| FAST BUILD BOXES |
| IN A BOX |
like this
|
| like this |
| like this |
shutdown -r -F now and let it reboot.
When it starts back up it will run "fsck" which is the conceptual equivalent
of "chkdsk /f" in the Windows world. Ghost 2003 comes with SystemWorks 2003 or often
comes with motherboard software. Ghost 2003 also works in (the recommended) normal mode
but after the disk is cloned the boot record must be repaired on the cloned drive by
first booting to a rescue disk. Actually, I have had great success using the -ib
(Image Boot) setting. It appears to make an exact duplicate of the boot sector, then
does a regular clone operation on the remainder. There is other software out there that
has the ability to clone Linux hard drives. I’m just used to Ghost.
shutdown -r -F now to repair any potential problems.
|
Make a new directory on your Windows computer and call it 'debian' or
something. Then download the latest version of the Debian installer for 'etch' and save
it there. Go to:
http://www.debian.org/releases/etch/debian-installer/.
Read the errata while you are on that page. One interesting
errata is
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=401435. Note that there are etch 4.0r3 i386 or etch 4.0r3 ia64 or etch 4.0r3 amd64 CDs available from this location but I have only tested this setup using the i386 CD (32bit). By default it installs the Linux kernel version 2.6.18. |
| We are going to erase the hard drive so make sure you don't have any data on it you might need. Boot up the computer using the Installer CD or the Installer floppy #1. If you use the floppy to boot up, it will prompt you for remaining floppies. I recommend using the CD-ROM. The instructions below pertain to the CD-ROM method in the default "ask as few questions as possible" mode. When the system boots up to the Debian screen, simply press [Enter] at the boot: prompt. |
|
[ !! Choose Language] This determines the language of the installer and picks a keyboard. This installation has only been tested with English - English [Choose country, territory or area] Choose what is appropriate |
| Unplug the ethernet cable. |
|
[! Select a keyboard layout] American English selects a standard qwerty keyboard. |
|
There will be a few screens of activity, then this will come up: [Configuring the network with DHCP] Hit [Cancel] because we want DHCP configuration to fail. |
| Plug the ethernet cable back in. |
| [Module needed by your ethernet card] |
|
[!! Configure the network] Network autoconfiguration failed We wanted that to happen, simply press: [Continue] On the next screen, choose the default of: [Configure network manually] |
|
[!! Configure the network] Make sure Num Lock is on! [IP address:]
111.111.111.111
[Netmask:]
255.255.255.x
[Gateway:]
333.333.333.333
[Name server addresses:]
444.444.444.444 555.555.555.555
[Hostname:]
sfa
[Domain name:]
example.com
|
|
[!! Partition disks] [Partitioning method:] Choose Guided - use entire disk [Select disk to partition:] Choose what is appropriate [Partitioning scheme:] You are free to choose any of the three partitioning schemes provided but we need at least 1GB of space for each data partition. If you choose the [Separate /home partition] or [Separate /home, /usr, /var, and /tmp partitions] method of partitioning, ideally you would have 4GB or more for either the /var partition or the /var/spool partition respectively. If you are building this with a small drive (not recommended) or simply want to maximize disk space (like I often do), choose [All files in one partition] For a larger drive you may optionally choose: [Separate /home partition] Then arrow up and change the "Mount point:" of partition "#6 logical" from /home to /var Here is an example of what the finished product could look like:
IDE1 master (hda) - 10.0 GB Maxtor 5T010H1
#1 primary 2.8 GB B f ext3 / (bootable) (root partition)
#5 logical 353.7 MB f swap (swap partition)
#6 logical 6.8 GB f ext3 /var
The same drive using and modifying the [Separate /home, /usr, /var, and /tmp partitions]
partitioning scheme: It took me about 10 minutes of playing with the
software to figure out how to modify what the partitioning software came up
with, this may provide a little better performance (due to reduced file fragmentation) but
will also waste more disk space.
You need a 6GB or larger drive and a little patience to do this.Change the mount point of "#1 primary" from / to /boot Change the mount point of "#5 logical" from /usr to / Change the mount point of "#6 logical" from /var to /var/lib (Enter manually) Delete both partitions #9 and #8, then recreate logical partitions #8 and #9 from the free space and change the mount points to what is illustrated below. Each data partition should be at least 1GB as shown. The /var/spool directory is where our mail queues will be, so it would be desirable to make it 3GB or larger. If you store quarantined mail on this system then you need to make whatever partition it's stored on is adequately large. The default for amavisd-new is /var/lib/amavis/virusmails so in this next example the /var/lib partition should be large.
IDE1 master (hda) - 10.0 GB Maxtor 5T010H1
#1 primary 279.6 MB ext3 B f /boot (bootable)
#5 logical 3.6 GB ext3 f / (root)
#6 logical 1.8 GB ext3 f /var/lib
#7 logical 386.6 swap f swap
#8 logical 1.0 GB ext3 f /var/log
#9 logical 3.0 GB ext3 f /var/spool
Once you have what you like, choose
[Finish partitioning and write changes to disk] [Write changes to disk?] [Yes] |
| [! Configure time zone] [Select your time zone:] Simply choose what is appropriate. |
| [! Configure the clock] [Is the system clock set to UTC?] If this comes up it may be an indication the system clock is set to UTC. I prefer to set the system clock to local time so I [tab] over and answer [NO] but this is up to you. |
| [!! Set up users and passwords] This will ask for root's password and allow you to create a "normal" user and a password for that user. Watch your [Num Lock] status. Use really good passwords and don't forget them. Please add one, and just one, normal user here. If you plan on storing mail locally on this machine (not documented here), or even if you don't, create a user who's main purpose in life might be to hold root's mail. I suggest calling the user myroot or something similar. Keep in mind that all the best hacker tools run on Linux. If a hacker gains root access to this box, your entire network is history. |
|
[Installing the base system] Wait.... |
|
[! Configure the package manager] [Use a network mirror?] Choose [Yes] [Debian archive mirror country:] Choose your country [Debian archive mirror:] Choose a mirror near you (mirrors.kernel.org works very well in the US) [HTTP proxy information] (configure if needed, otherwise leave unconfigured) |
| [! Configuring popularity contest]
You decide if you would like participate. |
| [Debian software selection]
[Choose software to install:] This is 'tasksel'. You only want to select 'Standard system' here (nothing else). Use the [spacebar] to deselect 'Desktop environment'. Then, simply [Tab] over and select [Continue]. (I heartily recommend you do not run a GUI; however, if you absolutely insist on doing so, leaving 'Desktop environment' selected is the way to install it). |
| [Configuring console data] IMPORTANT! choose "Don't touch keymap" You chose one earlier whether you knew it or not and choosing any keyboard here may remove the keyboard mapping and you may not be able to get it back without starting the installation over! |
| [Configuring Exim v4 (exim4-config)]
[General type of mail configuration:] choose [no configuration at this time] [Really leave the mail system unconfigured?] [Yes] [Root and postmaster mail recipient:] The "normal" user we added earlier will display here. This is fine, so simply accept this. Since all mail will be relayed to another server, this setting will actually end up being ignored. However, if you configure your system to store mail locally, all of root's mail will be redirected to this "normal" user's mailbox. This is necessary because you typically cannot access root's mailbox remotely. |
|
[! Install the GRUB boot loader on a hard disk] [Install the GRUB boot loader to the master boot record?] If you would like the install the GRUB boot loader choose [Yes] If you would like the install the LILO boot loader [Tab] over and select [Go Back] Then select the 'Install the LILO boot loader...' [Finish the installation] Remove the CD or floppy when prompted, then hit [Continue] This will reboot. |
Once you get the login prompt, login as root and issue the following command:
apt-get install ntpdate ssh vim gnupg
|
Enter the following command:
dpkg-reconfigure locales
[Configuring locales] You use [PgUp] [PgDn] [up-arrow] [down-arrow] [tab] and [spacebar] to navigate and select. The etch installer software installed en_US.UTF-8 UTF-8 on my system. I suggest you install the en_US ISO-8859-1 locale (in addition to any other ISO-8859-x locales you may require). If you need to change the locale, or add additional locales, use the [arrow] [spacebar] and [tab] keys. A UTF-8 locale should not be used as the default system LANG (set in /etc/environment or /etc/default/locale), SpamAssassin and amavisd-new may have problems if you do. You should keep the UTF-8 locale in addition to the ISO-8859-x file or Perl may complain. [Which locale should be the default in the system environment?] I suggest you do NOT choose [None], I suggest you choose [en_US] or other non UTF-8 locale (an ISO-8859-x locale). |
ls -l /etc/console
This lists the contents of the /etc/console directory.
You should see a file named "boottime.kmap.gz"If you get "Total: 0" then we have no keymap file. If, and only if, we have no keymap file, run the command:
dpkg-reconfigure console-data
And choose [Select keymap from arch list] Follow the prompts that apply to you and when the program exits check again to see if there is now a file called "boottime.kmap.gz" in the /etc/console
directory.If the file is not there, reboot and try again. We cannot continue until a keymap file is installed. Worst case is we would have to start the installation over again! |
Once you are back at the shell prompt, reboot the system with:
reboot
|
| Please install and configure PuTTY and WinSCP per the notes above. |
i",
(short for "insert"). You can edit text pretty much as you would expect in
Write mode. You exit out of Write mode and return to Command mode by hitting
the [Esc] key. There are many commands that can be learned in Command mode but
we only need to learn two more in addition to "i". Those commands
are ":" (a colon) and "/" (a forward slash). The
colon is used to enter the third mode, the Command line mode and the slash
enables the Search command. When you are in Command line mode, you will see a
colon at the bottom of the screen. Here is a list of commands we will use while
in Command line mode:
:q quit (provided you have not made any changes) By the way,
the lower case q is used often in *nix as a way to exit a screen. :q! exits vi and discards changes (great when you trashed the
file and just want to start over!) :wq saves the changes and exits vi (write and quit) :w saves the current changes but does not exit vi (write) G The capital "G" Goes to the bottom of the page (very handy)
/text_to_search_for moves the cursor to the first occurrence of
text_to_search_for
vi /etc/resolv.confMake sure our domain name is at the top, in the form: search example.com The file should look something like: search example.com nameserver 444.444.444.444 nameserver 555.555.555.555 Repair it if it is not. (Use "i", then edit it). If you made changes, Exit the file with [Esc] : wqIf you did not need to change anything, Exit the file with [Esc] : q
|
vi /etc/hostsThe top of file should look something like: 127.0.0.1 localhost 111.111.111.111 sfa.example.com sfaRepair it if it does not. Remember, use "i" to insert. Since we are here, you might as well add any other hosts you would like our spamfilter to know about. I suggest you (at least) put your internal mail server(s) here. Simply append any other entries to the bottom of the list. If you made changes, Exit the file with [Esc] : wqIf you did not need to change anything, Exit the file with [Esc] : qIf you have a mess on your hands, Exit the file with [Esc] : q! and try again.
|
Since you are using an etch CD, our default language will be an UTF-8 locale.
We want our system wide language to be an ISO-8859-x (non UTF-8) locale. You can
set the language in /etc/environment (if it exists, otherwise it is set in
/etc/default/locale). This file is read when we log in. We need to use a non
UTF-8 locale so characters will appear as we expect them to and to avoid other
problems. It is best to run amavisd-new in a non-UTF8 locale environment.
The 'dpgk-reconfigure locales' program previously automatically updated
/etc/environment, but it no longer does when using the etch version so we are
going edit it manually (it now updates /etc/default/locale). Make sure you have
installed a corresponding ISO-8859-x locale for the UTF-8 locale we are going
to change:
cat /etc/environment
If the above returns "No such file or directory", then the setting is in /etc/default/locale and you can skip editing this file, otherwise please continue. vi /etc/environment
Change LANG from a UTF-8 setting:
LANG="en_US.UTF-8"
to a non UTF-8 setting: LANG="en_US"
Save and exit the file as before. Note: you can run the command 'locale' to see the current settings. It is best to reboot after changing the /etc/environment file. Changes are not recognized until you at least log out, then back in. |
/etc/init.d/hwclock.sh reload
If this process hangs and you get a time out error, it's possible you have a bios incompatibility with the hwclock software. This is most common on some Dell machines. If and only if you have a problem here, perform this next step:
sed -i 's/HWCLOCKPARS=/HWCLOCKPARS="--directisa"/' /etc/init.d/hwclock.sh
Continue on:
ntpdate clock.fmt.he.net
If and only if you upgraded from sarge and do not have the hwclock.sh script:
hwclock --systohc
|
reboot[Ctrl]+d works the same as 'logout' or 'exit' |
shutdown -h now
apt-get update to update the local database of available
packages followed by apt-get upgrade, to install the
latest version of any and all packages it found on our system. This is fine when we
are using the 'stable' version of Debian. If you install 'testing' and
'unstable' versions of some (or all) software, this could spell disaster if we allow
newer packages to be installed indiscriminately. This could make stuff stop
working. Fortunately there is something called "Apt-Pinning" that enables us to
prioritize the order of 'stable', 'testing', and 'unstable' software sources.
This file has to be created by us. The most succinct explanation of this can be found at
http://jaqque.sbih.org/kplug/apt-pinning.html. If you ever use "apt-get upgrade",
I strongly recommend using
apt-get -s upgrade to "simulate" the upgrade process
before you actually upgrade. Make a mental note of this: if you were to have 'testing'
software configured as your top priority, and you were to run 'apt-get upgrade', then
many of your programs will be installed from the 'testing' group of packages. Once this
happens, those packages will continue to update from the 'testing' branch even
if you change your top priority to 'stable'. This action cannot be undone gracefully.
Note that you can prevent any package you want from upgrading
by placing the package on hold.echo "packagename hold" | dpkg --set-selections to
place package 'packagename' on hold and
echo "packagename install" | dpkg --set-selections
to allow it to upgrade.
This next file is critical to the way our system functions. I suggest you read the notes
above before you continue. Note that since we installed etch (stable), the default priority
for etch is 500 (the default Pin Priority for the stable release).
vi /etc/apt/preferences
Enter this text in the file ("i" to insert) EXACTLY as shown. Yes, you can select the text with your mouse, hit [Ctrl]+c , and then right-click in the vi editor window.
Package: *
Exit the file with [Esc] : wq as usual.
|
apt-get -s install [package]
before you install any package. It lets you "simulate" what would happen. You
will find that apt-cache policy [package] is
also helpful. If you want a package that is an
'unstable' version (or any version that is not top priority), you would have to
specifically request the 'unstable' version or change the priority before you install
it (unless the only version is 'unstable' or your current version is 'unstable').
For example apt-get -t unstable install [package]
will install the package and also satisfy dependencies from 'unstable'.
If you use apt-get install [package]/unstable
then apt will try to meet any dependencies from stable.
If you use tools like
tasksel, you may have to temporarily change the priority prior to installing a
new set of packages. The most stable situation is to only upgrade to new
packages if a security flaw is found and make sure you have the ability to
completely restore the hard drive if upgrades don't go well. So I don't frighten you too
much, the Debian package maintainers are amazing, so apt-get usually works very well.
apt-cache to search the local database for
available packages. apt-cache search [search terms] will find packages that
sound like what you want and: apt-cache show [packagename] will return more details
on a particular package. apt-cache showpkg [packagename] will return more
details on a particular package. apt-cache policy [packagename] will return which
versions are available along with the priority of each version. apt-setup will enable you to change mirrors. The
alternative is to edit /etc/apt/sources.list manually (which I prefer). apt-get clean clears the local repository of all retrieved
package files. apt-get autoclean clears the local repository of retrieved
package files of programs that are no longer installed. dpkg -l [packagename] will list the version and a short
description of the package we have installed.
cp /etc/apt/sources.list /etc/apt/sources.backup
This creates a backup file. Then:
vi /etc/apt/sources.list
|
At this point, the contents of the file may look something like this:
# # deb cdrom:[Debian GNU/Linux 4.0 r0 _Etch_ - Official i386 ]/ etch contrib main deb cdrom:[Debian GNU/Linux 4.0 r0 _Etch_ - Official i386 ]/ etch contrib main deb http://mirrors.kernel.org/debian/ etch main deb-src http://mirrors.kernel.org/debian/ etch main deb http://security.debian.org/ etch/updates main contrib deb-src http://security.debian.org/ etch/updates main contrib We need to modify this file so the result will look something like this: (with only the http server unique to your particular system) deb http://mirrors.kernel.org/debian/ etch main contrib non-free deb-src http://mirrors.kernel.org/debian/ etch main deb http://security.debian.org/ etch/updates main contrib deb-src http://security.debian.org/ etch/updates main contrib deb http://mirrors.kernel.org/debian/ unstable main contrib non-free deb-src http://mirrors.kernel.org/debian/ unstable main deb http://mirrors.kernel.org/debian/ testing main contrib non-free deb-src http://mirrors.kernel.org/debian/ testing main deb http://volatile.debian.net/debian-volatile etch/volatile main Note what I have done here. Any lines that use the cdrom have been erased. ([up-arrow] to the top of the file and hold down the [Delete] key.) The 2 'unstable' lines and the 2 'testing' lines have been copied from the top 2 'etch' lines, and then modified slightly as indicated. The words "contrib non-free" have been added to 3 of the lines. An etch 'Volatile' source has been added. You are welcome to simply copy and paste what I have listed above. Save and exit the file. |
echo 'APT::Cache-Limit "25165824";' >> /etc/apt/apt.conf
|
gpg --keyserver subkeys.pgp.net --recv-key BBE55AB3
|
apt-get update
|
|
If you are using a multi-processor machine, then use a multi-processor kernel! To locate available smp kernels for etch, you could run: apt-cache search linux-image | grep smp | grep linux-image
If you are running a 2.6.18 (etch) kernel and have a dual core Intel system you could for example use the 'linux-image-2.6-686-smp' kernel. You would pick the kernel that most closely matches your system (and your current kernel). To install it, you would simply run: apt-get install linux-image-2.6-686-smp If you were to install a new kernel, please reboot afterwards.
|
Earlier I mentioned an errata dealing with tcp_window_scaling. You may want to consider
what may happen (large files fail to transfer between systems) when there
is a buggy router between you and someone else, and may wish to make this change to
the system (you decide):
echo "net.ipv4.tcp_wmem = 4096 65536 65536" >>/etc/sysctl.conf
I am going to assume this may slow down communications between systems under certain circumstances. Here is another setting I have not tried: http://en.wikipedia.org/wiki/TCP_window_scale_option. |
less. less is a great file
and directory viewer.
less.less:less /path/file
less:ls -l | less (current directory, or)
ls -l /path/directory | less
history | less
locate.
locate allows you to search a database of every file name on the system.
It's kind of like Windows Find. You first have to build the database with the
updatedb command, and then you can search through it.
locate and less
together:
updatedb
locate kmap | less
less
/usr/share/keymaps/i386/qwerty/
cd
cd and hit [return]. We just saved ourselves
having to type the entire path name just in order to change to that directory.
I like that.
cd to get back home.
iptables -F
|
iptables -L
|
vi /etc/network/interfaces
And insert the following text (remember, it's "i" to insert) in the blank line just below "iface lo inet loopback":
pre-up iptables-restore < /etc/firewall-rules
Save and exit the file as usual with [Esc] : wq From now on I will assume you know how to edit, save, and exit files using vi. If not stated, it will be implied that after editing a file, you need to save and exit it, or if necessary, discard changes and start over. |
If you have not done so, reboot again and runiptables -L to verify the firewall loaded during start up. |
iptables -F from the
console to clear out iptables. This will allow you another shot at it.
top
ps afx
ps afxl
ps -A
ls -F /etc/rc2.d
lsof -i | grep LISTEN
lsof -P | grep LISTEN
netstat -pn -l -A inet
netstat -pn -l inet
cd /usr/bin
wget http://www200.pair.com/mecham/debian/lsconfig
chmod +x /usr/bin/lsconfig
lsconfig
cp -r /etc/init.d /etc/init.d-original
|
/etc/init.d/lpd stop
|
update-inetd --disable time
|
lsof -i | grep LISTEN
The only daemon you should see is at this point is *:ssh If there are other programs shown, try rebooting and test again. |
update-inetd --enable ident
update-rc.d nfs-common defaults
/etc/init.d/nfs-common start
cp -i /etc/init.d-original/nfs-common /etc/init.d
update-rc.d nfs-common defaults
/etc/init.d/nfs-common start
Install the program:
apt-get install ntp
|
/etc/ntp.conf and
insert it per the example in the file. NTP is a flexible and complex system so I leave
it up to you to research it further if you care to.
If you care to choose your own servers from the list of Public NTP Secondary
(stratum 2) Time Servers at
http://support.ntp.org/bin/view/Servers/StratumTwoTimeServers we can use the little ntpdate
program to quickly test them prior to insertion in /etc/ntp.conf:
/etc/init.d/ntp stopntpdate clock.fmt.he.netntpdate ntp1.tummy.com/etc/init.d/ntp start
date
and to change the time zone it's tzconfig
vi /root/.profile
and just below the line "fi" insert this entry:
export EDITOR=/usr/bin/vim.basic
Save and exit the file, then logout of PuTTY ([Ctrl]+d), then connect back in. |
apt-get install arc arj autoconf automake1.7 bzip2 cabextract db4.4-util libarchive-tar-perl libarchive-zip-perl libauthen-sasl-perl libberkeleydb-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libdb4.4-dev libdbd-mysql-perl libdbi-perl libdigest-hmac-perl libdigest-sha1-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libio-multiplex-perl libio-socket-ssl-perl libio-string-perl unrar arj
|
apt-get install libio-stringy-perl libio-zlib-perl libldap2 libmail-spf-query-perl libmailtools-perl libmime-perl libnet-dns-perl libnet-ldap-perl libnet-ph-perl libnet-server-perl libnet-snpp-perl libnet-telnet-perl libsocket6-perl libtimedate-perl libtool libunix-syslog-perl liburi-perl libwww-perl lynx lzop make ncftp nomarch pax perl-doc rblcheck unzip zip zlib1g-dev pyzor razor libcompress-zlib-perl psmisc re2c curl
|
apt-get install lha
If this fails you are probably using the amd64 kernel, if (and only if) lha cannot be installed, you can try a Java based lha if you like (but you will also install a bunch of Java stuff): apt-get install jlha-utils
|
First, run a simulation:
apt-get -s upgrade
Then if everything is as you might expect:
apt-get upgrade
|
If the kernel is upgraded, once the upgrade process is complete, you must:
reboot
|
apt-cache policy postfix spamassassin
|
postfix:
Installed: (none)
Candidate: 2.3.8-2+b1
Version table:
2.4.6-1 0
400 http://mirrors.kernel.org unstable/main Packages
450 http://mirrors.kernel.org testing/main Packages
2.3.8-2+b1 0
500 http://mirrors.kernel.org etch/main Packages
spamassassin:
Installed: (none)
Candidate: 3.1.7-2
Version table:
3.2.3-1 0
400 http://mirrors.kernel.org unstable/main Packages
3.2.1-1 0
450 http://mirrors.kernel.org testing/main Packages
3.1.7-2 0
500 http://mirrors.kernel.org etch/main Packages
This tells us that the etch versions of Postfix and SpamAssassin
will be installed. If we wanted to install the testing version of a program (for example), we would
have to override the choices, e.g. apt-get
install [packagename]/testing, or if necessary
apt-get -t testing install [packagename]. Note
that another option is to momentarily make testing the highest priority in
/etc/apt/preferences, then override what will be installed, e.g.
apt-get install [packagename]/testing.
Read this.
Remember that it's a good idea to simulate an installation first (using the -s switch).
If you are interested in installing a newer (3.2.x) version of SpamAssassin, you could read my notes
from one of my other documents:
http://www200.pair.com/mecham/spam/virtualp2.html#spa.
There is a Debian version of amavisd-new available, but are NOT
going to install it. The configuration files
for newer Debian (testing/unstable) versions of amavisd-new are
not consistent with the typical way amavisd-new is configured. Instead of one
configuration file, the newer Debian versions split the configuration files into half
a dozen files in a couple different directories. We will instead install amavisd-new
from the original author. So with this in mind:
Read instructions above before you proceed.
apt-get install spamassassin
If you install 3.1.7 and want to prevent upgrades to 3.2.x (via etch volatile - which we configure later), you will need to place the package on hold:
echo "spamassassin hold" | dpkg --set-selections
|
apt-get install postfix postfix-pcre postfix-mysql postfix-ldap
|
|
Debconf will pop up a Postfix configuration screen. For [General type of configuration?] select: No configuration Don't worry, we will configure Postfix in a few minutes. |
If (and only if) you already have amavisd-new installed, you need to remove it
(this will not remove your configuration files which is a good thing). First make
sure amavisd-new is the only thing that will be removed by 'simulating' the removal:
apt-get -s remove amavisd-new
If it is, then remove it:
apt-get remove amavisd-new
If it is not, then you must make a note of any and all programs that will be removed, because you will have to reinstall them. Good luck with all that. ;)
|
There may be complaints that some things do not exist and other things
already exist. This should not be a problem.
adduser --group --system --home /var/lib/amavis --shell /bin/sh amavis
|
cd /usr/local/src
Change these next lines to match the (author's) version of Postfix you have (hint: dpkg -l postfix ):
wget http://ftp.debian.org/debian/pool/main/p/postfix/postfix_2.3.8.orig.tar.gz
|
ls -l
|
rm postfix_2*
|
| The second line below may need to be edited if your version of the Postfix
source code is different than mine. MAKE SURE you answer "n" to "overwrite?" Do each section separately.
cp -i /usr/share/postfix/main.cf.debian /etc/postfix/main.cf
cp -i /usr/local/src/postfix-2.3.8/conf/* /etc/postfix
cp -i /etc/postfix/header_checks /etc/postfix/body_checks
cp -i /etc/postfix/access /etc/postfix/sender_access
|
The master.cf we download here can be used with recent Postfix versions.
postfix stop
cd /etc/postfix
mv master.cf master.cf-original
wget http://www200.pair.com/mecham/debian-postfix-2.3-amavisd/master.cf
|
postfix stop
vi /etc/postfix/master.cf
|
| Add these lines near the bottom of master.cf. The "-o" is the lower case letter o, not zero. These settings are from http://www.ijs.si/software/amavisd/README.postfix. You can copy and paste this entire section once the cursor is in the correct position (see below) and you are in insert mode. Note: rather than using a right click of the mouse to paste into the editor, you can also use [Shift]+[Insert]: |
smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_milters=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
|
Add this just below the 'pickup' service type:
-o content_filter=
-o receive_override_options=no_header_body_checks
|
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
# -o receive_override_options=no_address_mappings
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_milters=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
|
/etc/postfix/main.cf the main
configuration file for Postfix. Following are suggested values to use in
main.cf. These have been tested for this configuration and will work fine, but
there are many judgment calls involved in this, and it is a good idea at some
point to learn more about Postfix configuration on your own. You could first
look at the sample Postfix main.cf file /usr/share/postfix/main.cf.dist
. There are comments describing some of the most common options.
Refer also to the Postfix documents on your machine in the
/usr/local/src/postfix-2.3.8/README_FILES directory, or
read the documentation on the Postfix web site
http://www.postfix.org/documentation.html. I also recommend
http://www.postfix-book.com/.
postmap
command to create binary files (Berkeley DB format) that Postfix will ultimately use to
retrieve the data. For example, if you have a file called "filename" and you "postmap filename",
a new file is created "filename.db". When we reference the file as data type "hash:", Postfix will
retrieve data from "filename.db", not "filename".
There are more than a dozen other types of data files that Postfix
can use to store data. Hash tables are an appropriate choice for
several tables we will use, and pcre (Perl Compatible Regular Expressions)
is appropriate for a couple tables we will use to hold content filtering data.
In its simplest form a hash table is comprised of 2 pieces of data,
a key and a value; typically referred to as the key/value pair. The key
and the value are separated with whitespace (typically a space or tab).
The data in a typical table that we use in Postfix would look something like:
postconf -e "alias_maps = hash:/etc/aliases"
|
newaliases now, and every time after you edit the aliases file. The
newaliases command is just like postmap except that it's
specific to the aliases file.
newaliases
|
postconf -e "myorigin = example.com"
|
postconf -e "myhostname = sfa.example.com"
|
Please read important notes above.
postconf -e "mynetworks = 127.0.0.0/8, 222.222.222.222/24, 10.10.10.10/24"
|
postconf -e "message_size_limit = 10485760"
|
postconf -e "local_transport = error:no local mail delivery"
|
postconf -e "mydestination = "
|
postconf -e "local_recipient_maps = "
|
Set up a reference to the virtual file:
postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"
Then edit the virtual file:
vi /etc/postfix/virtual
and add postmaster and admin in the format:
postmaster postmaster@example.com
Save and exit the file, then create the binary file that Postfix will use:
postmap /etc/postfix/virtual
|
| Read the notes above before you enter this: |