The Perfect Server - OpenSUSE 11 - Page 4


In order to install MySQL, we run

yast2 -i mysql mysql-client mysql-shared perl-DBD-mysql perl-DBI perl-Data-ShowTable libmysqlclient-devel

Then we add the system startup links for MySQL and start it:

chkconfig --add mysql
/etc/init.d/mysql start

Now check that networking is enabled. Run

netstat -tap | grep mysql

In the output you should see something like this:

server1:~ # netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      8566/mysqld
server1:~ #

If you don't see a line like this, edit /etc/my.cnf, comment out the option skip-networking:

vi /etc/my.cnf


and restart your MySQL server:

/etc/init.d/mysql restart

To secure the MySQL installation, run:


Now you will be asked several questions:

Change the root password? [Y/n]

Answer with "y" and enter the new root password. Here are the answers that I recommend for the next questions:

Remove anonymous users? [Y/n] y

Disallow root login remotely? [Y/n] y

Remove test database and access to it? [Y/n] y

Reload privilege tables now? [Y/n] y

Now your MySQL setup should be secured.


9 Postfix With SMTP-AUTH And TLS

Now let's install Postfix and Cyrus-SASL:

yast2 -i postfix cyrus-sasl cyrus-sasl-crammd5 cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-otp cyrus-sasl-plain cyrus-sasl-saslauthd procmail

Then we add the system startup links for Postfix and saslauthd and start them:

chkconfig --add postfix
/etc/init.d/postfix start

chkconfig --add saslauthd
/etc/init.d/saslauthd start

Afterwards we create the certificates for TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Next we configure Postfix for SMTP-AUTH and TLS:

postconf -e 'mydomain ='
postconf -e 'myhostname = server1.$mydomain'
postconf -e 'mynetworks ='
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains'
postconf -e 'inet_interfaces = all'
postconf -e 'alias_maps = hash:/etc/aliases'
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

To enable TLS connections in Postfix, edit /etc/postfix/ and uncomment the tlsmgr line so that it looks like this one:

vi /etc/postfix/

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

Now restart Postfix:

/etc/init.d/postfix restart

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your Postfix mail server type

ehlo localhost

If you see the lines




then everything is fine.

On my system the output looks like this:

server1:/etc/postfix/ssl # telnet localhost 25
Connected to localhost.
Escape character is '^]'.
220 ESMTP Postfix
ehlo localhost
250-SIZE 10240000
250 DSN
221 2.0.0 Bye
Connection closed by foreign host.
server1:/etc/postfix/ssl #



to return to the system's shell.


10 Courier-IMAP/Courier-POP3

I want to use a POP3/IMAP daemon that has Maildir support. That's why I use Courier-IMAP and Courier-POP3.

yast2 -i courier-imap fam-server courier-authlib expect tcl

Afterwards we add the system startup links and start POP3, IMAP, POP3s and IMAPs:

chkconfig --add fam
chkconfig --add courier-authdaemon
chkconfig --add courier-pop
chkconfig --add courier-imap
/etc/init.d/courier-pop start
/etc/init.d/courier-imap start
chkconfig --add courier-pop-ssl
chkconfig --add courier-imap-ssl
/etc/init.d/courier-pop-ssl start
/etc/init.d/courier-imap-ssl start

If you do not want to use ISPConfig, configure Postfix to deliver emails to a user's Maildir*:

postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart

*Please note: You do not have to do this if you intend to use ISPConfig on your system as ISPConfig does the necessary configuration using procmail recipes. But please go sure to enable Maildir under Management -> Server -> Settings -> EMail in the ISPConfig web interface.

Share this page:

5 Comment(s)

Add comment


From: dmgrant at: 2009-05-15 05:32:04

The correction Jeff submitted (libdb-devel) did not work for me.  I did notice no installation of "db-devel" on my system so Jeff's statement "db-devel will silently fail to download anything" seems correct.  What I have to offer on my system that sounds like it should fit the bill is called "db43-devel" (Files and Libraries for Berkeley DB Library).

 Just a make a note of it.  I could certainly be wrong.

From: Geoff P at: 2009-05-04 00:23:32

In Step 5: Install Some Software db-devel should be *libdb-devel* (Berkeley DB development tools). Found via Google search with results subsequently inserted into an RPM search.  db-devel will silently fail to download anything.

From: Anonymous at: 2009-11-30 02:14:18

I'm a nOOb so to run yast2 do the following:

1. type "su" (without quotes duh!)

2. type in your password

3. then type "yast2" (booyah!!!)

From: at: 2008-07-08 19:58:48

If you want this to take more time sure use 'yast -i' , but  I highly recommend using 'zypper in'.  So,

yast -i [package] launches the yast package management stuff and then installs the software (zypper in the background)

zypper in [package] just calls zypper and installs the package(s) and in 11.0 this is blazingly fast even with tons of repos (I have about 15)

From: dmgrant at: 2009-05-15 06:27:31

All references on this page to "mod_ruby-1.2.6." should be changed to "mod_ruby-1.3.0." since the older version fails to produce a makefile.

(on my system anyway)