Postserver - med certifikat mm: Difference between revisions
No edit summary |
|||
(One intermediate revision by the same user not shown) | |||
Line 31: | Line 31: | ||
Filen skal have hele domain navnet |
Filen skal have hele domain navnet |
||
<pre> |
<pre> |
||
postXX |
postXX.dk |
||
</pre> |
</pre> |
||
Line 42: | Line 42: | ||
</pre> |
</pre> |
||
Herefter kan du tage ssh private og public nøgler fra post01 |
Herefter kan du tage ssh private og public nøgler fra post01.dk |
||
Dem skal du ligge i .ssh i /root/ |
Dem skal du ligge i .ssh i /root/ |
||
Line 48: | Line 48: | ||
cd |
cd |
||
mkdir .ssh |
mkdir .ssh |
||
scp -rp post01 |
scp -rp post01.dk:~/.ssh/ . |
||
</pre> |
</pre> |
||
Line 57: | Line 57: | ||
mkdir baseinstall |
mkdir baseinstall |
||
cd baseinstall |
cd baseinstall |
||
svn co svn+ssh://svn@svn |
svn co svn+ssh://svn@svn.dk/mailsetup/baseinstall . |
||
dpkg --set-selections < installed.txt |
dpkg --set-selections < installed.txt |
||
apt-get dselect-upgrade |
apt-get dselect-upgrade |
||
Line 81: | Line 81: | ||
Organization Name (eg, company) [Internet Widgits Pty Ltd]:WorldWeb Interactive A/S |
Organization Name (eg, company) [Internet Widgits Pty Ltd]:WorldWeb Interactive A/S |
||
Organizational Unit Name (eg, section) []:System |
Organizational Unit Name (eg, section) []:System |
||
Common Name (eg, YOUR name) []:hostname |
Common Name (eg, YOUR name) []:hostname.dk |
||
Email Address []:sysadm@ |
Email Address []:sysadm@dk |
||
</pre> |
</pre> |
||
Line 95: | Line 95: | ||
cd /etc/exim4/ |
cd /etc/exim4/ |
||
rm -rf conf.d |
rm -rf conf.d |
||
svn co svn+ssh://svn@svn |
svn co svn+ssh://svn@svn.dk/mailsetup/post . |
||
</pre> |
</pre> |
||
Editer i update-exim4.conf.conf |
Editer i update-exim4.conf.conf |
||
<pre> |
<pre> |
||
dc_other_hostnames='postXX |
dc_other_hostnames='postXX.dk' |
||
</pre> |
</pre> |
||
Line 124: | Line 124: | ||
cd /etc/courier/ |
cd /etc/courier/ |
||
rm -rf * |
rm -rf * |
||
svn co svn+ssh://svn@svn |
svn co svn+ssh://svn@svn.dk/mailsetup/courier |
||
</pre> |
</pre> |
||
Line 150: | Line 150: | ||
mkdir /var/www/.ssh/ |
mkdir /var/www/.ssh/ |
||
mkdir /var/www/squirrelmail/ |
mkdir /var/www/squirrelmail/ |
||
scp -rp mailadmin |
scp -rp mailadmin.dk:/var/www/.ssh/* /var/www/.ssh/ |
||
chown www-data: -R /var/www/.ssh/ |
chown www-data: -R /var/www/.ssh/ |
||
chown www-data: -R /var/www/squirrelmail/ |
chown www-data: -R /var/www/squirrelmail/ |
||
Line 158: | Line 158: | ||
<pre> |
<pre> |
||
su - www-data |
su - www-data |
||
svn co svn+ssh://svn@svn |
svn co svn+ssh://svn@svn.dk/mailsetup/squirrelmail |
||
</pre> |
</pre> |
||
Line 184: | Line 184: | ||
<VirtualHost *:80> |
<VirtualHost *:80> |
||
RewriteEngine On |
RewriteEngine On |
||
RewriteCond %{SERVER_NAME} !post01 |
RewriteCond %{SERVER_NAME} !post01.dk |
||
RewriteRule ^(.*)$ https://post01 |
RewriteRule ^(.*)$ https://post01.dk$1 [L,R] |
||
RewriteCond %{SERVER_PORT} !^443$ |
RewriteCond %{SERVER_PORT} !^443$ |
||
RewriteRule ^(.*)$ https://post01 |
RewriteRule ^(.*)$ https://post01.dk$1 [L,R] |
||
.. |
.. |
||
Line 205: | Line 205: | ||
RewriteEngine On |
RewriteEngine On |
||
RewriteCond %{SERVER_PORT} !^443$ |
RewriteCond %{SERVER_PORT} !^443$ |
||
RewriteRule ^(.*)$ https://post01 |
RewriteRule ^(.*)$ https://post01.dk/$1 [L,R] |
||
ServerAdmin webmaster@ |
ServerAdmin webmaster@dk |
||
ServerName post01 |
ServerName post01.dk |
||
SSLEngine on |
SSLEngine on |
||
Line 249: | Line 249: | ||
=== mailadmin === |
=== mailadmin === |
||
For at mailadmin virker som den skal. Skal vi have key auth til root fra mailadmin |
For at mailadmin virker som den skal. Skal vi have key auth til root fra mailadmin.dk<br> |
||
edit /root/.ssh/authorized_keys |
edit /root/.ssh/authorized_keys |
||
<pre> |
<pre> |
||
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnzEs1SVZhvmaXeO3LiYO4U2q2pppdI57/cnK0ccW7fT1J36fT+4od15isppxc3HilvosY/e9kOEwQTPciEa+NffQ9O5QCroXUyweEZN7HFKFU509drUFrjLgxiAXwbEoQmpysJzPKerqZOzri/Et+kCybvHx4HipshqVHHEQNGvt2b9jk8T7Plia1u2zP941zFh0L5v4QW+UiNO7Zcx4xAXfIjsCOTiw+y0rMop8J3SCrP7jOYRRY8zvCQ7pwS7XINw88LicMuVjgLh1hvZrUB6OnUZaLDA2sh2wFo+rGpeyVYCkU3gjZo04CIfnht56g0yTxALHn+UTX67Ac46AlQ== admin@mailadmin |
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnzEs1SVZhvmaXeO3LiYO4U2q2pppdI57/cnK0ccW7fT1J36fT+4od15isppxc3HilvosY/e9kOEwQTPciEa+NffQ9O5QCroXUyweEZN7HFKFU509drUFrjLgxiAXwbEoQmpysJzPKerqZOzri/Et+kCybvHx4HipshqVHHEQNGvt2b9jk8T7Plia1u2zP941zFh0L5v4QW+UiNO7Zcx4xAXfIjsCOTiw+y0rMop8J3SCrP7jOYRRY8zvCQ7pwS7XINw88LicMuVjgLh1hvZrUB6OnUZaLDA2sh2wFo+rGpeyVYCkU3gjZo04CIfnht56g0yTxALHn+UTX67Ac46AlQ== admin@mailadmin.dk |
||
</pre> |
</pre> |
||
Line 259: | Line 259: | ||
<pre> |
<pre> |
||
mkdir /usr/local/sbin/log |
mkdir /usr/local/sbin/log |
||
svn co svn+ssh://svn@svn |
svn co svn+ssh://svn@svn.dk/mailsetup/scripts /usr/local/sbin/ |
||
</pre> |
</pre> |
||
Latest revision as of 19:56, 23 April 2011
Standard installation
Start med at gå installationen af en Xen Klient maskine igennem InstallXenClientServer
Tilføjelser
mail partition
Lav en mail partition
evmsn tilføj en maildir partition i stil med dem der findes
Tilføj denne partition i fstab
/dev/hda3 /var/maildir ext3 defaults,noatime 0 0
Tilføj biblioteket til var
mkdir /var/maildir
host filen
Første linje i host filen skal indeholde:
127.0.0.1 postXX.dk localhost
mailname filen
Filen skal have hele domain navnet
postXX.dk
Når det er gjort så kan du jo gå i gang med at installerer de programmer der skal være på den og konfigurerer dem.
Installation af programmer
Du skal starte med at installerer subversion. Den skal du bruge til at hente konfigurationrene fra repositoriet med.
apt-get install subversion
Herefter kan du tage ssh private og public nøgler fra post01.dk
Dem skal du ligge i .ssh i /root/
cd mkdir .ssh scp -rp post01.dk:~/.ssh/ .
Nu kan vi så gå i gang med at hente konfigurations filerne fra subversion.
cd mkdir baseinstall cd baseinstall svn co svn+ssh://svn@svn.dk/mailsetup/baseinstall . dpkg --set-selections < installed.txt apt-get dselect-upgrade
Så har vi fået installeret de programmer der skal ligge på serveren.
Konfiguration af programmer
ssl certifikater
Bestil et certifikat på https://products.geotrust.com/geocenter/reseller/logon.do
key fil
openssl genrsa -out /etc/ssl/private/hostname.key 1024
csr fil
openssl req -new -key /etc/ssl/private/hostname.key -out /etc/ssl/hostname.csr ----- Country Name (2 letter code) [AU]:DK State or Province Name (full name) [Some-State]:N/A Locality Name (eg, city) []:Kolding Organization Name (eg, company) [Internet Widgits Pty Ltd]:WorldWeb Interactive A/S Organizational Unit Name (eg, section) []:System Common Name (eg, YOUR name) []:hostname.dk Email Address []:sysadm@dk
Gem din crt fil i
/etc/ssl/private/hostname.crt
exim4
De filer svn brokker sig over svn ikke kan overskrive skal bare fjernes.
cd /etc/exim4/ rm -rf conf.d svn co svn+ssh://svn@svn.dk/mailsetup/post .
Editer i update-exim4.conf.conf
dc_other_hostnames='postXX.dk'
Opdater exim konfig
update-exim4.conf
Opdater exim certifikaterne
cp /etc/ssl/private/hostname.key /etc/exim4/exim.key cp /etc/ssl/private/hostname.crt /etc/exim4/exim.crt
Genstart exim4
/etc/init.d/exim4 restart
courier
Så er det courier's tur.
cd /etc/courier/ rm -rf * svn co svn+ssh://svn@svn.dk/mailsetup/courier
Så skal vi lige have lavet nogle pem filer til imap og pop3
cat /etc/ssl/private/hostname.key /etc/ssl/private/hostname.crt > hostname.pem openssl gendh >> hostname.pem cp hostname.pem imapd.pem cp hostname.pem pop3d.pem
Genstart server og deamon
/etc/init.d/courier-authdaemon restart /etc/init.d/courier-imap restart /etc/init.d/courier-imap-ssl restart /etc/init.d/courier-pop restart /etc/init.d/courier-pop-ssl restart
apache2
Squirrelmail
Vi skal lige have lavet de bibs der skal bruges
mkdir /var/www/.ssh/ mkdir /var/www/squirrelmail/ scp -rp mailadmin.dk:/var/www/.ssh/* /var/www/.ssh/ chown www-data: -R /var/www/.ssh/ chown www-data: -R /var/www/squirrelmail/
Så er det tid til co af squirrelmail fra svn
su - www-data svn co svn+ssh://svn@svn.dk/mailsetup/squirrelmail
apache2 config
Vi skal lige have ssl support i apache2
mkdir -p /etc/apache2/ssl.crt mkdir -p /etc/apache2/ssl.key cp /etc/ssl/private/hostname.crt /etc/apache2/ssl.crt/ cp /etc/ssl/private/hostname.key /etc/apache2/ssl.key/ a2enmod ssl
Sidst skal vi lige tilføje
Listen 443
til /etc/apache2/ports.conf
Vi skal lige have apache til at redirecte alt http til https gå til squirrelmail bib som default.
Starter i /etc/apache2/site-avaliable/default
NameVirtualHost *:80 NameVirtualHost *:443 <VirtualHost *:80> RewriteEngine On RewriteCond %{SERVER_NAME} !post01.dk RewriteRule ^(.*)$ https://post01.dk$1 [L,R] RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)$ https://post01.dk$1 [L,R] .. .. .. RedirectMatch ^/$ /squirrelmail/ .. .. .. </VirtualHost>
Og laver et webmail site
<VirtualHost *:443> RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)$ https://post01.dk/$1 [L,R] ServerAdmin webmaster@dk ServerName post01.dk SSLEngine on SSLCertificateFile /etc/apache2/ssl.crt/post01.crt SSLCertificateKeyFile /etc/apache2/ssl.key/post01.key SSLProtocol all SSLCipherSuite HIGH:MEDIUM DocumentRoot /var/www/squirrelmail <Directory /> Options FollowSymLinks AllowOverride None </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On </VirtualHost>
Aktiverer webmail sitet
a2ensite webmail
Vi skal også lige have rewrite modulet enabled
a2enmod rewrite
Så kan vi reloade apache og vi er done med serveren.
apache2ctl configtest apache2ctl graceful
mailadmin
For at mailadmin virker som den skal. Skal vi have key auth til root fra mailadmin.dk
edit /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnzEs1SVZhvmaXeO3LiYO4U2q2pppdI57/cnK0ccW7fT1J36fT+4od15isppxc3HilvosY/e9kOEwQTPciEa+NffQ9O5QCroXUyweEZN7HFKFU509drUFrjLgxiAXwbEoQmpysJzPKerqZOzri/Et+kCybvHx4HipshqVHHEQNGvt2b9jk8T7Plia1u2zP941zFh0L5v4QW+UiNO7Zcx4xAXfIjsCOTiw+y0rMop8J3SCrP7jOYRRY8zvCQ7pwS7XINw88LicMuVjgLh1hvZrUB6OnUZaLDA2sh2wFo+rGpeyVYCkU3gjZo04CIfnht56g0yTxALHn+UTX67Ac46AlQ== admin@mailadmin.dk
scripts/sudo mm
Kopier alle perl/bash scripts over til serveren:
mkdir /usr/local/sbin/log svn co svn+ssh://svn@svn.dk/mailsetup/scripts /usr/local/sbin/
Tilføj så brugeren kan eksekvere med root-access:
# Cmnd alias specification Cmnd_Alias MAILCMD=/usr/local/sbin/createmaildir.sh # # User privilege specification root ALL=(ALL) ALL Debian-exim ALL=(ALL) NOPASSWD:MAILCMD
PHP ændring
Det er nødvendigt at sætte php memory execution op til 32MB fra default 8MB, ellers virker squirrelmail ikke.
Overvågning/backup mm
Tilføj normal procedure vedr. overvågning og backup