tie-ctenoid
Installing PHP from reposetories are quite simple, but if you need a certain version of PHP which is not supported by your repo, you will often have to compile it by yourself. The following steps can be taken in order to compile PHP on your server. The important part of this guide is to compile the PHP module for Apache2.

Before you start, make sure you have installed the lastet updates to your OS.

aptitude update; aptitude safe-upgrade

Install dependencies for the compilation.

aptitude build-dep php5
aptitude install install libfcgi0ldbl libmcrypt-dev libssl-dev libc-client2007e libc-client2007e-dev libxml2-dev libbz2-dev libcurl4-openssl-dev libjpeg-dev libpng12-dev libfreetype6-dev libkrb5-dev libpq-dev libxml2-dev libxslt1-dev libjpeg-turbo8-dbg

Theres a minor bug with the imap module, so lets fix that by adding a simple symlink.

ln -s /usr/lib/libc-client.a /usr/lib/x86_64-linux-gnu/libc-client.a

Find and download the PHP version of your choice from http://php.net/downloads.php .

cd /tmp
wget http://dk2.php.net/get/php-7.0.0.tar.gz/from/this/mirror -O php-7.0.0.tar.gz

Unpack the package and access the folder.

tar xzf php-7.0.0.tar.gz
cd php-7.0.0

Now it’s time to to configure! The following parameters along “–with-apxs2” will help you build an Apache2 module.

./configure –help will show and explain available parameters

./configure \
--prefix=/opt/php-7.0.0 \
--with-apxs2 \
--with-pdo-pgsql \
--with-zlib-dir \
--with-freetype-dir \
--enable-mbstring \
--with-libxml-dir=/usr \
--enable-soap \
--enable-calendar \
--with-curl \
--with-mcrypt \
--with-zlib \
--with-gd \
--with-pgsql \
--disable-rpath \
--enable-inline-optimization \
--with-bz2 \
--with-zlib \
--enable-sockets \
--enable-sysvsem \
--enable-sysvshm \
--enable-pcntl \
--enable-mbregex \
--enable-exif \
--enable-bcmath \
--with-mhash \
--enable-zip \
--with-pcre-regex \
--with-pdo-mysql \
--with-mysqli \
--with-mysql-sock=/var/run/mysqld/mysqld.sock \
--with-jpeg-dir=/usr \
--with-png-dir=/usr \
--enable-gd-native-ttf \
--with-openssl \
--with-fpm-user=www-data \
--with-fpm-group=www-data \
--with-libdir=/lib/x86_64-linux-gnu \
--with-libdir=lib \
--enable-ftp \
--with-imap \
--with-imap-ssl \
--with-kerberos \
--with-gettext \
--with-xmlrpc \
--with-xsl \
--enable-opcache \
--enable-fpm

The configuration part will run several tests to see if all of the depencies are met in order to compile PHP for your needs. If any errors are met, you will have to fix these before continueing.

Example of a missing dependency

configure: error: mcrypt.h not found. Please reinstall libmcrypt

In cases like the above where some file isn’t found, you are most likely to solve the problem by installing the “-dev” package via aptitude, for example aptitude install libmcrypt-dev would solve the problem in this case.

Once the configure script has completed you can start compiling.

This will take a while – grab a cup of coffee while you wait (approx 10-20 minutes) depending on your hardware.

make

Next, install.

make install

The installation will often give you some relevant output so please read it carefully. In this case note the following line

[preparing module `php7' in /etc/apache2/mods-available/php7.load]

This means that a PHP7 module is enabled with Apache2. Only thing you should have to do next, is to restart Apache2 and play with your new version of PHP. Make sure any previous PHP version does not conflict or is being used instead.

service apache2 restart

php.ini

In order to adjust some of the settings of PHP you will need to change this with a php.ini file. Luckily the downloaded package includes a copy of the default php.ini file. Copy the file from your build directory into the etc directory of your PHP installation, modify the settings you wish and restart Apache2.

cp /tmp/php-7.0.0/php.ini-production /opt/php-7.0.0/lib/php.ini
service apache2 restart

Now you might want to confirm the version of PHP and some of the PHP settings you modified in php.ini. Go create a .php file with the following content and visit it from your browser.

<?php phpinfo(); ?>

php7-ini

 

Adding DNSBL to Postfix can be a great advantage as these services will help you defend against email spam. What these services does, is to provide a realtime database over IP addresses that are sending spam. If Postfix gets a positive result looking at a certain IP address, it will reject that mail.

Installation

OS: Ubuntu/Debian

Installation is simple, you just need to edit the main.cf file of Postfix.

nano /etc/postfix/main.cf

Edit the line starting with

smtpd_recipient_restrictions = ...

In the end of that line before “permit” insert content like this

, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org

Reload Postfix to load the new rules

/etc/init.d/postfix reload

You can specify as many DNSBL servers you like.

Running a virtual host invironment might from time to time require different configurations for each host. Recently i was asked to disallow the POST method while whitelisting the method for a few IP numbers – someone must have abused some kind of formular on the homepage.

The limitation was achieved in the following way.

Inside the tags of:

<VirtualHost *:80>
 ...
</VirtualHost>

You should place the following code.

RewriteEngine on
RewriteCond %{THE_REQUEST} ^(POST)\ /.*\ HTTP/\d\.\d$
RewriteCond %{REMOTE_ADDR} !(x.x.x.x|y.y.y.y)
RewriteRule .* - [F]

Then restart Apache and the configuration will be loaded.

Explanations

  • Line 2: You can specify several methods inside the parentheses seperated by a pipe (|). For instance (POST|HEAD)
  • Line 3: Insert the desired IP adresses to be whitelisted, again seperated by a pipe (|).

NOTE

You will have to have the Apache rewrite module installed and enabled.

Available methods can be found under Apache docs.

These steps can be used in order to migrate content of a Courier IMAP account into a Dovecot IMAP account. Have in mind if you are using these steps for POP3, that all emails from the server will be re-downloaded (in case you are leaving a copy on the server) causing a lot of duplicates in your email client.

Prerequisities: Obtain a copy of your courier content on the dovecot server preferably in /var/tmp/

Enter the Dovecot Maildir folder and empty it

cd /var/vmail/[domain.com]/[user]/Maildir/
rm -rf ./* ./.*

Copy your Courier mailbox content

cp -R /var/tmp/[user]/. .

Search and replace the content of courierimapsubscribed and rename/copy it

sed -i 's/\(INBOX.\|INBOX\)//g' courierimapsubscribed
sed -i '/^$/d' courierimapsubscribed
cp courierimapsubscribed subscriptions

Rename courierimapuiddb

mv courierimapuiddb dovecot-uidlist

Change ownership of the whole into vmail

chown -R vmail:vmail ./* ./.*

That’s it! Now go browse your content from webmail or your favorite email client.