| FAST BUILD BOXES |
| IN A BOX |
like this |
| like this |
| like this |
shutdown -r -F now and let it reboot.
When it starts back up it will run "fsck" which is the conceptual equivalent
of "chkdsk /f" in the Windows world. Ghost 2003 comes with SystemWorks 2003 or often
comes with motherboard software. Ghost 2003 also works in (the recommended) normal mode
but after the disk is cloned the boot record must be repaired on the cloned drive by
first booting to a rescue disk. Actually, I have had great success using the -ib
(Image Boot) setting. It appears to make an exact duplicate of the boot sector, then
does a regular clone operation on the remainder. There is other software out there that
has the ability to clone Linux hard drives. I’m just used to Ghost.
shutdown -r -F now to repair
any potential problems.
|
For future reference:
http://www.us.debian.org/releases/sarge/debian-installer/ http://www.debian.org/distrib/netinst http://www.debian.org/releases/stable/i386/ch04s02.html.en |
| Make a new directory on your Windows computer and call it 'debian' or
something. Then download the latest version of the Debian installer for 'Sarge' and save it there. Go to: http://cdimage.debian.org/debian-cd/3.1_r5/i386/iso-cd/debian-31r5-i386-netinst.iso for the Debian 3.1 (Sarge, Stable) network installation CD, which I recommend. |
|
We are going to erase the hard drive so make sure you don't
have any data on it you might need.
Boot up the computer using the Installer CD or the Installer floppy #1. If you use the floppy to boot up, it will prompt you for the second floppy. I recommend the CD-ROM. The instructions below pertain to the CD-ROM method in the default "ask as few questions as possible" mode. To install the recommended 2.6.x version of the Linux kernel, type in: linux26 |
| [Choose Language] This determines the language of the installer and picks a keyboard. This installation has only been tested with English - English |
| [Choose country or region] Choose what is appropriate |
| Unplug the Ethernet cable, we want DHCP to fail. |
| [Select a keyboard layout] American English selects a standard qwerty keyboard |
| [Module needed by your ethernet card] |
| [!! Configure the network]
Network autoconfiguration failed We wanted this to happen, simply press: [Continue] On the next screen, choose the default of: [Configure network manually] |
| [Configure the network] Plug the Ethernet cable back in (and make sure Num Lock is on!) [IP address:] 111.111.111.111[Netmask:] 255.255.255.x[Gateway:] 333.333.333.333[Name server addresses:] 444.444.444.444 555.555.555.555[Hostname:] sfa[Domain name:] example.com
|
| [!! Partition disks] Choose [Erase entire disk] [Partitioning scheme:] You are free to choose any of the three partitioning schemes provided but we need at least 1GB of space for each data partition. If you choose the [Desktop machine] or [Multi-user workstation] method of partitioning, ideally you would have 4GB or more for either the /var partition or the /var/spool partition respectively. If you are building this with a 1GB or 2GB drive (not recommended) or simply want to maximize disk space, choose [All files in one partition] For a larger drive choose: [Desktop machine] Then arrow up and change the "Mount point:" of partition "#6 logical" from /home to /var Here is an example of what the finished product could look like: IDE1 master (hda) - 10.0 GB Maxtor 5T010H1 hda1 #1 primary 2.8 GB ext3 / (bootable) (root partition) hda5 #5 logical 353.7 MB swap (swap partition) hda6 #6 logical 6.8 GB ext3 /varThe same drive using and modifying the [Multi-user workstation] partitioning scheme: It took me about 10 minutes of playing with the software to figure out how to modify what the partitioning software came up with, but this will provide a little better performance (due to reduced file fragmentation). You need a 6GB or larger drive and a little patience to do this. Change the mount point of "#1 primary" from / to /boot Change the mount point of "#5 logical" from /usr to / Change the mount point of "#6 logical" from /var to /var/lib (Enter manually) Delete both partitions #9 and #8, then recreate logical partitions #8 and #9 from the free space and change the mount points to what is illustrated below. Each data partition should be at least 1GB as shown. The /var/spool directory is where our mail queues will be, so it would be desirable to make it 3GB or larger. IDE1 master (hda) - 10.0 GB Maxtor 5T010H1 hda1 #1 primary 279.6 MB ext3 /boot (bootable) hda5 #5 logical 3.6 GB ext3 / (root) hda6 #6 logical 1.8 GB ext3 /var/lib hda7 #7 logical 386.6 swap swap hda8 #8 logical 1.0 GB ext3 /var/log hda9 #9 logical 3.0 GB ext3 /var/spoolOnce you have what you like, choose [Finish partitioning and write changes to disk] [Write changes to disk?] [Yes] |
|
[Installing the Debian base system] Wait.... [Install the GRUB boot loader to the master boot record?] If you would like the install the GRUB boot loader choose [Yes] If you would like the install the LILO boot loader [Tab] over and select [Go Back] Then select the 'Install the LILO boot loader...' [Finish the installation] Remove the CD or floppy when prompted, then hit [Continue] This will reboot. |
| [Debian base system configuration] - Welcome to your new Debian system! [OK] |
| [Time zone configuration] [Is the hardware clock set to GMT?] [NO] [Select your time zone:] Simply choose what is appropriate. |
| [Password setup] This will ask for root's password and allow you to create a "normal" user and a password for that user. Watch your [Num Lock] status. Use really good passwords and don't forget them. Please add one, and just one, normal user here. If you plan on storing mail locally on this machine (not documented here), or even if you don't, create a user who's main purpose in life might be to hold root's mail. I suggest calling the user myroot or something similar. |
|
Make sure you are connected to the Internet
[Apt configuration] [Archive access method for apt:] Choose [http] then your [Mirror country] then a mirror near you. (mirrors.kernel.org works very well in the US) [HTTP proxy information] (configure if needed, otherwise leave unconfigured) |
| [Debian software selection]
[Choose software to install:] Do not select anything here. Simply [Tab] over and select [Ok] |
| [Configuring console data] IMPORTANT! choose "Don't touch keymap" You chose one earlier whether you knew it or not and choosing any keyboard here may remove the keyboard mapping and you may not be able to get it back without starting the installation over!!!!! |
| [Configuring Exim v4 (exim4-config)]
[General type of mail configuration:] choose [no configuration at this time] [Really leave the mail system unconfigured?] [Yes] [Root and postmaster mail recipient:] The "normal" user we added earlier will display here. This is fine, so simply accept this. Since all mail will be relayed to another server, this setting will actually end up being ignored. However, if you configure your system to store mail locally, all of root's mail will be redirected to this "normal" user's mailbox. This is necessary because you typically cannot access root's mailbox remotely. |
| [Debian base system configuration]
[Setup of your Debian system is complete] [OK] |
Once you get the login prompt, login as root and issue the following command:
apt-get install ntpdate ssh vim gpupg
|
hwclock --systohc
|
dpkg-reconfigure locales
|
|
[Configuring locales] You use [PgUp] [PgDn] [up-arrow] [down-arrow] [tab] and [spacebar] to navigate and select. Your ISO-8859-x locale should already be selected. You can simply [Tab] over to [Ok]. The installer software correctly assumed I wanted en_US ISO-8859-1. I suggest you have this also (in addition to others if you require them). If you need to change the locale, or add additional locales, use the [arrow] [spacebar] and [tab] keys. You may wish to add your corresponding UTF-8 locale but a UTF-8 locale should not be used as the default system LANG (set in /etc/environment), SpamAssassin and amavisd-new may have problems if you do. [Which locale should be the default in the system environment?] I suggest you do NOT choose [None], I suggest you choose [en_US] |
ls -l /etc/consoleThis lists the contents of the /etc/console directory.
You should see a file named "boottime.kmap.gz"If you get "Total: 0" then we have no keymap file. If, and only if, we have no keymap file, run the command: dpkg-reconfigure console-dataAnd choose [Select keymap from arch list] Follow the prompts that apply to you and when the program exits check again to see if there is now a file called "boottime.kmap.gz" in the /etc/console
directory.If the file is not there, reboot and try again. We cannot continue until a keymap file is installed. Worst case is we would have to start the installation over again! |
| Once you are back at the shell prompt, reboot the system with [Ctrl][Alt][Delete] |
pwd(which means "print working directory"; it will reply with "/root") |
i",
(short for "insert"). You can edit text pretty much as you would expect in
Write mode. You exit out of Write mode and return to Command mode by hitting
the [Esc] key. There are many commands that can be learned in Command mode but
we only need to learn two more in addition to "i". Those commands
are ":" (a colon) and "/" (a forward slash). The
colon is used to enter the third mode, the Command line mode and the slash
enables the Search command. When you are in Command line mode, you will see a
colon at the bottom of the screen. Here is a list of commands we will use while
in Command line mode:
:q quit (provided you have not made any changes) By the way,
the lower case q is used often in *nix as a way to exit a screen. :q! exits vi and discards changes (great when you trashed the
file and just want to start over!) :wq saves the changes and exits vi (write and quit) :w saves the current changes but does not exit vi (write) G The capital "G" Goes to the bottom of the page (very handy)
/text_to_search_for moves the cursor to the first occurrence of
text_to_search_for
Run this to see which program vi points to:
ls -l /etc/alternatives/vi
If it says it is pointing to nvi or other program instead of vim (like this): /etc/alternatives/vi -> /usr/bin/nvi Then we need to fix it so it points to (symbolically links to) vim:
mv /etc/alternatives/vi /etc/alternatives/nvi
If you run this again:
ls -l /etc/alternatives/vi
You should see that it now links to vim. |
vi /etc/resolv.confMake sure our domain name is at the top, in the form: search example.com The file should look something like: search example.com nameserver 444.444.444.444 nameserver 555.555.555.555 Repair it if it is not. (Use "i", then edit it). If you made changes, Exit the file with [Esc] : wqIf you did not need to change anything, Exit the file with [Esc] : q
|
vi /etc/hostsThe top of file should look something like: 127.0.0.1 localhost.localdomain localhost 111.111.111.111 sfa.example.com sfaRepair it if it does not (localhost.localdomain is not strictly required). Remember, use "i" to insert. If the hostname "sfa" is listed on both lines, remove it from the 127.0.0.1 line. Since we are here, you might as well add any other hosts you would like our spamfilter to know about. I suggest you (at least) put your internal mail server(s) here. Simply append any other entries to the bottom of the list. If you made changes, Exit the file with [Esc] : wqIf you did not need to change anything, Exit the file with [Esc] : qIf you have a mess on your hands, Exit the file with [Esc] : q! and try again.
|
rebootlogout |
shutdown -h now
apt-get update (to update the local database of available
packages) followed by apt-get upgrade, to install the
latest version of any and all packages it found on our system. This is fine because
we are using the 'stable' version of Debian, but you should not upgrade your system
or install packages indiscriminately, especially if you use any packages from
the 'testing' or 'unstable' branches. This could make stuff stop
working. Fortunately there is something called "Apt-Pinning" that enables us to
prioritize the order of 'stable', 'testing', and 'unstable' software sources. This file
has to be created by us.
The most succinct explanation of this can be found at
http://jaqque.sbih.org/kplug/apt-pinning.html. If you ever use "apt-get upgrade",
I strongly recommend using
apt-get -s upgrade to "simulate" the upgrade process
before you actually upgrade.
vi /etc/apt/preferences |
| Enter this text in the file ("i" to insert) EXACTLY as shown. Yes, you can select the text with your mouse, hit [Ctrl]+c , and then right-click in the vi editor window.
Package: *
Exit the file with [Esc] : wq as usual.
|
apt-get -s install [package]
before you install any package. It lets you "simulate" what would happen.
If you want a package that is an
'unstable' or 'testing' version, you would have to specifically request the 'unstable'
or 'testing' version or change the priority before you install it (unless the only version
is 'unstable' or 'testing' or your current version is 'unstable' or 'testing'). For example
apt-get -t unstable install [package]. If you use tools like
tasksel, you may have to temporarily change the priority prior to installing a
new set of packages. The most stable situation is to only upgrade to new
packages if a security flaw is found and make sure you have the ability to
completely restore the hard drive if upgrades don't go well. So I don't
frighten you too much, the Debian package maintainers are amazing, so apt-get usually works very well.
apt-cache to search the local database for
available packages. apt-cache search [search terms] will find packages that
sound like what you want and: apt-cache show [packagename] will return more details
on a particular package. apt-cache showpkg [packagename] will return more
details on a particular package. apt-cache policy [packagename] will return which
versions are available along with the priority of each version. apt-setup will enable you to change mirrors. The
alternative is to edit /etc/apt/sources.list manually (which I prefer). apt-get clean clears the local repository of all retrieved
package files. apt-get autoclean clears the local repository of retrieved
package files of programs that are no longer installed. dpkg -l [packagename] will list the version and a short
description of the package we have installed.
cp /etc/apt/sources.list /etc/apt/sources.backup
This creates a backup file. Then: vi /etc/apt/sources.list |
At this point, the contents of the file look something like this:
#deb file:///cdrom/ sarge main deb http://mirrors.kernel.org/debian/ stable main deb-src http://mirrors.kernel.org/debian/ stable main deb http://security.debian.org/ stable/updates main We need to modify this file so the result will look something like this: (with only the http server unique to your particular system) deb http://mirrors.kernel.org/debian/ stable main non-free contrib deb-src http://mirrors.kernel.org/debian/ stable main deb http://security.debian.org/ stable/updates main deb http://mirrors.kernel.org/debian/ testing main non-free contrib deb-src http://mirrors.kernel.org/debian/ testing main deb http://mirrors.kernel.org/debian/ unstable main non-free contrib deb-src http://mirrors.kernel.org/debian/ unstable main deb http://www.backports.org/debian/ sarge-backports main contrib non-free Note what I have done here: The line #deb file:///cdrom/ sarge main has been erased. ([up-arrow] to the top of the file and hold down the [Delete] key.) The 4 'testing' and 'unstable' lines have been copied from the top 2 lines, and then modified slightly as indicated. The words "non-free" and "contrib" have been added to 3 of the lines. The backports.org source was added. You are welcome to simply copy and paste what I have listed above. Save and exit the file. |
echo 'APT::Cache-Limit "25165824";' >> /etc/apt/apt.conf
|
apt-get update
|
apt-get remove ipchains lpr nfs-common portmap pidentd pcmcia-cs pppoe pppoeconf ppp pppconfig
|
|
Do not perform any steps listed here until you read the notes above.
If you have chosen to keep your Sarge system 'stable' and only install programs from 'stable' (and optionally 'sarge-backports' and clamav from 'volatile') then you do not need to perform any of these steps. I also don't recommend doing them unless you plan on upgrading the kernel. I will assume you have a 'testing' source in /etc/apt/sources.list. If you have chosen to install an Etch version of initrd-tools, first see if initrd-tools is installed:
dpkg -l initrd-tools | grep ii
If this program is installed, it should report something like "ii initrd-tools 0.1.81.1 tools to create initrd image for prepackaged". If it is not installed, you may already be running a newer kernel that does not use initrd-tools (test with 'uname -r'). If that is the case, there is no need to continue. Otherwise, upgrade initrd-tools:
cd /usr/local/src
If you don't plan on upgrading the kernel right away then you should probably prevent initrd-tools from automatically upgrading to a newer version during 'apt-get upgrade' because that newer version will upgrade libc6! Put the package on hold:
echo "initrd-tools hold" | dpkg --set-selections
If you are currently running a 2.4 kernel ('uname -r' to find out) then you should run these next commands regardless whether you upgraded initrd-tools or not. This may possibly solve a problem where an initrd-img cannot be created for the 2.4 kernel when libc6 is upgraded:
cd
If you choose to install the new 'testing' linux-image kernel you will need to choose the kernel that is correct for your processor. The 486 image will work with Intel or AMD. Obviously you can no longer use an actual 386 chip: linux-image-486 - Linux kernel image on 486-class machines linux-image-686 - Linux kernel image on PPro/Celeron/PII/PIII/P4 machines linux-image-k7 - Linux kernel image on AMD K7 machines For the complete list of available linux-image kernels:
apt-cache search linux-image | grep linux-image
Always first simulate installations to make sure there are no surprises (edit to suit your CPU if you like): apt-get -s -t testing install linux-image-486
If everything looks OK (it will either remove one kernel and install another, or simply upgrade to the new kernel), perform the install: apt-get -t testing install linux-image-486
You may be asked to (re)Configure Locales. If the existing kernel is going to be removed, you will be asked if you know exactly what you are doing. You are going to have to answer 'Yes' (Yes - the whole word) if you want to replace the kernel. Either you will be OK, or your system will be hosed. If it previously did not say that a new kernel will be installed, then it should be obvious that 'Yes' is the wrong answer. Accept the default 'Y' to remaining prompts. Once the new kernel is installed, cross your fingers and reboot: reboot
Once the system comes back up - what kernel are we using? uname -r
This should show you are running kernel 2.6.18 or higher. Since we have upgraded libc6-dev to the 'testing' version, you will also need to upgrade gcc-3.3 to the 'testing' (etch) version:
apt-get -t testing install gcc-3.3
|
If you are using a multi-processor machine, then use a multi-processor kernel!
If your kernel version is 2.4.x, or 2.8.6 or earlier, you will want
to upgrade to an smp version of a 'kernal-image' kernel. Use 'uname -r' to
determine the current kernel, then to find similar available smp kernels, run:apt-cache search kernel-image | grep smp | grep kernel-image
For example, if you were running a 2.6.8 (Sarge) kernel, and had a dual core Intel system, you could use the 'kernel-image-2.6-686-smp' kernel. You would pick the kernel that most closely matches your system (and your current kernel). To install it, you would simply run: apt-get install kernel-image-2.6-686-smp If you were running a newer kernel (2.6.12 or higher - Etch) you would look at the available 'linux-image' smp kernels: apt-cache search linux-image | grep smp | grep linux-image
If you were to install a new kernel, please reboot afterwards.
|
less. less is a great file
and directory viewer.
less.
less: less /path/file
less:
ls -l | less (current directory, or)
ls -l /path/directory | less
history | less
locate.
locate allows you to search a database of every file name on the
system.
updatedb command, and then you can search through it.
locate and less
together:
updatedb
locate kmap | less
less
/usr/share/keymaps/i386/qwerty/
cd
cd and hit [return]. We just saved ourselves
having to type the entire path name just in order to change to that directory.
I like that.
cd to get back home.
iptables -F
|
iptables -L |
vi /etc/network/interfacesAnd insert the following text (remember, it's "i" to insert) in the blank line just below "iface lo inet loopback": pre-up iptables-restore < /etc/firewall-rules
Save and exit the file as usual with [Esc] : wq From now on I will assume you know how to edit, save, and exit files using vi. If not stated, it will be implied that after editing a file, you need to save and exit it, or if necessary, discard changes and start over. |
If you have not done so, reboot again and runiptables -L to verify the firewall loaded during start up. |
iptables -F from the
console to clear out iptables. This will allow you another shot at it.
top
ps afx
ps afxl
ps -A
ls -F /etc/rc2.d
lsof -i | grep LISTEN
netstat -pn -l -A inet
netstat -pn -l inet
cd /usr/bin
wget http://www200.pair.com/mecham/debian/lsconfig
chmod +x /usr/bin/lsconfig
lsconfig
cp -r /etc/init.d /etc/init.d-original |
/etc/init.d/lpd stop
|
update-inetd --disable time
|
lsof -i | grep LISTEN
The only daemon you should see is at this point is *:ssh You may have to run this again: update-inetd --disable discardIf there are other programs shown, try rebooting and test again. |
update-inetd --enable ident
/etc/init.d/inetd restart
update-rc.d lpd defaults
/etc/init.d/lpd start
cp -i /etc/init.d-original/lpd /etc/init.d
update-rc.d lpd defaults
/etc/init.d/lpd start
Install the program:
apt-get install ntp-simple
|
/etc/ntp.conf and
insert it per the example in the file. NTP is a flexible and complex system so I leave
it up to you to research it further if you care to.
If you care to choose your own servers from the list of Public NTP Secondary
(stratum 2) Time Servers at
http://www.eecis.udel.edu/~mills/ntp/clock2a.html we can use the little ntpdate
program to quickly test them prior to insertion in /etc/ntp.conf:
/etc/init.d/ntp-server stopntpdate clock.fmt.he.netntpdate ntp1.tummy.com/etc/init.d/ntp-server start
date
and to change the time zone it's tzconfig
apt-get -t sarge-backports install libcompress-zlib-perl
|
apt-get install arc arj autoconf automake1.7 bzip2 cabextract db4.3-util libarchive-tar-perl libarchive-zip-perl libauthen-sasl-perl libberkeleydb-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libdb4.3-dev libdbd-mysql-perl libdbi-perl libdigest-hmac-perl libdigest-sha1-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libio-multiplex-perl libio-socket-ssl-perl libio-string-perl unrar unarj libdigest-nilsimsa-perl libmail-audit-perl
|
apt-get install lha libio-stringy-perl libio-zlib-perl libldap2 libmail-spf-query-perl libmailtools-perl libmime-perl libnet-dns-perl libnet-ldap-perl libnet-perl libnet-ph-perl libnet-server-perl libnet-snpp-perl libnet-telnet-perl libsocket6-perl libtimedate-perl libtool libunix-syslog-perl liburi-perl libwww-perl lsof lynx lzop make ncftp nomarch pax perl-doc rblcheck unzip unzoo zip zlib1g-dev zoo pyzor razor
|
First, run a simulation:apt-get -s upgrade
Then if everything is as you might expect: apt-get upgrade
|
If the kernel is upgraded, once the upgrade process is complete, you must:
reboot
|
apt-cache policy postfix spamassassin
|
postfix:
Installed: (none)
Candidate: 2.1.5-9
Version Table:
2.3.2-1 0
400 http://mirrors.kernel.org unstable/main Packages
2.2.10-2 0
450 http://mirrors.kernel.org testing/main Packages
2.2.10-1bpo2 0
350 http://www.backports.org sarge-backports/main Packages
2.1.5-9 0
600 http://ftp.us.debian.org stable/main Packages
600 http://mirrors.kernel.org stable/main Packages
spamassassin:
Installed: (none)
Candidate: 3.0.3-2sarge1
Version Table:
3.1.3-1 0
400 http://mirrors.kernel.org unstable/main Packages
3.1.3-0bpo1 0
350 http://www.backports.org sarge-backports/main Packages
3.1.1-1 0
450 http://mirrors.kernel.org testing/main Packages
3.0.3-2sarge1 0
600 http://security.debian.org stable/updates/main Packages
3.0.3-2 0
600 http://ftp.us.debian.org stable/main Packages
600 http://mirrors.kernel.org stable/main Packages
This tells us there are newer versions of Postfix available in the 'testing',
'unstable' and sarge-backports branches.
If you upgraded the kernel to 2.6.15 or newer, you can optionally install the
newer 'testing' version
by simply installing it using "apt-get -t testing install [list of packages]".
If you are trying to keep the system as 'stable' as possible, but would like to
install something newer than what is provided in 'stable' you would want to install
the version from backports-org "apt-get -t sarge-backports install [list of packages]".
When mixing testing with stable, there is always some potential of
future problems with program dependencies, but generally, Debian is very smart about
these issues. The more cautious person would not use 'testing' or 'unstable'. As mention previously,
installing programs from 'testing' or 'unstable' that also upgrade to the newest version
of libc6 may remove your kernel!
The report shows there is a newer version of SpamAssassin available. We can
upgrade SpamAssassin to the new version once our install is done, or you can
install the newest 3.1 version now from backports.org.
There is a Debian version of amavisd-new available, but we are NOT
going to install it. The configuration files
for newer Debian (testing/unstable) versions of amavisd-new are
not consistent with the typical way amavisd-new is configured. Instead of one
configuration file, the newer Debian versions split the configuration files into half
a dozen files in a couple different directories.
We will instead install amavisd-new from the original author.
So with this in mind:
Read instructions above before you proceed.
apt-get install spamassassin
If you would like to install the backports.org version of SpamAssassin, you should do it like so: apt-get -t sarge-backports install spamassassin |
Read instructions above to determine whether to install the 'stable' version or not.
Also read this.
apt-get install postfix postfix-pcre postfix-mysql postfix-ldapIf you would like to install the backports.org version of Postfix, you would do it like so: apt-get -t sarge-backports install postfix postfix-pcre postfix-mysql postfix-ldap |
|
Debconf will pop up a Postfix configuration screen. For [General type of configuration?] select: No configuration |
If (and only if) you already have amavisd-new installed, you need to remove it
(this will not remove your configuration files which is a good thing). First make
sure amavisd-new is the only thing that will be removed by 'simulating' the removal:apt-get -s remove amavisd-new
If it is, then remove it: apt-get remove amavisd-new
If it is not, then you must make a note of any and all programs that will be removed, because you will have to reinstall them. Good luck with all that. ;) |
adduser --group --system --home /var/lib/amavis --shell /bin/sh amavis
|
Position yourself:cd /usr/local/srcIf you installed Postfix version 2.1.5, follow these two instructions: wget http://ftp.debian.org/debian/pool/main/p/postfix/postfix_2.1.5.orig.tar.gztar xzvf postfix_2.1.5.orig.tar.gz
If you installed a newer version of Postfix, do this instead: apt-get source postfix |
ls -l |
rm postfix* |
| The second line below will need to be edited if you have a different version of
the Postfix source code. MAKE SURE you answer "n" to "overwrite?" Do each section separately. cp -i /usr/share/postfix/main.cf.debian /etc/postfix/main.cf
cp -i /usr/local/src/postfix-2.1.5/conf/* /etc/postfix
cp -i /etc/postfix/header_checks /etc/postfix/body_checks
cp -i /etc/postfix/access /etc/postfix/sender_access
|
The master.cf we download here can be used with Postfix versions 2.3.x, 2.2.x and 2.1.x postfix stop
cd /etc/postfix
mv master.cf master.cf-original
wget http://www200.pair.com/mecham/debian-postfix-2.3-amavisd/master.cf
|
postfix stop vi /etc/postfix/master.cf
|
| Add these lines near the bottom of master.cf. Note: the items on these lines are separated by tabs. And the "-o" is the lower case letter o, not zero. These settings are from http://www.ijs.si/software/amavisd/README.postfix. You can copy and paste this entire section once the cursor is in the correct position (see below) and you are in insert mode. Note: when copying sections like this that contain tabs, rather than using a right click of the mouse to paste into the editor, press [Shift]+[Insert]: |
smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_milters=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
|
Add this just below the 'pickup' service type:
-o content_filter=
-o receive_override_options=no_header_body_checks
|
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
# -o receive_override_options=no_address_mappings
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_milters=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
|
/etc/postfix/main.cf the main
configuration file for Postfix. Following are suggested values to use in
main.cf. These have been tested for this configuration and will work fine, but
there are many judgment calls involved in this, and it is a good idea at some
point to learn more about Postfix configuration, on your own. You could first
look at the sample Postfix main.cf file /usr/share/postfix/main.cf.dist
. There are comments describing some of the most common options.
Refer also to the Postfix documents on your machine in the
/usr/local/src/postfix-2.1.5/README_FILES directory, or
read the documentation on the Postfix web site
http://www.postfix.org/documentation.html. I also recommend
http://www.postfix-book.com/.
postmap
command to create binary files (Berkeley DB format) that Postfix will ultimately use to
retrieve the data. For example, if you have a file called "filename" and you "postmap filename",
a new file is created "filename.db". Postfix will retrieve data from "filename.db", not
"filename".
There are more than a dozen other types of data files that Postfix
can use to store data. Hash tables are an appropriate choice for
several tables we will use, and pcre (Perl Compatible Regular Expressions)
is appropriate for a couple tables we will use to hold content filtering data.
In its simplest form a hash table is comprised of 2 pieces of data,
a key and a value; typically referred to as the key/value pair. The key
and the value are separated with whitespace (typically a space or tab).
The data in a typical table that we use in Postfix would look something like:
postconf -e "alias_maps = hash:/etc/aliases"
|
newaliases now, and every time after you edit the aliases file. The
newaliases command is just like postmap except that it's
specific to the aliases file.
newaliases
|
postconf -e "myorigin = example.com" |