The Perfect SpamSnake - Ubuntu Jaunty Jackalope - Page 2
10. Apache2
apt-get install apache2 apache2-suexec apache2-doc apache2-mpm-prefork apache2-utils libexpat1
Next we install PHP5 as an Apache module:
aptitude install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
Next we edit /etc/apache2/mods-available/dir.conf and change the DirectoryIndex line:
<IfModule mod_dir.c> #DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml </IfModule>
Now we have to enable some Apache modules (rewrite, suexec, include)
a2enmod rewrite
a2enmod suexec
a2enmod include
Restart Apache:
/etc/init.d/apache2 restart
11. Postfix and MySQL
Install the packages:
apt-get install postfix postfix-mysql postfix-doc mysql-server mysql-client procmail
MySQL:
You will be asked to provide a password for the MySQL root user - this password is valid for the user root@localhost as well as [email protected], so we don't have to specify a MySQL root password manually later on:
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Postfix:
You will be asked two questions. Answer as follows:
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:
[...] # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. #bind-address = 127.0.0.1 [...]
Then we restart MySQL:
/etc/init.d/mysql restart
Now check that networking is enabled. Run
netstat -tap | grep mysql
The output should look like this:
tcp 0 0 *:mysql *:* LISTEN 4318/mysqld
Stop Postfix:
postfix stop
We'll want to edit Postfix with the below:
Edit master.cf:
We need to add two items below the pickup service type. The pickup service "picks up" local mail (local meaning "on this machine") and delivers it. This is a way to bypass content filtering for mail generated by this machine.
It should look like this when you are done:
pickup fifo n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks
Edit main.cf:
postconf -e "alias_maps = hash:/etc/aliases"
newaliases
postconf -e "myorigin = example.com"
postconf -e "myhostname = server1.example.com"
postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/24"
postconf -e "message_size_limit = 10485760"
postconf -e "local_transport = error:No local mail delivery"
postconf -e "mydestination = "
postconf -e "local_recipient_maps = "
postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"
Create /etc/postfix/virtual and add the following:
postmaster [email protected] abuse [email protected] root [email protected]
Continue:
postmap /etc/postfix/virtual
postconf -e "relay_recipient_maps = hash:/etc/postfix/relay_recipients"
Create /etc/postfix/relay_recipients and add the following:
@example.com OK @example2.com OK
Continue:
postmap /etc/postfix/relay_recipients
postconf -e "transport_maps = hash:/etc/postfix/transport"
Create /etc/postfix/transport and add the following:
example.com smtp:[192.168.0.x] example2.com smtp:[192.168.0.x]
Continue:
postmap /etc/postfix/transport
postconf -e "relay_domains = hash:/etc/postfix/relay_domains"
Create /etc/postfix/relay_domains and add the following:
example.com OK example2.com OK
Continue:
postmap /etc/postfix/relay_domains
postconf -e "smtpd_helo_required = yes"
postconf -e "smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit"
postconf -e "smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit"
postconf -e "smtpd_data_restrictions = reject_unauth_pipelining"
Let's take a final look at the Postfix configuration:
less /etc/postfix/main.cf
Check the contents of the file for errors and repair if needed. Fire up Postfix:
postfix start
Check that Postfix responds:
telnet 127.0.0.1 25
You should see:
220 [yourFQDNhere] ESMTP Postfix (Ubuntu)
12. MailScanner Razor Pyzor DCC Clamav Installation
apt-get install mailscanner razor pyzor clamav-daemon
Let's start with MailScanner. The MailScanner that was just installed from the repositories is a very old version so we will now remove it and install the MailScanner package from source. The above is done to install the dependencies only.
apt-get remove mailscanner
Download http://www.mailscanner.info/files/4/tar/MailScanner-install-4.75.11-1.tar.gz into /usr/src/mailscanner/ and run:
tar xvfz MailScanner-install-4.75.11-1.tar.gz
cd MailScanner-install-4.75.11
./install.sh
Disable the default MailScanner:
mv /etc/MailScanner /etc/MailScanner.dist