how to prevent denial of service attack ubuntu

Featured

July 23, 2021 in Tips and Tricks, Ubuntu

how to prevent denial of service attack ubuntu

How to check for and stop DDoS attacks on Linux

netstat -ntu|awk '{print $5}'|cut -d: -f1 -s |cut -f1,2 -d'.'|sed 's/$/.0.0/'|sort|uniq -c|sort -nk1 -r
sudo apt-get install net-tools -y
netstat -ntu|awk '{print $5}'|cut -d: -f1 -s |cut -f1,2,3 -d'.'|sed 's/$/.0/'|sort|uniq -c|sort -nk1 -r

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c

sudo netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

sudo route add ADDRESS reject
sudo iptables -A INPUT -s ADDRESS/SUBNET -j DROP

July 16, 2021 in Technology, Tips and Tricks, Ubuntu

how to install ftp server in ubuntu 20.04

Here we will install and configure vsftpd (Very Secure File Transfer Protocol Daemon) on Ubuntu.

Install vsftpd

Update the package list and dependencies for vsftpd. Then second command download and Install vsftpd. 

$ sudo apt update && sudo apt install vsftpd

Check the status of vsftpd

$ sudo service vsftpd status
● vsftpd.service – vsftpd FTP server Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2020-04-27 19:35:30 IST; 13s ago Main PID: 54532 (vsftpd) Tasks: 1 (limit: 1137) Memory: 652.0K CGroup: /system.slice/vsftpd.service └─54532 /usr/sbin/vsftpd /etc/vsftpd.conf Apr 27 19:35:30 ubuntu systemd[1]: Starting vsftpd FTP server… Apr 27 19:35:30 ubuntu systemd[1]: Started vsftpd FTP server.

Configure Firewall

$ sudo ufw allow OpenSSH

$ sudo ufw allow 20/tcp
$ sudo ufw allow 21/tcp

$ sudo ufw allow 40000:50000/tcp

$ sudo ufw allow 990/tcp

$ sudo ufw enable

$ sudo ufw status
Status: active To Action From — —— —- OpenSSH ALLOW Anywhere Apache Full ALLOW Anywhere 3306 ALLOW Anywhere 20/tcp ALLOW Anywhere 21/tcp ALLOW Anywhere 40000:50000/tcp ALLOW Anywhere 990/tcp ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Apache Full (v6) ALLOW Anywhere (v6) 3306 (v6) ALLOW Anywhere (v6) 20/tcp (v6) ALLOW Anywhere (v6) 21/tcp (v6) ALLOW Anywhere (v6) 40000:50000/tcp (v6) ALLOW Anywhere (v6) 990/tcp (v6) ALLOW Anywhere (v6)

Create FTP User

$ sudo adduser ftpuser

$ sudo nano /etc/ssh/sshd_config

DenyUsers ftpuser

$ sudo service sshd restart

Directory Permissions

Upload to a Web Server

$ sudo usermod -d /var/www ftpuser

$ sudo chown ftpuser:ftpuser /var/www/html

 Upload to a Home Folder

$ sudo mkdir /home/ftpuser/ftp

$ sudo chown nobody:nogroup /home/ftpuser/ftp

$ sudo chmod a-w /home/ftpuser/ftp

$ sudo mkdir /home/ftpuser/ftp/files

$ sudo chown ftpuser:ftpuser /home/ftpuser/ftp/files

Configure vsftpd

$ sudo mv /etc/vsftpd.conf /etc/vsftpd.conf.bak

$ sudo nano /etc/vsftpd.conf

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
force_dot_files=YES
pasv_min_port=40000
pasv_max_port=50000
user_sub_token=$USER
local_root=/home/$USER/ftp

We are done with vsftpd.conf

$ sudo systemctl restart vsftpd

Secure FTP with TLS (Recommended)

$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
$ sudo nano /etc/vsftpd.conf

ssl_enable=YES
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
$ sudo systemctl restart vsftpd

Testing TLS with FileZilla

July 10, 2021 in Only Happened In India, Php, Tips and Tricks, Ubuntu

change pagination style in opencart

how to change design of pagination in opencart

Change or Add new class in pagination.php file stored in /home/ubuntu/public_html/shopping/system/library

<?php
/**
 * @package		OpenCart
 * @author		Daniel Kerr
 * @copyright	Copyright (c) 2005 - 2017, OpenCart, Ltd. (https://www.opencart.com/)
 * @license		https://opensource.org/licenses/GPL-3.0
 * @link		https://www.opencart.com
*/

/**
* Pagination class
*/
class Pagination {
	public $total = 0;
	public $page = 1;
	public $limit = 20;
	public $num_links = 8;
	public $url = '';
	public $text_first = '|&lt;';
	public $text_last = '&gt;|';
	public $text_next = '&gt;';
	public $text_prev = '&lt;';

	/**
     * 
     *
     * @return	text
     */
	public function render() {
		$total = $this->total;

		if ($this->page < 1) {
			$page = 1;
		} else {
			$page = $this->page;
		}

		if (!(int)$this->limit) {
			$limit = 10;
		} else {
			$limit = $this->limit;
		}

		$num_links = $this->num_links;
		$num_pages = ceil($total / $limit);

		$this->url = str_replace('%7Bpage%7D', '{page}', $this->url);

		$output = '<ul class="pagination">';

		if ($page > 1) {
			$output .= '<li class="page-item"><a class="page-link" href="' . str_replace(array('&amp;page={page}', '?page={page}', '&page={page}'), '', $this->url) . '">' . $this->text_first . '</a></li>';
			
			if ($page - 1 === 1) {
				$output .= '<li class="page-item"><a class="page-link" href="' . str_replace(array('&amp;page={page}', '?page={page}', '&page={page}'), '', $this->url) . '">' . $this->text_prev . '</a></li>';
			} else {
				$output .= '<li class="page-item"><a class="page-link" href="' . str_replace('{page}', $page - 1, $this->url) . '">' . $this->text_prev . '</a></li>';
			}
		}

		if ($num_pages > 1) {
			if ($num_pages <= $num_links) {
				$start = 1;
				$end = $num_pages;
			} else {
				$start = $page - floor($num_links / 2);
				$end = $page + floor($num_links / 2);

				if ($start < 1) {
					$end += abs($start) + 1;
					$start = 1;
				}

				if ($end > $num_pages) {
					$start -= ($end - $num_pages);
					$end = $num_pages;
				}
			}

			for ($i = $start; $i <= $end; $i++) {
				if ($page == $i) {
					$output .= '<li class="page-item active"><a href="#" class="page-link">' . $i . '</a></li>';
				} else {
					if ($i === 1) {
						$output .= '<li class="page-item" ><a class="page-link" href="' . str_replace(array('&amp;page={page}', '?page={page}', '&page={page}'), '', $this->url) . '">' . $i . '</a></li>';
					} else {
						$output .= '<li class="page-item"><a class="page-link" href="' . str_replace('{page}', $i, $this->url) . '">' . $i . '</a></li>';
					}
				}
			}
		}

		if ($page < $num_pages) {
			$output .= '<li class="page-item"><a class="page-link" href="' . str_replace('{page}', $page + 1, $this->url) . '">' . $this->text_next . '</a></li>';
			$output .= '<li class="page-item"><a class="page-link" href="' . str_replace('{page}', $num_pages, $this->url) . '">' . $this->text_last . '</a></li>';
		}

		$output .= '</ul>';

		if ($num_pages > 1) {
			return $output;
		} else {
			return '';
		}
	}
}

June 29, 2021 in Technology, Tips and Tricks, Ubuntu

IDE for reactjs

1. VS Code –

You can download VS code on Windows, Mac, Ubuntu, Debian, Red Hat, Fedora, and on SUSE, free of cost under the open-source of MIT license. It is popular among developers for providing all kinds of programming needs. React and VS code easily transformed into a compelling React IDE to enhance the productivity and speed of development using plugins.

vs-code

2. Atom –

Atom is another interesting and widely used ReactJS IDE. With 50K plus Github stars and more than 13k forks, this open-source IDE for ReactJS development brings varieties of features for an amazing development experience for users as well as for developers. It allows programmers to mangle each part of Atom according to their convenience even without tasting any configuration file.

atom

Windows, Mac, and Linux offer a wide range of applications and high-end support. Additionally, with auto-completion of syntax and inline indentation, mini-map features, it can be customized using Node.js based plugins to maximize functionality.

3. Reactide –

Reactide is the first ReactJS IDE which can be considered as a cross-platform for web application development. It just does not offer an integrated Node Server and custom simulator which eliminates the need for building unnecessary built-tool and server configurations, it renders the project in the browser instantly and provides hot module re-loading by default. This free tool can be downloaded from macOS, Windows and Debian.

reactide

4. Alloy Editor React –

This rich ReactJS IDE text editor gets used as a core component for several applications such as blogs, eCommerce administrator tools, and many more. It comprises smart toolbars that appear on the selected text depending on the different context functionality. It allows developers to add buttons or upload relevant images from clipboards or to drag from any other applications. Its amazing architecture enables programmers to paste rich text from web pages and preserve the formatting.

alloy-editor-react

5. Webstorm

This ReactJS IDE is a paid service but one of the most feature-rich IDE for ReactJS Development around the entire javascript ecosystem. Its ecosystem includes Cordova, React Native, Electron, NodeJS, and many more.

webstorm

JetBrains is a producer of Webstorm, and from the last 18 years, it has been proved as one of the best IDE for continuous product upgrades as well as customer support. Due to its regular product upgrades and support, most of the React.js Development Company relies on this.

6. Nuclide –

Developed by FaceBook, Nuclide works as a text editor for both React Native and ReactJS. However, now Facebook is no longer associated with this and does not offer any associated updates; still, it gets huge community support. Many developers have considered Nuclide as one of the best IDE reactJS technology due to its cross-platform support, autocomplete, inline indentation, build in debugging capabilities, and diagnosis capabilities.

nuclide

7. Sublime Text-3 –

It is another powerful integrated development programme which helps in various programming languages and frameworks. The sublime Text tool is a great option for those who do not want to scratch their head for anything else.

sublime-text-3

It has many plugins available to turn sublime into a feature-rich IDE for ReactJS Development. Plus, it can be used for enhancing development experience with ColorSublime, Babel, SublimeREPL, ColorPicker, React ES6 snippet, and many other technologies.

8. Rekit Studio –

Rekit is another ReactJS IDE, which basically focuses on developing apps using React. Along with IDE it also works as a toolkit that gets used for developing scalable applications utilizing React, react-router, and redux. A few basic features like refactoring, unit tests, code generation, support for Less and Sass, react-router, command-line tools etc. help in expanding its functionality.

rekit-studio

9. Brackets –

If you are looking for any lightweight, modern and powerful text editor which blends seamlessly with visual tools, Brackets is worth consideration for you. Brackets are produced from Adobe, and it is available under MIT license as free to use the tool. You can find a range of plugins available to enhance Brackets functionality using React components even without delving into the creative procedures. Brackets are specially crafted for web designers and front-end developers.

brackets

10. Deco IDE –

Many React.js development services found Deco IDE as the best IDE to react to native development. Earlier it was supported by macOS, but now it is not getting any regular updates from them. Originally it was a paid IDE reactJS, but since 2016 it is now free and open-source to use.

deco-ide

June 28, 2021 in Technology, Tips and Tricks, Ubuntu

How to manage Journal logs in ubuntu

Yes you can delete everything inside of /var/log/journal/* but do not delete the directory itself. You can also query journalctl to find out how much disk space it’s consuming:

$ journalctl --disk-usage
Journals take up 3.8G on disk.

You can control the size of this directory using this parameter in your /etc/systemd/journald.conf:

SystemMaxUse=50M

You can force a log rotation:

$ sudo systemctl kill --kill-who=main --signal=SIGUSR2 systemd-journald.service

NOTE: You might need to restart the logging service to force a log rotation, if the above signaling method does not do it. You can restart the service like so:

$ sudo systemctl restart systemd-journald.service

abrt logs

These files too under /var/cache/abrt-di/* can be deleted as well. The size of the log files here is controlled under:

$ grep -i size /etc/abrt/abrt.conf 
# Max size for crash storage [MiB] or 0 for unlimited
MaxCrashReportsSize = 1000

You can control the max size of /var/cache/abrt-di by changing the following in file, /etc/abrt/plugins/CCpp.conf:

DebugInfoCacheMB = 2000

NOTE: If not defined DebugInfoCacheMB defaults to 4000 (4GB).

June 28, 2021 in Learning, Technology, Tips and Tricks, Ubuntu

What is the journal?

what is journal in ubuntu

Many modern file systems employ a journal including NTFS, Ext3/4, XFS, HFS+, and others. The journal helps with two things, avoiding file system corruption and speeding up recovery after a failure such as a power loss or system crash. There are two major components to a file system, the data and the metadata. The data is the contents of a file, image, video, documents, and ultimately it is what gives the file system it’s value. The metadata is what describes the structure of the filesystem including how files are named, stored in directories, access permissions, file modification times, and recording areas of the disk that are in use or are free to be allocated to other files as they grow or are created. If the metadata becomes corrupted because of a system crash, it could lead to further data loss/corruption. For example, part of the disk might be selected for allocation to a file, but if it’s not recorded correctly before a crash, it might be added to the file’s list of data blocks, but still in the list of free data blocks and allocated to a second file later on. Now, there are two files that are sharing the same data blocks/content.

The journal is a place on the disk reserved for recording changes to the file system. The exact details of what is being changed it written first to the journal located in a single location on disk, then, after the journal is updated, the changes are applied to the appropriate locations on the disk which might require several writes. One the updates are done, the journal entry is marked as complete. After a crash, the system only need to examine the journal for incomplete entries and complete them to fix the file system. This speeds recovery and ensures a change is made entirely or not at all. If a block is allocated to a growing file, it will be added to the file’s block list and also marked as in use.

Also, on file systems that support journalling, most often it’s only metadata journalling to preserve the structure, but not the data itself. Full data journalling is normally quite expensive and slow, but less crucial than metadata. It’s possible to enable for data as well if needed.

Also, to complete this, there are some file systems that don’t currently offer journalling including FAT32, exFAT, Ext2, and UDF. If there’s a crash during an update, a full scan of the filesystem needs to be done to track down any errors or corruption.

June 28, 2021 in MySql, Tips and Tricks, Ubuntu

what happened when we remove all files and folders in ubuntu from /var/log folder

Delete all of /var/log?

If you delete everything in /var/log, you will most likely end up with tons of error messages in very little time, since there are folders in there which are expected to exist (e.g. exim4, apache2, apt, cups, mysql, samba and more). Plus: there are some services or applications that will not create their log files, if they don’t exist. They expect at least an empty file to be present. So the direct answer to your question actually is “Do not do this!!!”.

How to clean log files in Linux

1.Check the disk space from the command line. Use the du command to see which files and directories consume the most space inside of the /var/log directory.

$ sudo du -h /var/log/

The du command prints the estimated disk space usage of each file and directory for the path that you specified.

The -h argument causes the command to print the information in a human-readable format.

The output of the du command  :

$ sudo du -h /var/log/

4.0K /var/log/landscape
196K /var/log/apt
80M /var/log/apache2
12K /var/log/dbconfig-common
4.1G /var/log/journal/ec2d37b34f2f9fd221dd8855017d9f76
4.1G /var/log/journal
du: cannot read directory ‘/var/log/amazon/ssm/audits’: Permission denied
4.0K /var/log/amazon/ssm/audits
208K /var/log/amazon/ssm
212K /var/log/amazon
4.0K /var/log/lxd
4.0K /var/log/dist-upgrade
36K /var/log/mysql
152K /var/log/unattended-upgrades
4.5G /var/log/

List Disk Usage of current directory

 $ du -h *

After finding that my /var/log/journal folder was taking several GB, I followed:

$ sudo journalctl --vacuum-time=10d

which cleared 90%+ of it

June 28, 2021 in Only Happened In India, Php, Tips and Tricks, Ubuntu

Remove all mail services from ubuntu

List of mail service used for php in ubuntu

  1. postfix
  2. sendmail
  3. mailutils

remove postfix ubuntu

$ sudo apt remove postfix
$ sudo apt purge postfix
$ sudo apt autoremove

remove sendmail service ubuntu

$ sudo apt-get remove sendmail
$ sudo apt-get purge sendmail
OR  To remove send mail completely you have to use:
$ sudo apt-get purge sendmail*

remove mailutils service ubuntu

$ sudo apt-get remove mailutils 
$ sudo apt-get remove --auto-remove mailutils 
$ sudo apt-get purge mailutils 
$ sudo apt-get purge --auto-remove mailutils

June 28, 2021 in Tips and Tricks, Ubuntu

What is postfix in ubuntu

Postfix is the default Mail Transfer Agent (MTA) in Ubuntu. It attempts to be fast and secure, with flexibility in administration. It is compatible with the MTA sendmail. This section will explain installation, including how to configure SMTP for secure communications.

Note

This guide does not cover setting up Postfix Virtual Domains, for information on Virtual Domains and other advanced configurations see References.

Installation

To install Postfix run the following command:

sudo apt install postfix

For now, it is ok to simply accept defaults by pressing return for each question. Some of the configuration options will be investigated in greater detail in the next stage.

Deprecation warning: please note that the mail-stack-delivery metapackage has been deprecated in Focal. The package still exists for compatibility reasons, but won’t setup a working email system.

Basic Configuration

There are four things you should decide before starting configuration:

  • The <Domain> for which you’ll accept email (we’ll use mail.example.com in our example)
  • The network and class range of your mail server (we’ll use 192.168.0.0/24)
  • The username (we’re using steve)
  • Type of mailbox format (mbox is default, we’ll use the alternative, Maildir)

To configure postfix, run the following command:

sudo dpkg-reconfigure postfix

The user interface will be displayed. On each screen, select the following values:

  • Internet Site
  • mail.example.com
  • steve
  • mail.example.com, localhost.localdomain, localhost
  • No
  • 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24
  • 0
  • +
  • all

To set the mailbox format, you can either edit the configuration file directly, or use the postconf command. In either case, the configuration parameters will be stored in /etc/postfix/main.cf file. Later if you wish to re-configure a particular parameter, you can either run the command or change it manually in the file.

To configure the mailbox format for Maildir:

sudo postconf -e 'home_mailbox = Maildir/'

Note

This will place new mail in /home/username/Maildir so you will need to configure your Mail Delivery Agent (MDA) to use the same path.

SMTP Authentication

SMTP-AUTH allows a client to identify itself through the SASL authentication mechanism, using Transport Layer Security (TLS) to encrypt the authentication process. Once authenticated the SMTP server will allow the client to relay mail.

To configure Postfix for SMTP-AUTH using SASL (Dovecot SASL), run these commands at a terminal prompt:

sudo postconf -e 'smtpd_sasl_type = dovecot'
sudo postconf -e 'smtpd_sasl_path = private/auth'
sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_security_options = noanonymous,noplaintext'
sudo postconf -e 'smtpd_sasl_tls_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_recipient_restrictions = \
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'

Note

The smtpd_sasl_path config parameter is a path relative to the Postfix queue directory.

There are several SASL mechanism properties worth evaluating to improve the security of your deployment. The options “noanonymous,noplaintext” prevent use of mechanisms that permit anonymous authentication or that transmit credentials unencrypted.

Next, generate or obtain a digital certificate for TLS. See security – certificates in this guide for details about generating digital certificates and setting up your own Certificate Authority (CA).

Note

MUAs connecting to your mail server via TLS will need to recognize the certificate used for TLS. This can either be done using a certificate from Let’s Encrypt, from a commercial CA or with a self-signed certificate that users manually install/accept. For MTA to MTA TLS certficates are never validated without advance agreement from the affected organizations. For MTA to MTA TLS, unless local policy requires it, there is no reason not to use a self-signed certificate. Refer to security – certificates in this guide for more details.

Once you have a certificate, configure Postfix to provide TLS encryption for both incoming and outgoing mail:

sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'myhostname = mail.example.com'

If you are using your own Certificate Authority to sign the certificate enter:

sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'

Again, for more details about certificates see security – certificates in this guide.

Note

After running all the commands, Postfix is configured for SMTP-AUTH and a self-signed certificate has been created for TLS encryption.

Now, the file /etc/postfix/main.cf should look like this:

# See /usr/share/postfix/main.cf.dist for a commented, more complete
# version

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = server1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.example.com, localhost.example.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

The postfix initial configuration is complete. Run the following command to restart the postfix daemon:

sudo systemctl restart postfix.service

Postfix supports SMTP-AUTH as defined in RFC2554. It is based on SASL. However it is still necessary to set up SASL authentication before you can use SMTP-AUTH.

When using ipv6, the mynetworks parameter may need to be modified to allow ipv6 addresses, for example:

 mynetworks = 127.0.0.0/8, [::1]/128

Configuring SASL

Postfix supports two SASL implementations: Cyrus SASL and Dovecot SASL. To enable Dovecot SASL the dovecot-core package will need to be installed:

sudo apt install dovecot-core

Next, edit /etc/dovecot/conf.d/10-master.conf and change the following:

service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
  # permissions make it readable only by root, but you may need to relax these
  # permissions. Users that have access to this socket are able to get a list
  # of all usernames and get results of everyone's userdb lookups.
  unix_listener auth-userdb {
    #mode = 0600
    #user = 
    #group = 
  }

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
 }

To permit use of SMTP-AUTH by Outlook clients, change the following line in the authentication mechanisms section of /etc/dovecot/conf.d/10-auth.conf from:

auth_mechanisms = plain

to this:

auth_mechanisms = plain login

Once you have Dovecot configured, restart it with:

sudo systemctl restart dovecot.service

Testing

SMTP-AUTH configuration is complete. Now it is time to test the setup.

To see if SMTP-AUTH and TLS work properly, run the following command:

telnet mail.example.com 25

After you have established the connection to the Postfix mail server, type:

ehlo mail.example.com

If you see the following in the output, then everything is working perfectly. Type quit to exit.

250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME

Troubleshooting

When problems arise, there are a few common ways to diagnose the cause.

Escaping chroot

The Ubuntu Postfix package will by default install into a chroot environment for security reasons. This can add greater complexity when troubleshooting problems.

To turn off the chroot usage, locate the following line in the /etc/postfix/master.cf configuration file:

smtp      inet  n       -       -       -       -       smtpd

and modify it as follows:

smtp      inet  n       -       n       -       -       smtpd

You will then need to restart Postfix to use the new configuration. From a terminal prompt enter:

sudo service postfix restart

SMTPS

If you need secure SMTP, edit /etc/postfix/master.cf and uncomment the following line:

smtps     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Log Viewing

Postfix sends all log messages to /var/log/mail.log. However, error and warning messages can sometimes get lost in the normal log output so they are also logged to /var/log/mail.err and /var/log/mail.warn respectively.

To see messages entered into the logs in real time you can use the tail -f command:

tail -f /var/log/mail.err

Increasing Logging Detail

The amount of detail that is recorded in the logs can be increased via the configuration options. For example, to increase TLS activity logging set the smtpd_tls_loglevel option to a value from 1 to 4.

    sudo postconf -e 'smtpd_tls_loglevel = 4'

Reload the service after any configuration change, to make the new config active:

    sudo systemctl reload postfix.service

Logging mail delivery

If you are having trouble sending or receiving mail from a specific domain you can add the domain to the debug_peer_list parameter.

    sudo postconf -e 'debug_peer_list = problem.domain'
    sudo systemctl reload postfix.service

Increasing daemon verbosity

You can increase the verbosity of any Postfix daemon process by editing the /etc/postfix/master.cf and adding a -v after the entry. For example, edit the smtp entry:

    smtp      unix  -       -       -       -       -       smtp -v

Then, reload the service as usual:

    sudo systemctl reload postfix.service

Logging SASL debug info

To increase the amount of information logged when troubleshooting SASL issues you can set the following options in /etc/dovecot/conf.d/10-logging.conf

    auth_debug=yes
    auth_debug_passwords=yes

Just like Postfix if you change a Dovecot configuration the process will need to be reloaded:

    sudo systemctl reload dovecot.service

Note

Some of the options above can drastically increase the amount of information sent to the log files. Remember to return the log level back to normal after you have corrected the problem. Then reload the appropriate daemon for the new configuration to take affect.

Read More