# apt-get install bind9
Por razões de segurança vamos rodar o bind em chroot:
# /etc/init.d/bind9 stop
Edite o arquivo
/etc/default/bind9. Modifique a linha: OPTIONS="-u bind" para que ela leia o var/lib/named:
# vi /etc/default/bind9
OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes
Criar os diretórios necessários em /var/lib:
# mkdir -p /var/lib/named/etc
# mkdir /var/lib/named/dev
# mkdir -p /var/lib/named/var/cache/bind
# mkdir -p /var/lib/named/var/run/bind/run
Mova o diretório config de /etc para /var/lib/named/etc:
# mv /etc/bind /var/lib/named/etc
Criando um link simbólico:
# ln -s /var/lib/named/etc/bind /etc/bind
Alterando permissões de diretório:
# mknod /var/lib/named/dev/null c 1 3
# mknod /var/lib/named/dev/random c 1 8
# chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
# chown -R bind:bind /var/lib/named/var/*
# chown -R bind:bind /var/lib/named/etc/bind
Alterando o syslogd:
# vi /etc/default/syslogd
#
# Top configuration file for syslogd
#
#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#
#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"
Restartando o syslogd:
# /etc/init.d/sysklogd restart
Startando o BIND:
# /etc/init.d/bind9 start
MYSQL:
# apt-get install mysql-server mysql-client libmysqlclient15-dev
Fazendo o MySQL ouvir todas as interfaces:
# vi /etc/mysql/my.cnf
Comente esta linha:
#bind-address = 127.0.0.1
Restartar o MySQL:
# /etc/init.d/mysql restart
Checando:
# netstat -tap
tcp 0 0 *:mysql *:* LISTEN 22565/mysqld
Rodando:
# mysqladmin -u root password yourrootsqlpassword
# mysqladmin -h server1.example.com -u root password yourrootsqlpassword
Postfix com SMTP-AUTH e TLS:
# apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail
Responda as perguntas:
General type of configuration?
Internet Site
Mail name?
server1.example.com
Novamente:
# dpkg-reconfigure postfix
General type of configuration?
Internet Site
Where should mail for root go
[blank]
Mail name?
server1.example.com
Other destinations to accept mail for? (blank for none)
server1.example.com, localhost.example.com, localhost.localdomain, localhost
Force synchronous updates on mail queue?
No
Local networks?
127.0.0.0/8
Use procmail for local delivery?
Yes
Mailbox size limit
0
Local address extension character?
+
Internet protocols to use?
all
Depois faça isso:
# postconf -e "smtpd_sasl_local_domain ="
# postconf -e "smtpd_sasl_auth_enable = yes"
# postconf -e "smtpd_sasl_security_options = noanonymous"
# postconf -e "broken_sasl_auth_clients = yes"
# postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination"
# postconf -e "inet_interfaces = all"
# echo "pwcheck_method: saslauthd" >> /etc/postfix/sasl/smtpd.conf
# echo "mech_list: plain login" >> /etc/postfix/sasl/smtpd.conf
Criando os certificados TLS:
# mkdir /etc/postfix/ssl
# cd /etc/postfix/ssl/
# openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
# chmod 600 smtpd.key
# openssl req -new -key smtpd.key -out smtpd.csr
# openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
# openssl rsa -in smtpd.key -out smtpd.key.unencrypted
# mv -f smtpd.key.unencrypted smtpd.key
# openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Configurando o Postfix para o TLS:
# postconf -e "smtpd_tls_auth_only = no"
# postconf -e "smtp_use_tls = yes"
# postconf -e "smtpd_use_tls = yes"
# postconf -e "smtp_tls_note_starttls_offer = yes"
# postconf -e "smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key"
# postconf -e "smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt"
# postconf -e "smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem"
# postconf -e "smtpd_tls_loglevel = 1"
# postconf -e "smtpd_tls_received_header = yes"
# postconf -e "smtpd_tls_session_cache_timeout = 3600s"
# postconf -e "tls_random_source = dev:/dev/urandom"
# postconf -e "myhostname = server1.example.com"
O arquivo
/etc/postfix/main.cf tem que estar assim:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUAs job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = server1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.example.com, localhost.example.com, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Restartar postfix:
# /etc/init.d/postfix restart
Algumas alterações para o postfix funcionar com o saslauthd:
# mkdir -p /var/spool/postfix/var/run/saslauthd
Editar o
/etc/default/saslauthd. Alterar a linha OPTIONS="-c" para OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r".
# vi /etc/default/saslauthd
#
# Settings for saslauthd daemon
#
# Should saslauthd run automatically on startup? (default: no)
START=yes
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent - use the getpwent() library function
# kerberos5 - use Kerberos 5
# pam - use PAM
# rimap - use a remote IMAP server
# shadow - use the local shadow password file
# sasldb - use the local sasldb database file
# ldap - use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
Startando o saslauthd:
# /etc/init.d/saslauthd start
Courier-IMAP/Courier-POP3:
# apt-get install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0
Responda as perguntas:
Create directories for web-based administration ?
No
SSL certificate required
Ok