Set Up Ubuntu-Server 6.10 As A Firewall/Gateway For Your Small Business Environment - Page 7

Next edit /etc/init.d/saslauthd and change the location of saslauthd's PID file. Change the value of PIDFILE to /var/spool/postfix/var/run/${NAME}/saslauthd.pid, so that it reads:

PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"

Now populate your system with real users. Set the users shell to /bin/false to avoid security holes.

Next fill /etc/postfix/virtual as you like. I love Webmin for this. You can edit it directly too, of course. However, webmin does a great job.

Gotcha!: "some.domain" etc. can not equal to anything mentioned in the "mydestination" line in
/etc/postfix/main.cf

Mine has the following structure:

some.domain	virtual domain
some.other.domain	virtual domain
some.really.other.domain	virtual domain
user@some.domain		user
otheruser@some.domain	otheruser
user@some.other.domain	user
otheruser@some.other.domain	otheruser
somealias@some.other.domain	user
info@some.other.domain	someoneidontlike
info@some.domain	someoneidontlike otheruser@foo.bar
differentuser@some.domain	differentuser	differentusers@home.addres	someoneidontlike
@some.really.other.domain		someonidontlike		someoneidontlikes@home.address

and so on. So I only have to set an alias for root and postmaster in /etc/aliases. All other aliases should be in this file.

Forwarding and delivering mail to multiple addresses and so forth can (and should, I believe) be set in this file too.

I use webmin for this job (and many other jobs).

Note that in this kind of setup your users can have as many aliases as they like (untill you get sick of them), but for each user you still have to add a real user, with a home directory.

Don't forget to do

postmap /etc/postfix/virtual

when you are done.

Share this page:

5 Comment(s)

Add comment

Comments

From: Chris Angelico at: 2011-02-25 05:28:11

You suggest in this howto that users 'sudo passwd' and then log in as root. There's an easier way, in the versions of Ubuntu that I've used: just use 'sudo -i'. It'll create an "initial login" system, which will give you bash and everything you need. Less fiddling, more safety.

From: at: 2007-01-30 17:28:02

Before this command can be done, you need to install mysql-server

apt-get install mysql-server-5.0

Now do:

mysqladmin -u root password yourrootsqlpassword ##USE A REAL PASSWORD HERE!

After this is done, then you can run the next command

Thanks

From: at: 2007-04-20 18:26:55

If the steps are followed and you install LAMP , it includes the installation of mysql.

From: at: 2007-04-20 18:34:47

This really doesn't have to happen. Later on this guide we compile dcc.

<quote>

cd /root

wget http://www.dcc-servers.net/dcc/source/dcc.tar.Z

gunzip dcc.tar.Z

tar -xvf dcc.tar

cd dcc-1.3.45     ##or whatever version is current.

./configure

make

make install

 </quote>

Simply add to the ./configure line  --bindir=/usr/bin , it should look like this:

./configure --bindir=/usr/bin

and everything should be fine. 

 

 

 


 

From: at: 2007-06-08 08:38:09

Sorry, I was not understandable and choose wrong place to comment.

A. When I wrote /etc/shorewall/rules exactly  as written here (Page 10, up to words:

To comlete this step, do:

/etc/init.d/shorewall restart)

- I couldn't establish connection to my VPN-server.

I had to add new zone "vpn" in such a way: in /etc/shorewall/interfaces before the last line:

vpn ppp0

 in

/etc/shorewall/zones before the last line:

vpn ipv4

in

/etc/shorewall/policy before the last line:

##### for VPN

vpn loc ACCEPT

vpn $FW ACCEPT

loc vpn ACCEPT

$FW vpn ACCEPT

and modify in /etc/shorewall/rules the line:

DNAT net loc:192.168.1.1 tcp 1723

to the line: 

DNAT net $FW:192.168.1.1 tcp 1723

After all that the connection to VPN-server started properly .

B. When I wrote in /etc/shorewall/rules first to other rules

LOG:warning:L2    net     loc:192.168.1.1    47 

I found nothing in kern.log           

So I wonder, is protocol 47 necessary here in /etc/shorewall/rules ?

I hope, my comments help you to improve your brilliant HowTo