The Perfect Server - Fedora 14 x86_64 [ISPConfig 3] - Page 4
10 Install Dovecot
Fedora 14 comes with Dovecot 2.0.x packages, but unfortunately ISPConfig 3 supports only Dovecot 1.2.x. Therefore we must remove the existing Dovecot and install Dovecot 1.2.x packages (from ATrpms):
yum remove dovecot dovecot-mysql
At the time of this writing, there were not Dovecot 1.2.x packages for Fedora 14 available from ATrpms, but we can use the ones for Fedora 13. Go to http://packages.atrpms.net/dist/f13/dovecot-1.2.x/ and pick the dovecot-1.2.x rpm package for your architecture (x86_64 or i686) and install it as follows:
rpm -ivh http://dl.atrpms.net/all/dovecot-1.2.15-1_113.fc13.x86_64.rpm
(The URL can change because the ATrpms project updates packages quite frequently, so make sure you visit http://packages.atrpms.net/dist/f13/dovecot-1.2.x/ and pick the current dovecot-1.2.x rpm package.)
Now do the same with the dovecot-sieve package. Go to http://packages.atrpms.net/dist/f13/dovecot-sieve/ and pick the right dovecot-sieve rpm package for your architecture (x86_64 or i686) and install it as follows:
rpm -ivh http://dl.atrpms.net/all/dovecot-sieve-0.1.18-6.fc13.x86_64.rpm
(Again, the URL can change, so make sure you visit http://packages.atrpms.net/dist/f13/dovecot-sieve/ and pick the current dovecot-sieve rpm package.)
Next run
rm -fr /usr/lib/dovecot/
ln -s /usr/lib64/dovecot/ /usr/lib/dovecot
Finally we create the system startup links for Dovecot:
chkconfig --levels 235 dovecot on
/etc/init.d/dovecot start
11 Install Postfix
Postfix can be installed as follows:
yum install postfix
Then turn off Sendmail and start Postfix and MySQL:
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
12 Install Getmail
Getmail can be installed as follows:
yum install getmail
13 Set MySQL Passwords And Configure phpMyAdmin
Set passwords for the MySQL root account:
mysql_secure_installation
[root@server1 ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): <-- ENTER
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] <-- ENTER
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] <-- ENTER
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] <-- ENTER
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] <-- ENTER
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] <-- ENTER
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
[root@server1 ~]#
Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory /usr/share/phpMyAdmin/> stanza):
vi /etc/httpd/conf.d/phpMyAdmin.conf
# phpMyAdmin - Web based MySQL browser written in php # # Allows only localhost by default # # But allowing phpMyAdmin to anyone other than localhost should be considered # dangerous unless properly secured by SSL Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin #<Directory /usr/share/phpMyAdmin/> # Order Deny,Allow # Deny from All # Allow from 127.0.0.1 # Allow from ::1 #</Directory> <Directory /usr/share/phpMyAdmin/setup/> Order Deny,Allow Deny from All Allow from 127.0.0.1 Allow from ::1 </Directory> # These directories do not require access over HTTP - taken from the original # phpMyAdmin upstream tarball # <Directory /usr/share/phpMyAdmin/libraries/> Order Deny,Allow Deny from All Allow from None </Directory> <Directory /usr/share/phpMyAdmin/setup/lib/> Order Deny,Allow Deny from All Allow from None </Directory> # This configuration prevents mod_security at phpMyAdmin directories from # filtering SQL etc. This may break your mod_security implementation. # #<IfModule mod_security.c> # <Directory /usr/share/phpMyAdmin/> # SecRuleInheritance Off # </Directory> #</IfModule> |
Then we create the system startup links for Apache and start it:
chkconfig --levels 235 httpd on
/etc/init.d/httpd start
Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.
14 Install Amavisd-new, SpamAssassin And ClamAV
To install amavisd-new, spamassassin and clamav, run the following command:
yum install amavisd-new spamassassin clamav clamav-data clamav-server clamav-update unzip bzip2 perl-DBD-mysql
When we installed ClamAV, a cron job got installed that tries to update the ClamAV virus database every three hours. But this works only if we enable it in /etc/sysconfig/freshclam and /etc/freshclam.conf:
vi /etc/sysconfig/freshclam
Comment out the FRESHCLAM_DELAY line at the end:
## When changing the periodicity of freshclam runs in the crontab, ## this value must be adjusted also. Its value is the timespan between ## two subsequent freshclam runs in minutes. E.g. for the default ## ## | 0 */3 * * * ... ## ## crontab line, the value is 180 (minutes). # FRESHCLAM_MOD= ## A predefined value for the delay in seconds. By default, the value is ## calculated by the 'hostid' program. This predefined value guarantees ## constant timespans of 3 hours between two subsequent freshclam runs. ## ## This option accepts two special values: ## 'disabled-warn' ... disables the automatic freshclam update and ## gives out a warning ## 'disabled' ... disables the automatic freshclam silently # FRESHCLAM_DELAY= ### !!!!! REMOVE ME !!!!!! ### REMOVE ME: By default, the freshclam update is disabled to avoid ### REMOVE ME: network access without prior activation #FRESHCLAM_DELAY=disabled-warn # REMOVE ME |
vi /etc/freshclam.conf
Comment out the Example line:
[...] # Comment or remove the line below. #Example [...] |
Then we start freshclam, amavisd, and clamd...
sa-update
chkconfig --levels 235 amavisd on
chkconfig --levels 235 clamd.amavisd on
/usr/bin/freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd.amavisd start
Next do this:
rm -f /var/spool/amavisd/clamd.sock
mkdir /var/run/clamav.amavisd /var/run/clamd.amavisd
chown amavis /var/run/clamav.amavisd
chown amavis /var/run/clamd.amavisd
ln -sf /var/spool/amavisd/clamd.sock /var/run/clamav.amavisd/clamd.sock
ln -sf /var/spool/amavisd/clamd.sock /var/run/clamd.amavisd/clamd.sock
/etc/init.d/clamd.amavisd restart