Restrict RoundCube login username to one domain

Restrict RoundCube login username to one domain

Roundcube is a client software to access IMAP mailboxes. If you already came to this post, then I’m sure you’ve figured out that RoundCube does not restrict domains in the login form, which means that as long as your username and password are OK, you can basically use any domain you like in your username field. Exc: @gmail.com, @yahoo.com etc.

This is not something that Roundcube deals with, because it should be taken care of on your IMAP server configuration, and if the IMAP server does not check for your full username (domain included), and allows access with any other domain, you get access :). However, even if it’s taken care of on your IMAP server, handling this in RoundCube will prevent an unnecessary request to your IMAP server.

One of the configuration options in Roundcube helps you append the domain to a clean username login.
Exc: if in your username field you type only the username “username” without the “@domain.com” then roundcube can help  you by appending the “@domain.com”. This is helpful only for IMAP servers that require full e-mail addresses for login. You can specify this by editing $rcmail_config[‘username_domain’] variable in config/defaults.inc.php

By default that variable is blank as below:

$config['username_domain'] = '';

Above that variable, you’ll find a short description on what options can be set to this variable, one of which you might assume it is:

%d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)

But in cases when your roundcube installation is in a different host/domain server than your original domain that is needed to authenticate in your IMAP server, that will not help, therefore use your domain as follows:

$config['username_domain'] = 'yourdomain.com';

Now if you type “username” (without the domain) in the username field, roundcube will append “@yourdomain.com” and the request to your IMAP server will have your username sent as “username@yourdomain.com”, otherwise if you already specify the domain in your username field, it will make the login request with the specified domain which in this case can be anything (@gmail.com, @yahoo.com etc). Continue reading “Restrict RoundCube login username to one domain”

Advertisements

Track user last-login with Dovecot and MySQL in Postfix setup

This will help you to set up SQL based user last-login tracking.
Beware of potential SQL injection holes if you allow users to have special characters in usernames.

Create a MySQL table named “lastauth”

CREATE TABLE IF NOT EXISTS `lastauth` (
`user` char(32) NOT NULL,
`remote_ip` char(18) NOT NULL,
`timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY `user`
);

Create the bash script in /usr/bin/trackAuth.sh

#!/bin/bash

# $USER > login username 
# $IP > remote ip address 

MYSQL_USER='USERNAME'
PASSWD='PASSWORD'
DB_HOST='DBHOST'
DB_NAME='DNAME'


CHECK_USER=`mysql -h${DB_HOST} -u${MYSQL_USER} -p${PASSWD} ${DB_NAME} -AN -e "SELECT user from lastauth WHERE user='$USER' LIMIT 1"`

if [ $CHECK_USER == "$USER" ]; then

if [ X"${USER}" != X"dump-capability" ]; then
mysql -h${DB_HOST} -u${MYSQL_USER} -p${PASSWD} ${DB_NAME} >/dev/null 2>&1 <<EOF
UPDATE lastauth SET remote_ip="$IP", timestamp=NOW() WHERE user='$USER';
EOF
fi

else

if [ X"${USER}" != X"dump-capability" ]; then
mysql -h${DB_HOST} -u${MYSQL_USER} -p${PASSWD} ${DB_NAME} >/dev/null 2>&1 <<EOF
INSERT INTO lastauth (user, remote_ip, timestamp) VALUES("$USER", "$IP", NOW())
EOF
fi

fi

exec "$@"

Continue reading “Track user last-login with Dovecot and MySQL in Postfix setup”

/dev/mapper/cryptswap1 is not ready yet or not present

I had this error going for a long time now (usually while my system was loading from a reboot) and my swap space would usually just not work…
I finally had some time to deal with that.
I couldnt even reformat it in gparted or something similar…

This is how I fixed it:

First you turn your swap space off

$ sudo swapoff -a

commented out the existing swap line in /etc/crypttab

comment out the swap line in /etc/fstab

# /dev/mapper/cryptswap1 none swap sw 0 0

reboot your pc/laptop

now you should be working without a swap space, try reformatting your partition in gparted to a linux-swap type (in my case it was /dev/sda3)

after successfully reformatting it, proceed this way: Continue reading “/dev/mapper/cryptswap1 is not ready yet or not present”

Copy: Configure IPSEC VPN connection with Racoon, Kannel and RapidSMS in Debian server

This guide will address establishing a remote connection with a mobile operator, create a data collecting RapidSMS application, and everything in between – specifically using the Kannel SMS gateway.

I realize this guide will only cater to a very specific group of technicians seeking to use the following technologies:

-IPSec VPN, as their means of communicating with a mobile operator (SMS Center).

-Kannel, as the SMS Gateway which talks to the SMS Center, relaying messages via HTTP requests.

-RapidSMS, as their choice of data-collection and communication tool.

This guide is aimed at demystifying any confusion that may occur in an otherwise obscure and arcane world of SMS. I will use my very own examples and clarify version numbers to show what works. I am using the Debian 6.0 “Squeeze” release.

VPN

We will begin by establishing a Virtual Private Network as the very first step – without it, no data would be able to get in or out from the SMS Center.

At this point, you should have already made arrangements with at least one mobile operator to establish a VPN with their SMS Center. Additionally, they should have provided you with a list of parameters necessary for the connection, these include authentication methods, source IP addresses, ports, keys, and much more.

This guide will be focusing on establishing an IPSec VPN – solely because of the specific parameters given by my mobile operator.

Below is a copy of the sheet of parameters given to me by the local mobile operator post-agreement, use it to cross-reference with the configurations in the next few steps: Continue reading “Copy: Configure IPSEC VPN connection with Racoon, Kannel and RapidSMS in Debian server”

CiviCRM, civimail cron job setup

To have your mailing actually send. We have to set up a cron job that will periodically poke CiviMail to send all of the mailings that are past their scheduled date.

Actually there are so many ways out there to do this thing, and probably are shorter, but I’ve built a script for my self to do that for me and is more clear to understand.

Note: The script works only with Drupal.

1. Create a file in /usr/local/bin/ called civicrmcron.sh
    and add the following lines in it, edit the required fields and save it: Continue reading “CiviCRM, civimail cron job setup”

Database backup scripts

1. Database backup bash script
2. Perl email script
3. Cron job configuration to run the script

Here are some scripts that will help you make a database backup and than
another script that will send you an email, to confirm that the backup was made and probably if you want you can make the script send you the backup attached via email…
Then finally a cron configuration to run the database backup script everyday, week, month or once a year.

So here is the step by step tutorial…

First Lets make some directories..

1. Make a directory in /var/backups/ called sqlbackup

mkdir /var/backups/sqlbackup

Continue reading “Database backup scripts”