Professional Documents
Culture Documents
Install Dovecot To Configure POP
Install Dovecot To Configure POP
Change DNS or Router's settings if need, and make it listen http requests on Squid
server. It's OK if backend http server responds like follows.
Install SquidClamav and Configure Proxy Server to scan downloaded files to protect
from virus. Install Clamav first.
[1] Install Clamd
root@prox:~# aptitude -y install clamav-daemon
[2]
[2] Try to access to the URL you set as prohibited domains in [1].
Install/Configure Postfix
Install Postfix to configure SMTP server. SMTP uses 25/TCP.
[1] This example shows to configure SMTP-Auth to use Dovecot's SASL function.
root@mail:~# aptitude -y install postfix sasl2-bin
# Enter
+------------------------+ Postfix Configuration +-----------------------+
|
|
| Please select the mail server configuration type that best meets
your
| needs.
|
| No configuration:
|
Should be chosen to leave the current configuration unchanged.
| Internet site:
|
Mail is sent and received directly using SMTP.
| Internet with smarthost:
|
Mail is received directly using SMTP or by running a utility such
|
as fetchmail. Outgoing mail is sent using a smarthost.
| Satellite system:
|
All mail is sent to another machine, called a 'smarthost', for
| delivery.
| Local only:
|
|
<Ok>
|
|
+------------------------------------------------------------------------+
|
|
| Please choose whether you want to create one now. This will then be a
| self-signed certificate.
|
|
<Yes>
<No>
|
|
+---------------------------------------------------------------------------+
root@mail:~#vi /etc/dovecot/dovecot.conf
# line 30: change ( if not listen IPv6 port )
listen =*
root@mail:~# vi /etc/dovecot/conf.d/10-auth.conf
# line 10: uncomment and change ( allow plain text auth )
disable_plaintext_auth =no
smtpd
root@mail:~# vi /etc/dovecot/conf.d/10-ssl.conf
# line 6: uncomment
ssl = yes
# line 12,13: uncomment and specify certificate
ssl_cert = </etc/ssl/private/server.crt
ssl_key = </etc/ssl/private/server.key
root@mail:~#
initctl restart dovecot
dovecot start/running, process 1280
Create a your server's original SSL Certificate. If you use your server as a business, it
had better buy and use a Formal Certificate from Verisign and so on.
root@www:~# cd /etc/ssl/private
root@www:/etc/ssl/private# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
...................+++
.....+++
e is 65537 (0x10001)
Enter pass phrase for server.key: # set passphrase
Verifying - Enter pass phrase for server.key: # confirm
# remove passphrase from private key
root@www:/etc/ssl/private# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key: # passphrase
writing RSA key
root@www:/etc/ssl/private# openssl req -new -days 3650 -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----Country Name (2 letter code) [AU]: JP # country
State or Province Name (full name) [Some-State]: Hiroshima # state
Locality Name (eg, city) []: Hiroshima # city
Organization Name (eg, company) [Internet Widgits Pty Ltd]: GTS # company
Organizational Unit Name (eg, section) []: Server World # department
Common Name (e.g. server FQDN or YOUR name) []: www.server.world # server's FQDN
Email Address []: xxx@server.world # email address
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@www:/etc/ssl/private# openssl x509 -in server.csr -out server.crt -req -signkey
server.key -days 3650
APACHE2
root@www:~# vi /etc/apache2/conf-enabled/security.conf
# line 26: change
ServerTokens Prod
# line 37: change
ServerSignature Off
root@www:~# vi /etc/apache2/mods-enabled/dir.conf
# line 2: add file name that it can access only with directory's name
DirectoryIndex index.html index.htm
root@www:~# vi /etc/apache2/apache2.conf
# line 70: add to specify server name
ServerName www.server.world
root@www:~# vi /etc/apache2/sites-enabled/000-default.conf
# line 11: change to webmaster's email
ServerAdmin webmaster@server.world
root@www:~# /etc/init.d/apache2 restart
* Restarting web server apache2
...done.