The Perfect Server - Mandriva 2009.0 Free (x86_64) - Page 5

10 MySQL (5.0)

To install MySQL 5.0, we simply run:

urpmi MySQL MySQL-client lib64mysql15-devel

By default, networking is not enabled in Mandriva 2009.0's MySQL package, but networking is required by ISPConfig. We can change this by commenting out the line skip-networking in /etc/my.cnf.

vi /etc/my.cnf

[...]
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
#skip-networking
[...]

Afterwards, we create the system startup links for MySQL...

chkconfig mysqld on

... and start it:

/etc/init.d/mysqld start

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

[root@server1 var]# netstat -tap | grep mysql
tcp        0      0 *:mysql-im                  *:*                         LISTEN      3181/mysqlmanager
tcp        0      0 *:mysql                     *:*                         LISTEN      3190/mysqld
[root@server1 var]#

Next, run

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).

 

11 Postfix With SMTP-AUTH And TLS; Dovecot

Install the required packages (Postfix, cyrus-sasl, Dovecot, etc.) like this:

urpmi cyrus-sasl lib64sasl2 lib64sasl2-devel lib64sasl2-plug-plain lib64sasl2-plug-anonymous lib64sasl2-plug-crammd5 lib64sasl2-plug-digestmd5 lib64sasl2-plug-gssapi lib64sasl2-plug-login postfix dovecot

Then run:

postconf -e 'mydestination = /etc/postfix/local-host-names, localhost.$mydomain'
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'mynetworks = 127.0.0.0/8'
touch /etc/postfix/local-host-names

Then we set the hostname in our Postfix installation (make sure you replace server1 and example.com with your own settings):

postconf -e 'mydomain = example.com'
postconf -e 'myhostname = server1.$mydomain'

Edit /etc/sasl2/smtpd.conf. It should look like this:

vi /etc/sasl2/smtpd.conf

# SASL library configuration file for postfix
# all parameters are documented into:
# /usr/share/doc/cyrus-sasl/options.html
# The mech_list parameters list the sasl mechanisms to use,
# default being all mechs found.
mech_list:         plain login
# To authenticate using the separate saslauthd daemon, (e.g. for
# system or ldap users). Also see /etc/sysconfig/saslauthd.
pwcheck_method:    saslauthd
saslauthd_path:    /var/lib/sasl2/mux
# To authenticate against users stored in sasldb.
#pwcheck_method:    auxprop
#auxprop_plugin:    sasldb
#sasldb_path:       /var/lib/sasl2/sasl.db

The default authentication mechanism for saslauthd is pam, however on Mandriva 2009.0 there seems to be a bug. When you send an email, the first one goes through, and as soon as you try to send a second email, saslauthd dies. You can find messages like this one in /var/log/messages:

Oct  9 17:53:42 server1 saslauthd[4460]: server_exit     : master exited: 4460

I've found the following workaround: open /etc/sysconfig/saslauthd...

vi /etc/sysconfig/saslauthd

... and change SASL_AUTHMECH from pam to shadow:

# $Id: saslauthd.sysconfig,v 1.1 2001/05/02 10:55:48 wiget Exp $
# Authentications mechanism (for list see saslauthd -v)
SASL_AUTHMECH=shadow
# Hostname for remote IMAP server (if rimap auth mech is used)
# Ldap configuration file (if ldap auth mech is used)
SASL_MECH_OPTIONS=
# Extra options (for list see saslauthd -h)
SASLAUTHD_OPTS=

Create the SSL certificate needed for TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

... and configure Postfix for TLS:

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

Next we must configure Dovecot to serve the protocols imap, imaps, pop3, and pop3s. Open /etc/dovecot.conf and adjust the following values:

vi /etc/dovecot.conf

[...]
# Protocols we want to be serving: imap imaps pop3 pop3s
# If you only want to use dovecot-auth, you can set this to "none".
protocols = imap imaps pop3 pop3s
[...]
disable_plaintext_auth = no
[...]
  pop3_uidl_format = %08Xu%08Xv
[...]

Now we must tell the system to start Dovecot only after ntpd has started because Dovecot isn't very forgiving if your system's time moves backwards while Dovecot is running (see http://wiki.dovecot.org/TimeMovedBackwards). This might cause errors like the following in your syslog:

Apr 9 19:29:18 server1 dovecot: Time just moved backwards by 17 seconds. This might cause a lot of problems, so I'll just kill myself now. http://wiki.dovecot.org/TimeMovedBackwards

Unfortunately, on Mandriva Dovecot is started before ntpd, so we change it like this:

cd /etc/rc3.d
mv S99ntpd S98ntpd
mv S54dovecot S99dovecot
cd /etc/rc4.d
mv S99ntpd S98ntpd
mv S54dovecot S99dovecot
cd /etc/rc5.d
mv S99ntpd S98ntpd
mv S54dovecot S99dovecot

Then we create the system startup links for Postfix...

chkconfig postfix on

... and (re)start Postfix, saslauthd, and Dovecot:

/etc/init.d/postfix restart
/etc/init.d/saslauthd restart
/etc/init.d/dovecot restart

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your Postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH PLAIN LOGIN

everything is fine:

[root@server1 rc5.d]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 server1.example.com ESMTP Postfix (2.5.5) (Mandriva Linux)
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@server1 rc5.d]#

Type

quit

to return to the system's shell.

 

11.1 Maildir

Dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please make sure you enable Maildir under Management -> Server -> Settings -> Email. ISPConfig will then do the necessary configuration.

If you do not want to install ISPConfig, then you must configure Postfix to deliver emails to a user's Maildir (you can also do this if you use ISPConfig - it doesn't hurt ;-)):

postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart

Share this page:

3 Comment(s)

Add comment

Comments

From: Buchan Milne at: 2008-10-21 06:51:05

1)For a server install, the dual arch mini CD may be better (less to download, more of which you will use).

 2)I would recommend using LVM (available in the partitioning tool in the installer.

 3)You could add the network media during installation, instead of afterwards. The installer will get a list of mirrors for you.

4)Mandriva does not use /etc/hostname, but rather the HOSTNAME setting in /etc/sysconfig/network.

 5)Easyurpmi is no longer a necessity, you can use 'urpmi.addmedia --distrib --mirrorlist'.

6)Why not use 'urpmq --list-media' to list the installation media? Also, you could remove the installation media first (with 'urpmi.removemedia -a'), then add the network media. Much easier.

7)Updating can be done with one command, 'urpmi --auto-update'.

8)lib64sasl2-devel should not be required

9)To get ntpd to start before dovecot, you need to let the dependency-based init know that, so you should add ntpd to the Should-Start LSB tag in the dovecot init script. You could consider filing a bug on this (against the dovecot package).

10)You could consider installing the task-lamp package instead of all the separate packages. Or, I need to get around to packaging ISPConfig (though I don't like the architecture entirely).

11)"Mandriva 2009.0 doesn't come with a Webalizer package anymore, therefore we build the Webalizer binary like this" is not entirely correct. Mandriva has switched to a fork of webalizer, called awffull. 'urpmi webalizer' would have pulled it in for you:

 # urpmi webalizer
To satisfy dependencies, the following packages are going to be installed:
   Package                        Version      Release       Arch
(medium "Contrib (telkomsa-11)")
  awffull                        3.8.2        4mdv2009.0    x86_64
  geoip                          1.4.4        3mdv2009.0    x86_64
  lib64geoip1                    1.4.4        3mdv2009.0    x86_64
  lib64geoipupdate0              1.4.4        3mdv2009.0    x86_64
2.4MB of additional disk space will be used.
893KB of packages will be retrieved.
Proceed with the installation of the 4 packages? (Y/n)

 

From: admin at: 2008-11-01 23:25:19

You can simply send an email to a new email account, and the Maildir gets created automatically. :-)

From: Per Crusefalk at: 2008-11-01 23:00:19

Thank you for an interesting article!

I followed this howto but had trouble with maildir, postfix would not create the maildir and apparently it should not do so either (it does not create ~/Maildir).

To get maildir (and email) working I:

mkdir ~user/Maildir
mkdir ~user/Maildir/new ~user/Maildir/tmp  ~user/Maildir/cur
chown -R user:mail ~user/Maildir
chmod -R 770 ~user/Maildir

You could use maildirmake instead ("urpmi maildrop" to get that).