The Perfect Server - Fedora 13 x86_64 [ISPConfig 3] - Page 4
10 Install Dovecot
Dovecot can be installed as follows:
yum install dovecot dovecot-mysql
rm -fr /usr/lib/dovecot/
ln -s /usr/lib64/dovecot/ /usr/lib/dovecot
Now we create the system startup links for Dovecot:
chkconfig --levels 235 dovecot on
11 Install Postfix
Postfix can be installed as follows:
yum install postfix
Then turn off Sendmail and start Postfix and MySQL:
chkconfig --levels 235 mysqld on
chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
12 Install Getmail
Getmail can be installed as follows:
yum install getmail
13 Set MySQL Passwords And Configure phpMyAdmin
Set passwords for the MySQL root account:
[root@server1 ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): <-- ENTER
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] <-- ENTER
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
Remove anonymous users? [Y/n] <-- ENTER
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] <-- ENTER
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] <-- ENTER
- Dropping test database...
- Removing privileges on test database...
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] <-- ENTER
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory /usr/share/phpMyAdmin/> stanza):
# phpMyAdmin - Web based MySQL browser written in php # # Allows only localhost by default # # But allowing phpMyAdmin to anyone other than localhost should be considered # dangerous unless properly secured by SSL Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin #<Directory /usr/share/phpMyAdmin/> # order deny,allow # deny from all # allow from 127.0.0.1 # allow from ::1 #</Directory> # This directory does not require access over HTTP - taken from the original # phpMyAdmin upstream tarball # <Directory /usr/share/phpMyAdmin/libraries> Order Deny,Allow Deny from All Allow from None </Directory> # This configuration prevents mod_security at phpMyAdmin directories from # filtering SQL etc. This may break your mod_security implementation. # #<IfModule mod_security.c> # <Directory /usr/share/phpMyAdmin> # SecRuleInheritance Off # </Directory> #</IfModule>
Then we create the system startup links for Apache and start it:
chkconfig --levels 235 httpd on
Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.
14 Install Amavisd-new, SpamAssassin And ClamAV
To install amavisd-new, spamassassin and clamav, run the following command:
yum install amavisd-new spamassassin clamav clamav-data clamav-server clamav-update unzip bzip2 perl-DBD-mysql
When we installed ClamAV, a cron job got installed that tries to update the ClamAV virus database every three hours. But this works only if we enable it in /etc/sysconfig/freshclam and /etc/freshclam.conf:
Comment out the FRESHCLAM_DELAY line at the end:
## When changing the periodicity of freshclam runs in the crontab, ## this value must be adjusted also. Its value is the timespan between ## two subsequent freshclam runs in minutes. E.g. for the default ## ## | 0 */3 * * * ... ## ## crontab line, the value is 180 (minutes). # FRESHCLAM_MOD= ## A predefined value for the delay in seconds. By default, the value is ## calculated by the 'hostid' program. This predefined value guarantees ## constant timespans of 3 hours between two subsequent freshclam runs. ## ## This option accepts two special values: ## 'disabled-warn' ... disables the automatic freshclam update and ## gives out a warning ## 'disabled' ... disables the automatic freshclam silently # FRESHCLAM_DELAY= ### !!!!! REMOVE ME !!!!!! ### REMOVE ME: By default, the freshclam update is disabled to avoid ### REMOVE ME: network access without prior activation #FRESHCLAM_DELAY=disabled-warn # REMOVE ME
Comment out the Example line:
[...] # Comment or remove the line below. #Example [...]
Then we start freshclam, amavisd, and clamd...
chkconfig --levels 235 amavisd on
chkconfig --levels 235 clamd.amavisd on
If /etc/init.d/amavisd start gives you the following error...
[root@server1 ~]# /etc/init.d/amavisd start
Starting amavisd: Problem in Amavis::DB or Amavis::DB::SNMP code:
BerkeleyDB needs compatible versions of libdb & db.h
you have db.h version 4.8.26 and libdb version 4.8.30
Compilation failed in require at (eval 82) line 19.
BEGIN failed--compilation aborted at (eval 82) line 19.
... you must downgrade db4:
yum downgrade db4*
Then try to start amavisd again:
Finally change the ownership of some directories:
chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
rm -f /var/spool/amavisd/clamd.sock
mkdir /var/run/clamav.amavisd /var/run/clamd.amavisd
chown amavis /var/run/clamav.amavisd
chown amavis /var/run/clamd.amavisd
ln -sf /var/spool/amavisd/clamd.sock /var/run/clamav.amavisd/clamd.sock
ln -sf /var/spool/amavisd/clamd.sock /var/run/clamd.amavisd/clamd.sock