Fedora Core configuration

Posted by

Background

This document has information on how to configure a basic install of Fedora Core 6. Most of the instructions here are applicable to newer versions of Fedora Core as well. This document will show you how to install and configure: a firewall, Webmin, SMTP (Postfix) server, POP3/IMAP (Dovecot) server, Spamassasin, Apache, PHP, Perl, Java6, Tomcat6, database server, WordPress, etc. My only advice is install and use Webmin, it will make your life administering the server much easier! If you want to sign up for Slicehost service click here, they have reasonably priced service for you to setup your LAMP environment.

For comments on this tutorial, and topics you’d like to see covered that are missing here, click here to add your comments to the blog post for this tutorial. To make this process painless, use Webmin, and to learn how to use Webmin buy this book.

Table of contents

Introduction

Misc software

Email server

Log file location

Installation instructions

Postfix configuration

Dovecot configuration

Service startup

Database server

Backup and Restore

PHP install

Web server

WordPress (blog) server

Tomcat server and Java

Firewall

SSH server

Spamassassin & Webmin

Introduction

This document has a section on each server and the configuration tasks required to get it running. If you use Slicehost you can configure your DNS records using Slicehost’s DNS server. Or you can install your own DNS server and point your registrar at it, or you can choose other hosted DNS solutions (DNS made easy, or Ultra DNS). You can read the document from start to finish and have your server configured by the time you finish the document if you follow along with the steps.

Misc software

Run the following to get some software that will be required for the system.

yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++

yum install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1

Email server

We will use Postfix as the ESMTP server and Dovecot for POP3S/IMAPS server. You have to configure Postfix to receive mail on all the domains that have MX records on the slice’s DNS server (or your own DNS server, or your hosted DNS provider).

Log file location

You can tail –f /var/log/maillog to see all the status messages generated by postfix and dovecot. This is a useful thing to do when you’re debugging your installation and configuration.

Installation instructions

Install the software using the following:

yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot

Postfix configuration

Here’s a great resource for Postfix – http://www.zytrax.com/tech/survival/postfix.html#config

Here are some configuration tweaks to get Postfix working right:

postconf -e ‘smtpd_sasl_local_domain =’
postconf -e ‘smtpd_sasl_auth_enable = yes’
postconf -e ‘smtpd_sasl_security_options = noanonymous’
postconf -e ‘broken_sasl_auth_clients = yes’
postconf -e ‘smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’
postconf -e ‘inet_interfaces = all’
postconf -e ‘mynetworks = 127.0.0.0/8’

Create /usr/lib/sasl2/smtpd.conf with following content:

pwcheck_method: saslauthd
mech_list: plain login

The following creates the cert (Dovecot has to be configured to use this as well):

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Configuring Postfix security:

postconf –e ‘smtpd_tls_auth_only = no’
postconf –e ‘smtp_use_tls = yes’
postconf –e ‘smtpd_use_tls = yes’
postconf –e ‘smtp_tls_note_starttls_offer = yes’
postconf –e ‘smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key’
postconf –e ‘smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt’
postconf –e ‘smtpd_tls_Cafile = /etc/postfix/ssl/cacert.pem’
postconf –e ‘smtpd_tls_loglevel = 1’
postconf –e ‘smtpd_tls_received_header = yes’
postconf –e ‘smtpd_tls_session_cache_timeout = 3600s’
postconf –e ‘tls_random_source = development:/development/urandom’

Make it work with Dovecot:

postconf -e ‘home_mailbox = Maildir/’
postconf -e ‘mailbox_command =’

Configure it to server your domains and users:

postconf -e ‘virtual_maps = hash:/etc/postfix/virtusertable’
postconf -e ‘mydestination = /etc/postfix/local-host-names’

virtuserstable contains all the users that you want to enable in the system (that do not have a linux userid/passwd). These are aliases that are forwarded to local users, or to other emails (relaying). When you change this file, run ‘postmap virtusertable’ to let postfix know about these changes.

local-host-names contains a list of domain names that you want this Postfix server to server, make sure that the MX records for these domains are properly configured as well.

Dovecot configuration

Look at the pre-built dovecot configuration file (/etc/dovecot.conf). Find out more about Postfix configuration here. Here’s another resource to help you configure Dovecot to work with Postfix. Here’s a list of tweaks you have to do to the default configuration in order to get it to work properly with Postfix:

  1. Configure it to use the certs generated for Postfix (you will find these in the /etc/postfix/ssl folder). The conf file entries point to the actual files on the linux hard drive.
  2. Configure it to use imaps and pop3s
  3. Configure it to use UIDL that’s compatible with Outlook.

Service startup

Make sure you run the following:

chkconfig –levels 235 sendmail off
chkconfig –levels 235 postfix on
chkconfig –levels 235 saslauthd on
chkconfig –levels 235 dovecot on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
/etc/init.d/dovecot start

Database server

Install mysql with:

yum install mysql mysql-devel mysql-server
chkconfig –levels 235 mysqld on
/etc/init.d/mysqld start

mysqladmin -u root password <your password>

Here are some good links for sql stuff:

· http://dev.mysql.com/doc/refman/5.1/en/tutorial.html

· http://dev.mysql.com/doc/refman/5.1/en/mysqladmin.html

Backup and Restore mySQL

To backup the mysql instance, use:

mysqldump –p<yourpassword> –single-transaction –all-databases > <your_backup_file.sql>

To restore the mysql instance, use:

mysql –p <yourpassword> < <your_backup_file.sql>

PHP install

This installs the PHP stuff along with the kitchen sink:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel

This is a minimal install of PHP and Apache:

yum -y install httpd php mysql mysql-server php-mysql

Web server

You can configure multiple virtual hosts for each domain that you are going to have a web site for. However 1 IP address can be bound to 1 SSL Certificate for HTTPS. Without having more than 1 IP address on the Slice, it’s not going to be possible to do HTTPS with virtual hosts. This is not a bad thing, it just means that instead of using virtual hosts you have to use URIs to get to your remote resource, which maps nicely to servlets/tomcat.

WordPress (blog) server

To install wordpress, you must first have PHP, Apache, and MySQL installed already. Here’s a link to get wordpress going – http://codex.wordpress.org/Installing_WordPress#Step_3:_Set_up_wp-config.php. It’s very straightforward. There are really 4 steps.

Step 0 – get the tar file

wget http://wordpress.org/latest.tar.gz – this will download the latest tar file

tar -xzvf latest.tar.gz – this will extract the contents to a “wordpress” folder

Step 1 – create a database in mysql

mysql -u <db admin user> –p
CREATE DATABASE <databasename>;
GRANT ALL PRIVILEGES ON <databasename>.*
TO “<username>”@”localhost” IDENTIFIED BY “<password>”;
FLUSH PRIVILEGES;
EXIT;

Step 2 – move the “wordpress” folder to a folder under your web server’s directory

You can put the wordpress folder contents anywhere underneath the htdocs or /var/www/html folder or whatever folder you serve up HTML content from.

Step 3 – configure the php file inside the directory to the database and user in mysql

Rename the wp-config-sample.php file to wp-config.php. Open wp-config.php in your favorite text editor and fill in your database details. Then just point your browser to the URL that maps to the folder inside of which you placed wordpress.

Tomcat server and Java

Information on how to install Java6 can be found on Sun’s site when you download the JDK for Linux. You can download Tomcat 6 here. Here’s info on how to configure tomcat to startup as a linux service – http://www.2nrds.com/installing-and-running-apache-tomcat-in-linux

Firewall

Iptables can be used as a firewall, and follow these instructions to get it installed and configured. Once you have webmin installed, you can graphically modify the firewall settings without having to delve into the configuration files.

SSH server

Install the SSH server and disable root access (very easy to do with webmin). You can follow these directions on installing the SSH client and disabling root access before installing webmin.

Spamassassin & Webmin

Once Postfix has been configured, go ahead and download Webmin. Click here to buy a good book on Webmin. Webmin makes it easy to configure and install anything on the server, especially Spamassassin. One thing to note, when you install spamassassin, you have to change Postfix to use promail, and you have to configure this as well. Here are the steps.

Step 1 – install webmin

yum install perl-Net-SSLeay
rpm -U webmin-1.370-1.noarch.rpm

Download the software here – http://www.webmin.com/rpm.html

For more info – http://www.webmin.com/ssl.html

Punch a hole in the firewall so that port 10,000 is accessible from the web.

Step 2 – install spamassassin

yum install spamassassin

This will install the spamassassin software that can be configured in Webmin. Use webmin to setup all the rules, etc. and make sure to click on Procmail Spam Delivery and make sure it’s been configured.

This will ensure that rules are created in procmail that make it call spamassassin to run the spam rules on each message that’s delivered. The rules are created in the /etc/procmailrc file. More info on that here – http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-email-procmail.html

At this stage, these rules are not getting executed, since postfix is not using yet. The final step is configuring postfix to use procmail for mail delivery, instead of its internal stuff…

Step 3 – Configure Postfix to use Procmail, and Procmail to use MailDir/

Edit the /etc/postfix/main.cf file. Find the mailbox_command and insert the following:

mailbox_command = /usr/bin/procmail

Then save this file.

Edit the /etc/procmailrc file, and add the following lines to the top of it:

# telling procmail to deliver messages to user’s home Maildir/
MAILDIR=$HOME/Maildir/
DEFAULT=$MAILDIR

Step 4 – Creating new users

Due to security restrictions put in place by how Postfix runs external commands (procmail), it’s necessary to manually create the /home/<user>/Maildir folder when users are created. If this is not done, then mail will not be delivered for that user.

For comments on this tutorial, and topics you’d like to see covered that are missing here, click here to add your comments to the blog post for this tutorial. If you want to sign up for Slicehost service click here, they have reasonably priced service for you to setup your LAMP environment.