, qr/\bFOUND$/m,<br />
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],<br />
# # NOTE: run clamd under the same user as amavisd - or run it under its own<br />
# # uid such as clamav, add user clamav to the amavis group, and then add<br />
# # AllowSupplementaryGroups to clamd.conf;<br />
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in<br />
# # this entry; when running chrooted one may prefer a socket under $MYHOME.<br />
</nowiki>}}<br />
<br />
Add a comment to this line to enable anti-virus scan:<br />
<br />
# @bypass_virus_check_maps = (1); # controls running of anti-virus code<br />
<br />
Add {{ic|AllowSupplementaryGroups true}} to {{ic|/etc/clamav/clamd.conf}}.<br />
<br />
After that, add {{ic|clamav}} user to {{ic|amavis}} group to avoid permission problems:<br />
<br />
# usermod -a -G amavis clamav<br />
<br />
Finally restart the services:<br />
* [[restart]] {{ic|clamd.service}}.<br />
* [[start]] {{ic|amavisd.service}} and possibly [[enable]] it.<br />
<br />
Check for errors with these commands:<br />
<br />
# systemctl status amavisd<br />
# journalctl -xbo short -u amavisd<br />
<br />
=== Testing ===<br />
<br />
To test the new configuration just telnet to the amavisd default listening port:<br />
<br />
$ telnet 127.0.0.1 10024<br />
<br />
You should see something like:<br />
{{bc|<br />
Trying 127.0.0.1...<br />
Connected to 127.0.0.1.<br />
Escape character is '^]'<br />
220 [127.0.0.1] ESMTP amavisd-new service ready<br />
}}<br />
<br />
Type {{ic|ehlo 127.0.0.1}}:<br />
{{bc|<br />
EHLO localhost<br />
250-[127.0.0.1]<br />
250-VRFY<br />
250-PIPELINING<br />
250-SIZE<br />
250-ENHANCEDSTATUSCODES<br />
250-8BITMIME<br />
250-DSN<br />
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE<br />
}}<br />
<br />
Now just type {{ic|quit}} to exit.<br />
<br />
== Integration with Postfix ==<br />
<br />
=== Quick start ===<br />
<br />
To configure amavis for [[Postfix]] add the following to {{ic|/etc/postfix/master.cf}}:<br />
{{bc|1=<br />
#<br />
# anti spam & anti virus section<br />
#<br />
amavisfeed unix - - n - 2 smtp<br />
-o smtp_data_done_timeout=1200<br />
-o smtp_send_xforward_command=yes<br />
-o disable_dns_lookups=yes<br />
-o max_use=20<br />
127.0.0.1:10025 inet n - y - - smtpd<br />
-o content_filter=<br />
-o smtpd_delay_reject=no<br />
-o smtpd_client_restrictions=permit_mynetworks,reject<br />
-o smtpd_helo_restrictions=<br />
-o smtpd_sender_restrictions=<br />
-o smtpd_recipient_restrictions=permit_mynetworks,reject<br />
-o smtpd_data_restrictions=reject_unauth_pipelining<br />
-o smtpd_end_of_data_restrictions=<br />
-o smtpd_restrictions_classes=<br />
-o mynetworks=127.0.0.0/8<br />
-o smtpd_error_sleep_time=0<br />
-o smtpd_soft_error_limit=1001 <br />
-o smtpd_hard_error_limit=1000<br />
-o smtpd_client_connection_count_limit=0<br />
-o smtpd_client_connection_rate_limit=0<br />
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters<br />
-o local_header_rewrite_clients=<br />
}}<br />
<br />
In this configuration we assume that postfix and Amavis are running on the same machine (i.e. {{ic|127.0.0.1}}). If that is not the case edit {{ic|/etc/amavisd/amavisd.conf}} and the prevous Postfix entry accordingly.<br />
<br />
Postfix will listen to port {{ic|10025}} so that Amavis can send back checked emails to that port.<br />
<br />
You also have to add another other configuration in your {{ic|smtp}} or {{ic|submission}} sections:<br />
<br />
-o content_filter=amavisfeed:[127.0.0.1]:10024<br />
<br />
Using this options implies that Postfix will send emails to Amavis on port {{ic|10024}}, so that these can be checked. If mail passes the control then these are sent to port {{ic|10025}}, as explained before.<br />
<br />
We can now [[restart]] {{ic|postfix.service}} and {{ic|amavis.service}}.<br />
<br />
To check that Postfix is listening on port {{ic|10025}} do the same operations as the port {{ic|10024}} case.<br />
<br />
== SpamAssassin support ==<br />
<br />
{{Expansion|todo}}<br />
<br />
Spamassassin is integrated in Amavis so you do not have to start {{ic|spamassassin.service}}. To enable support for Spamassassin comment the following line in {{ic|/etc/amavis/amavis.conf}} like this:<br />
# @bypass_spam_checks_maps = (1); # controls running of anti-spam code<br />
<br />
Edit the SpamAssassin configuration based on your needs:<br />
{{bc|1=<br />
$sa_tag_level_deflt = 1.0; # add spam info headers if at, or above that level<br />
$sa_tag2_level_deflt = 1.0; # add 'spam detected' headers at that level<br />
$sa_kill_level_deflt = 5.0; # triggers spam evasive actions (e.g. blocks mail)<br />
$sa_dsn_cutoff_level = 8; # spam level beyond which a DSN is not sent<br />
# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off<br />
$penpals_threshold_high = $sa_kill_level_deflt; # do not waste time on hi spam<br />
$bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces<br />
}}<br />
<br />
Now you just need to [[restart]] {{ic|amavisd}} service.<br />
<br />
== Final test ==<br />
<br />
{{Expansion|todo}}<br />
<br />
To check that everything is working all right:<br />
* Send a normal email.<br />
* Send an email with an [http://www.eicar.org/86-0-Intended-use.html EICAR] file as attachment.<br />
* Send an email that would result as spam.<br />
* Check both Postfix and Amavis logs.<br />
<br />
== See also ==<br />
<br />
* [http://www.ijs.si/software/amavisd/README.postfix.html Amavis official documentation]<br />
* [https://wiki.gentoo.org/wiki/Complete_Virtual_Mail_Server/amvisd_spamassassin_clamav Complete Virtual Mail Server/amvisd spamassassin clamav] on Gentoo wiki.</div>Guiguan