POSTFIX+DOVECOT+MYSL+ISPCONFIG3
+SQUIRRELMAIL en ubuntu server 12.04.2
sudo su
auto eth0
iface eth0 inet static
address 192.168.1.103
netmask 255.255.255.0
gateway 192.168.1.1
network 192.168.1.0
dns-nameserves 192.168.1.103 192.168.1.1
dns-search servidor.acl.net" >> /etc/network/interfaces
echo "servidor" > /etc/hostname
echo "127.0.0.1 localhost
192.168.1.103 servidor.acl.net servidor" >/etc/hosts
cp /etc/apt/sources.list /etc/apt/sources.list.bak
nano /etc/apt/sources.list
#deb cdrom:[Ubuntu-Server 12.04 LTS _Precise Pangolin_ - Release amd64 (20120424.1)]/ precise main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://de.archive.ubuntu.com/ubuntu/ precise main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ precise main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://de.archive.ubuntu.com/ubuntu/ precise-updates main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ precise-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ precise universe
deb-src http://de.archive.ubuntu.com/ubuntu/ precise universe
deb http://de.archive.ubuntu.com/ubuntu/ precise-updates universe
deb-src http://de.archive.ubuntu.com/ubuntu/ precise-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://de.archive.ubuntu.com/ubuntu/ precise multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ precise multiverse
deb http://de.archive.ubuntu.com/ubuntu/ precise-updates multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ precise-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu precise-security main restricted
deb-src http://security.ubuntu.com/ubuntu precise-security main restricted
deb http://security.ubuntu.com/ubuntu precise-security universe
deb-src http://security.ubuntu.com/ubuntu precise-security universe
deb http://security.ubuntu.com/ubuntu precise-security multiverse
deb-src http://security.ubuntu.com/ubuntu precise-security multiverse
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu precise partner
# deb-src http://archive.canonical.com/ubuntu precise partner
## Uncomment the following two lines to add software from Ubuntu's
## 'extras' repository.
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
# deb http://extras.ubuntu.com/ubuntu precise main
# deb-src http://extras.ubuntu.com/ubuntu precise main
- Actualizamos para posteriormente reiniciar:
apt-get update
apt-get upgrade
reboot
- Reconfiguramos el interprete de comandos:
dpkg-reconfigure dash
usar /bin/sh->No
- Deshabilitamos apparmor, para evitar problemas:
/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils
- Instalamos paquete para mantener actualizada la hora en nuestro sistema:
apt-get install ntpdate
- Instalamos Postfix, Dovecot, MySQL, rkhunter, binutils :
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl g
etmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve
etmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve
New password for the MySQL "root" user:
Repeat password for the MySQL "root" user:
General type of mail configuration:
System mail name:
- Descomentamos /etc/postfix/master.cf las siguientes lineas, de modo que quede lo siguiente:
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
service postfix restart
- Hacemos que mysql pueda ser accesible desde cualqier ip, para lo cual editamos el arcivo /etc/mysql/my.cnfy comentamos linea, bind-address =127.0.0.1 :
service mysql restart
- Comprobamos que ha funcionado correctamente:
root@servidor:/home/antonio# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 1025/mysqld
- Instalamos Amavisd, SpamAssassin, And Clamav :
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
- Detenemos el servicio spamassassin, ya que ispconfig3 carga el filtro Amavisd y a su vez este carga como modulo spamassassin:
/etc/init.d/spamassassin stop
update-rc.d -f spamassassin remove
- Instalamos apache2, phpmyadmin y otros paquetes:
apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-curl php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby libapache2-mod-python libapache2-mod-perl2
Web server to reconfigure automatically:
Configure database for phpmyadmin with dbconfig-common?
- Habilitamos los siguientes modulos en apache:
a2enmod suexec rewrite ssl actions include
service apache2 restart
a2enmod dav_fs dav auth_digest
service apache2 restart
- Editamos el archivo /etc/mime.types y comentamos la linea application/x-ruby.
service apache2 restart
- Instalamos el paquete php5-xcache , que es una especie de cache para el código php5:
apt-get install php5-xcache
service apache2 restart
- Instalamos el manejador de procesos php5-fpm y habilitamos el modulo fascgi:
apt-get install libapache2-mod-fastcgi php5-fpm
a2enmod actions fastcgi alias
service apache2 restart
- Instalamos paquete para manejar listas de correo:
apt-get install mailman
root@servidor:/home/antonio# newlist mailman
Enter the email of the person running the list: acl@acl.net
Initial mailman password:
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases' program:
## mailman mailing list
mailman: "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"
Hit enter to notify mailman owner...
nano /etc/aliases
añadir lineas:
## mailman mailing list
mailman: "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"
newaliases
service postfix restart
ln -s /etc/mailman/apache.conf /etc/apache2/conf.d/mailman.conf
service apache2 restart
service mailman start
- Instalamos demonio pureftp y el paquete para aplicar cuotas de disco:
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
- Configurar correctamente el demonio pureftpd:
nano /etc/default/pure-ftpd-common
# STANDALONE_OR_INETD
# valid values are "standalone" and "inetd".
# Any change here overrides the setting in debconf.
STANDALONE_OR_INETD=standalone
# VIRTUALCHROOT:
# whether to use binary with virtualchroot support
# valid values are "true" or "false"
# Any change here overrides the setting in debconf.
VIRTUALCHROOT=true
- Halilitamos soporte TLS para pure-ftp:
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [AU]:ES
State or Province Name (full name) [Some-State]:Murcia
Locality Name (eg, city) []:Cehegin
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:mail
Common Name (e.g. server FQDN or YOUR name) []:acl
Email Address []:acl@acl.net
chmod 600 /etc/ssl/private/pure-ftpd.pem
service pure-ftpd-mysql restart
- Modificamos el fichero/etc/fstab para añadir opciones de montaje y se puedan aplicar las cuotas:
# / was on /dev/sda1 during installation
UUID=2213902e-ff7f-4898-aee2-923e1df5b9a3 / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv00 1
- Volvemos a cargar el sistema de ficheros, chequeamos que la cuota se ha aplicado correctamente y posteriormente iniciamos el servicio para aplicar cuotas:
mount -o remount /
quotacheck -avugm
quotaon -avug
- Instalamos servidor DNS:
apt-get install bind9 dnsutils
- Instalamos Vlogger, Webalizer y Awstats:
apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl
nano /etc/cron.d/awstats y comentamos todas las lineas
- Instalamos paquetes para compilar:
apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold
cd /tmp
tar -xvf jailkit-2.14.tar.gz
cd jailkit-2.14
./debian/rules binary
cd ..
dpkg -i jailkit_2.14-1_*.deb
rm -rf jailkit-2.14*
apt-get install fail2ban
- instalamos webmail:
apt-get install squirrelmail
squirrelmail-configure
opcion D y elegimos dovecot
salvamos y salimos.
cd /etc/apache2/conf.d/
ln -s ../../squirrelmail/apache.conf squirrelmail.conf
service apache2 restart
- Editamos archivo /etc/apache2/conf.d/squirrelmail.confe introducimos la siguiente información para que el modulo php sea utilizado en squirrelmail:
Options FollowSymLinks
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname:/var/spool/squirrelmail
php_flag register_globals off
DirectoryIndex index.php
# access to configtest is limited by default to prevent information leak
order deny,allow
deny from all
allow from 127.0.0.1
- Creamos directorio /var/lib/squirrelmail/tmp y le damos la propiedad al usuario www-data:
mkdir /var/lib/squirrelmail/tmp
service apache2 restart
- Editamos archivo/etc/apache2/conf.d/squirrelmail.conf y creamos alias para squirrelmail:
Alias /squirrelmail /usr/share/squirrelmail
Alias /webmail /usr/share/squirrelmail
service apache2 reload - Instalamos ispconfig3:cd /tmp wget http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.2.tar.gz tar xfvz ISPConfig-3.0.5.2.tar.gz cd ispconfig3_install/install/
root@servidor:/tmp/ispconfig3_install/install# php -q install.php
--------------------------------------------------------------------------------
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ / __ / _(_) /__
| | `--.| |_/ / | / / ___ _ __ | |_ _ creando una creando VPN__ _ _/ /
| | `--. __/ | | / _ | '_ | _| |/ _` | |_ |
_| |_/__/ / | | __/ (_) | | | | | | | (_| | ___
___/____/_| ____/___/|_| |_|_| |_|__, | ____/
__/ |
|___/
--------------------------------------------------------------------------------
>> Initial configuration
Operating System: 12.04.2 LTS (Precise Pangolin)
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with .
Tap in "quit" (without the quotes) to stop the installer.
Select language (en,de) [en]:
Installation mode (standard,expert) [standard]:
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [servidor.acl.com]:
MySQL server hostname [localhost]:
MySQL root username [root]:
MySQL root password []: xxxx
MySQL database to create [dbispconfig]:
MySQL charset [utf8]:
Generating a 4096 bit RSA private key
............................................................................................................................................................................................................................++
..++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ES
State or Province Name (full name) [Some-State]:Murcia
Locality Name (eg, city) []:Cehegin
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:mail
Common Name (e.g. server FQDN or YOUR name) []:acl
Email Address []:acl@acl.net
Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]:
Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:
Generating RSA private key, 4096 bit long modulus
..........................++ creando una creando VPN
.................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left
blank.
-----
Country Name (2 letter code) [AU]:ES
State or Province Name (full name) [Some-State]:Murcia
Locality Name (eg, city) []:Cehegin
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:mail
Common Name (e.g. server FQDN or YOUR name) []:acl
Email Address []:acl@acl.net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
writing RSA key
Configuring DBServer com
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
. . . . . . . . . . . . . . . . . . . . . . . . . .
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -Y 1 -O clf:/var/log/pure-ftpd/transfer.log -E -u 1000 -8 UTF-8 -D -A -b -H -B
Installation completed.
Con esto ya tenemos nuestro mail server totalmente instalado, para posteriormente configurar al menos una zona DNS y crear nuevos buzones, nos dirigiremos a ISPCONFIG3:
https://localhost:8080, donde el usuario por defecto es admin y su contraseña sera admin.
Hay dejo un gif con los pasos a repoducir:Adicionalmente también podéis instalar un software para poder monitorizar elmail server desde android,yo personalmente lo veo innecesario, ya que creando una creando VPN sepuede hacer exactamente lo mismo, incluso más,ya que se puede tener acceso a los distintos recursos de nuestro servidor.
- Para hacer unos chequeos: root@servidor:/home/antonio# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login acl@acl.net contraseña
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in
b select inbox
* FLAGS (Answered Flagged Deleted Seen Draft)
* OK [PERMANENTFLAGS (Answered Flagged Deleted Seen Draft *)] Flags permitted.
* 1 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1375891119] UIDs valid
* OK [UIDNEXT 3] Predicted next UID
* OK [HIGHESTMODSEQ 1] Highest
b OK [READ-WRITE] Select completed.
c list "" * creando una creando VPN
* LIST (HasNoChildren) "." "Sent"
* LIST (HasNoChildren) "." "Junk"
* LIST (HasNoChildren) "." "Drafts"
* LIST (HasNoChildren) "." "Trash"
* LIST (HasNoChildren) "." "INBOX"
c OK List completed.
d lsub "" *
* LSUB () "." "Sent"
* LSUB () "." "Drafts"
* LSUB () "." "Trash"
* LSUB () "." "Junk"
d OK Lsub completed.
e logout
* BYE Logging out
e OK Logout completed.
root@servidor:/home/antonio# telnet servidor.acl.net 143
Trying 172.16.59.129...
Connected to servidor.acl.net.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login acl@acl.net contraseña
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in
b select inbox
* FLAGS (Answered Flagged Deleted Seen Draft)
* OK [PERMANENTFLAGS (Answered Flagged Deleted Seen Draft *)] Flags permitted.
* 1 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1375891119] UIDs valid
* OK [UIDNEXT 3] Predicted next UID
* OK [HIGHESTMODSEQ 1] Highest
b OK [READ-WRITE] Select completed.
c list "" *
* LIST (HasNoChildren) "." "Sent"
* LIST (HasNoChildren) "." "Junk"
* LIST (HasNoChildren) "." "Drafts"
* LIST (HasNoChildren) "." "Trash"
* LIST (HasNoChildren) "." "INBOX"
c OK List completed.
d lsub "" *
* LSUB () "." "Sent"
* LSUB () "." "Drafts"
* LSUB () "." "Trash"
* LSUB () "." "Junk" e logout
* BYE Logging out
e OK Logout completed.
d OK Lsub completed.
e logout
* BYE Logging out
e OK Logout completed.
Connection closed by foreign host.com
No hay comentarios:
Publicar un comentario