The Perfect Server - Fedora 10 - Page 4
On this page
10 MySQL (5.0)
To install MySQL, we do this:
yum install mysql mysql-devel mysql-server
Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
Now check that networking is enabled. Run
netstat -tap | grep mysql
It should show something like this:
[root@server1 ~]# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 2407/mysqld
[root@server1 ~]#
If it does not, edit /etc/my.cnf and comment out the option skip-networking:
vi /etc/my.cnf
[...] #skip-networking [...] |
and restart your MySQL server:
/etc/init.d/mysqld restart
Run
mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
to set a password for the user root (otherwise anybody can access your MySQL database!).
If the last command throws an error at you...
[root@server1 named]# mysqladmin -h server1.example.com -u root password yourrootsqlpassword
mysqladmin: connect to server at 'server1.example.com' failed
error: 'Access denied for user 'root'@'localhost' (using password: NO)'
[root@server1 named]#
... we can set the password as follows: connect to MySQL:
mysql -u root -p
Type in the password for the MySQL root user. Then, on the MySQL shell, do this:
mysql> USE mysql;
mysql> UPDATE user SET Password = password('yourrootsqlpassword') WHERE Host = 'server1.example.com' AND User = 'root';
mysql> UPDATE user SET Password = password('yourrootsqlpassword') WHERE Host = '127.0.0.1' AND User = 'root';
Run
mysql> SELECT * FROM user;
to make sure that all rows where the user is root have a password.
If everything is looking ok, run
mysql> FLUSH PRIVILEGES;
... and leave the MySQL shell:
mysql> quit;
11 Postfix With SMTP-AUTH And TLS
Now we install Postfix and Dovecot (Dovecot will be our POP3/IMAP server):
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot
Now we configure SMTP-AUTH and TLS:
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'mynetworks = 127.0.0.0/8'
We must edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins (on 64bit systems, this file is in /usr/lib64/sasl2/smtpd.conf). It should look like this:
vi /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd mech_list: plain login |
Afterwards we create the certificates for TLS:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Next we configure Postfix for TLS:
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
Then we set the hostname in our Postfix installation (make sure you replace server1.example.com with your own hostname):
postconf -e 'myhostname = server1.example.com'
After these configuration steps you should now have a /etc/postfix/main.cf that looks like this (I have removed all comments from it):
cat /etc/postfix/main.cf
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.5.5/samples readme_directory = /usr/share/doc/postfix-2.5.5/README_FILES inet_protocols = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination mynetworks = 127.0.0.0/8 smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom myhostname = server1.example.com |
Now start Postfix, saslauthd, and Dovecot:
chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
chkconfig --levels 235 dovecot on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
/etc/init.d/dovecot start
To see if SMTP-AUTH and TLS work properly now run the following command:
telnet localhost 25
After you have established the connection to your Postfix mail server type
ehlo localhost
If you see the lines
250-STARTTLS
and
250-AUTH PLAIN LOGIN
everything is fine.
[root@server1 ssl]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server1.example.com ESMTP Postfix
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@server1 ssl]#
Type
quit
to return to the system's shell.
11.1 Maildir
Dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please make sure you enable Maildir under Management -> Server -> Settings -> Email. ISPConfig will then do the necessary configuration.
If you do not want to install ISPConfig, then you must configure Postfix to deliver emails to a user's Maildir (you can also do this if you use ISPConfig - it doesn't hurt ;-)):
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart