openssh apt-get install ssh Install/Remove Some Software Now let's install some software we need later on and remove some packages that we do not need: apt-get install wget make zip gzip bzip2 unzip ncftp gnupg rdate fetchmail mc libdb3++-dev ncftp xlispstat libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl lynx fileutils apt-get remove lpr nfs-common portmap pidentd pcmcia-cs pppoe pppoeconf ppp pppconfig update-rc.d -f exim remove update-inetd --remove daytime update-inetd --remove telnet update-inetd --remove time update-inetd --remove finger update-inetd --remove talk update-inetd --remove ntalk update-inetd --remove ftp update-inetd --remove discard /etc/init.d/inetd reload Quota (This makes only sense if you have set your partion to accept quotas) apt-get install quota quotatool <- No touch /quota.user /quota.group chmod 600 /quota.* mount -o remount / quotacheck -avugm quotaon -avug Postfix/POP3/IMAP In order to install Postfix with SMTP-AUTH and TLS as well as a POP3 server that also does POP3s (port 995) and an IMAP server that is also capable of IMAPs (port 993) do the following steps: apt-get install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules ipopd-ssl uw-imapd-ssl <- Yes <- pop3 and pop3s <- No <- imaps imap2 <- No <- Internet Site <- (enter your user name but not root) <- server1.example.com <- server1.example.com, localhost.example.com, localhost <- No postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key When it asks you for your common name, enter your host name as in server1.example.com openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' mkdir -p /var/spool/postfix/var/run/saslauthd rm -fr /var/run/saslauthd nano /etc/default/saslauthd # This needs to be uncommented before saslauthd will be run automatically START=yes PARAMS="-m /var/spool/postfix/var/run/saslauthd" # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam" Ctrl X, Y, Enter nano /etc/init.d/saslauthd Change the line dir=`dpkg-statoverride --list $PWDIR` to #dir=`dpkg-statoverride --list $PWDIR` Then change the variables PWDIR and PIDFILE and add the variable dir at the beginning of the file: PWDIR="/var/spool/postfix/var/run/${NAME}" PIDFILE="${PWDIR}/saslauthd.pid" dir="root sasl 755 ${PWDIR}" Ctrl X, Y, Enter Now start saslauthd: /etc/init.d/saslauthd start To see if SMTP-AUTH and TLS work properly now run the following command: telnet localhost 25 After you have established the connection to your postfix mail server type ehlo localhost It should look like this: 250-server1.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME quit nano /etc/postfix/sasl/smtpd.conf replace mech_list: plain login with #mech_list: plain login Ctrl X, Y, Enter reload the conf: /etc/init.d/postfix reload Check the postfix configuration syntax by running /etc/init.d/postfix check. If there is no output, the configuration is valid. Restart postfix with /etc/init.d/postfix restart To see if SMTP-AUTH and TLS work properly now run the following command: telnet localhost 25 After you have established the connection to your postfix mail server type ehlo localhost It should look like this: 250-server1.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5 250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5 250 8BITMIME The important part is the AUTH lines quit Lets test the mail: apt-get install mutt Replace username and domain: mutt smtp-server=server1.example.com/user=username Check your error: tail -f /var/log/mail.log apt-get --purge remove libdb4.3 libidn11 libdb4.3 libidn11 mutt apt-get install cyrus21-common cyrus21-imapd cyrus21-admin cyrus21-clients apt-get -u upgrade DNS-Server apt-get install bind9 For security reasons we want to run BIND chrooted so we have to do the following steps: /etc/init.d/bind9 stop Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user 'bind', chrooted to /var/lib/named. Modify the line: OPTS="-u bind" so that it reads OPTS="-u bind -t /var/lib/named": nano /etc/default/bind9 Replace with: OPTIONS="-u bind -t /var/lib/named" Ctrl X, Y, Enter mkdir -p /var/lib/named/etc mkdir /var/lib/named/dev mkdir -p /var/lib/named/var/cache/bind mkdir -p /var/lib/named/var/run/bind/run mv /etc/bind /var/lib/named/etc ln -s /var/lib/named/etc/bind /etc/bind mknod /var/lib/named/dev/null c 1 3 mknod /var/lib/named/dev/random c 1 8 chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random chown -R bind:bind /var/lib/named/var/* chown -R bind:bind /var/lib/named/etc/bind nano /etc/init.d/sysklogd change: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log": Ctrl X, Y, Enter Restart the logging daemon: /etc/init.d/sysklogd restart /etc/init.d/bind9 start Go to the end of the file and check for any bind errors: nano /var/log/syslog MySQL apt-get install mysql-server mysql-client libmysqlclient12-dev mysqladmin -u root password yourrootsqlpassword netstat -tap You should see a line like this tcp 0 0 localhost.localdo:mysql *:* LISTEN 2896/mysqld nano /etc/mysql/my.cnf Change this: bind-address = 127.0.0.1: to this #bind-address = 127.0.0.1: Ctrl X, Y, Enter /etc/init.d/mysql restart apt-get install apache2 apt-get install libapache2-mod-php4 libapache2-mod-perl2 php4 php4-common php4-curl php4-domxml php4-gd php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt curl libwww-perl imagemagick nano /etc/apache2/apache2.conf Replace this DirectoryIndex index.html index.cgi index.pl index.php index.xhtml with this: DirectoryIndex index.php index.html index.htm index.shtml index.cgi index.php3 index.pl index.xhtml Ctrl X, Y, Enter nano /etc/mime.types nano /etc/apache2/ports.conf Listen 80 Listen 443 cd /etc/apache2/mods-enabled ln -s /etc/apache2/mods-available/ssl.conf ssl.conf ln -s /etc/apache2/mods-available/ssl.load ssl.load ln -s /etc/apache2/mods-available/rewrite.load rewrite.load ln -s /etc/apache2/mods-available/suexec.load suexec.load ln -s /etc/apache2/mods-available/include.load include.load /etc/init.d/apache2 restart Run these one at a time if you don't know the answer just click thru perl -MCPAN -e 'install Bundle::CPAN' apt-get install slapd ldap-utils nscd Test ldapsearch -x -b _base_