The Perfect Server - OpenSUSE 12.3 x86_64 (nginx, Dovecot, ISPConfig 3) - Page 3
8 Install Postfix, Dovecot, MySQL
zypper install postfix postfix-mysql mysql-community-server libmysqlclient-devel dovecot21 dovecot21-backend-mysql pwgen cron python
If you get the following message, please select to uninstall sendmail:
Problem: sendmail-8.14.5-85.1.2.x86_64 conflicts with postfix provided by postfix-2.9.6-1.2.1.x86_64
Solution 1: Following actions will be done:
do not install postfix-2.9.6-1.2.1.x86_64
do not install postfix-mysql-2.9.6-1.2.1.x86_64
Solution 2: deinstallation of sendmail-8.14.5-85.1.2.x86_64
Choose from above solutions by number or cancel [1/2/c] (c):<-- 2
Create the following symlink:
ln -s /usr/lib64/dovecot/modules /usr/lib/dovecot
At this point I had to reboot because otherwise MySQL refused to start with the error:
Failed to issue method call: Unit mysql.service failed to load: No such file or directory. See system logs and 'systemctl status mysql.service' for details.
Start MySQL, Postfix, and Dovecot and enable the services to be started at boot time.
systemctl enable mysql.service
systemctl start mysql.service
systemctl enable postfix.service
systemctl start postfix.service
systemctl enable dovecot.service
systemctl start dovecot.service
Now I install the getmail package:
zypper install getmail
To secure the MySQL installation, run:
Now you will be asked several questions:
server1:~ # mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): <-- ENTER
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] <-- Y
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
Remove anonymous users? [Y/n] <-- Y
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] <-- Y
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] <-- Y
- Dropping test database...
- Removing privileges on test database...
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] <-- Y
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Now your MySQL setup should be secured.
9 Amavisd-new, Spamassassin And Clamav
Install Amavisd-new, Spamassassin and Clamav antivirus. Run
zypper install amavisd-new clamav clamav-db zoo unzip unrar bzip2 unarj perl-DBD-mysql
... and add the $myhostname line with your correct hostname below the $mydomain line:
[...] $mydomain = 'example.com'; # a convenient default for other settings $myhostname = "server1.$mydomain"; [...]
Then create a symlink from /var/run/clamav/clamd to /var/lib/clamav/clamd-socket:
mkdir -p /var/run/clamav
ln -s /var/lib/clamav/clamd-socket /var/run/clamav/clamd
OpenSUSE 12.3 has a /run directory for storing runtime data. /run is now a tmpfs, and /var/run is now bind mounted to /run from tmpfs, and hence emptied on reboot.
This means that after a reboot, the directory /var/run/clamav that we have just created will not exist anymore, and therefore clamd will fail to start. Therefore we create the file /etc/tmpfiles.d/clamav.conf now that will create this directory at system startup (see http://0pointer.de/public/systemd-man/tmpfiles.d.html for more details):
Before we start amavisd and clamd, we must edit the /etc/init.d/amavis init script - I wasn't able to reliably start, stop and restart amavisd with the default init script:
Comment out the following lines in the start and stop section:
[...] start) # ZMI 20100428 check for stale pid file #if test -f $AMAVIS_PID ; then # checkproc -p $AMAVIS_PID amavisd # if test $? -ge 1 ; then # # pid file is stale, remove it # echo -n "(stale amavisd pid file $AMAVIS_PID found, removing. Did amavisd crash?)" # rm -f $AMAVIS_PID # fi #fi echo -n "Starting virus-scanner (amavisd-new): " $AMAVISD_BIN start #if ! checkproc amavisd; then # rc_failed 7 #fi rc_status -v #if [ "$AMAVIS_SENDMAIL_MILTER" == "yes" ]; then # rc_reset # echo -n "Starting amavis-milter:" # startproc -u vscan $AMAVIS_MILTER_BIN -p $AMAVIS_MILTER_SOCK > /dev/null 2>&1 # rc_status -v #fi ;; stop) echo -n "Shutting down virus-scanner (amavisd-new): " #if checkproc amavisd; then # rc_reset $AMAVISD_BIN stop #else # rc_reset #fi rc_status -v #if [ "$AMAVIS_SENDMAIL_MILTER" == "yes" ]; then # rc_reset # echo -n "Shutting down amavis-milter: " # killproc -TERM $AMAVIS_MILTER_BIN # rc_status -v #fi ;; [...]
Because we have changed the init script, we must run
systemctl --system daemon-reload
To start clamav we need to download the database & proceed further with the command
Note: It takes a lot of time to download the database, you are advised not to interrupt & do not stop the freshclam update service in between
To enable the services, run:
systemctl enable amavis.service
systemctl enable clamd.service
systemctl start amavis.service
systemctl start clamd.service