Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
linux:grundkonfiguration [2007-07-29 11:05] stefan |
linux:grundkonfiguration [2014-04-05 11:42] (aktuell) |
||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
- | ====== Postfix mit MySQL-Unterstützung ====== | + | ====== Grundkonfiguration des Systems ====== |
- | * Pakete installieren (MySQL und Postfix) | + | ===== Verschiedenes ===== |
- | * <code bash>apt-get install mysql-client-5.0 mysql-server-5.0 | + | * Alle Pakete updaten |
- | apt-get install postfix postfix-mysql postfix-tls sasl2-bin libsasl2 libsasl2-modules courier-maildrop courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl</code> | + | * <code bash>apt-get update |
- | * Benutzer und Gruppe ''vmail'' anlegen (UID/GID 1500) | + | apt-get -u -o APT::Force-LoopBreak=true upgrade</code> |
- | * Home-Verzeichnis erstellen: <code bash>mkdir /home/vmail | + | * ''~/bin'' anlegen für eigene Scripts |
- | chown vmail.vmail /home/vmail | + | * Nützliche Pakete |
- | chmod 0700 /home/vmail</code> | + | * <code bash>apt-get install bzip2 unzip less patch traceroute ssh vim locate dnsutils host telnet lynx wget make</code> |
- | * Zertifikate etc. von alter Installation kopieren oder neu erstellen | + | * Zeiten für automatische Scripts in ''/etc/crontab'' anpassen |
- | * smtpd.cert, smtpd.key, /etc/courier/* | + | |
- | * Zugriffsrechte für ''maildrop'' setzen | + | |
- | * <code bash>chmod u+s /usr/bin/maildrop | + | |
- | touch /var/log/maildrop.log | + | |
- | chown vmail /var/log/maildrop.log</code> | + | |
- | ===== Konfigurationsdateien ===== | + | ===== Tipps ===== |
- | ==== main.cf ==== | + | * If you just typed in a really long, complicated command and managed to mess it up, you can use fc (fix command) to load said command in your default editor. |
- | <code>myorigin = /etc/mailname | + | * Ctrl + A – jump to the beginning of the line |
- | myhostname = v2429.v-server.info | + | * Ctrl + E – jump to the end of the line |
- | mydestination = localhost.localdomain, v2429.v-server.info, localhost.v-server.info, localhost | + | * Ctrl + U – clear the line |
- | mynetworks = 127.0.0.0/8,85.119.152.89/32 | + | * Ctrl + L – clear the screen |
- | virtual_alias_domains = | + | * Ctrl + W – delete last word |
- | virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf | + | * Ctrl + K – delete to the end of the line |
- | mysql:/etc/postfix/mysql-virtual_email2email.cf | + | * Alt + T – swap current word with previous (also Esc, T) |
- | virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf | + | * Alt + F – jump one word forward (also Esc, F) |
- | virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf | + | * Alt + B – jump one word backward (also Esc, B) |
- | virtual_mailbox_base = /home/vmail | + | * Alt + U – uppercase till the end of line (also Esc, U) |
- | virtual_uid_maps = static:1500 | + | * Alt + u – lowercase till the end of line (also Esc, u) |
- | virtual_gid_maps = static:1500 | + | * Alt +. – insert last argument (also Esc, .) |
+ | * Ctrl + R – reverse incremental history search | ||
+ | * Ctrl + X, Ctrl + E – open default text editor to edit a command | ||
- | alias_maps = hash:/etc/aliases | + | ===== ~/.bashrc ===== |
- | alias_database = hash:/etc/aliases | + | <code bash>export PS1='\u:\w\$ ' # Prompt anpassen |
- | relayhost = | + | export PATH=${PATH}:~/bin # eigene Scripts in den PATH |
- | mailbox_command = procmail -a "$EXTENSION" | + | |
- | mailbox_size_limit = 0 | + | |
- | message_size_limit = 20480000 | + | |
- | recipient_delimiter = + | + | |
- | inet_interfaces = all | + | |
- | inet_protocols = ipv4 | + | |
- | smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) | + | umask 022 |
- | biff = no | + | |
- | # appending .domain is the MUA's job. | + | export LS_OPTIONS='--color=auto' # 'ls' Ausgabe farbig machen |
- | append_dot_mydomain = no | + | eval "`dircolors`" |
+ | alias ls='ls $LS_OPTIONS' | ||
+ | alias ll='ls $LS_OPTIONS -l' | ||
+ | alias l='ls $LS_OPTIONS -lA' | ||
- | # TLS parameters | + | alias vi='vim' # immer vim nutzen |
- | smtpd_use_tls = yes | + | alias cdsrc='cd /usr/local/src' |
- | smtpd_tls_cert_file = /etc/postfix/smtpd.cert | + | |
- | smtpd_tls_key_file = /etc/postfix/smtpd.key | + | |
- | smtpd_enforce_tls = no | + | |
- | smtpd_tls_auth_only = yes | + | |
- | smtpd_tls_session_cache_database= btree:${queue_directory}/smtpd_scache | + | |
- | smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache | + | |
+ | bash -c "echo -ne '\033]0;`hostname`\007'" # send hostname to PuTTY | ||
- | # restrictions | + | # save all the histories |
- | smtpd_helo_required = yes | + | export HISTFILESIZE = 1000000 |
- | disable_vrfy_command = yes | + | export HISTSIZE = 1000000 |
- | smtpd_etrn_restrictions = reject | + | |
- | show_user_unknown_table_name = no | + | |
- | default_rbl_reply = $rbl_code RBLTRAP: Your server is listed on a blacklist... | + | # don't put duplicate lines or empty spaces in the history |
+ | export HISTCONTROL=ignoreboth | ||
+ | # combine multiline commands in history | ||
+ | shopt -s cmdhist | ||
+ | # merge session histories | ||
+ | shopt -s histappend | ||
- | smtpd_client_restrictions = | + | # enable colors |
+ | eval "`dircolors -b`" | ||
+ | # force ls to always use color and type indicators | ||
+ | alias ls ='ls -hF --color=auto' | ||
+ | # make the dir command work kinda like in windows (long format) | ||
+ | alias dir ='ls --color=auto --format =long' | ||
+ | # make grep highlight results using color | ||
+ | export GREP_OPTIONS ='--color=auto' | ||
+ | # colorful man pages | ||
+ | export LESS_TERMCAP_mb=$'\E[01;31m' | ||
+ | export LESS_TERMCAP_md=$'\E[01;31m' | ||
+ | export LESS_TERMCAP_me=$'\E[0m' | ||
+ | export LESS_TERMCAP_se=$'\E[0m' | ||
+ | # end the info box | ||
+ | export LESS_TERMCAP_so=$'\E[01;42;30m' | ||
+ | # begin the info box | ||
+ | export LESS_TERMCAP_ue=$'\E[0m' | ||
+ | export LESS_TERMCAP_us =$'\E[01;32m' | ||
- | smtpd_helo_restrictions = reject_invalid_hostname, | + | # use colordiff instead of diff if available |
- | #reject_non_fqdn_hostname | + | command -v colordiff >/dev/null 2 >&1 && alias diff="colordiff -u" |
- | #reject_unknown_hostname | + | # use htop instead of top if installed |
+ | command -v htop >/dev/null 2 >&1 && alias top=htop | ||
+ | </code> | ||
- | smtpd_sender_restrictions = reject_non_fqdn_sender, | + | ===== Vim ===== |
- | # reject_rbl_client relays.ordb.org, | + | ==== ~/.vimrc ==== |
- | # reject_unknown_sender_domain | + | <code>set wrap |
+ | set tabstop=4 | ||
+ | set shiftwidth=4 | ||
+ | set expandtab | ||
+ | set autoindent | ||
+ | set wildchar=<Tab> | ||
+ | set nonumber | ||
+ | set foldmethod=marker | ||
+ | set hidden | ||
+ | set wmh=0 | ||
+ | filetype on</code> | ||
- | smtpd_recipient_restrictions = permit_mynetworks, | + | ==== /etc/vim/vimrc ==== |
- | permit_sasl_authenticated, | + | <code>" This line should not be removed as it ensures that various options are |
- | reject_unauth_destination, | + | " properly set to work with the Vim-related packages available in Debian. |
- | reject_non_fqdn_recipient, | + | runtime! debian.vim |
- | reject_unknown_recipient_domain | + | |
- | smtpd_data_restrictions = reject_unauth_pipelining | + | syntax on |
- | # SASL | + | set autoindent " always set autoindenting on |
- | smtpd_sasl_auth_enable = yes | + | set textwidth=0 " Don't wrap words by default |
- | smtpd_sasl_security_options = noanonymous | + | set nobackup " Don't keep a backup file |
- | smtpd_sasl_local_domain = | + | set viminfo='20,\"50 " read/write a .viminfo file, don't store more than 50 lines of registers |
- | smtp_sasl_auth_enable = no | + | set history=50 " keep 50 lines of command line history |
- | broken_sasl_auth_clients = yes | + | set ruler " show the cursor position all the time |
+ | set nopaste | ||
+ | set pastetoggle=<F2> | ||
- | maildrop_destination_recipient_limit = 1 | + | " Suffixes that get lower priority when doing tab completion for filenames. |
- | virtual_transport = maildrop</code> | + | " These are files we are not likely to want to edit or read. |
+ | set suffixes=.bak,~,.swp,.o,.info,.aux,.log,.dvi,.bbl,.blg,.brf,.cb,.ind,.idx,.ilg,.inx,.out,.toc | ||
- | ==== master.cf ==== | + | " If using a dark background within the editing area and syntax highlighting |
- | <code>maildrop unix - n n - - pipe | + | " turn on this option as well |
- | flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${user}@${nexthop} | + | set background=dark |
- | ${sender} ${recipient} ${extension} ${user} ${nexthop}</code> | + | |
- | ==== sasl/smtpd.conf ==== | + | " Uncomment the following to have Vim jump to the last position when |
- | <code>pwcheck_method: auxprop | + | " reopening a file |
- | auxprop_plugin: sql | + | if has("autocmd") |
- | mech_list: plain login cram-md5 digest-md5 | + | au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") |
- | sql_engine: mysql | + | \| exe "normal g'\"" | endif |
- | sql_hostnames: 127.0.0.1 | + | endif |
- | sql_user: mail | + | |
- | sql_passwd: password | + | |
- | sql_database: mail | + | |
- | sql_select: select password from users where email='%u@%r'</code> | + | |
- | ==== mysql-virtual_domains.cf ==== | + | " Uncomment the following to have Vim load indentation rules according to the |
- | <code>user = mail | + | " detected filetype. Per default Debian Vim only load filetype specific |
- | password = password | + | " plugins. |
- | dbname = mail | + | if has("autocmd") |
- | table = domains | + | filetype plugin on |
- | select_field = 'virtual' | + | filetype indent on |
- | where_field = domain | + | endif |
- | hosts = unix:/var/run/mysqld/mysqld.sock</code> | + | |
- | ==== mysql-virtual_email2email.cf ==== | + | " The following are commented out as they cause vim to behave a lot |
- | <code>user = mail | + | " differently from regular Vi. They are highly recommended though. |
- | password = password | + | set showcmd " Show (partial) command in status line. |
- | dbname = mail | + | set showmatch " Show matching brackets. |
- | table = users | + | set ignorecase " Do case insensitive matching |
- | select_field = email | + | "set smartcase " Do smart case matching |
- | where_field = email | + | set incsearch " Incremental search |
- | hosts = unix:/var/run/mysqld/mysqld.sock</code> | + | set autowrite " Automatically save before commands like :next and :make |
+ | "set hidden " Hide buffers when they are abandoned | ||
+ | "set mouse=a " Enable mouse usage (all modes) in terminals | ||
+ | set hlsearch | ||
+ | " Konfiguration für Syntax Highlighting => HTML | ||
+ | let use_xhtml = 1 | ||
+ | let html_number_lines = 1 | ||
+ | let html_use_css = 1</code> | ||
- | ==== mysql-virtual_forwardings.cf ==== | + | ===== logrotate ===== |
- | <code>user = mail | + | Meine Logfiles werden mit //logrotate// wöchentlich gesichert und zwar in das Verzeichnis eines hierfür angelegten FTP-Benutzers. So kann ich die Logs regelmäßig auf meinem Heim-PC sichern. |
- | password = password | + | Eine Konfigurationsdatei für logrotate für die Systemmeldungen sieht z.B. so aus: |
- | dbname = mail | + | <code ini> |
- | table = forwardings | + | /var/log/syslog |
- | select_field = destination | + | /var/log/messages { |
- | where_field = source | + | olddir /home/ftp/backup/logs/syslog |
- | hosts = unix:/var/run/mysqld/mysqld.sock</code> | + | weekly |
- | + | missingok | |
- | + | rotate 52 | |
- | ==== mysql-virtual_mailboxes.cf ==== | + | compress |
- | <code>user = mail | + | delaycompress |
- | password = password | + | notifempty |
- | dbname = mail | + | create 700 ftpuser ftpusers |
- | table = users | + | sharedscripts |
- | select_field = CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') | + | |
- | where_field = email | + | |
- | hosts = unix:/var/run/mysqld/mysqld.sock</code> | + | |
- | + | ||
- | ==== mnt_postfix.sh ==== | + | |
- | <code bash>#!/bin/bash | + | |
- | mount --bind /var/run/saslauthd/ /var/spool/postfix/var/run/saslauthd/ | + | |
- | mount --bind /var/run/mysqld/ /var/spool/postfix/var/run/mysqld/</code> | + | |
- | + | ||
- | + | ||
- | ==== /etc/maildroprc ==== | + | |
- | <code>DEFAULT="$HOME/Maildir/" | + | |
- | + | ||
- | logfile "/var/log/maildrop.log" | + | |
- | + | ||
- | SENDER="$1" | + | |
- | RECIPIENT="$2" | + | |
- | EXTENSION="$3" | + | |
- | USER=tolower("$4") | + | |
- | DOMAIN=tolower("$5") | + | |
- | INBOXDIR="$HOME/$DOMAIN/$USER" | + | |
- | + | ||
- | `test -d $INBOXDIR/` | + | |
- | if ($RETURNCODE != 0) | + | |
- | { | + | |
- | `mkdir -p $INBOXDIR` | + | |
- | `rmdir $INBOXDIR` | + | |
- | `/usr/bin/maildirmake $INBOXDIR` | + | |
} | } | ||
- | + | </code> | |
- | to "$INBOXDIR/"</code> | + | |
- | + | ||
- | ==== /etc/courier/authdaemonrc ==== | + | |
- | <code>authmodulelist="authmysql" | + | |
- | authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe" | + | |
- | daemons=5 | + | |
- | authdaemonvar=/var/run/courier/authdaemon | + | |
- | DEBUG_LOGIN=0 | + | |
- | DEFAULTOPTIONS="" | + | |
- | LOGGEROPTS=""</code> | + | |
- | + | ||
- | ==== /etc/courier/authmodulelist ==== | + | |
- | <code>authdaemon</code> | + | |
- | + | ||
- | ==== /etc/courier/authmysqlrc ==== | + | |
- | <code>MYSQL_SERVER localhost | + | |
- | MYSQL_USERNAME mail | + | |
- | MYSQL_PASSWORD password | + | |
- | MYSQL_SOCKET /var/run/mysqld/mysqld.sock | + | |
- | MYSQL_OPT 0 | + | |
- | MYSQL_DATABASE mail | + | |
- | MYSQL_USER_TABLE users | + | |
- | MYSQL_CLEAR_PWFIELD password | + | |
- | MYSQL_UID_FIELD 1500 | + | |
- | MYSQL_GID_FIELD 1500 | + | |
- | MYSQL_LOGIN_FIELD email | + | |
- | MYSQL_HOME_FIELD "/home/vmail" | + | |
- | MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')</code> | + | |
- | + | ||
- | + | ||
- | ==== /etc/courier/maildropmysql.config ==== | + | |
- | <code>hostname localhost | + | |
- | socket /var/run/mysqld/mysqld.sock | + | |
- | database mail | + | |
- | dbuser mail | + | |
- | dbpw password | + | |
- | dbtable users | + | |
- | default_uidnumber 1500 | + | |
- | default_gidnumber 1500 | + | |
- | uid_field email | + | |
- | uidnumber_field uid | + | |
- | gidnumber_field gid | + | |
- | maildir_field maildir | + | |
- | homedirectory_field homedir | + | |
- | quota_field quota | + | |
- | mailstatus_field postfix | + | |
- | where_clause AND postfix = 'Y' | + | |
- | logfile /var/log/maildrop.log</code> | + | |
- | + | ||
- | ===== Datenbanktabellen ===== | + | |
- | <code sql>CREATE TABLE `domains` ( | + | |
- | `domain` varchar(50) NOT NULL, | + | |
- | PRIMARY KEY (`domain`) | + | |
- | ) ENGINE=MyISAM DEFAULT CHARSET=utf8; | + | |
- | + | ||
- | DROP TABLE IF EXISTS `forwardings`; | + | |
- | CREATE TABLE `forwardings` ( | + | |
- | `source` varchar(80) NOT NULL, | + | |
- | `destination` text NOT NULL, | + | |
- | PRIMARY KEY (`source`) | + | |
- | ) ENGINE=MyISAM DEFAULT CHARSET=utf8; | + | |
- | + | ||
- | CREATE TABLE `users` ( | + | |
- | `email` varchar(80) NOT NULL, | + | |
- | `password` varchar(20) NOT NULL, | + | |
- | PRIMARY KEY (`email`) | + | |
- | ) ENGINE=MyISAM DEFAULT CHARSET=utf8; | + | |
- | + | ||
- | GRANT all privileges on mail.* TO mail@localhost IDENTIFIED BY 'password'; | + | |
- | GRANT all privileges on mail.* TO mail@127.0.0.1 IDENTIFIED BY 'password';</code> | + |