1) PureFTPd oraz Quota
Zainstaluj paczki:
1 |
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
|
Wybieramy wersję Standalone. Edytujemy konfigurację /etc/default/pure-ftpd-common upewniamy się czy ma konfigurację:
1 2 |
STANDALONE_OR_INETD=standalone VIRTUALCHROOT=true |
Jeżeli chcesz aby połączenie były szyfrowane FTP and TLS sessie, wykonaj polecenie:
1 |
echo 1 > /etc/pure-ftpd/conf/TLS
|
Stwórz certyfikat:
1 2 |
mkdir -p /etc/ssl/private/ openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem |
A nastepnie odpowiedz na pytania:
Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, YOUR name) []:Email Address []:
A dalej:
1 2 |
chmod 600 /etc/ssl/private/pure-ftpd.pem /etc/init.d/pure-ftpd-mysql restart |
Teraz konfiguracji Quota, edytuj plik /etc/fstab
Zdarzyły się trwałe błędy na montowaniu tablicy. Dam znać w aktualizacji.
2) BIND DNS Server
1 |
apt-get install bind9 dnsutils
|
3) Opcjonalnie pełne statystyki: Vlogger, Webalizer, And AWstats
1 |
apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl
|
Plik /etc/cron.d/awstats zmień i wykomentuj linie:
1 2 3 4 5 6 |
#MAILTO=root #*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh # Generate static reports: #10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh |
4) Zainstaluj Jailkit oraz fail2ban
1 2 3 4 5 6 7 8 9 |
apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold cd /tmp wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz tar xvfz jailkit-2.15.tar.gz cd jailkit-2.15 ./debian/rules binary cd .. dpkg -i jailkit_2.15-1_*.deb rm -rf jailkit-2.15* |
Teraz pora na:
1 |
apt-get install fail2ban
|
Stwórz plik /etc/fail2ban/jail.local i uzuepłnij go:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
[pureftpd] enabled = true port = ftp filter = pureftpd logpath = /var/log/syslog maxretry = 3 [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] logpath = /var/log/mail.log maxretry = 5 [sasl] enabled = true port = smtp filter = sasl logpath = /var/log/mail.log maxretry = 3 |
następnie stwórz filtr w pliku: /etc/fail2ban/filter.d/pureftpd.conf
1 2 3 |
[Definition] failregex = .*pure-ftpd: (.*@) [WARNING] Authentication failed for user.* ignoreregex = |
oraz /etc/fail2ban/filter.d/dovecot-pop3imap.conf
1 2 3 |
[Definition] failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login (auth failed|Aborted login (tried to use disabled|Disconnected (auth failed|Aborted login (d+ authentication attempts).*rip=(?PS*),.* ignoreregex = |
Zostaje restart usługi:
1 |
/etc/init.d/fail2ban restart
|
5) Instalacja SquirrelMail
1 2 |
apt-get install squirrelmail squirrelmail-configure |
Otworzy nam się konfigurator i opowiadamy następująco:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color on S Save data Q Quit Command >> <-- D |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
SquirrelMail Configuration : Read: config.php --------------------------------------------------------- While we have been building SquirrelMail, we have discovered some preferences that work better with some servers that don't work so well with others. If you select your IMAP server, this option will set some pre-defined settings for that server. Please note that you will still need to go through and make sure everything is correct. This does not change everything. There are only a few settings that this will change. Please select your IMAP server: bincimap = Binc IMAP server courier = Courier IMAP server cyrus = Cyrus IMAP server dovecot = Dovecot Secure IMAP server exchange = Microsoft Exchange IMAP server hmailserver = hMailServer macosx = Mac OS X Mailserver mercury32 = Mercury/32 uw = University of Washington's IMAP server gmail = IMAP access to Google mail (Gmail) accounts quit = Do not change anything Command >> <-- dovecot |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color on S Save data Q Quit Command >> <-- S |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color on S Save data Q Quit Command >> <-- Q |
Teraz stwórzmy Vhost do obsługi skrzynki:
1 2 3 |
cd /etc/apache2/conf.d/ ln -s ../../squirrelmail/apache.conf squirrelmail.conf /etc/init.d/apache2 reload |
Nastepnie edytujemy: /etc/apache2/conf.d/squirrelmail.conf między umieszczamy (dodajemy linie):
1 2 3 4 5 6 7 |
AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_admin_flag allow_url_fopen Off php_value include_path . php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname |
Końcowy efekt:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
Alias /squirrelmail /usr/share/squirrelmail Options FollowSymLinks AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_admin_flag allow_url_fopen Off php_value include_path . php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname php_flag register_globals off DirectoryIndex index.php # access to configtest is limited by default to prevent information leak order deny,allow deny from all allow from 127.0.0.1 |
Końcowo utwórz folder z uprawnieniami:
1 2 |
mkdir /var/lib/squirrelmail/tmp chown www-data /var/lib/squirrelmail/tmp |
I restarujemy Apache. Od tej pory mamy dostęp do poczty:
http://192.168.0.100/squirrelmail
http://www.example.com/squirrelmail
Aby zmienić Aliasy wystarczy edytować plik: /etc/apache2/conf.d/squirrelmail.conf