The Perfect Setup - CentOS 4.3 (64-bit) - Page 5
9 Postfix With SMTP-AUTH And TLS
Now we install Postfix and dovecot (dovecot will be our POP3/IMAP server):
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot
Next we configure SMTP-AUTH and TLS:
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
We must edit /usr/lib64/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins. It should look like this:
vi /usr/lib64/sasl2/smtpd.conf
pwcheck_method: saslauthd |
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
After these configuration steps you should now have a /etc/postfix/main.cf that looks like this (I have removed all comments from it):
vi /etc/postfix/main.cf
queue_directory = /var/spool/postfix |
By default, CentOS' dovecot daemon provides only IMAP and IMAPs services. Because we also want POP3 and POP3s we must configure dovecot to do so. We edit /etc/dovecot.conf and put the line protocols = imap imaps pop3 pop3s into it:
vi /etc/dovecot.conf
[...] |
Now start Postfix, saslauthd, and dovecot:
chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
chkconfig --levels 235 dovecot on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
/etc/init.d/dovecot start
To see if SMTP-AUTH and TLS work properly now run the following command:
telnet localhost 25
After you have established the connection to your Postfix mail server type
ehlo localhost
If you see the lines
250-STARTTLS
and
250-AUTH
everything is fine.
Type
quit
to return to the system's shell.
9.1 Maildir
dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please make sure you enable Maildir under Management -> Server -> Settings -> Email. ISPConfig will then do the necessary configuration.
If you do not want to install ISPConfig, then you must configure Postfix to deliver emails to a user's Maildir:
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart
10 Apache2 With PHP
Now we install Apache with PHP (this is PHP 4.3.9; CentOS does not provide PHP5 packages):
yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel
Then edit /etc/httpd/conf/httpd.conf:
vi /etc/httpd/conf/httpd.conf
and change DirectoryIndex to
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl |
Now configure your system to start Apache at boot time:
chkconfig --levels 235 httpd on
Start Apache:
/etc/init.d/httpd start
10.1 Disable PHP Globally
(If you do not plan to install ISPConfig on this server, please skip this section!)
In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.
To disable PHP globally, we edit /etc/httpd/conf.d/php.conf and comment out the AddType line:
vi /etc/httpd/conf.d/php.conf
# |
Afterwards we restart Apache:
/etc/init.d/httpd restart