The Perfect Setup - Fedora Core 3 - Page 4

MySQL

apt-get install mysql mysql-devel mysql-server

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

Now check that networking is enabled. Run

netstat -tap

It should show a line like this:

tcp        0      0 *:mysql                 *:*                     LISTEN      6621/mysqld

If it does not, edit /etc/my.cnf, comment out the option skip-networking:

# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
#skip-networking

and restart your MySQL server:

/etc/init.d/mysqld restart

Run

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).

Postfix With SMTP-AUTH And TLS

apt-get install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix imap

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' > /usr/lib/sasl2/smtpd.conf
echo 'mech_list: plain login' >> /usr/lib/sasl2/smtpd.conf

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

Now start Postfix, saslauthd, imap and pop3:

chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
chkconfig imap on
chkconfig imaps on
chkconfig ipop3 on
chkconfig pop3s on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
/etc/init.d/xinetd restart

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH

everything is fine.

Type

quit

to return to the system's shell.

Apache With PHP

apt-get install php php-devel php-domxml php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xmlrpc php-rrdtool curl curl-devel perl-libwww-perl ImageMagick

chkconfig --levels 235 httpd on
/etc/init.d/httpd start

Share this page:

4 Comment(s)

Add comment

Comments

From: at: 2005-08-22 13:42:36

Wonderful guides. I tried the setup guide for Debian. I have a Debian system running apache & ntp. Next step would've been dns then mail server. I previously tried setting up dns on Debian (sarge) myself, following the docs and file comments so I ended up with a chroot'd bind. Didn't work, so I gave up on it. Then ran into your wonderful guides, and tried again. Just the dns part. Kept running into a permission problem, when trying to start bind. I probably got the permissions or ownership wrong in the subdirectories that need to be created for chrooting bind, but with some googling, I also found notes related to the error message about permissions when attempting to start bind and some bug in Sarge/Debian.

The error message is something like, failed to start, and then something about a permission problem. Don't have the log anymore since Debian Sarge removes syslog files after a week, and I de-installed bind, planning to try reinstalling it at a later date after removing the subdirectories.

Keep the guides coming. If/when I get it all working, I'll be sending a token showing my appreciation.

One more thing: The server currently running apache, I plan on using that as the mail server (light) and one of two dns servers. The second dns server will be located on someone else's subnet. The apache server serves multiple sites via virtual names. What would you name the hostname of the server? ns1@somedomain.com would be out, because that would become the domain name for each virtual web site as well, right? To use something like ns1@somedomain, then it would be suggested to use a separate box for dns altogether? Or is this still feasible?

From: at: 2005-08-22 21:13:04

Have you tried checking the authors website for Debian Perfect Setup?

I have referenced it several times for the latest release, 3.1.

http://www.falkotimme.com/howtos/perfect_setup_debian_sarge/index.php

From: at: 2005-08-30 21:45:29

I havent used debian, though everyone i know who has always raves about apt-get. It doesnt seem to work as well on Fedora - i used yum to do what apt-get does (and also to keep my entire system up to date), but otherwise, a really awesome document...(well, the first half - which is where i am now.

From: Anonymous at: 2006-03-05 16:38:16

I have a dell poweredge SC 430, which has a hardware conflict with fedora 4 and I must run fedora 3, installed video card issue. I found I need to “apt-get update; apt-get upgrade??? and get a copy of newest zlib “wget http://www.zlib.net/zlib-1.2.3.tar.gz???
and install for httpd to function.