MySQL
apt-get
install mysql-server mysql-client libmysqlclient10-dev
<- No
<- Yes
mysqladmin -u root password
yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
In /etc/mysql/my.cnf
comment out the following line:
skip-networking
It should now look
similar to this:
# You can copy this to one of:
# /etc/mysql/my.cnf to set global options,
# mysql-data-dir/my.cnf to set server-specific options (in this
# installation this directory is /var/lib/mysql) or
# ~/.my.cnf to set user-specific options.
#
# One can use all long options that the program supports.
# Run the program with --help to get a list of available options
# This will be passed to all mysql clients
[client]
#password = my_password
port = 3306
socket = /var/run/mysqld/mysqld.sock
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
[safe_mysqld]
err-log = /var/log/mysql/mysql.err
[mysqld]
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
#
# You can also put it into /var/log/mysql/mysql.log but I leave it in /var/log
# for backward compatibility. Both location gets rotated by the cronjob.
#log = /var/log/mysql/mysql.log
log = /var/log/mysql.log
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
language = /usr/share/mysql/english
skip-locking
#
# The skip-networkin option will no longer be set via debconf menu.
# You have to manually change it if you want networking i.e. the server
# listening on port 3306. The default is "disable" - for security reasons.
#skip-networking
set-variable = key_buffer=16M
set-variable = max_allowed_packet=1M
set-variable = thread_stack=128K
#
# Here you can see queries with especially long duration
#log-slow-queries = /var/log/mysql/mysql-slow.log
#
# The following can be used as easy to replay backup logs or for replication
#server-id = 1
#log-bin = /var/log/mysql/mysql-bin.log
#binlog-do-db = include_database_name
#binlog-ignore-db = include_database_name
#
# Read the manual if you want to enable InnoDB!
skip-innodb
[mysqldump]
quick
set-variable = max_allowed_packet=1M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
set-variable = key_buffer=16M
|
Restart MySQL:
/etc/init.d/mysql
restart
so that MySQL is
accessible on port 3306 (you can check that with netstat
-tap).
Postfix/Qpopper
addgroup sasl
apt-get install postfix-tls
qpopper sasl-bin libsasl-modules-plain libsasl2 libsasl-gssapi-mit libsasl-digestmd5-des
sasl2-bin libsasl2-modules (1
line!)
<- Kerberos: accept
default value (I don't want to use Kerberos so I don't really care about it)
<- Internetsite
<- Domainname
<- No
<- accept default values
<- Kerberos: accept default value
<- NONE
cd /etc/init.d/
wget http://hanselan.de/postfix/pwcheck
In case you cannot
access http://hanselan.de/postfix/pwcheck
here's the pwcheck script:
#! /bin/sh
#
# pwcheck Startet pwcheck für SMTP-Auth mit Postfix
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/pwcheck
NAME=pwcheck
DESC="pwcheck daemon"
test -x $DAEMON || exit 0
set -e
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
ln -s /var/spool/postfix/var/run/pwcheck /var/run/pwcheck
$DAEMON
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME "
rm /var/run/pwcheck
/usr/bin/killall -KILL $NAME
echo "."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop}" >&2
exit 1
;;
esac
exit 0
|
chmod 755 /etc/init.d/pwcheck
update-rc.d pwcheck defaults
mkdir -p /var/spool/postfix/var/run/pwcheck
chown postfix.root /var/spool/postfix/var/run/pwcheck/
chmod 700 /var/spool/postfix/var/run/pwcheck/
ln -s /var/spool/postfix/var/run/pwcheck /var/run/pwcheck
postconf -e 'smtpd_sasl_local_domain
= $myhostname'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: pwcheck' >> /etc/postfix/sasl/smtpd.conf
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days
3650
postconf -e 'smtpd_tls_auth_only
= no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
The file /etc/postfix/main.cf
should now look like this:
# see /usr/share/postfix/main.cf.dist for a commented, fuller
# version of this file.
# Do not change these directory settings - they are critical to Postfix
# operation.
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
setgid_group = postdrop
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
myhostname = server1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.example.com, localhost.example.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
inet_interfaces = all
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
|
/etc/init.d/pwcheck
start
/etc/init.d/postfix restart
To see if SMTP-AUTH
and TLS work properly now run the following command:
telnet
localhost 25
After you have
established the connection to your postfix mail server type
ehlo
localhost
If you see the
lines
250-STARTTLS
and
250-AUTH
everything is fine.
Type
quit
to return to the
system's shell.
Courier-IMAP/Courier-POP3
If you want to
use a POP3/IMAP daemon that has Maildir support (if you do not want to use the
traditional Unix mailbox format) you can install Courier-IMAP and Courier-POP3.
Otherwise you can proceed with the Apache configuration.
apt-get install courier-imap
courier-pop
qpopper and UW-IMAP
will then be replaced.
Then configure
Postfix to deliver emails to a user's Maildir*:
postconf -e 'home_mailbox
= Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart
*Please note: You
do not have to do this if you intend to use ISPConfig
on your system as ISPConfig does the necessary configuration using procmail
recipes. But please go sure to enable Maildir
under Management -> Settings ->
EMail in the ISPConfig web interface.
The Perfect Setup - Debian Woody (3.0) - Page 4
The Perfect Setup - Debian Woody (3.0) - Page 6
English | 
Deutsch
print: 
Recent comments
9 hours 24 min ago
12 hours 54 min ago
15 hours 44 min ago
20 hours 20 min ago
21 hours 37 sec ago
22 hours 38 min ago
1 day 2 hours ago
1 day 9 hours ago
1 day 9 hours ago
1 day 11 hours ago