Set Up Ubuntu-Server 6.06 LTS As A Firewall/Gateway For Your Small Business Environment - Page 7

Now configure sasl authentication.

mkdir -p /var/spool/postfix/var/run/saslauthd

Now we have to edit /etc/default/saslauthd. It should look like this:

# This needs to be uncommented before saslauthd will be run automatically
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
Next edit /etc/init.d/saslauthd and change the location of saslauthd's PID file. Change the value of PIDFILE to /var/spool/postfix/var/run/${NAME}/, so that it reads:

Now populate your system with real users. Set the users shell to /bin/false to avoid security holes.

Next fill /etc/postfix/virtual as you like. I love Webmin for this. You can edit it directly too, of course. However, webmin does a great job.

Gotcha!: "some.domain" etc. can not equal to anything mentioned in the "mydestination" line in


My /etc/postfix/virtual has the following structure:

some.domain	virtual domain
some.other.domain	virtual domain
some.really.other.domain	virtual domain
user@some.domain		user
otheruser@some.domain	otheruser
user@some.other.domain	user
otheruser@some.other.domain	otheruser
somealias@some.other.domain	user
info@some.other.domain	someoneidontlike
info@some.domain	someoneidontlike
differentuser@some.domain	differentuser	differentusers@home.addres	someoneidontlike
@some.really.other.domain		someonidontlike		someoneidontlikes@home.address
and so on. So I only have to set an alias for root and postmaster in /etc/aliases All other aliases should be in this file. Forwarding and delivering mail to multiple addresses and so fort can (and should, I believe) be set in this file too.

Note that in this kind of setup your users can have as many aliases as they like (untill you get sick of them), but for each user you still have to add a real user, with a home directory.

Don't forget to do

postmap /etc/postfix/virtual

when you are done.

Now we want some rules for spamassassin to do a better job.

First edit /etc/MailScanner/spam.assassin.prefs.conf.

Comment out dcc_path /usr/bin/dccproc. Also comment out razor_timeout 10 and
score RCVD_IN_RSL 0.

Next do:

cd ..


tar -zxvf Rules_Du_Jour.tar.gz

cd rules_du_jour

mkdir /etc/rulesdujour

cp config /etc/rulesdujour/config

cp rules_du_jour /usr/bin

cp rules_du_jour_wrapper /etc/cron.daily


Next we configure the DHCP server.

Edit /etc/dhcp3/dhcpd.conf. Mine now looks like this:

# Local Network
subnet netmask {
	option netbios-name-servers;
	option domain-name-servers;
	option domain-name "";
	option broadcast-address;
	option routers;

Edit /etc/default/dhcp3-server. It should read


Next do:

/etc/init.d/dhcp3-server start

Next install dcc from source

cd /root


gunzip dcc.tar.Z

tar -xvf dcc.tar

cd dcc*



make install

shutdown -r now

and wait until it is up again.

Share this page:

2 Comment(s)

Add comment


From: at: 2006-12-17 23:46:26

a lot of lines in policy file.. i'm using simpler version.. is this any less secure??

$FW    all    ACCEPT
loc    all    ACCEPT
all    all    DROP    info


From: at: 2007-06-06 13:18:17

This work is very helpful, but for novice it can be added (Page 8, before words

"To complete this step, do:

/etc/init.d/shorewall restart")

because if I establish VPN connection then I get new zone. I added:

To add in file /etc/shorewall/policy before the last line:

##### Added for support VPN connections

vpn loc ACCEPT


loc vpn ACCEPT


To add in file /etc/shorewall/zones before the las line:

vpn ipv4

To add in file /etc/shorewall/interfaces before the last line:

vpn ppp0

It was necessary to my system to allow VPN connections from Internet.

Sorry for dump question, but why in /etc/shorewall/rules exists a line

DNAT   net   fw: 47

I can't find the protocol 47 anywhere

Sincerely yours, buhcia2006 dog yandex dot ru