The Perfect Server - Debian Lenny (Debian 5.0) With MyDNS & Courier [ISPConfig 3] - Page 3

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Tue, 2009-02-24 18:41. ::

4 Install The SSH Server

Debian Lenny does not install OpenSSH by default, therefore we do it now. Run

apt-get install ssh openssh-server

From now on you can use an SSH client such as PuTTY and connect from your workstation to your Debian Lenny server and follow the remaining steps from this tutorial.

 

5 Install vim-nox (Optional)

I'll use vi as my text editor in this tutorial. The default vi program has some strange behaviour on Debian and Ubuntu; to fix this, we install vim-nox:

apt-get install vim-nox

(You don't have to do this if you use a different text editor such as joe or nano.)

 

6 Configure The Network

Because the Debian Lenny installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100) (please note that I replace allow-hotplug eth0 with auto eth0; otherwise restarting the network doesn't work, and we'd have to reboot the whole system):

vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
        address 192.168.0.100
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1

Then restart your network:

/etc/init.d/networking restart

Then edit /etc/hosts. Make it look like this:

vi /etc/hosts

127.0.0.1       localhost.localdomain   localhost
192.168.0.100   server1.example.com     server1
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Now run

echo server1.example.com > /etc/hostname
/etc/init.d/hostname.sh start

Afterwards, run

hostname
hostname -f

It is important that both show server1.example.com now!

 

7 Update Your Debian Installation

First make sure that your /etc/apt/sources.list contains the debian-volatile repository (this makes sure you always get the newest updates for the ClamAV virus scanner - this project publishes releases very often, and sometimes old versions stop working).

vi /etc/apt/sources.list

[...]
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free

Run

apt-get update

to update the apt package database and

apt-get upgrade

to install the latest updates (if there are any).

 

8 Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run

apt-get install ntp ntpdate

and your system time will always be in sync.

 

9 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils

We can install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, and binutils with a single command:

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils sudo

You will be asked the following questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
SSL certificate required <-- Ok

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      6612/mysqld
server1:~#

During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server1.example.com in this tutorial), delete the certificates...

cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem

... and modify the following two files; replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary):

vi /etc/courier/imapd.cnf

[...]
CN=server1.example.com
[...]

vi /etc/courier/pop3d.cnf

[...]
CN=server1.example.com
[...]

Then recreate the certificates...

mkimapdcert
mkpop3dcert

... and restart Courier-IMAP-SSL and Courier-POP3-SSL:

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Fri, 2011-01-14 01:18.
Hello guys, I really need some help now. The tutorial here is really good to follow but i did s.th. wrong in the installation routine. In the step, where u choose to negate the question "Create directories for web-based administration?", I clicked on yes. I remove the packages in this step several time and reinstalled them, but i didnt get the window again to ask me this sentence. How can i change the option I've made? To "No".
Submitted by Anonymous (not registered) on Thu, 2010-11-18 02:03.

Thank you so much!

 A few blips here and there - but it is finally working :)

 

Submitted by Miguelp (not registered) on Sun, 2010-09-19 23:39.

I've followed this tutorial, and overall it's Ok i've got allmost everything working fine, exept for email.

I can see the squirrelmail login page when i do www.domain.tld/webmail, i'm able to login using the accounts i create inside ispconfig.

What's missing, i cannot get nor send messages to any email.

I've tryed to send an email from a gmail account to one of the new emails created, and it fails sending, i cannot recieve, tryed the other way around, send an email from the new email to a gmail account it dosent get there, so at the moment i cant send nor recieve emails.

How do i fix this? i'm a newbie, configuring servers.

 

Thanks in advance.

Submitted by suzeFan (not registered) on Wed, 2010-03-03 21:49.

If you want to use a commercial WebHosts SMTP for EMail-Routing, you will need authentification . Here is a really good tutorial how to perform this: http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailservers.html
Works great for me (as well as this tutorial here 8-)).
Hint to falko: Could be added here as well ;-)
Only thing I miss now in ISPConfig is a way to direct certain SMTP for certain mail accounts.
 
 

Submitted by husskii (registered user) on Fri, 2010-01-08 11:26.

After completing step 9, it shows this warning

[quote]To enable saslauthd, edit /etc/default/saslauthd and set START=yes (warning).[/quote]

 

its used to auto start saslauthd at system startup...

 

 

Submitted by matey (registered user) on Fri, 2009-08-21 17:32.

I noticed some people have problems connecting to Internet (for instance) .If you do do this:
ifconfig -a

and see if your eth0 has an IP address.

If you are getting your IP from DHCP you can run dhclient or dhclient3 

to get a new IP address.

If your eth0 does NOT exist do;

tunctl -t tun0

to create a vpn type virtual NIC then give it an address by;

ifconfig tun0 inet 192.168.1.10 netmask 255.255.255.0 mtu 1500 up

(dont put a dot after last 0)  .

Now of course (I used 1) but if your DHCP is set to give addresses at 192.168.0.X then use  0 .X

LOOK AT THE REPLY where they tell you to edit your /etc/apt/sources.lst to correct the errors in apt-get ????

Don't blame the instructions for the problems that may pre exist or arise please.

 

In any case if you do not have an eth0 or eth1 and you did before you may need to reboot

if the problem persists then go back and undo changes to your /etc/network/interfaces file

 

all it was (it used to be like this):

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp


That is it!

re-run networking or reboot.

I am a noob but I enjoy  learning new things. it is not "the end of the world as we know it".

lol

:D
just be cool relax and enjoy!
:)

 

Thanks to Falko\

Submitted by Schnacki (registered user) on Thu, 2009-07-30 13:10.

The tutorial doesn't change the postfix SSL-key. The default-one is useless, though.

The same author also did this tutorial (german):  http://www.howtoforge.de/howto/virtuelle-benutzer-und-domains-mit-postfix-courier-mysql-und-squirrelmail-ubuntu-804-lts/

There you find this commands to create a new one:

cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509

Country Name (2 letter code) [AU]: <-- Enter your country (z.B. “DE”).
State or Province Name (full name) [Some-State]: <-- Enter your state.
Locality Name (eg, city) []: <-- Enter your city.
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- e.g. name of your company.
Organizational Unit Name (eg, section) []: <-- e.g. department name.
Common Name (eg, YOUR name) []: <-- Fully Qualified Domain Name of your server (e.g. “server1.example.com”).
Email Address []: <-- your email address.

Change privileges of smtpd.key:

chmod o= /etc/postfix/smtpd.key

Submitted by heymrdj (registered user) on Mon, 2010-06-21 20:42.
When he says to change the CN on the section for pop and smtp, he said you can change information there as well. If you look in the file, all the information that was supposed to be changed by his last guide's commands is right there, an if you change all that, then when you follow through with the mkimapdcert and mkpop3dcert commands all that will be handled.
Submitted by mixed (registered user) on Wed, 2009-07-08 14:30.

I am concerned that you say to open up mysql for queries from anywhere on the 'net without the blink of an eye.

This creates a pretty significant security vulnerability it seems to me, and why?  There is no explanation for why other hosts should be able to query mysql.

Submitted by triple5 (not registered) on Sat, 2010-09-11 07:02.
It is true, I also think that this should not be said without telling, why you would do that. He probably opened mysql to other hosts, in order to provide for the possibillity of a multiserver setup with dedicated hosts for mysql etc. I would also enable mysql only for localhost...
Submitted by Dannyboyd (not registered) on Wed, 2009-06-17 21:01.

THANKS to Falko and how to forge -

Its very a great guide - I have taken advantage of your guides and learned Linux the past 2-3 years. I have been working with windows servers , so this is really a great help to build a good Linux server. 

And thoose who still cant make it anyway should never work with servers - so its really a good question why you try and why you complain - Its very close to a step by step guide and if someone dont understand - "Try also to use google and your brain" - and instead of complaining you could make your own guide if you can do better.

So its a good guide and its for free - 

I have learned Linux from reading the guides from Falkotimme and others and now I have my own server hosting homepages for my customers....

I have some danish friends who have also giving me advice online - but Falko is my Guru.
Whenever I install a new Linux I will start with a guide from how to forge- use google  and my own notes.

I have been trying to find an good control panel - I tried Gnupanel , Cpanel and others - but they are awfull and have messed up my server. I thin maybe I would like to buy one control panel for debian that is working well and one simple.

So if someone can recommend a good control panel my server will become a complete webhotel , or just close. I am satisfied with this help i get here.

..Dennis ,,(dannyboyd)  

Submitted by Croydon (not registered) on Fri, 2009-05-15 11:35.

Just to be sure:

I learned some time ago that you should only put the hostname and not the fqdn into /etc/hostname, so that the command "hostname" shows "server1" and the command "hostname --fqdn" shows "server1.example.com".

So, what is the correct or better solution?

Submitted by Haasfos (not registered) on Thu, 2009-04-23 21:01.

I did this

vi /etc/network/interfaces

Networking is down

Restart with /etc/init.d/networking restart gifs lots of errors  "No such device"  Failed to bring up eth0

When I remove the line "auto eth0" it starts but not working network and internet

Submitted by Anonymous (not registered) on Fri, 2009-04-24 15:43.

See what adapter name you're using instead of eth0:

ifconfig

Submitted by Anonymous (not registered) on Fri, 2009-03-27 20:12.
ERROR: Unable to load SQL-Dump into database table.

Submitted by heil (not registered) on Thu, 2009-03-26 03:14.

Failed to fetch http://ftp2.de.debian.org/debian/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-21_all.deb 404 Not Found Failed to fetch http://ftp2.de.debian.org/debian/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-21_i386.deb 404 Not Found Failed to fetch http://ftp2.de.debian.org/debian/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-21_i386.deb 404 Not Found Failed to fetch http://ftp2.de.debian.org/debian/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-21_i386.deb 404 Not Found Failed to fetch http://ftp2.de.debian.org/debian/pool/main/s/sqlite3/libsqlite3-0_3.5.9-5_i386.deb 404 Not Found Failed to fetch http://ftp2.de.debian.org/debian/pool/main/p/postgresql-8.3/libpq5_8.3.5-1_i386.deb 404 Not Found Failed to fetch http://ftp2.de.debian.org/debian/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-21_all.deb 404 Not Found Failed to fetch http://ftp2.de.debian.org/debian/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-21_all.deb 404 Not Found

 

your tutorial is not perfect and not good

Submitted by tinux (registered user) on Mon, 2009-06-08 17:40.

Hi,

I had the exact same problem, so I changed my /etc/apt/sources.list to: 

#
# deb cdrom:[Debian GNU/Linux 5.0.1 _Lenny_ - Official i386 CD Binary-1 20090413-00:10]/ lenny main

deb cdrom:[Debian GNU/Linux 5.0.1 _Lenny_ - Official i386 CD Binary-1 20090413-00:10]/ lenny main

deb http://security.debian.org/ lenny/updates main
deb-src http://security.debian.org/ lenny/updates main

deb http://volatile.debian.org/debian-volatile lenny/volatile main
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main
deb http://http.us.debian.org/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free

 

And that did it for me, hope it helps... 

Submitted by valter (registered user) on Tue, 2009-04-14 12:00.
The tutorial is perfect, really perfect. If you cannot get it to work, it means you've skipped something or sone something wrong. Besides, try to use your own brain, don't just copy and paste...
Submitted by admin (registered user) on Thu, 2009-03-26 11:05.

Yes, I know, it's always my fault...

Run

apt-get update

and try again.

Submitted by Anonymous (not registered) on Sat, 2009-05-30 00:29.

Hey im really new to this.. I was wondering how you would go about commenting out stuff Im using terminal and I cant seem to edit anything

 

EX

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

 

THANKs

 

Submitted by Anonymous (not registered) on Thu, 2009-08-06 21:36.

please add that ntp must be configured for the right time, 

 --> /etc/ntp.conf

 example:

 server ntps1-0.cs.tu-berlin.de

 server ntps1-1.cs.tu-berlin.de

Submitted by A better pool o... (not registered) on Thu, 2009-12-10 04:52.

server 0.pool.ntp.org

server 1.pool.ntp.org

 

See www.ntp.org for more information on the network time server pool.

 

Submitted by Alinutz (not registered) on Fri, 2010-03-05 09:32.

postfix is instaled only if you have this sources.list

 


deb http://security.debian.org/ lenny/updates main
deb-src http://security.debian.org/ lenny/updates main

deb http://volatile.debian.org/debian-volatile lenny/volatile main
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main
deb http://http.us.debian.org/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free

# official Debian archives
deb http://security.debian.org/ stable/updates main contrib non-free
deb http://http.us.debian.org/debian/ stable main contrib non-free
deb http://http.us.debian.org/debian/ testing main contrib non-free
deb http://http.us.debian.org/debian/ unstable main contrib non-free
#deb-src http://http.us.debian.org/debian/ unstable main contrib non-free

 

then  apt-get update

 

free
then  apt-get upgrade