What you'll need:
* Apache 2 - Linux Web server
* MySQL 5 - MySQL Database Server
* PHP4/5 - PHP Scripting Language
* phpMyAdmin - Web-based database admin software.
* Webalizer - Website Traffic Analyzer
* Mail Server - Postfix (MTA) with Dovecot IMAP/POP3 + Sasl Authentication
* Squirrelmail - A web based email
* VSFTP - A fast ftp server to upload files
* Webmin - A freely available server control panel
* ClamAV - Antivirus software.
* A Firewall using IPtables.
The minimum requirement for Debian/Ubuntu version of linux with atleast 256MB of RAM available. Anything less than this minimum ram will cause lot of problems since you are running a server along especially mysql and webmin requires lot of RAM to run properly. Mysql will give you the error "cannot connect to mysql.sock" if you dont have enough memory in your server.
1. Installing Apache + PHP
If you want to use PHP 4, just apt-get:
apt-get install apache2 php4 libapache2-mod-php4
To install PHP5:
apt-get install apache2 php5 libapache2-mod-php5
The config file for Apache is located at: /etc/apache2/apache2.conf and the web folder is /var/www.
Check whether php is installed and running properly, just create a test.php in your /var/www folder with phpinfo() function:
vi /var/www/test.php
Put this in test.php:
<?php phpinfo(); ?>
To test php go to URL:
http://ip.address/test.php or http://domain/test.php
Enabling GD Library with PHP
If you want to use CAPTCHA or for dynamic image generation with php scripts for image verification to stop SPAM or automated robots, then it is absolutely necessary to get php gd library installed with php. Here is the command:
apt-get install php5-gd
Enabling Mod Rewrite with .htaccess
# a2enmod rewrite
In case you encouter the error "page not found 404 error" which is usually the case for debian/ubuntu versions follow below:
vi /etc/apache2/sites-enabled/000-default
find the following and change AllowOverride from None to All
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
# Uncomment this directive is you want to see apache2's
# default start page (in /apache2-default) when you go to /
#RedirectMatch ^/$ /apache2-default/
</Directory>
Upload the .htaccess file to your server and restart apache. /etc/init.d/apache2 restart
Make sure your .htaccess file has 644 permission as otherwise you get permission denied error.
2. Installing MySQL Database Server
Installing mysql database server is always necessary if you are running a database driven ecommerce site. Remember running mysql server to a fair extend requires atleast 256mb of RAM in your server. So unless you are running database driven sites you dont absolutely need mysql. The following commands will install mysql 5 server and mysql 5 client.
apt-get install mysql-server mysql-client php5-mysql
If you used php4:
apt-get install mysql-server mysql-client php4-mysql
The configuration file of mysql is located at: /etc/mysql/my.cnf
Creating users to use MySQL and Changing Root Password
change the root password:
mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('new-password') WHERE user='root';
mysql> FLUSH PRIVILEGES;
To Create User
You must never use root password, so you might need to create a user to connect to mysql database for a PHP script. Alternatively you can add users to mysql database by using a control panel like webmin or phpMyAdmin to easily create or assign database permission to users.
PhpMyAdmin Installation
All you need to do is:
apt-get install phpmyadmin
The phpmyadmin configuration file is located at: /etc/phpmyadmin folder.
To setup under apache all you need to do is include the following line in /etc/apache2/apache2.conf
Include /etc/phpmyadmin/apache.conf
Now restart apache: /etc/init.d/apache2 restart
3. Mail Server Installation
* Postfix (Mail Transfer Agent MTA)
* Dovecot (IMAP/POP3 Server)
* SASL Authentication with TLS (Authenticate before sending mail outside network in Outlook)
* Squirrel Mail (Popular Web based Email)
Note: If you install Postfix/Dovecot mail server you will ONLY be able to send mail within your network. You can only send mail externally if you install SASL authentication with TLS. As otherwise you get nasty "Relay Access Denied" error.
3a. Install Postfix MTA (Mail Transfer Agent)
install postfix package along with sasl with apt-get
apt-get install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules popa3d
During installation, postfix will ask for few questions like name of server and answer those questions by entering your domain name and select Internet site for postfix.
Postfix configuration file is located at:/etc/postfix/main.cf. You can edit this file using popular text editor nano /etc/postfix/main.cf
Start or Restart Postfix Server:
/etc/init.d/postfix restart
/etc/init.d/postfix stop
/etc/init.d/postfix start
3b. Install Dovecot
Dovecot is one of the popular POP3/IMAP server which needs MTA like Postfix to work properly.
apt-get install dovecot
In some linux versions, the above might not work so you can install by specifying individual package names.
apt-get install dovecot-imapd dovecot-pop3d dovecot-common
Dovecot configuration file is located at: /etc/dovecot/dovecot.conf
Before we proceed we need to make some changes with dovecot configuration file. Double check the following entries in the file if the values are entered properly.
vi /etc/dovecot/dovecot.conf
# specify protocols = imap imaps pop3 pop3s
protocols = pop3 imap
# uncomment this and change to no.
disable_plaintext_auth = no
pop3_uidl_format = %08Xu%08Xv
I have noticed that in some ubuntu versions, most of the above parameters are not specified. You will need to insert the values if not specified or left empty. If you dont uncomment and change disable_plaintext_auth to no, you will get "plain text authentication error" from outlook or mail clients.
Now, create a user to test our pop3 mail with outlook:
adduser <user_name>
Caution: Always create a separate user to test your mail or ftp. DO NOT LOGIN WITH ROOT ACCESS.
Restart Dovecot:
/etc/init.d/dovecot restart
Now, you can use your outlook express to test whether your new mail server is working or not. Just enter username: <user_name> with password in outlook.
Remember you will NOT be able to send email outside your network, you will be only be able to send within your domain or local network. If you attempt to send email you get nasty "relay access denied" error from outlook express. However, you should have no problems in receiving your email from outlook. Inorder to send email external email you will need to configure SASL authentication as described below.
3c. Configure SASL Authentication with TLS
SASL Configuration + TLS (Simple authentication security layer with transport layer security) used mainly to authenticate users before sending email to external server, thus restricting relay access. If your relay server is kept open, then spammers could use your mail server to send spam. It is very essential to protect your mail server from misuse.
Let us set up SMTP authentication for our users with postfix and dovecot.
Edit the postfix configuration file /etc/postfix/main.cf and enter the few lines to enable authentication of our users
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = yourdomain.com
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous
On the Dovecot side you also need to specify the dovecot authentication daemon socket. In this case we specify an absolute pathname. Refer to this postfix manual here
Edit /etc/dovecot/dovecot.conf
Look for the line that starts with auth default, before that insert the lines below.
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
Now, rename previous auth default to auth default2. If you dont rename this then dovecot server will give you error like multiple instances of auth default.
Now restart all the components of mail server.
/etc/init.d/saslauthd restart
/etc/init.d/postfix restart
/etc/init.d/dovecot restart
Test whether your mail server works or not with your outlook express. Configure a user with a user name <user_name> (without @domain) and make sure that you select my server requires authentication. Under settings select same as incoming mail server
0 comments:
Post a Comment