TobiasTM
18th April 2006, 23:53
Based and abuttet to the HowTo - The Perfect Setup Debian Sarge (3.1) - of Falko Timme I wrote this HowTo for STRATO-Server, because Strato has some specifics in it´s Debian Sarge (3.1) - Image. :o
Let me say first: This is one way of many possible, but I try this more than one time and it works.
Anyway I must say to you, too -> If you use this HowTo you do it on your own risk ! You will lose all Files on the Strato-Server, ´cause we start with a brandnew installation of the Debian-Image !
If you have question mail me or send me a PM.
If you want to have it in german language please mail me, too.
>>Wer diese Anleitung auf deutsch haben möchte, muss mir nur eine eMail oder PN schreiben.<<
You will need:
a Strato - Dedicatet Server
WinSCP3 and Putty or similar software on your computer at home
We use (based on the HowTo by Falko Timme) for the Server:
Apache 2 as web-server
Postfix as mailserver
Courier-POP3 and Courier-IMAP for eMail, too
BIND as DNS-server
proftpd as FTP-server
Webalizer for statistics
STEP 1
Install a new Debian-Image 3.1 with the Strato-Konfigurationsmenü
->Serverkonfiguration
->Neuinstallation
mark the Box and
choose Debian GNU/Linux 3.1 für Profis
click on weiter
fill in the code you will see
Don´t forget: You will lose all Files on the Strato-Server, ´cause we start with a brandnew installation of the Debian-Image !
click on weiter
wait until you get the eMail from Strato that the reinstallation is finished.
STEP 2
Update the Debian Sarge Image
login your server as root by Putty
copy here the code and paste it in Putty
follow the instructions
apt-get update
If you´re asked that you want to stop now, ´cause a new kernell will be installed answer with no.
But don´t forget to reboot your server after this upgrade.
apt-get dist-upgrade
apt-get upgrade
(If someone said, that this is to much update and -grade, let me first answer:
I try it many times and it works everytime a little bit other - and rather one time often than one time too little.)
STEP 3
Add some more nameservers
open and edit the file /etc/resolv.conf
add some more nameservers (only if you want)
nameserver 81.169.163.104
nameserver 81.169.163.106
search serverkompetenz.net
nameserver ip.number.from.another
STEP 4
Setting the hostname
Instead of server1.example.com put in your real serverdomain (h12345.serverkompetenz.net)
echo server1.example.com > /etc/hostname
/bin/hostname -F /etc/hostname
STEP 5
Install needed and missing software and remove unneeded software
apt-get install make gcc wget flex bzip2 rdate fetchmail libdb3++-dev unzip zip ncftp xlispstat libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl lynx fileutils
Answer the questions with the default answers.
update-rc.d -f exim remove
update-inetd --remove daytime
update-inetd --remove telnet
update-inetd --remove time
update-inetd --remove finger
update-inetd --remove talk
update-inetd --remove ntalk
update-inetd --remove ftp
update-inetd --remove discard
/etc/init.d/inetd reload
STEP 6
Install and configure quota
apt-get install quota quotatool
Answer the question with no.
open and edit the file /etc/fstab
# /etc/fstab: static file system information.
#
# file system mount point type options dump pass
/dev/sda1 /boot ext2 nosuid,nodev 0 2
/dev/sda2 none swap sw 0 0
/dev/sda3 / ext3 defaults,errors=remount-ro,usrquota,grpquota 0 1
proc /proc proc defaults 0 0
run the following steps:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
STEP 7
Install and configure bind9 the DNS-Server
apt-get install bind9
/etc/init.d/bind9 stop
open and edit the file /etc/default/bind9
OPTIONS="-u bind -t /var/lib/named"
run the following steps:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
open and edit the file /etc/init.d/sysklogd.
But only the line SYSLOGD=""SYSLOGD="-a /var/lib/named/dev/log"
run the following steps:
/etc/init.d/sysklogd restart
/etc/init.d/bind9 start
open and check the file /var/log/syslog for any errors in the last few lines.
STEP 8
Install and configure MySQL
apt-get install mysql-server mysql-client libmysqlclient12-dev
mysqladmin -u root password replacethiswithyourrootmysqlpassword
netstat -tap
Now you should see something like:
tcp 0 0 localhost:mysql *:* LISTEN 3133/mysqld
STEP 9
Install and configure Postfix the mail-server with POP3/IMAP
run the following steps:
apt-get install postfix postfix-tls procmail libsasl2 sasl2-bin libsasl2-modules ipopd-ssl uw-imapd-ssl
Answer the questions in following steps:
yes
pop3 and pop3s
no
imap2/imaps
no
Internet Site
NONE
h12345.serverkompetenz.net
h12345.serverkompetenz.net, localhost.serverkompetenz.net, localhost
no
127.0.0.0/8
0
+
yes
Run the following steps:
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
For secure email-transport run the following steps:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
answer all the questions
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
/etc/init.d/postfix restart
mkdir -p /var/spool/postfix/var/run/saslauthd
open and edit the file /etc/default/saslauthd that it looks like this:# This needs to be uncommented before saslauthd will be run automatically
START=yes
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
MECHANISMS="pam"
open file /etc/init.d/saslauthd and edit the PIDFILE-Entry that it looks like this:PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"
Run the following step:
/etc/init.d/saslauthd start
Create the new file /etc/c-client.cf with following content:
I accept the risk
set disable-plaintext 0
Run the following few steps:
/etc/init.d/inetd restart
telnet localhost 25
quit
If you can see the lines
250-STARTTLS
250-AUTH LOGIN PLAIN
everything is fine.
STEP 10
Install and configure Courier for Maildir-support
Run the following step:
apt-get install courier-imap courier-imap-ssl courier-pop courier-pop-ssl
Answer the questions in following steps:
no
Maildir (ok)
OK
Run the following steps:
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart
Don´t forget to enable the Maildir-Support in ISPConfig-Menu !
Let me say first: This is one way of many possible, but I try this more than one time and it works.
Anyway I must say to you, too -> If you use this HowTo you do it on your own risk ! You will lose all Files on the Strato-Server, ´cause we start with a brandnew installation of the Debian-Image !
If you have question mail me or send me a PM.
If you want to have it in german language please mail me, too.
>>Wer diese Anleitung auf deutsch haben möchte, muss mir nur eine eMail oder PN schreiben.<<
You will need:
a Strato - Dedicatet Server
WinSCP3 and Putty or similar software on your computer at home
We use (based on the HowTo by Falko Timme) for the Server:
Apache 2 as web-server
Postfix as mailserver
Courier-POP3 and Courier-IMAP for eMail, too
BIND as DNS-server
proftpd as FTP-server
Webalizer for statistics
STEP 1
Install a new Debian-Image 3.1 with the Strato-Konfigurationsmenü
->Serverkonfiguration
->Neuinstallation
mark the Box and
choose Debian GNU/Linux 3.1 für Profis
click on weiter
fill in the code you will see
Don´t forget: You will lose all Files on the Strato-Server, ´cause we start with a brandnew installation of the Debian-Image !
click on weiter
wait until you get the eMail from Strato that the reinstallation is finished.
STEP 2
Update the Debian Sarge Image
login your server as root by Putty
copy here the code and paste it in Putty
follow the instructions
apt-get update
If you´re asked that you want to stop now, ´cause a new kernell will be installed answer with no.
But don´t forget to reboot your server after this upgrade.
apt-get dist-upgrade
apt-get upgrade
(If someone said, that this is to much update and -grade, let me first answer:
I try it many times and it works everytime a little bit other - and rather one time often than one time too little.)
STEP 3
Add some more nameservers
open and edit the file /etc/resolv.conf
add some more nameservers (only if you want)
nameserver 81.169.163.104
nameserver 81.169.163.106
search serverkompetenz.net
nameserver ip.number.from.another
STEP 4
Setting the hostname
Instead of server1.example.com put in your real serverdomain (h12345.serverkompetenz.net)
echo server1.example.com > /etc/hostname
/bin/hostname -F /etc/hostname
STEP 5
Install needed and missing software and remove unneeded software
apt-get install make gcc wget flex bzip2 rdate fetchmail libdb3++-dev unzip zip ncftp xlispstat libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl lynx fileutils
Answer the questions with the default answers.
update-rc.d -f exim remove
update-inetd --remove daytime
update-inetd --remove telnet
update-inetd --remove time
update-inetd --remove finger
update-inetd --remove talk
update-inetd --remove ntalk
update-inetd --remove ftp
update-inetd --remove discard
/etc/init.d/inetd reload
STEP 6
Install and configure quota
apt-get install quota quotatool
Answer the question with no.
open and edit the file /etc/fstab
# /etc/fstab: static file system information.
#
# file system mount point type options dump pass
/dev/sda1 /boot ext2 nosuid,nodev 0 2
/dev/sda2 none swap sw 0 0
/dev/sda3 / ext3 defaults,errors=remount-ro,usrquota,grpquota 0 1
proc /proc proc defaults 0 0
run the following steps:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
STEP 7
Install and configure bind9 the DNS-Server
apt-get install bind9
/etc/init.d/bind9 stop
open and edit the file /etc/default/bind9
OPTIONS="-u bind -t /var/lib/named"
run the following steps:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
open and edit the file /etc/init.d/sysklogd.
But only the line SYSLOGD=""SYSLOGD="-a /var/lib/named/dev/log"
run the following steps:
/etc/init.d/sysklogd restart
/etc/init.d/bind9 start
open and check the file /var/log/syslog for any errors in the last few lines.
STEP 8
Install and configure MySQL
apt-get install mysql-server mysql-client libmysqlclient12-dev
mysqladmin -u root password replacethiswithyourrootmysqlpassword
netstat -tap
Now you should see something like:
tcp 0 0 localhost:mysql *:* LISTEN 3133/mysqld
STEP 9
Install and configure Postfix the mail-server with POP3/IMAP
run the following steps:
apt-get install postfix postfix-tls procmail libsasl2 sasl2-bin libsasl2-modules ipopd-ssl uw-imapd-ssl
Answer the questions in following steps:
yes
pop3 and pop3s
no
imap2/imaps
no
Internet Site
NONE
h12345.serverkompetenz.net
h12345.serverkompetenz.net, localhost.serverkompetenz.net, localhost
no
127.0.0.0/8
0
+
yes
Run the following steps:
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
For secure email-transport run the following steps:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
answer all the questions
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
/etc/init.d/postfix restart
mkdir -p /var/spool/postfix/var/run/saslauthd
open and edit the file /etc/default/saslauthd that it looks like this:# This needs to be uncommented before saslauthd will be run automatically
START=yes
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
MECHANISMS="pam"
open file /etc/init.d/saslauthd and edit the PIDFILE-Entry that it looks like this:PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"
Run the following step:
/etc/init.d/saslauthd start
Create the new file /etc/c-client.cf with following content:
I accept the risk
set disable-plaintext 0
Run the following few steps:
/etc/init.d/inetd restart
telnet localhost 25
quit
If you can see the lines
250-STARTTLS
250-AUTH LOGIN PLAIN
everything is fine.
STEP 10
Install and configure Courier for Maildir-support
Run the following step:
apt-get install courier-imap courier-imap-ssl courier-pop courier-pop-ssl
Answer the questions in following steps:
no
Maildir (ok)
OK
Run the following steps:
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart
Don´t forget to enable the Maildir-Support in ISPConfig-Menu !