My activities New request

contact atmail support

PH: +61 (7) 5357-6605

support@atmail.com

Follow

Best Practices

Stewart -

PROBLEM
This document aims to highlight some of our recommended changes, modifications, and configuration options that could optimize your mailserver and make for faster performance. Sections are split into specific components of a mailserver, and you may pick the changes that suit your system best.

ENVIRONMENT

  • On-Premise Server + WebMail Installations: Version 6.0 > Current Version
  • Webmail Only Installations: Version 6.0 > Current Version

CAUSE

  • Running your own Atmail server

RESOLUTION

MySQL

AbookID as an index

Specifying AbookID as an index can drastically alter the performance of your webmail component. This applies to implementations with external, or low MySQL performance with userbases exceeding 10,000. In MySQL:

ALTER TABLE AbookGroup ADD INDEX iAbookID (AbookID);

MySQL Configuration for performance tuning

You can use the following configuration block under the '''[mysqld]''' definition to increase performance for Atmail. In your '''/etc/my.cnf''' file or equivalent:

max_connections=120
wait_timeout=27900
interactive_timeout=27900
innodb_buffer_pool_size=840M
key_buffer_size=512M
table_cache=128M
thread_cache_size=4M
query_cache_size=8M
join_buffer_size=1M
 
#These two should be the same value while adjusting the other values
tmp_table_size=33M
max_heap_table_size=33M

MySQL binlog location

Make sure that the MySQL binlogs and relay logs have the appropriate disk space. Binlogs can accumulate really fast - with some instances taking up to 30GB a day. If you specify a directory for the binlogs, make sure that a.) The drive/partition it points to has enough space or b.) The '''expire_logs_days''' variable ('''/etc/my.cnf''') is enough to limit the space used.

Apache

Mod_Expires and Mod_Deflate

With Apache, you can use the '''mod_expires''' and '''mod_deflate modules''' to gain a performance boost.  The mod_expires module provides caching, while the mod_deflate module compresses downloadable items to decrease bandwidth usage.

Before following this guide, make sure that mod_gzip and mod_expires are enabled for your Apache server. Most base installations of Apache 2.2 and higher are likely to have these by default.

Open up your Apache configuration file. Then, add the following at the bottom:

# AtMail gzip
<IfModule mod_deflate.c>
# Compress all HTML/text/JS output
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-javascript text/javascript text/css
# Disable gzip for SVG and attachments
SetEnvIfNoCase Request_URI svg.php no-gzip dont-vary
SetEnvIfNoCase Request_URI mime.php no-gzip dont-vary
</IfModule>
 
# AtMail expires
<IfModule mod_expires.c>
        <Directory /usr/local/atmail/webmail/>
           ExpiresActive On
           ExpiresByType text/css "access plus 1 day"
           ExpiresByType text/javascript "access plus 1 day"
           ExpiresByType application/x-javascript "access plus 1 day"
           ExpiresByType image/gif A2592000
           ExpiresByType image/jpg A2592000
           ExpiresByType image/png A2592000
        </Directory>
</IfModule>

You may use a different Document Root for your Atmail installation; in implementations where you are using the webmail client version, this is usually the case. If this is so, you will need to modify the Directory declarations to suit your Apache root. The config file has the following line that you need to change:

<Directory /usr/local/atmail/webmail/>

Change to your Atmail document root. An installation that uses /var/www/html/atmail/webmail would have the following:

<Directory /var/www/html/atmail/webmail/>

Save changes, and restart Apache.

Atmail Webmail

Hardening Apache

Below is a simple process of making sure that your attachments are protected.

First, open up your Apache file. In Redhat derivatives, this will be in /etc/httpd/conf/httpd.conf. In Debian/Ubuntu derivatives, this will be in /etc/apache2/apache2.conf.

 

<Directory /usr/local/atmail/webmail/>
AllowOverrride All
</Directory>
 
<Directory /usr/local/atmail/webmail/push/>
Options -ExecCGI
</Directory>
 
<Directory /usr/local/atmail/webmail/install/>
Options -ExecCGI
</Directory>
 
<Directory /usr/local/atmail/webmail/webstorageroot/>
Options -ExecCGI
</Directory>
 
<Directory /usr/local/atmail/webmail/config/>
Options -ExecCGI
</Directory>
 
<Directory /usr/local/atmail/webmail/application/mashup/>
Options -ExecCGI
</Directory>
 
<Directory /usr/local/atmail/webmail/application/>
Options -ExecCGI
</Directory>
 
<Directory /usr/local/atmail/webmail/application/modules/mail/plugins/Atmail/MapIt/config/>
Options -ExecCGI
</Directory>
 
<Directory /usr/local/atmail/webmail/library/>
Options -ExecCGI
</Directory>
 
<Directory /usr/local/atmail/webmail/log/>
Options -ExecCGI
</Directory>
 
<Directory /usr/local/atmail/webmail/utilities/>
Options -ExecCGI
</Directory

Restart Apache.

% service httpd restart

Bootloader tweaks

Set the maximum RAM usage. Open up /usr/local/atmail/webmail/bootloader.php. You can find this line:

ini_set('memory_limit', -1);

Change this to:

ini_set('memory_limit', 256M);

This will limit memory usage to 256M.

Set the time limits. Time limits can be imposed that should prevent stale processes from taking too much time. Find this line in your bootloader.php:

set_time_limit('300');

Change this to:

set_time_limit('120');

Disable .po and .mo files

Usage of the .po and .mo files can slow down your system. You can remove the aforementioned files, leading to a considerable performance boost:

cd /usr/local/atmail/webmail/application/modules/mail/languages
mkdir oldlang
mv * oldlang/
mv oldlang/en en

To further secure the installation

move or remove the installation folder and or make sure there is a .htaccess file to prevent access

nano -w ./install/.htaccess

Put this in the .htaccess file:

<FilesMatch "\.(php|html)$">
order allow,deny
deny from all
</Files>

Then secure the .htaccess file:

chown root:root .htaccess
chmod 0644 .htaccess

File and directory permissions and access rights should be locked down to secure this installation.


Do it manually or run the following command from the CLI as root to secure the files.

php ./utilities/tools/ensurePermissions.php [wwwUser] [wwwGroup]

Copy the log cleaning script to your daily cron directory.


To enable the log table pruning feature please copy this script into your daily cron directory and make sure it has execute permissions.

cp ./utilities/tools/clean-logs.php /etc/cron.daily/
chmod u+x /etc/cron.daily/clean-logs.php
chown root /etc/cron.daily/clean-logs.php
cp ./utilities/tools/clean-logs.php /etc/periodic/daily/
chmod u+x /etc/cron.daily/clean-logs.php
chown root /etc/cron.daily/clean-logs.php
Have more questions? Submit a request

Comments