Debian Sarge (3.1) with Ruby on Rails and Apache 2 with FastCGI - Page 3
Install MySQL
apt-get install mysql-server mysql-client libmysqlclient12-dev
Set your mysql root password
mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
When you run netstat -tap you should now see a line like this:
tcp 0 0 localhost.localdo:mysql *:* |
which means that MySQL is accessible on 127.0.0.1 on port 3306. You can go to the next section (Postfix). If you do not see this line, edit /etc/mysql/my.cnf and comment out skip-networking:
# skip-networking |
If you want MySQL to listen on all available IP addresses, edit /etc/mysql/my.cnf and comment out bind-address = 127.0.0.1:
# bind-address = 127.0.0.1 |
If you had to edit /etc/mysql/my.cnf you have to restart MySQL:
/etc/init.d/mysql restart
Install Postfix/POP3/IMAP
In order to install Postfix with SMTP-AUTH and TLS as well as a POP3 server that also does POP3s (port 995) and an IMAP server that is also capable of IMAPs (port 993) do the following steps:
apt-get install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules ipopd-ssl uw-imapd-ssl
To the prompts answer:
Continue installing libc-client without Maildir support? answer No
Which ports should the server listen on? answer pop3 and pop3s
Enforce port selection? answer No
Which ports should the server listen on? answer imap2 and ipmaps
Enforce port selection? answer No
General type of configuration? answer Internet Site
Where should mail for root go answer NONE
Mail name? answer server1.example.com
Other destinations to accept mail for? (blank for none) answer server1.example.com, localhost.example.com, localhost
Force synchronous updates on mail queue? answer No
Now configure postfix:
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
Set up SSL
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
You must enter a pass phrase for the smtpd.key 4 to 8191 characers
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
Fill in the certificate request or take the defaults
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
You must enter the pass phrase you entered earlier for the smtpd.key
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
You must enter the pass phrase you entered earlier for the smtpd.key
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Fill in the certificate request or take the defaults
Do some more postfix config
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
The file /etc/postfix/main.cf should now look like this:
joe /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version |
Restart postfix
/etc/init.d/postfix restart
Authentication will be done by saslauthd. We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have to do the following:
mkdir -p /var/spool/postfix/var/run/saslauthd
Now we have to edit /etc/default/saslauthd in order to activate saslauthd. Remove # in front of START=yes and add the line PARAMS="-m /var/spool/postfix/var/run/saslauthd -r":
joe /etc/default/saslauthd
# This needs to be uncommented before saslauthd will be run automatically |
Now start saslauthd:
/etc/init.d/saslauthd start
Next we create the file /etc/c-client.cf:
echo "I accept the risk" > /etc/c-client.cf echo "set disable-plaintext 0" >> /etc/c-client.cf
Now restart inetd:
/etc/init.d/inetd restart
If we don't do this, then our POP3/IMAP logins will fail.
To see if SMTP-AUTH and TLS work properly now run the following command:
telnet localhost 25
After you have established the connection to your postfix mail server type
ehlo localhost
If you see the lines:
250-STARTTLS
and
250-AUTH
everything is fine.
Type
quit
to return to the system's shell.
Install Courier-IMAP/Courier-POP3 with Maildir support
apt-get install courier-imap courier-imap-ssl courier-pop courier-pop-ssl
To the prompts:
Create directories for web-based administration ? answer No
SSL certificate required answer OK
Then configure Postfix to deliver emails to a user's Maildir*:
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart