CTS 2322 (Unix/Linux Administration II) Project
Webmail, Yum Setup

 

Due: by the start of class on the date shown on the syllabus

Description:

In this project you will configure a web mail MUA called Squirrelmail.  This will first require configuring Apache web server.  You will also configure the web server to enable your yum repository, created in an earlier project.

Background:

Apache Web Server

A web server accepts requests from clients (known as web browsers) for specific documents.  Usually these are text documents with HTML formatting, but may be any type of document.  In addition, a web server can generate documents dynamically, as the result of running separate (external) programs or performing database lookups.

The requests include a URL which uniquely identifies a document on the internet.  A URL has several parts, including a protocol (such as http://, https://, ftp://, etc.), a web server (either an IP address or a DNS name, such as www.example.com, mail.example.com, etc.) and an optional port number (by default “:80”), a pathname, and optional other data.  A typical example might be http://wpollock.example.com/somedocument.html.

A URL can also point to a directory rather than a document.  In this case it is up to the web server to determine what document to return to the client.  Some possibilities include a (nicely formatted) directory listing, an error message, or some default document.  For Apache the default document is called “index.html” (or some variation such as “index.htm” or “index.php”).  A default web page for the top directory of the web server is called the server's home page.  This is the page you get with a URL similar to “http://servername/”.)  By default Apache ships with a default “test” homepage.  You will probably need to change that!

The requests and responses are sent via TCP using HTTP.  A request packet may include form data that the user entered on some web page that allows user input (a form), and includes a submit button.

In many cases, the user needs both privacy (so no one can eavesdrop) and assurance that they are talking to your website and not some impostor.  Both of these goals are met if you use HTTPS connections.  (This will be done in a project for the Unix/Linux Security course.)

Squirrelmail

Squirrelmail is a collection of PHP generated HTML forms that can either directly access mailboxes (MBOX but not Maildir!), or more commonly use an MAA, typically IMAP.  Thus you will need to have your mail service (including IMAP) setup and working before you can setup Squirrelmail.

Although Squirrelmail can be configured to use IMAPS, the user enters usernames and passwords (and composed email) in HTML 4.0 forms.  The resulting HTTP packet is sent in plain text form to your MAA.  This is clearly a security problem!  In this assignment we will use the same server for webmail and the MAA, so no sensitive data is transmitted across a network.  In general you should only configure webmail from secure HTTPS connections.  (This will be done in a project for the Unix/Linux Security course.)

Background material, including resource links, lecture notes with step-by-step directions, and sample configuration files, can be found here.

Note!  Fedora may not have correct SE Linux policy rules for Dovecot or other servers.  It is strongly suggested you make sure SE Linux is run in permissive mode for this project.  One way to always boot up in permissive mode is to edit the file /etc/selinux/config, and follow the comments to change the mode.

Requirements:

You may work individually or in groups on this project.  Each student in a group must submit an identical copy of the assignment, which must include both student names.

Unlike some previous projects, the steps will not include specific commands to run.  At this point, you are expected to be able to locate relevant commands and documentation using the skills you have learned.

Perform the following tasks and answer the following questions

Part I — Apache Web Server Setup

  1. Install the Apache web server package (httpd).
  2. Make a copy of any files you will change, for example httpd.conf as httpd.conf-original.  Make any changes needed to the Apache web server configuration.  While Apache will work “out of the box”, you may need to make some changes to turn on or off various features to suit your use as a webmail server.  For example there is no need to support fancy indexing, UserDirs, etc.  (In real life, you would have a static IP address and DNS name, and you may want to support “https://webmail.servername/”.)  What changes did you make, and to which files?  (You should use diff to record the changes made.)
  3. You can test the Apache web server configuration with the command “httpd -S”.  If any errors are reported, go back and change the incorrect statements.  Repeat until no errors are detected.  (Be sure to re-run diff to record accurately the final set of changes made.)
  4. Make sure you have configured your firewall (and possibly TCP Wrappers) to allow access to your web server from localhost, port TCP/80 (and possibly TCP/443 for HTTPS).  What changed (if any) did you need to make, and to which file(s)?
  5. Check if Apache uses TCP Wrappers.  How do you do that?  If so, what changes will you make to allow access to your webmail from localhost?
  6. Start the web server.  Now examine the error log.  If any errors are reported you may need to change the configuration and then restart the server.  What log messages resulted from starting the web server?
  7. Test the server by running any web browser with the URLhttp://your-server-name/”.  For now your server-name is just “localhost”).  If you don't see the Apache test page, examine the error and access logs to determine the problem(s).  Once working, make sure your web server will start automatically at boot time.  What changes did you make and /or commands did you issue, to have the web server start at boot time?
  8. Replace the default “test” homepage with an actual HTML page.  This page should contain a brief message about the acceptable use of this server (just for webmail), and a link to the correct URL to use to access Squirrelmail.  By default this is http://localhost/webmail/, which can be abbreviated as   “<a href="/webmail/">webmail</a>”.  Be sure the page is legal HTML (or XHTML).  You can save (with the correct name) and modify this Basic.htm web page to create a new default document for your website.  What is the pathname of the default web page?  What are the contents of your new homepage?
  9. Make sure your web servicer log files are properly rotated.  What log file(s) are used for your Apache setup?  What changes (if any) did you make to ensure they are rotated regularly?

Part II — Squirrelmail Setup

  1. Make sure your MTA and MAA are working correctly.
  2. Install the squirrelmail package.  What other packages does this require?
  3. Next, cd to the Squirrelmail directory (/usr/share/squirrelmail)  Here you will find the Squirrelmail configuration program, config/conf.pl.  Run this program (from the Squirrelmail directory), and record the choices you make.  (If you see a blank screen, it is likely the text color is the same as the background color.  Use the command “C” (and hit enter) to turn off colors.)
  4. Start your configuration by choosing the Dovecot pre-configuration.  Then browse the other menus and make any additions or changes you wish.  What changes did you make?  (As always, make sure all changes made are recorded in your system journal.)
  5. Once installed, you should test Squirrelmail.  Using any web browser, view the URL of 
    http://server-name/webmail/src/configtest.php

    (You can use localhost for server-name.)  That will run some tests, and at the bottom of the page will report the results, hopefully that your configuration is working.  If not, re-run the configuration program and change the incorrect setting(s).  Repeat until this works.  Don't forget to record all configuration changes as you make them!

  6. Now use your Squirrelmail web MUA to read and send some email.  Verify the link you added to your homepage works properly.
  7. What log file(s) does Squirrelmail use (if any)?  What change(s) (if any) did you make to ensure Squirrelmail's log file(s) are rotated regularly?

Part III — Yum Repository Setup

In a previous project, you created a yum repository that was accessible with a “file:///URL.  For this part of the project, you will configure apache to serve up this repo, using a “http://localhost/myrepo/URL instead.

  1. If it is still installed, uninstall the “myhello” package.  Verify the command hello no longer is found.
  2. Edit the myrepo.repo file, and change the URL to the repo from “file:///” to “http://localhost/myrepo/”.  What is the output of diff from the previous version to the new version?  (You are encouraged, but not required, to use RCS or some other versioning control system, and check in the original version, then check in the modified version.  You can then use rcsdiff to show the changes made.)
  3. Next you need to configure your web server to recognize this URL.  Create a new file named “myrepo.conf” in the apache configuration directory, /etc/httpd/conf.d/.  This file needs one line in it, an Alias directive to map the URL of http://localhost/myrepo/ to the directory containing your yum repository (should be /var/myrepo/ if you followed the directions in the Building and Installing Software project).  You can look at some of the other configuration files in that directory to see how to use the Alias directive, or look it up in the Apache on-line documentationWhat is the name, permissions, and content of your myrepo.conf file?
  4. While not required by yum, it is customary to place a web page at your repo's URL, so those who type it in will not get an error message.  Often this page will contain instructions for using the repo (or even a link for an RPM you can use to create the repo).  Create a web page named index.html in the root of your repo.  What is the content of your web page?  What permissions does that file need? 
  5. Test your Apache web server configuration, by using the command “httpd -S”.  What errors (if any) did this report?  You should fix any serious errors and try again; note what you did to fix the errors in your journal.
  6. Once there are no web server errors, restart the webserver to activate your new configuration.  Examine the web server error log file.  What is the pathname of the web server error log?  What messages resulted when you restarted the web server?  You should test the configuration, by pointing your web browser to the repo's URL; you should see the web page you created earlier.  If not, trouble-shoot the problem, record the steps needed to fix the problem in your journal.
  7. Finally, you should install the myhello package from your new repo.  What is the exact command you used?  Verify the command hello is now working.

To be turned in:

A copy of your journal pages showing the changed made for this project, and the answers to the questions asked above.  You can send as email to (preferred).  If email is a problem for some reason, you may turn in a hard-copy.  In this case the pages should be readable, dated, and stapled together.  Your name should appear on the first page. 

Don't turn in your whole journal, you will need to add to it every day in class!  It is common in fact to keep the journal as a text file on the system (with a paper backup of course).

Please see your syllabus for more information about submitting projects.