Bart Dorlandt - BAMweb.nl

I've written this howto because there is little documentation to get mailgraph working in a Chrooted OpenBSD environment. Thanks to a couple of sites including the archives of Neohapsis and this little howto on umaxx.net.

I assume you'll have apache working with the chroot /var/www.

I've enabled the following lines in my httpd.conf in /var/www/conf

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
AddHandler cgi-script .cgi .pl

I need freetype/truetype support for GD to make use of security images in Joomla. To do this we need some parts of the xbase package. Of course you need the freetype stuff but also another library. Below you'll find a script that will do it for you and also copies the necessary stuff to your chroot.

# be sure to be root for the following tasks
# (sudo su -l root)
part1=`uname -r | cut -d"." -f 1`
part2=`uname -r | cut -d"." -f 2`

cd /tmp
wget ftp://ftp.nluug.nl/pub/OpenBSD/`uname -r`/i386/xbase${part1}${part2}.tgz
cd /
tar xzpf /tmp/xbase${part1}${part2}.tgz *freetype*
tar xzpf /tmp/xbase${part1}${part2}.tgz ./usr/X11R6/lib/libXpm.so.*
tar xzpf /tmp/xbase${part1}${part2}.tgz ./usr/X11R6/lib/libfreetype.so.*
cp -p /usr/X11R6/lib/libXpm.so.* /usr/X11R6/lib/libfreetype.so.* /var/www/usr/lib

After this install gd and php5-gd and do NOT select the "NO_X11".

pkg_add -ai gd php5-gd

Enable gd in php5 and restart your apache. The phpinfo page should show you these 3 extra options:

I have helped the guys from ioncube to make the ioncube loaders available for OpenBSD 4.2. The instructions to make this work are really easy.

First download the ioncube loaders from the loader page.

I've put the following files in /var/www/ioncube

• ioncube_loader_ope_5.2.so
• test/
  • ioncube-encoded-file.php
  • ioncube-loader-helper.php

I've created a symlink from a working website to the test directory so I can test if it is working.

Next edit the php.ini (probably) located in /var/www/conf/

add the following lines. I've put these lines after another Zend statement.

;;;; Zend IonCube extension ;;;;
zend_extension = /var/www/ioncube/ioncube_loader_ope_5.2.so

Now test your configuration. If it doesn't work, follow the output (hints) of the helper files.

I've written a script to copy any program to the chrooted environment of apache with its libraries. Just load the script and use the full path as the first parameter.

Example. If you call the script program_to_chroot.sh

./program_to_chroot.sh /usr/local/bin/ffmpeg

This will copy any relevant library + the ffmpeg file itself to the correspondig directories in /var/www.

I use this program in OpenBSD for Gallery2. FFmpeg needs some X libraries. The file it uses can be found in the xbaseXX.tgz package. You don't need to install the whole package. Just extract it in /tmp and copy the files:

• libX11.so.10.0
• libXau.so.9.0
• libXdmcp.so.9.0
• libXext.so.10.0
• libfontconfig.so.5.1
  
• libfreetype.so.14.0

I followed this guide at kernel-panic.it. Below you'll find a small steps-to-follow guide with some additions.

What to build

I've set-up a mailserver that supports multiple domains. It uses:

• Postfix as MTA (with greylisting)
• Postgrey
• MySQL as backend
• Dovecot as IMAP/POP3 server and Local Delivery Agent (LDA)
  • with quota
• Control plane by amavisd for:
  
  • Anti-spam with Spam Assassin
  • Anti-virus with clamav
• Fetchmail to fetch remote email and inject it in your mailserver
• Squirrelmail for webmail.

What to install

At the time of writing I use OpenBSD 4.2. I make use of packages and ports to make this all work.

After messing around with the Postfix configs last night, I noted this morning that I wasn’t getting any mail.  I found this interesting because I had made some changes to main.cf and master.cf but didn’t actually restart or reload postfix so I don’t know how it picked up the new configs.  Regardless, I put my old configs back and restarted postfix but noted that I as still getting:

status=deferred (mail transport unavailable)

in my log file.  The postfix queue manager was still attempting to deliver the messages using the transport that was never really setup (as I hadn’t finished my new configuration). I poked around for a bit and the solution is to simply re-queue all the message using this command:

postsuper -r ALL

To have a user authorize himself (via Active Directory) to access some directory you can use the following config.

This configuration has to be in /var/www/conf/httpd.conf or included into that file.

Packages needed to make this work:

mod_auth_ldap