Automx on Debian stretch and Apache2
Davide Marchi
danjde at msw.it
Sat Mar 9 00:04:26 CET 2019
Hi Friends,
I've just installed a "deb" Automx on my Debian stretch VPS, I have some
doubts (the deb packages file path seems different) and I'm unable to
fetch the mx configuration, if you could give me some help I would
appreciate it a lot ;-)
One doubt is: should I copy the content of
"/usr/lib/python2.7/dist-packages/automx/" into "/usr/lib/automx/"?
The story:
0) installed the automx debian version 0.10.0-2.1 on Debian Stretch
1) set the DNS entry as described on INSTALL.md
2) installed Letsencrypt for certificates
3) copied (and create the directory)
/usr/lib/python2.7/dist-packages/automx_wsgi.py to /usr/lib/automx
4) installed the software requirements (I hope..)
from Apache error.log obtain:
[Fri Mar 08 23:08:57.162199 2019] [authz_core:error] [pid 29610] [client
1.2.3.4:52092] AH01630: client denied by server configuration:
/usr/lib/automx/automx_wsgi.py
and from Apache2 access.log:
1.2.3.4 - - [08/Mar/2019:23:44:15 +0100] "GET
/mail/config-v1.1.xml?emailaddress=example at example.org HTTP/1.1" 302 652
"-" "Wget/1.18 (linux-gnu)"
1.2.3.4 - - [08/Mar/2019:23:44:15 +0100] "GET
/mail/config-v1.1.xml?emailaddress=example at example.org HTTP/1.1" 404
3968 "-" "Wget/1.18 (linux-gnu)"
1.2.3.4 - - [08/Mar/2019:23:44:15 +0100] "POST
/autodiscover/autodiscover.xml HTTP/1.1" 404 3979 "-" "Wget/1.18
(linux-gnu)"
1.2.3.4 - - [08/Mar/2019:23:44:15 +0100] "POST
/autodiscover/autodiscover.xml HTTP/1.1" 404 3979 "-" "Wget/1.18
(linux-gnu)"
1.2.3.4 - - [08/Mar/2019:23:44:15 +0100] "POST /mobileconfig HTTP/1.1"
403 3973 "-" "Wget/1.18 (linux-gnu)"
Running automx-test 3x1t at 3x1t.org obtain:
Testing Autoconfig ...
Connecting to
http://autoconfig.example.org/mail/config-v1.1.xml?emailaddress=example@example.org
...
HTTP/1.1 302 Found
Date: Fri, 08 Mar 2019 22:08:56 GMT
Server: Apache/2.4.25 (Debian)
Location:
https://autoconfig.example.org:443/mail/config-v1.1.xml?emailaddress=example@example.org
Content-Length: 348
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
HTTP/1.1 404 Not Found
Date: Fri, 08 Mar 2019 22:08:56 GMT
Server: Apache/2.4.25 (Debian)
Content-Length: 304
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Testing Autodiscover (Microsoft Outlook(tm)) ...
Connecting to
https://autodiscover.example.org/autodiscover/autodiscover.xml ...
HTTP/1.1 404 Not Found
Date: Fri, 08 Mar 2019 22:08:56 GMT
Server: Apache/2.4.25 (Debian)
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Testing Autodiscover (mobilesync) ...
Connecting to
https://autodiscover.example.org/autodiscover/autodiscover.xml ...
HTTP/1.1 404 Not Found
Date: Fri, 08 Mar 2019 22:08:57 GMT
Server: Apache/2.4.25 (Debian)
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Testing mobileconfig...
Connecting to https://autodiscover.example.org/mobileconfig ...
HTTP/1.1 403 Forbidden
Date: Fri, 08 Mar 2019 22:08:57 GMT
Server: Apache/2.4.25 (Debian)
Content-Length: 309
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
I show you my configurations:
------------------------- automx deb content -------------------------
/usr
/usr/share
/usr/share/doc-base
/usr/share/doc-base/automx
/usr/share/man
/usr/share/man/man5
/usr/share/man/man5/automx_script.5.gz
/usr/share/man/man5/automx_ldap.5.gz
/usr/share/man/man5/automx_sql.5.gz
/usr/share/man/man5/automx.conf.5.gz
/usr/share/man/man1
/usr/share/man/man1/automx-test.1.gz
/usr/share/doc
/usr/share/doc/automx
/usr/share/doc/automx/html
/usr/share/doc/automx/html/automx.conf.5.html
/usr/share/doc/automx/html/INSTALL.html
/usr/share/doc/automx/html/automx_sql.5.html
/usr/share/doc/automx/html/BASIC_CONFIGURATION_README.html
/usr/share/doc/automx/html/automx_ldap.5.html
/usr/share/doc/automx/html/automx-test.1.html
/usr/share/doc/automx/html/automx_script.5.html
/usr/share/doc/automx/examples
/usr/share/doc/automx/examples/automx.conf.example-complex
/usr/share/doc/automx/examples/nginx-automx.conf
/usr/share/doc/automx/examples/automx.conf
/usr/share/doc/automx/examples/apache.conf.example
/usr/share/doc/automx/copyright
/usr/share/doc/automx/README.md
/usr/share/doc/automx/changelog.gz
/usr/share/doc/automx/changelog.Debian.gz
/usr/share/doc/automx/ROADMAP
/usr/share/doc/automx/BASIC_CONFIGURATION_README.gz
/usr/lib
/usr/lib/python2.7
/usr/lib/python2.7/dist-packages
/usr/lib/python2.7/dist-packages/automx-0.10.0.egg-info
/usr/lib/python2.7/dist-packages/automx_wsgi.py
/usr/lib/python2.7/dist-packages/automx
/usr/lib/python2.7/dist-packages/automx/config.py
/usr/lib/python2.7/dist-packages/automx/ordereddict.py
/usr/lib/python2.7/dist-packages/automx/view.py
/usr/lib/python2.7/dist-packages/automx/__init__.py
/usr/bin
/usr/bin/automx-test
/etc
/etc/automx.conf
-------------------------- /etc/automx.conf ---------------------------
[automx]
provider = example.org
domains = *
debug = yes
logfile = /var/log/automx/automx.log
# Protect against DoS
memcache = 127.0.0.1:11211
memcache_ttl = 600
client_error_limit = 20
rate_limit_exception_networks = 127.0.0.0/8, ::1/128
# The DEFAULT section is always merged into each other section. Each
section
# can overwrite settings done here.
[DEFAULT]
account_type = email
account_name = example.org
account_name_short = Server Exit.
# If a domain is listed in the automx section, it may have its own
section. If
# none is found here, the global section is used.
[global]
backend = sql
action = settings
# database connection
host = mysql://mailuser:12345678910@127.0.0.1/mailserver
# the query must be adapted to your own circumstances
query = SELECT email FROM virtual_users WHERE email='%s';
# das ergebnis mit "result_attrs" einer variablen zuweisen
# mehrere spalten im ergebnis mit komma getrennt
# im weiteren kann diese variable so benutzt werden: ${user}
result_attrs = email
# If you want to sign mobileconfig profiles, enable these options. Make
sure
# that your webserver has proper privileges to read the key. The cert
file
# must contain the server certificate and all intermediate certificates.
You
# can simply concatenate these certificates.
#sign_mobileconfig = yes
#sign_cert = /path/to/cert
#sign_key = /path/to/key
smtp = yes
smtp_server = smtp.example.org
smtp_port = 587
smtp_encryption = starttls
smtp_auth = plaintext
smtp_refresh_ttl = 6
smtp_default = yes
imap = yes
imap_server = mail.example.org
imap_port = 143
imap_encryption = starttls
imap_auth = plaintext
imap_refresh_ttl = 6
pop = yes
pop_server = mail.example.org
pop_port = 110
pop_encryption = starttls
pop_auth = plaintext
pop_refresh_ttl = 6
[example.org]
backend = global
# example.org uses settings from the global section
---------------------------- Apache2 autoconfig.example.org.conf
-----------------------------------
<VirtualHost *:80>
ServerName example.org
ServerAlias autoconfig.example.org
ServerAdmin example at example.org
# Letsencrypt
Alias /.well-known/acme-challenge/
/var/www/letsencrypt/.well-known/acme-challenge/
<Directory "/var/www/letsencrypt/.well-known/acme-challenge/">
Options None
AllowOverride None
ForceType text/plain
# REGOLA DI SICUREZZA PER LETSENCRYPT (IN QUESTA DIRECTORY NON SI PUÒ
SCRIVERE FILE CHE NON RISPETTINO LE CARATTERISTICHE SOTTO CONFIGURATE)
RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# REDIREZIONE FORZATA VERSO SSH DI HTTP
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/.well-known.*
RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.org
ServerAlias autoconfig.example.org
ServerAdmin example at example.org
# DocumentRoot
/var/www/autoconfig.server.example.org/public_html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile
/etc/letsencrypt/live/server.example.org/fullchain.pem
SSLCertificateKeyFile
/etc/letsencrypt/live/server.example.org/privkey.pem
#SSLOptions +FakeBasicAuth +ExportCertData
+StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<IfModule mod_wsgi.c>
WSGIScriptAliasMatch \
(?i)^/.+/(autodiscover|config-v1.1)>xml \
/usr/lib/automx/automx_wsgi.py
<Directory "/usr/lib/automx">
Order allow,deny
Allow from all
</Directory>
</IfModule>
</VirtualHost>
</IfModule>
---------------------------- Apache2 autodiscover.example.org.conf
-----------------------------------
<VirtualHost *:80>
ServerName example.org
ServerAlias autodiscover.example.org
ServerAdmin example at example.org
# Letsencrypt
Alias /.well-known/acme-challenge/
/var/www/letsencrypt/.well-known/acme-challenge/
<Directory "/var/www/letsencrypt/.well-known/acme-challenge/">
Options None
AllowOverride None
ForceType text/plain
# REGOLA DI SICUREZZA PER LETSENCRYPT (IN QUESTA DIRECTORY NON SI PUÒ
SCRIVERE FILE CHE NON RISPETTINO LE CARATTERISTICHE SOTTO CONFIGURATE)
RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# REDIREZIONE FORZATA VERSO SSH DI HTTP
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/.well-known.*
RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.org
ServerAlias autodiscover.example.org
ServerAdmin example at example.org
# DocumentRoot
/var/www/autodiscover.server.example.org/public_html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile
/etc/letsencrypt/live/server.example.org/fullchain.pem
SSLCertificateKeyFile
/etc/letsencrypt/live/server.example.org/privkey.pem
#SSLOptions +FakeBasicAuth +ExportCertData
+StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<IfModule mod_wsgi.c>
WSGIScriptAliasMatch \
(?i)^/.+/(autodiscover|config-v1.1)>xml \
/usr/lib/automx/automx_wsgi.py
WSGIScriptAlias \
/mobileconfig \
/usr/lib/automx/automx_wsgi.py
<Directory "/usr/lib/automx">
Order allow,deny
Allow from all
</Directory>
</IfModule>
</VirtualHost>
</IfModule>
Many thanks!
Davide
More information about the automx-users
mailing list