Questions about my Coblt RaQ

Export to PDF | Export to DOC

Problem: Questions about my Coblt RaQ.

Question: I want my RaQ to send all unresolved email to one default user account.

Response

  1. List @my.domain.com as an alias for the user that will receive all the unresolved email.
    To do this:

    a.    Use the user interface and go to Site Management for the virtual site in question.
    b.    Click on the blue envelope button to create/modify the user’s email account.
    c.    Add “@my.domain.com” to the email aliases of the user. This creates a catch-all alias for the site.
    Note:
     that we used the FULL domain name (my.domain.com), not just the last part (domain.com). The catch-all will work for domain.com if you have checked the box in the site settings section that says “Accept E-mail for Domain”.

  2. For each user in the domain, alias the username to itself.
    To do this:

    a.    Use the user interface and go to Site Management for the virtual site in question.
    b.    Click on the blue envelope button to create/modify the user’s email account.
    c.    Add “username” to the Email aliases (add it if the user already has aliases). Where “username” is the entry in the User Name column.


Question
I want my RaQ2 to send all email from one virtual hosted site, domain1.com, to another, domain2.com, on the same server.

Response

  1. Ensure Accept Email for Domain for domain1.com is unchecked.
    To do this:

    a.    Use the Site Settings and from Site Management for the virtual site in question.
    b.    Ensure the Accept Email For Domain is unchecked.
    c.    Click Save Settings.

  2. Add the following custom line at the bottom of the /etc/virtusertable only if mail for user@domain1.com should go to user@domain2.com.
    If mail for user@domain1.com should go to defaultuser@domain2.com, then skip to step 4. (All mail delivered to domain1 will go to user@domain2)@domain1.com        %1@domain2.comWhere the space between is a TAB.
    This ensures any mail sent to user@domain1.com will be sent to the user@domain2.com. (A user to user relationship)
  3. Run makemap hash /etc/virtusertable < /etc/virtusertable
  4. Follow this step only if you skipped to it from step 2.
    To have mail for user@domain1.com go to anotheruser@domain2.com.  There will not be a user to user relationship.List @domain1.com as an alias for the user in domain2.com that will receive all the email.
    To do this:

    a.    Use the user interface and go to Site Management for domain2.com.
    b.    Click on the blue envelope button to create/modify the user’s email account.
    c.    Add “@domain1.com” to the email aliases of the user. This creates a catch-all alias for the site domain1 in domain2..



Question
Most of our customers connect from a remote location and finding the IP addresses for each of these customers to enter into the Relay field is nearly impossible. Are there any solutions you provide that can make this process easier?

Response
Yes, there is a Pop-before-Relay package that will make users authenticate before relaying email. It can be found on our FTP site.

Here is the location for POP Before SMTP:
ftp://ftp.cobaltnet.com/pub/contrib/binaries/

documentation:
ftp://ftp.cobaltnet.com/pub/contrib/binaries/POP-before-relay.txt

The PKG for RaQ3/3i:
ftp://ftp.cobaltnet.com/pub/contrib/binaries/RaQ3-POP-before-Relay-1.2.pkg

The PKG for RaQ2:
ftp://ftp.cobaltnet.com/pub/contrib/binaries/RaQ2-POP-before-SMTP-1.2.pkg

 


Question
Is there any way to increase email attachment file size to 100 MB from you present 10MB?

Response
You can do this in the RaQ from the email parameters page.

On the Qube, you to edit /etc/sendmail.cf
look for this line:

# maximum message size
O MaxMessageSize=
Enter the size in Kilobytes.


Question
How do I prevent users from being able to move around during a FTP session and isolate them to their directory?

Response
You may edit the /etc/proftpd.conf file to make this change. For more information please visit www.proftpd.org

You may refer to the cobalt-users mailing list for troubleshooting issues and questions. To subscribe to the mailing list, please visit

http://list.cobalt.com/mailman/listinfo/cobalt-users


Question
How do I allow users to enter aliases outside the domain they are a part of?

Response
Prior to RaQ Patch 2.0, any user could enter any username and domain name in their alias. Some users considered this a feature and others considered this a bug.

Due to security issues this was changed in RaQ Patch 2.0 so that a user could only create an alias for a name within their domain. Thus john@domain1.com could not create an alias for john@domain2.com.

To re-enable this feature/bug you must edit the following file:

/usr/admserv/cgi-bin/.cobalt/siteUserEmail/siteUserEmail.cgi

Look for the line shown here:

if( $aliasDomain && ( $domainName!~/.$aliasDomain$/ &&
$domainName ne
$aliasDomain ) ) { $badAlias=1; }

Comment out the line. The line should now look like this:

# if( $aliasDomain && ( $domainName!~/.$aliasDomain$/ && $domainName ne $aliasDomain ) ) { $badAlias=1; }

This disables all checking on the e-mail alias. Just be sure that people don’t
try to intercept mail for other sites on that RaQ.


Question
I have a user that would like to administer 2 virtual sites, but when I try to create the same user on the second site, it denies the creation of the user. How can I get the user to administer 2 virtual sites?

Response
To allow a user to administer multiple sites, the following changes need to be made:

1. Create a user as siteadmin on one site
2. Edit a file with the following command:

vi /etc/htgroup

3. Place the user by each site that he/she will be administering.

This user will have access to ftp, but will not be able to do e-mail aliasing for the user.


Question
How do I disable e-mail relay on the RaQ?

Response
There are two ways to configure a Cobalt RaQ to allow open mail relaying. Please be advised that making this modification opens your machine up to use as a spam relay.

Method 1:

1. Telnet into RaQ; login as root. The password is the
admin password used to access the web interface.

2. Edit the file /etc/mail/name_allow. Make the contents
of the file contain top-level domain names, i.e.,

com
net
org
edu

Include any other top-level domains you require.

Use the UNIX vi editor to edit /etc/mail/name_allow.
If you don’t know how to use vi, the following command will
work. Type exactly what is below into the UNIX command prompt:

cat > /etc/mail/name_allow
com
net
org
edu
^d

Type exactly what is shown above. ^D means Control-D.

3. Restart sendmail (the mail delivery service).

Enter the following commands at the command prompt:

/etc/rc.d/init.d/sendmail stop
/etc/rc.d/init.d/sendmail start

Method 2:

This is an untested hack that completely opens your machine up to relaying.

Telnet into the RaQ
backup your copy of sendmail .cf
cp /etc/sendmail.cf sendmail.cf.old
edit the file /etc/sendmail.cf

Search for the line:
R$*<@$+>$* $#error $@ 5.7.1 $: 551 we do not relay

Add a ‘#‘ sign to comment out this line – it should read
#R$*<@$+>$* $#error $@ 5.7.1 $: 551 we do not relay

Restart sendmail (as above) and test.

Comments
un htmlized:

There are two ways to configure a Cobalt RaQ to allow open mail relaying. Please be advised that making this modification opens your machine up to use as a spam relay.

Method 1:

1. Telnet into RaQ; login as root. The password is the
admin password used to access the web interface.

2. Edit the file /etc/mail/name_allow. Make the contents
of the file contain top-level domain names, i.e.,

.com
.net
.org
.edu

Include any other top-level domains you require.

Use the UNIX vi editor to edit /etc/mail/name_allow.
If you don’t know how to use vi, the following command will
work. Type exactly what is below into the UNIX command prompt:

cat > /etc/mail/name_allow
.com
.net
.org
.edu
^d

Type exactly what is shown above. ^D means Control-D.

3. Restart sendmail (the mail delivery service).

Enter the following commands at the command prompt:

/etc/rc.d/init.d/sendmail stop
/etc/rc.d/init.d/sendmail start

Method 2:

This is an untested hack that completely opens your machine up to relaying.

Telnet into the RaQ
backup your copy of sendmail .cf
cp /etc/sendmail.cf sendmail.cf.old
edit the file /etc/sendmail.cf

Search for the line:
R$*<@$+>$* $#error $@ 5.7.1 $: 551 we do not relay

Add a ‘#’ sign to comment out this line – it should read
#R$*<@$+>$* $#error $@ 5.7.1 $: 551 we do not relay

Restart sendmail (as above) and test.


Question
Is it possible with the to view/manage the mail queue?

Response
The mail queue is not viewable through the user interface or Windows application. If you are familiar with Linux, you should be able to view it through a telnet session and review the /home/spool/mqueue directory.


Question
Is there a way I can disable the site admin’s ability to enable telnet/shell access to themselves or to their users in their domain?

Response
You will need to make changes to some of the files through telnet.

1. Telnet into the server as root.

2. Go to the directory: /usr/admserv/html/.cobalt/siteManage/ 

3. Edit the file userAdd.html, and modify the following line:

CHECKBOX NAME=”shell” >

to

HIDDEN NAME=”shell” >

This will disable the the telnet ability for this domain for each user that is created. You will need to repeat step 2,3 for each domain.

4. Go to the directory: /usr/admserv/templates

5. Edit the file siteUserMod.tmpl, and modify the following lines:

var shellHelp=’Check this box to give this user telnet/shell access.‘;

to

var shellHelp=’This feature is disabled.‘;

and also change

CHECKBOX NAME=”shell” [SHELLCHECKED]>

to

HIDDEN NAME=”shell” [SHELLCHECKED]>

These changes will not allow a siteadmin to modify the user’s shell access rights.


Question
Is there any way that I can have multiple domains pointing to one virtual host(the same website files) on my server?

Response
What you would need to do is edit your httpd.conf file in the /etc/httpd/conf directory. In this file you’ll see a section that looks like

<VirtualHost 10.9.8.73>
ServerName big.bad.net
ServerAdmin admin
ServerAlias bad.net
DocumentRoot /home/sites/site7/web


</VirtualHost>

In your situation, you would look for the IP of the primary domain. Add this to the end

ServerAlias <secondary domain>

Replace <secondary domain> with the domain you want to point to the primary domain. Then type

/etc/rc.d/init.d/httpd.init stop
/etc/rc.d/init.d/httpd.init start

as root at the command prompt to restart the web server.

Also, configure your DNS records to have an ‘A’ record for your secondary domian
to point to the IP of the primary domain. Do not use CNAMEs as they will cause
problems with the server.


Question
How can I have virtual SSL servers?

Response
Name based virtual hosting does not work with SSL. You must have a different IP for each address you want to use a SSL server with.

2 steps: generate a certificate request, and modify httpsd.conf to know about it.

First things first:

telnet into the box, and run the commands:

cd /etc/httpd/conf/
/usr/sbin/openssl req -new -key ssl.key/server.key > ssl.csr/WHATEVER.csr

where you replace WHATEVER with, well, whatever, as in the name of the host or something.

That will be the cert request for thawte/verisign. After you get that back, place the stuff in a file:

/etc/httpd/conf/ssl.crt/WHATEVER.crt

again replacing WHATEVER with the same thing as above.

Next, edit /etc/httpd/conf/httpsd.conf At the end, tack on a new VirtualHost config:

<VirtualHost Hostname:443>
DocumentRoot /YOUR/PATH/HERE
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/whatever.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
</VirtualHost>

making sure to replace the hostname, PATH and whatever with the names and pathes you used above. Then just restart httpsd:

/etc/rc.d/init.d/httpsd restart

 


Question
How do I password protect a directory.

Response
For this example, we will show how to password protect a users Web page. You can apply this procedure to virtual sites also by changing the directories.

1. Telnet in, and login as the User
2. Create the .htaccess file, it should contain the following lines:

# Access file
order allow,deny
allow from all
require valid-user
Authname DirectoryName
Authtype Basic
AuthUserFile /home/sites/sitename/users/username/.htpasswd

**NOTE: the section at the top of the file prevents users from accessing the .htaccess file from a browser. Any requests such as http://www.yoursite.com/securedirectory/.htaccess will be flatly denied.

**NOTE: The AuthUserFile should be the file in the directory that you want to password protect. The above example shows how to protect a users home page, to use the htpasswd for all current registered RaQ users enter /etc/htpasswd for the AuthUserFile.

Skip step Three if you are using the /etc/htpasswd file for your authorization

3. Now we want to create the htpasswd file using the htpasswd command in the /usr/sbin/ directory.

a. Type: /usr/sbin/htpasswd -c /home/sites/sitename/users/username/.htpasswd

b. It will prompt you for the password twice

**NOTE: When adding additional users remove the -c from the command line

Leave a Reply

Your email address will not be published. Required fields are marked *