Set Up Ubuntu-Server 6.06 LTS As A Firewall/Gateway For Your Small Business Environment - Page 7

Want to support HowtoForge? Become a subscriber!
 
Submitted by tycho (Contact Author) (Forums) on Wed, 2006-12-06 16:18. ::

Now configure sasl authentication.

mkdir -p /var/spool/postfix/var/run/saslauthd

Now we have to edit /etc/default/saslauthd. It should look like this:

# This needs to be uncommented before saslauthd will be run automatically
START=yes
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
MECHANISMS="pam"
Next edit /etc/init.d/saslauthd and change the location of saslauthd's PID file. Change the value of PIDFILE to /var/spool/postfix/var/run/${NAME}/saslauthd.pid, so that it reads:
PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"

Now populate your system with real users. Set the users shell to /bin/false to avoid security holes.

Next fill /etc/postfix/virtual as you like. I love Webmin for this. You can edit it directly too, of course. However, webmin does a great job.

Gotcha!: "some.domain" etc. can not equal to anything mentioned in the "mydestination" line in

/etc/postfix/main.cf

My /etc/postfix/virtual has the following structure:

some.domain	virtual domain
some.other.domain	virtual domain
some.really.other.domain	virtual domain
user@some.domain		user
otheruser@some.domain	otheruser
user@some.other.domain	user
otheruser@some.other.domain	otheruser
somealias@some.other.domain	user
info@some.other.domain	someoneidontlike
info@some.domain	someoneidontlike otheruser@foo.bar
differentuser@some.domain	differentuser	differentusers@home.addres	someoneidontlike
@some.really.other.domain		someonidontlike		someoneidontlikes@home.address
and so on. So I only have to set an alias for root and postmaster in /etc/aliases All other aliases should be in this file. Forwarding and delivering mail to multiple addresses and so fort can (and should, I believe) be set in this file too.

Note that in this kind of setup your users can have as many aliases as they like (untill you get sick of them), but for each user you still have to add a real user, with a home directory.

Don't forget to do

postmap /etc/postfix/virtual

when you are done.

Now we want some rules for spamassassin to do a better job.

First edit /etc/MailScanner/spam.assassin.prefs.conf.

Comment out dcc_path /usr/bin/dccproc. Also comment out razor_timeout 10 and
score RCVD_IN_RSL 0.

Next do:

cd ..

wget http://www.fsl.com/support/Rules_Du_Jour.tar.gz

tar -zxvf Rules_Du_Jour.tar.gz

cd rules_du_jour

mkdir /etc/rulesdujour

cp config /etc/rulesdujour/config

cp rules_du_jour /usr/bin

cp rules_du_jour_wrapper /etc/cron.daily

/etc/cron.daily/rules_du_jour_wrapper

Next we configure the DHCP server.

Edit /etc/dhcp3/dhcpd.conf. Mine now looks like this:

# Local Network
subnet 192.168.1.0 netmask 255.255.255.0 {
	option netbios-name-servers 192.168.1.1;
	option domain-name-servers 192.168.1.1;
	option domain-name "your.domain.here";
	option broadcast-address 192.168.1.255;
	option routers 192.168.1.1;
	range 192.168.1.100 192.168.1.130;
	}

Edit /etc/default/dhcp3-server. It should read

INTERFACES=eth1

Next do:

/etc/init.d/dhcp3-server start

Next install dcc from source

cd /root

wget http://www.dcc-servers.net/dcc/source/dcc.tar.Z

gunzip dcc.tar.Z

tar -xvf dcc.tar

cd dcc*

./configure

make

make install

shutdown -r now

and wait until it is up again.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.