MySQL, Java, JSP, Servlet, Tomcat and Jboss Web Hosting Blog

Running a Print Server Sharing printers is a good way to save money and make your printing more efficient. Very few people need to print all the time, but when they do want to print something, they usually need it quickly. Setting up a print server can save money by eliminating the need for a printer at every workstation. Some of those savings can be used to buy printers that can output more pages per minute or have higher-quality output. You can attach printers to your Linux system to make them available to users of that system (standalone printing) or to other computers on the network as a shared printer. You can also configure your Linux printer as a remote CUPS or Samba printer. With Samba, you are emulating Windows printing services, which is pretty useful given the abundance of Windows client systems. This chapter describes configuring and using printers on Linux systems with various desktop environments in use. Some of the details may vary from one distribution to another, but the information included here should work well for the more commonly used distributions. This chapter focuses on Common UNIX Printing Service (CUPS), which is the recommended print service for the majority of Linux installations. Examples in this chapter use the Printer Configuration options in the GNOME and K Desktop environments. Once a local printer is configured, print commands such as lpr are available for carrying out the actual printing. Commands also exist for querying print queues (lpq), manipulating print queues (lpc), and removing print queues (lprm). A local printer can also be shared as a print server for users on other computers on your network. 2C H A6P6T E R . . . . In This Chapter Understanding printing in Linux Setting up printers Using printing commands Managing document printing . . . .
In case you need affordable webhost to host your website, our recommendation is ecommerce web host services.

690 Part V . Running Servers 9. Restart Exim: # invoke-rc.d exim4 restart Your server should now support SSL/TLS when communicating with SMTP, POP, and IMAP clients. Summary Using Linux and a good Internet connection, you can set up and maintain your own mail server. Preparing your computer to become a mail server includes configuring your network connection, setting up delivery and retrieval methods, and adding required software packages. This chapter describes how to install, configure, and troubleshoot the Exim MTA. Exim can be used in tandem with spam filtering software (such as SpamAssassin) and virus scanning software (such as ClamAV). Methods for securing your mail server include configuring support for SSL/TLS encryption. . . .
From our experience, we can recommend PHP Web Hosting services, if you need affordable webhost to host and run your web application.

Chapter 25 . Running a Mail Server 689 3. If you are going to be using a certificate from a CA that is not already recognized (this is generally only true if you are running your own CA), place the CA public certificate in its own file in /etc/ssl/certs/ and update the certificate database: # update-ca-certificates 4. Generate the private key and certificate signing request, as described in Chapter 24. The best location for these files is in /etc/ssl/private/. Here s an example: # cd /etc/exim4 # openssl genrsa -out mail.key 1024 # chmod 640 mail.key # openssl req -new -key mail.key -out mail.csr # chown root:Debian-exim mail.key 5. Get your CSR (Certificate Signing Request) signed and place the certificate in /etc/mail/private/mail.crt. Or, to do a self-signed certificate, do the following: # cd /etc/exim4 # openssl req -new -x509 -nodes -sha1 -days 365 -key mail.key -out mail.crt # chmod 640 mail.crt # chown root:Debian-exim mail.crt Some remote servers will refuse to send messages to your server if your certificate is not signed by a CA that they recognize. Also, make sure the common name (cn) attribute on your certificate matches the name of the server in DNS. 6. Concatenate the private key and certificate into a single file for Courier: # cd /etc/courier # cat /etc/exim4/mail.key /etc/exim4/mail.crt > mail.pem # chmod 600 mail.pem 7. Enable SSL/TLS in the Courier IMAP and POP daemons by editing both /etc/courier/imapd-ssl and /etc/courier/pop3d-ssl and replacing the values for TLS_CERTFILE and TLS_TRUSTCERTS with the following: TLS_CERTFILE=/etc/courier/mail.pem TLS_TRUSTCERTS=/etc/ssl/certs/ca-certificates.pem 8. Tell Exim where it can find the private key and certificate, and enable TLS. Create a file named /etc/exim4/conf.d/main/12_exim4- config_local_tlsoptions containing the following: MAIN_TLS_CERTIFICATE = CONFDIR/mail.crt MAIN_TLS_PRIVATEKEY = CONFDIR/mail.key MAIN_TLS_ENABLE = 1 Caution
We recommend high quality webhost to host and run your jsp application: christian web host services.

688 Part V . Running Servers To have Fetchmail automatically start when the system boots, add this to your crontab file: @reboot /usr/bin/fetchmail –daemon 300 Fetchmail cannot prompt for passwords when run in this manner, which means that you must store the passwords in .fetchmailrc for this to work. If you haven t configured a crontab file before, setting it up can be as easy as entering the following three commands: $ cat > mycron @reboot /usr/bin/fetchmail –daemon 300 (hit Ctrl-D here) $ crontab mycron Configuring Web-Based Mail If you re running an IMAP server, you can offer Web-based access by installing IMP (http://horde.org/imp/, also in the imp3 package) or SquirrelMail (http:// squirrelmail.org/, also found in the squirrelmail package). Start by configuring your system as a LAMP server (see Chapter 24), and then install and configure the appropriate package. IMP is considerably more complex to configure than SquirrelMail and may be more difficult to install. If you aren t sure which one is right for you, try the online demos for both and see which one you like best. Securing Communications with SSL/TLS Because communication between mail clients and the server often contains sensitive information such as passwords, it is usually desirable to enable SSL/TLS encryption. Here s how to enable SSL/TLS in Exim and Courier: 1. Install the Courier daemons with SSL/TLS support: # apt-get install courier-imap-ssl courier-pop-ssl 2. Third-party CA certificates are provided on the ca-certificates package. This will be referenced in the configuration, so install it, too: # apt-get install ca-certificates Debconf asks you whether you want to trust the CA certificates by default. In most cases, you want to select Yes. Note Note
You want to have a cheap webhost for your apache application, then check apache web hosting services.

Chapter 25 . Running a Mail Server 687 Configuring Mail Clients Any mail client with support for POP3 or IMAP should be able to access mail from your server. Just use the name of your server in the mail server settings, and follow the troubleshooting steps in the previous section if something doesn t work. You can find more information about mail clients for Linux in Chapter 22. Configuring Fetchmail Fetchmail is an MRA (Mail Retrieval Agent) that you can use to pull mail from a remote account to your new server. It is configured in the $HOME/.fetchmailrc file and is very easy to set up. To pull mail to your server, log in as the user that the mail should go, and then configure and run it from there. Run Fetchmail as the user for whom the mail is being retrieved. You should never run it as root. If you re doing a complex setup in which you retrieve mail from a single mailbox that needs to be sorted out for multiple users, see the fetchmail man page for information about multidrop mailboxes. A .fetchmailrc file can be as simple as this: poll mailserver.yourisp.example protocol pop3 username foo If you have more than one mail server, you can add it as an additional line. If the server from which you are pulling mail supports IMAP, you can use imap instead of pop3. Other options that you can have are password=your password> and ssl. Storing the password in the file enables you to run Fetchmail without entering a password, and the ssl option tells Fetchmail to use an SSL/TLS connection to the server. Your .fetchmailrc file should not be readable by others, and Fetchmail will generally complain if it is. To set the permissions so that only you can read it, run chmod 0600 $HOME/.fetchmailrc/. Running Fetchmail is as simple as typing $ fetchmail If you want to have Fetchmail run in the background, you can use the –daemon (or -d) flags with a parameter telling it how often (in seconds) to poll the servers: $ fetchmail –daemon 300 Note Note Cross- Reference
From our experience, we are can tell you that you can find a reliable and cheap webhost service at Java Web Hosting services.

686 Part V . Running Servers Login Failures When Connecting to Courier Aside from genuine password errors (which can be remedied by entering the correct password in the mail client), there are also a few other conditions that can result in login failures. Some of these conditions will also result in temporary delivery problems. A normal login failure will result in a log entry that looks similar to this: courierpop3login: LOGIN FAILED, ip=[::ffff:1.2.3.4] In this case, a user from IP 1.2.3.4 entered the wrong username or password. Several of the other errors that may occur will not be logged to the mail log, which means that you may have to test them by connecting manually to the POP3 service (from the mail server, or from a remote machine) and sending a valid username and password. This example shows how to connect to the POP3 service from a shell prompt on the mail server: $ telnet localhost 110 Trying 127.0.0.1… Connected to localhost.localdomain. Escape character is ^] . +OK Hello there. USER username +OK Password required. PASS password The response you receive from the server should be similar to one of the following: . +OK logged in This is a normal response and should mean that there are no problems with the service. . -ERR Maildir: No such file or directory This error indicates that the user s account does not have a Maildir directory. Use the maildirmake command to create it, as shown in the Installing and Configuring Exim section. . -ERR Maildir: Permission denied This error indicates that the user s Maildir directory cannot be read or belongs to the wrong user. To remedy this, run this command as root: # chown -R username:groupname ~username/Maildir Be sure to replace username and groupname with the login name and primary group of the user. In a stock Debian system, the primary group name will be the same as the username. . -ERR Login failed If you re certain that you are using the correct username and password, it could be that the Courier authdaemon service is not running. Try to start (or restart) it using this command: # invoke-rc.d courier-authdaemon restart
In case you need quality webspace to host and run your web applications, try our personal web hosting services.

Chapter 25 . Running a Mail Server 685 about enabling SMTP authentication can be found on your server in /usr/ share/doc/exim4-base/README.SMTP-AUTH and /etc/exim4/conf.d/ auth/30_exim4-config_examples. The Courier authdaemon examples in 30_exim4-config_examples can be enabled, allowing Exim to use that facility for authentication and negating the need to set up a different mechanism. In order for it to work, however, you will need to add the Debian-exim user to the daemon group (gpasswd -a Debian-exim daemon) and restart Exim. . The following error indicates that the ClamAV daemon could not read the temporary message file: 1E9PDq-0003Lo-BY malware acl condition: clamd: ClamAV returned /var/spool/exim4/scan/1E9PDq-0003Lo-BY: Access denied. ERROR Make sure you added clamav to the Debian-exim group and restarted ClamAV, as shown in the installation section. . This error usually indicates that the ClamAV daemon is not running: 1E9PGL-0003MX-38 malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd.ctl (No such file or directory) Start it using invoke-rc.d clamav-daemon start. You can also use the clamdscan program to test the daemon, as follows: # clamdscan /usr/share/clamav-testfiles/clam.exe /usr/share/clamav-testfiles/clam.exe: ClamAV-Test-File FOUND ———– SCAN SUMMARY ———– Infected files: 1 Time: 0.001 sec (0 m 0 s) Messages Not Delivered by Exim In some cases, messages will be accepted by the server but will not be deliverable. Some of these errors are considered temporary failures and will not generate a bounced message until the retry timer runs out. The error that you are most likely to see will look something like this in the mainlog file: 1E9PTu-0003jN-QY == user@example.org R=local_user T=maildrop_pipe defer (0): Child process of maildrop_pipe transport returned 75 (could mean temporary error) from command: /usr/bin/maildrop This error indicates that Exim attempted to pass the message to Maildrop, but Maildrop returned an error code. The most likely causes are a missing Maildir directory, or a Maildir directory that is owned by the wrong user. The next section shows how to detect and fix these problems. Note
If you are looking for affordable and reliable webhost to host and run your business application visit our ftp web hosting services.

684 Part V . Running Servers Entries not associated with a message that has not been accepted into the queue will not have the message identifier or two-character flags. Some samples of these types of entries are included in the next section. Logging information for the Courier IMAP and POP daemons is saved to /var/log/ mail.log. Normal entries include LOGIN and LOGOUT messages. DISCONNECTED messages generally indicate that a connection was broken before a normal logout was performed. The tail utility is useful for watching for new entries to a log. Use the -f switch to instruct tail to watch for new entries and display them to the screen as they are written to the log. For example: tail -f /var/log/exim4/mainlog Common Errors (and How to Fix Them) There are two common types of problems that you will encounter with your server: messages being rejected or not delivered by Exim and login failures when connecting to Courier. Messages Rejected by Exim The first places to check when messages are rejected by Exim are the mainlog and rejectlog files. Here are examples of some common errors and tips for fixing them: . The following error indicates that the client sending the message is not recognized as a client by Exim and that the recipient domain is not in the list of local or relay domains: H=sample.client [1.2.3.4] F= rejected RCPT : relay not permitted If the client IP address will not change frequently or is in part of a trusted range of IP addresses, you can add them by running the following: # dpkg-reconfigure –priority=medium exim4-config The same command can also be used to add the recipient domain as a local or relay domain. Do not add client IP ranges unless you trust all of the users that can connect from those addresses. Likewise, do not add a domain as a relay domain unless you know the owner of the domain and have made arrangements to relay mail for them. Doing either of these incorrectly could open your server up as a relay that can be used by spammers to attack other sites. If the client IP address is likely to change frequently and is not part of a trusted range, you should either configure the client to use a mail server that is local to it or configure SMTP authentication in Exim. More information Caution Note
You need excellent and relaible webhost company to host your web applications? Then pay a visit to Inexpensive Web Hosting services.

Chapter 25 . Running a Mail Server 683 Checking Logs All logging information for Exim is written to three log files that can be found in /var/log/exim4: mainlog, rejectlog, and paniclog. The first of these, mainlog, contains log entries for all events, including normal events such as message deliveries. The second, rejectlog, contains entries for rejected messages. The third contains information about configuration or other errors, and is usually empty unless a serious problem has occurred. Every entry in these files generally starts with a timestamp. Entries in the mainlog will often include a string of 15 characters, such as 1E9PTu-0003jN-QY. This is the message identifier for the message that the log entry is related to. Immediately after the message identifier there will generally be a two-character string. Table 25-1 details what those strings mean. Table 25-1 Exim Log File Messages Symbol Description Explanation <= Message arrival These entries show messages coming into Exim, generally through SMTP or local IPC. => Message delivery These entries show message deliveries, whether they are to a local mailbox or to a remote host using SMTP or some other transport. -> Additional addresses These entries show delivery to additional in message delivery addresses for messages that have already been delivered to another recipient (and logged with an => entry). ** Delivery failure These entries show permanent delivery errors. Errors such as these indicate that the message has been removed from the mail queue and in most cases a DSN (Delivery Status Notification) has been generated and sent to the original message sender. == Delivery deferral These entries show temporary delivery errors. The system will continue to retry sending these until delivery succeeds, or a permanent failure occurs as a result of a retry timeout.
Note: If you are looking for cheap and reliable webhost to host and run your mysql application check mysql web server services.

682 Part V . Running Servers warn message = X-Spam-Score: $spam_score ($spam_bar) condition = ${if <{$message_size}{80k}{1}{0}} spam = nobody:true/defer_ok warn message = X-Spam-Status: $spam_report condition = ${if <{$message_size}{80k}{1}{0}} spam = nobody:true/defer_ok deny message = Spam score too high ($spam_score) condition = ${if <{$message_size}{80k}{1}{0}} spam = nobody:true condition = ${if >{$spam_score_int}{120}{1}{0}} The first block rejects messages that contain viruses or other malware, and the second and third add headers to messages indicating whether or not SpamAssassin considers them spam. The final block rejects messages having a spam score of higher than 12. The /defer_ok in the last three blocks tells Exim that it is okay to continue processing in the event that the SpamAssassin daemon could not be contacted. You can remove it if you would prefer to have the server return a temporary failure code in such cases. You can also add /defer_ok to the end of the malware = * line if you want processing to continue in the event that a message cannot be scanned by ClamAV. 7. Tell Exim which virus scanner to use and how to connect to SpamAssassin. Use a text editor to create a file named /etc/exim4/conf.d/main/ 10_exim4-exiscan_acl_options that contains the following: av_scanner = clamd:/var/run/clamav/clamd.ctl spamd_address = 127.0.0.1 783 CHECK_DATA_LOCAL_ACL_FILE = CONFDIR/acl_check_data_local 8. Tell Exim to load the new configuration: # invoke-rc.d exim4 reload All messages transmitted through your server should now be checked for viruses using ClamAV. Additionally, messages less than 80 kilobytes will also be checked using SpamAssassin. This is a good time to test the configuration again. Fixes for the problems that you are most likely to encounter can be found in the next section. Testing and Troubleshooting This section contains some generic troubleshooting tips, plus specific information about some common errors and how to fix them.
Note: If you are looking for cheap and reliable webhost to host and run your mysql application check mysql web server services.