Results 1 to 7 of 7

Thread: Making my box in to a mail server

  1. #1
    Join Date
    Aug 2009
    Beans
    27
    Distro
    Ubuntu Studio 9.10 Karmic Koala

    Making my box in to a mail server

    Ok I'm trying to make it so that my Ubuntu box can act as an email server. So I read and executed the instructions flawlessly as stated by https://help.ubuntu.com/community/Exim4. I've pasted the config files that I was asked to modify at the end of this message. The configuration was tested on (according to the web page) Ubuntu 7.10 (Gutsy Gibbon), I'm using Ubuntu 9.10 (Karmic Koala).

    This box will only be seen on the local intranet, it is not going to be exposed to the outside so mail is limited to the intranet and those who have access to it.

    My questions are:

    1. How do I create an email account on this server? Is it just a regular user account with login shell set to /dev/false?
    2. How do I setup an email client to get email from this server? Outlook (windows) and Evolution (ubuntu).
    3. Is there any tests I can run to make sure things are going right?

    Thanks for your help.


    Adrian

    ==================================================
    # /etc/exim4/update-exim4.conf.conf
    #
    # Edit this file and /etc/mailname by hand and execute update-exim4.conf
    # yourself or use 'dpkg-reconfigure exim4-config'
    #
    # Please note that this is _not_ a dpkg-conffile and that automatic changes
    # to this file might happen. The code handling this will honor your local
    # changes, so this is usually fine, but will break local schemes that mess
    # around with multiple versions of the file.
    #
    # update-exim4.conf uses this file to determine variable values to generate
    # exim configuration macros for the configuration file.
    #
    # Most settings found in here do have corresponding questions in the
    # Debconf configuration, but not all of them.
    #
    # This is a Debian specific file

    dc_eximconfig_configtype='satellite'
    dc_other_hostnames='Bugzilla'
    dc_local_interfaces='127.0.0.1'
    dc_readhost='Bugzilla'
    dc_relay_domains=''
    dc_minimaldns='false'
    dc_relay_nets=''
    dc_smarthost='smtp.radiant.net'
    CFILEMODE='644'
    dc_use_split_config='false'
    dc_hide_mailname='true'
    dc_mailname_in_oh='true'
    dc_localdelivery='mail_spool'

    ==================================================
    ### main/03_exim4-config_tlsoptions
    #################################

    # TLS/SSL configuration for exim as an SMTP server.
    # See /usr/share/doc/exim4-base/README.Debian.gz for explanations.
    MAIN_TLS_ENABLE = yes

    .ifdef MAIN_TLS_ENABLE
    # Defines what hosts to 'advertise' STARTTLS functionality to. The
    # default, *, will advertise to all hosts that connect with EHLO.
    .ifndef MAIN_TLS_ADVERTISE_HOSTS
    MAIN_TLS_ADVERTISE_HOSTS = *
    .endif
    tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS


    # Full paths to Certificate and Private Key. The Private Key file
    # must be kept 'secret' and should be owned by root.Debian-exim mode
    # 640 (-rw-r-----). exim-gencert takes care of these prerequisites.
    # Normally, exim4 looks for certificate and key in different files:
    # MAIN_TLS_CERTIFICATE - path to certificate file,
    # CONFDIR/exim.crt if unset
    # MAIN_TLS_PRIVATEKEY - path to private key file
    # CONFDIR/exim.key if unset
    # You can also configure exim to look for certificate and key in the
    # same file, set MAIN_TLS_CERTKEY to that file to enable. This takes
    # precedence over all other settings regarding certificate and key file.
    .ifdef MAIN_TLS_CERTKEY
    tls_certificate = MAIN_TLS_CERTKEY
    .else
    .ifndef MAIN_TLS_CERTIFICATE
    MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
    .endif
    tls_certificate = MAIN_TLS_CERTIFICATE

    .ifndef MAIN_TLS_PRIVATEKEY
    MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
    .endif
    tls_privatekey = MAIN_TLS_PRIVATEKEY
    .endif

    # Pointer to the CA Certificates against which client certificates are
    # checked. This is controlled by the `tls_verify_hosts' and
    # `tls_try_verify_hosts' lists below.
    # If you want to check server certificates, you need to add an
    # tls_verify_certificates statement to the smtp transport.
    # /etc/ssl/certs/ca-certificates.crt is generated by
    # the "ca-certificates" package's update-ca-certificates(8) command.
    .ifndef MAIN_TLS_VERIFY_CERTIFICATES
    MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
    {/etc/ssl/certs/ca-certificates.crt}\
    {/dev/null}}
    .endif
    tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES


    # A list of hosts which are constrained by `tls_verify_certificates'. A host
    # that matches `tls_verify_host' must present a certificate that is
    # verifyable through `tls_verify_certificates' in order to be accepted as an
    # SMTP client. If it does not, the connection is aborted.
    .ifdef MAIN_TLS_VERIFY_HOSTS
    tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
    .endif

    # A weaker form of checking: if a client matches `tls_try_verify_hosts' (but
    # not `tls_verify_hosts'), request a certificate and check it against
    # `tls_verify_certificates' but do not abort the connection if there is no
    # certificate or if the certificate presented does not match. (This
    # condition can be tested for in ACLs through `verify = certificate')
    # By default, this check is done for all hosts. It is known that some
    # clients (including incredimail's version downloadable in February
    # 2008) choke on this. To disable, set MAIN_TLS_TRY_VERIFY_HOSTS to an
    # empty value.
    .ifndef MAIN_TLS_TRY_VERIFY_HOSTS
    MAIN_TLS_TRY_VERIFY_HOSTS = *
    .endif
    tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS

    .endif

    ==================================================

    ### main/03_exim4-config_tlsoptions
    #################################

    # TLS/SSL configuration for exim as an SMTP server.
    # See /usr/share/doc/exim4-base/README.Debian.gz for explanations.
    MAIN_TLS_ENABLE = yes

    .ifdef MAIN_TLS_ENABLE
    # Defines what hosts to 'advertise' STARTTLS functionality to. The
    # default, *, will advertise to all hosts that connect with EHLO.
    .ifndef MAIN_TLS_ADVERTISE_HOSTS
    MAIN_TLS_ADVERTISE_HOSTS = *
    .endif
    tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS


    # Full paths to Certificate and Private Key. The Private Key file
    # must be kept 'secret' and should be owned by root.Debian-exim mode
    # 640 (-rw-r-----). exim-gencert takes care of these prerequisites.
    # Normally, exim4 looks for certificate and key in different files:
    # MAIN_TLS_CERTIFICATE - path to certificate file,
    # CONFDIR/exim.crt if unset
    # MAIN_TLS_PRIVATEKEY - path to private key file
    # CONFDIR/exim.key if unset
    # You can also configure exim to look for certificate and key in the
    # same file, set MAIN_TLS_CERTKEY to that file to enable. This takes
    # precedence over all other settings regarding certificate and key file.
    .ifdef MAIN_TLS_CERTKEY
    tls_certificate = MAIN_TLS_CERTKEY
    .else
    .ifndef MAIN_TLS_CERTIFICATE
    MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
    .endif
    tls_certificate = MAIN_TLS_CERTIFICATE

    .ifndef MAIN_TLS_PRIVATEKEY
    MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
    .endif
    tls_privatekey = MAIN_TLS_PRIVATEKEY
    .endif

    # Pointer to the CA Certificates against which client certificates are
    # checked. This is controlled by the `tls_verify_hosts' and
    # `tls_try_verify_hosts' lists below.
    # If you want to check server certificates, you need to add an
    # tls_verify_certificates statement to the smtp transport.
    # /etc/ssl/certs/ca-certificates.crt is generated by
    # the "ca-certificates" package's update-ca-certificates(8) command.
    .ifndef MAIN_TLS_VERIFY_CERTIFICATES
    MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
    {/etc/ssl/certs/ca-certificates.crt}\
    {/dev/null}}
    .endif
    tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES


    # A list of hosts which are constrained by `tls_verify_certificates'. A host
    # that matches `tls_verify_host' must present a certificate that is
    # verifyable through `tls_verify_certificates' in order to be accepted as an
    # SMTP client. If it does not, the connection is aborted.
    .ifdef MAIN_TLS_VERIFY_HOSTS
    tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
    .endif

    # A weaker form of checking: if a client matches `tls_try_verify_hosts' (but
    # not `tls_verify_hosts'), request a certificate and check it against
    # `tls_verify_certificates' but do not abort the connection if there is no
    # certificate or if the certificate presented does not match. (This
    # condition can be tested for in ACLs through `verify = certificate')
    # By default, this check is done for all hosts. It is known that some
    # clients (including incredimail's version downloadable in February
    # 2008) choke on this. To disable, set MAIN_TLS_TRY_VERIFY_HOSTS to an
    # empty value.
    .ifndef MAIN_TLS_TRY_VERIFY_HOSTS
    MAIN_TLS_TRY_VERIFY_HOSTS = *
    .endif
    tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS

    .endif

    ==================================================
    ### auth/30_exim4-config_examples
    #################################

    # The examples below are for server side authentication, when the
    # local exim is SMTP server and clients authenticate to the local exim.

    # They allow two styles of plain-text authentication against an
    # CONFDIR/passwd file whose syntax is described in exim4_passwd(5).

    # Hosts that are allowed to use AUTH are defined by the
    # auth_advertise_hosts option in the main configuration. The default is
    # "*", which allows authentication to all hosts over all kinds of
    # connections if there is at least one authenticator defined here.
    # Authenticators which rely on unencrypted clear text passwords don't
    # advertise on unencrypted connections by default. Thus, it might be
    # wise to set up TLS to allow encrypted connections. If TLS cannot be
    # used for some reason, you can set AUTH_SERVER_ALLOW_NOTLS_PASSWORDS to
    # advertise unencrypted clear text password based authenticators on all
    # connections. As this is severely reducing security, using TLS is
    # preferred over allowing clear text password based authenticators on
    # unencrypted connections.

    # PLAIN authentication has no server prompts. The client sends its
    # credentials in one lump, containing an authorization ID (which we do not
    # use), an authentication ID, and a password. The latter two appear as
    # $auth2 and $auth3 in the configuration and should be checked against a
    # valid username and password. In a real configuration you would typically
    # use $auth2 as a lookup key, and compare $auth3 against the result of the
    # lookup, perhaps using the crypteq{}{} condition.

    # plain_server:
    # driver = plaintext
    # public_name = PLAIN
    # server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}ls earch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
    # server_set_id = $auth2
    # server_prompts = :
    # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
    # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
    # .endif

    # LOGIN authentication has traditional prompts and responses. There is no
    # authorization ID in this mechanism, so unlike PLAIN the username and
    # password are $auth1 and $auth2. Apart from that you can use the same
    # server_condition setting for both authenticators.

    # login_server:
    # driver = plaintext
    # public_name = LOGIN
    # server_prompts = "Username:: : Password::"
    # server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}ls earch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
    # server_set_id = $auth1
    # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
    # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
    # .endif
    #
    # cram_md5_server:
    # driver = cram_md5
    # public_name = CRAM-MD5
    # server_secret = ${extract{2}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}fail}}}
    # server_set_id = $auth1

    # Here is an example of CRAM-MD5 authentication against PostgreSQL:
    #
    # psqldb_auth_server:
    # driver = cram_md5
    # public_name = CRAM-MD5
    # server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$auth1}'}{$value}fail}
    # server_set_id = $auth1

    # Authenticate against local passwords using sasl2-bin
    # Requires exim_uid to be a member of sasl group, see README.Debian.gz
    plain_saslauthd_server:
    driver = plaintext
    public_name = PLAIN
    server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
    server_set_id = $auth2
    server_prompts = :
    .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
    server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
    .endif

    login_saslauthd_server:
    driver = plaintext
    public_name = LOGIN
    server_prompts = "Username:: : Password::"
    # don't send system passwords over unencrypted connections
    server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
    server_set_id = $auth1
    .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
    server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
    .endif
    #
    # ntlm_sasl_server:
    # driver = cyrus_sasl
    # public_name = NTLM
    # server_realm = <short main hostname>
    # server_set_id = $auth1
    # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
    # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
    # .endif
    #
    # digest_md5_sasl_server:
    # driver = cyrus_sasl
    # public_name = DIGEST-MD5
    # server_realm = <short main hostname>
    # server_set_id = $auth1
    # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
    # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
    # .endif

    # Authentcate against cyrus-sasl
    # This is mainly untested, please report any problems to
    # pkg-exim4-users@lists.alioth.debian.org.
    # cram_md5_sasl_server:
    # driver = cyrus_sasl
    # public_name = CRAM-MD5
    # server_realm = <short main hostname>
    # server_set_id = $auth1
    #
    # plain_sasl_server:
    # driver = cyrus_sasl
    # public_name = PLAIN
    # server_realm = <short main hostname>
    # server_set_id = $auth1
    # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
    # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
    # .endif
    #
    # login_sasl_server:
    # driver = cyrus_sasl
    # public_name = LOGIN
    # server_realm = <short main hostname>
    # server_set_id = $auth1
    # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
    # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
    # .endif

    # Authenticate against courier authdaemon

    # This is now the (working!) example from
    # http://www.exim.org/eximwiki/FAQ/Policy_controls/Q0730
    # Possible pitfall: access rights on /var/run/courier/authdaemon/socket.
    # plain_courier_authdaemon:
    # driver = plaintext
    # public_name = PLAIN
    # server_condition = \
    # ${extract {ADDRESS} \
    # {${readsocket{/var/run/courier/authdaemon/socket} \
    # {AUTH ${strlen:exim\nlogin\n$auth2\n$auth3\n}\nexim\nlog in\n$auth2\n$auth3\n} }} \
    # {yes} \
    # fail}
    # server_set_id = $auth2
    # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
    # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
    # .endif

    # login_courier_authdaemon:
    # driver = plaintext
    # public_name = LOGIN
    # server_prompts = Username:: : Password::
    # server_condition = \
    # ${extract {ADDRESS} \
    # {${readsocket{/var/run/courier/authdaemon/socket} \
    # {AUTH ${strlen:exim\nlogin\n$auth1\n$auth2\n}\nexim\nlog in\n$auth1\n$auth2\n} }} \
    # {yes} \
    # fail}
    # server_set_id = $auth1
    # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
    # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
    # .endif

    # This one is a bad hack to support the broken version 4.xx of
    # Microsoft Outlook Express which violates the RFCs by demanding
    # "250-AUTH=" instead of "250-AUTH ".
    # If your list of offered authenticators is other than PLAIN and LOGIN,
    # you need to adapt the public_name line manually.
    # It has to be the last authenticator to work and has not been tested
    # well. Use at your own risk.
    # See the thread entry point from
    # http://www.exim.org/mail-archives/ex.../msg00213.html
    # for the related discussion on the exim-users mailing list.
    # Thanks to Fred Viles for this great work.

    # support_broken_outlook_express_4_server:
    # driver = plaintext
    # public_name = "\r\n250-AUTH=PLAIN LOGIN"
    # server_prompts = User Name : Password
    # server_condition = no
    # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
    # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
    # .endif

    ##############
    # See /usr/share/doc/exim4-base/README.Debian.gz
    ##############

    # These examples below are the equivalent for client side authentication.
    # They get the passwords from CONFDIR/passwd.client, whose format is
    # defined in exim4_passwd_client(5)

    # Because AUTH PLAIN and AUTH LOGIN send the password in clear, we
    # only allow these mechanisms over encrypted connections by default.
    # You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted
    # clear text password authentication on all connections.

    cram_md5:
    driver = cram_md5
    public_name = CRAM-MD5
    client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDI R/passwd.client}{$value}fail}}}
    client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDI R/passwd.client}{$value}fail}}}

    # this returns the matching line from passwd.client and doubles all ^
    PASSWDLINE=${sg{\
    ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
    }\
    {\\N[\\^]\\N}\
    {^^}\
    }

    plain:
    driver = plaintext
    public_name = PLAIN
    .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
    client_send = "<; ${if !eq{$tls_cipher}{}\
    {^${extract{1}{:}{PASSWDLINE}}\
    ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
    }fail}"
    .else
    client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
    ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
    .endif

    login:
    driver = plaintext
    public_name = LOGIN
    .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
    # Return empty string if not non-TLS AND looking up $host in passwd-file
    # yields a non-empty string; fail otherwise.
    client_send = "<; ${if and{\
    {!eq{$tls_cipher}{}}\
    {!eq{PASSWDLINE}{}}\
    }\
    {}fail}\
    ; ${extract{1}{::}{PASSWDLINE}}\
    ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
    .else
    # Return empty string if looking up $host in passwd-file yields a
    # non-empty string; fail otherwise.
    client_send = "<; ${if !eq{PASSWDLINE}{}\
    {}fail}\
    ; ${extract{1}{::}{PASSWDLINE}}\
    ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
    .endif

    ==================================================
    #
    # Settings for saslauthd daemon
    # Please read /usr/share/doc/sasl2-bin/README.Debian for details.
    #

    # Should saslauthd run automatically on startup? (default: no)
    START=yes

    # Description of this saslauthd instance. Recommended.
    # (suggestion: SASL Authentication Daemon)
    DESC="SASL Authentication Daemon"

    # Short name of this saslauthd instance. Strongly recommended.
    # (suggestion: saslauthd)
    NAME="saslauthd"

    # Which authentication mechanisms should saslauthd use? (default: pam)
    #
    # Available options in this Debian package:
    # getpwent -- use the getpwent() library function
    # kerberos5 -- use Kerberos 5
    # pam -- use PAM
    # rimap -- use a remote IMAP server
    # shadow -- use the local shadow password file
    # sasldb -- use the local sasldb database file
    # ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
    #
    # Only one option may be used at a time. See the saslauthd man page
    # for more information.
    #
    # Example: MECHANISMS="pam"
    MECHANISMS="pam"

    # Additional options for this mechanism. (default: none)
    # See the saslauthd man page for information about mech-specific options.
    MECH_OPTIONS=""

    # How many saslauthd processes should we run? (default: 5)
    # A value of 0 will fork a new process for each connection.
    THREADS=5

    # Other options (default: -c -m /var/run/saslauthd)
    # Note: You MUST specify the -m option or saslauthd won't run!
    #
    # WARNING: DO NOT SPECIFY THE -d OPTION.
    # The -d option will cause saslauthd to run in the foreground instead of as
    # a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
    # to run saslauthd in debug mode, please run it by hand to be safe.
    #
    # See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
    # See the saslauthd man page and the output of 'saslauthd -h' for general
    # information about these options.
    #
    # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
    OPTIONS="-c -m /var/run/saslauthd"

  2. #2
    Join Date
    Nov 2007
    Location
    Sweden
    Beans
    2,200

    Re: Making my box in to a mail server

    How to set up a mail server on a GNU / Linux system might be what you're looking for.
    Debian 11 "Bullseye"
    HP Envy 2021 laptop
    Linux user since 1999.

  3. #3
    Join Date
    Aug 2009
    Beans
    27
    Distro
    Ubuntu Studio 9.10 Karmic Koala

    Re: Making my box in to a mail server

    Yeah, I could do all that, but it seems really overkill for an internal mail server. I would like a minimalist install if possible.

  4. #4
    Join Date
    Nov 2007
    Location
    Sweden
    Beans
    2,200

    Re: Making my box in to a mail server

    What about using Postfix?

    Postfix - documentation.
    Debian 11 "Bullseye"
    HP Envy 2021 laptop
    Linux user since 1999.

  5. #5
    Join Date
    Aug 2009
    Beans
    27
    Distro
    Ubuntu Studio 9.10 Karmic Koala

    Re: Making my box in to a mail server

    Man, if that was easy setup, I hate to see hard!

  6. #6
    Join Date
    Oct 2006
    Location
    Montreal
    Beans
    228
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: Making my box in to a mail server


  7. #7
    Join Date
    Aug 2009
    Beans
    27
    Distro
    Ubuntu Studio 9.10 Karmic Koala

    Re: Making my box in to a mail server

    Oh nice. Had to pull out the other crap I put in, and this dropped in, in less than a day! You (and the page's author) are AWESOME!!

    lol, funny, I look something like that.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •