The Perfect Setup - Debian Woody (3.0) - Page 5
MySQL
apt-get install mysql-server mysql-client libmysqlclient10-dev
<- No
<- Yes
mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
In /etc/mysql/my.cnf comment out the following line:
skip-networking
It should now look similar to this:
# You can copy this to one of: |
Restart MySQL:
/etc/init.d/mysql restart
so that MySQL is accessible on port 3306 (you can check that with netstat -tap).
Postfix/Qpopper
addgroup sasl
apt-get install postfix-tls qpopper sasl-bin libsasl-modules-plain libsasl2 libsasl-gssapi-mit libsasl-digestmd5-des sasl2-bin libsasl2-modules (1 line!)
<- Kerberos: accept default value (I don't want to use Kerberos so I don't really care about it)
<- Internetsite
<- Domainname
<- No
<- accept default values
<- Kerberos: accept default value
<- NONE
cd /etc/init.d/
wget http://hanselan.de/postfix/pwcheck
In case you cannot access http://hanselan.de/postfix/pwcheck here's the pwcheck script:
#! /bin/sh |
chmod 755 /etc/init.d/pwcheck
update-rc.d pwcheck defaults
mkdir -p /var/spool/postfix/var/run/pwcheck
chown postfix.root /var/spool/postfix/var/run/pwcheck/
chmod 700 /var/spool/postfix/var/run/pwcheck/
ln -s /var/spool/postfix/var/run/pwcheck /var/run/pwcheck
postconf -e 'smtpd_sasl_local_domain = $myhostname'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: pwcheck' >> /etc/postfix/sasl/smtpd.conf
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
The file /etc/postfix/main.cf should now look like this:
# see /usr/share/postfix/main.cf.dist for a commented, fuller |
/etc/init.d/pwcheck start
/etc/init.d/postfix restart
To see if SMTP-AUTH and TLS work properly now run the following command:
telnet localhost 25
After you have established the connection to your postfix mail server type
ehlo localhost
If you see the lines
250-STARTTLS
and
250-AUTH
everything is fine.
Type
quit
to return to the system's shell.
Courier-IMAP/Courier-POP3
If you want to use a POP3/IMAP daemon that has Maildir support (if you do not want to use the traditional Unix mailbox format) you can install Courier-IMAP and Courier-POP3. Otherwise you can proceed with the Apache configuration.
apt-get install courier-imap courier-pop
qpopper and UW-IMAP will then be replaced.
Then configure Postfix to deliver emails to a user's Maildir*:
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart
*Please note: You do not have to do this if you intend to use ISPConfig on your system as ISPConfig does the necessary configuration using procmail recipes. But please go sure to enable Maildir under Management -> Settings -> EMail in the ISPConfig web interface.