Submitted by paul on Fri, 29/01/2010 - 03:07
Posted in
Carrying on from Basic server setup - part 1 we will finish installing packages.
Now I install Postfix and Dovecot
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot
Now i configure TLS and SMTP-AUTH
postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_sasl_authenticated_header = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' postconf -e 'mynetworks = 127.0.0.0/8'
Now edit "/usr/lib/sasl2/smtpd.conf" so that Postfix allows "PLAIN" and "LOGIN" logins.
should look like this
pwcheck_method: saslauthd mech_list: plain login
Now we create a certificate for TLS
mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
Then
chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr
Then
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
Then
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
And finally
mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Configure Postfix for TLS
postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom'
Now i set the hostname in Postfix (replace server1.example.com with your own hostname)
postconf -e 'myhostname = server1.example.com'
I now configure Dovecot to accept POP3, POP3s, IMAP, IMAPs
edit "/etc/dovecot.conf" and enable the line "protocols = imap imaps pop3 pop3s"
It should look like this
# Protocols we want to be serving: imap imaps pop3 pop3s # If you only want to use dovecot-auth, you can set this to "none". protocols = imap imaps pop3 pop3s
Now i start Postfix, saslauthd, and Dovecot
chkconfig --levels 235 sendmail off chkconfig --levels 235 postfix on chkconfig --levels 235 saslauthd on chkconfig --levels 235 dovecot on /etc/init.d/sendmail stop /etc/init.d/postfix start /etc/init.d/saslauthd start /etc/init.d/dovecot start
Now to test if TLS and SMTP-AUTH works properly
telnet localhost 25
You should now see this
[root@server1]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 server1.example.com ESMTP Postfix
Now type
ehlo localhost
You should now see the following lines
250-server1.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
The lines we want are "250-STARTTLS" and "250-AUTH PLAIN LOGIN" if you have them everything is working fine.
Type "quit" to return to the system shell.
Dovecot uses Maildir format (not mbox) so i must configure Postfix to deliver emails to a user's Maildir
postconf -e 'home_mailbox = Maildir/' postconf -e 'mailbox_command =' /etc/init.d/postfix restart
Now i install Apache with PHP and some Perl modules
yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1
Then edit "/etc/httpd/conf/httpd.conf" and change "DirectoryIndex" to
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl
Now i configure Apache to start at boot time and start it
chkconfig --levels 235 httpd on /etc/init.d/httpd start
Now i install "mod_ruby". There is no "mod_ruby" package available, so i must compile it myself (check for any update and substitute where needed). First some need packages
yum install httpd-devel ruby ruby-devel
Now i download and install "mod_ruby"
cd /tmp wget http://www.modruby.net/archive/mod_ruby-1.3.0.tar.gz tar zxvf mod_ruby-1.3.0.tar.gz cd mod_ruby-1.3.0/ ./configure.rb --with-apr-includes=/usr/include/apr-1 make make install
Finally i must add the "mod_ruby" module to the Apache configuration, so i create the file "/etc/httpd/conf.d/ruby.conf" and make it look like this
LoadModule ruby_module modules/mod_ruby.so
Now before we restart Apache i install "mod_python"
yum install mod_python
Now restart Apache
/etc/init.d/httpd restart
Now i prefer "proftpd" instead of "vsftpd" so let's remove "vsftpd"
yum remove vsftpd
CentOS has no "proftpd" package, so i have to compile Proftpd manually (check for any update and substitute where needed)
cd /tmp/ wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.2c.tar.gz tar xvfz proftpd-1.3.2c.tar.gz cd proftpd-1.3.2c/ ./configure --sysconfdir=/etc make make install cd .. rm -fr proftpd-1.3.2c* ln -s /usr/local/sbin/proftpd /usr/sbin/proftpd
Now create the init script "/etc/init.d/proftpd"
#!/bin/sh
# $Id: proftpd.init,v 1.1 2004/02/26 17:54:30 thias Exp $
#
# proftpd This shell script takes care of starting and stopping
# proftpd.
#
# chkconfig: - 80 30
# description: ProFTPD is an enhanced FTP server with a focus towards \
# simplicity, security, and ease of configuration. \
# It features a very Apache-like configuration syntax, \
# and a highly customizable server infrastructure, \
# including support for multiple 'virtual' FTP servers, \
# anonymous FTP, and permission-based directory visibility.
# processname: proftpd
# config: /etc/proftp.conf
# pidfile: /var/run/proftpd.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x /usr/sbin/proftpd ] || exit 0
RETVAL=0
prog="proftpd"
start() {
echo -n $"Starting $prog: "
daemon proftpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd
}
stop() {
echo -n $"Shutting down $prog: "
killproc proftpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status proftpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/proftpd ]; then
stop
start
fi
;;
reload)
echo -n $"Re-reading $prog configuration: "
killproc proftpd -HUP
RETVAL=$?
echo
;;
*)
echo "Usage: $prog {start|stop|restart|reload|condrestart|status}"
exit 1
esac
exit $RETVALThen make the init script executable
chmod 755 /etc/init.d/proftpd
Next i edit "/etc/proftpd.conf" and change "Group" to "nobody"
Group nobody
still in the same file add or edit
DefaultRoot ~ IdentLookups off ServerIdent on "FTP Server ready."
Now i configure "proftpd" to start at boot time and start it
chkconfig --levels 235 proftpd on /etc/init.d/proftpd start
Finally i install webalizer and NTP
yum install webalizer ntp
Now make "ntp" start and synchronize the clock
chkconfig --levels 235 ntpd on ntpdate 0.pool.ntp.org /etc/init.d/ntpd start
That's the end of the basic configuration, you now have a server capable of hosting websites and emails. In the next few blog's i will setup phpmyadmin, webmin, Munin and add some extra (3rd party) repositories to yum so i can have new versions of PHP and Mysql.
- paul's blog
- 3173 reads
- Link to this blog
