User:Kangaby
From LinodeWiki
Ok, so you've just got that shiny new Linode and you've installed Debian Etch. So where do we go from here?
[edit] General Setup
Well lets start by setting up a few basics:
Use the Linode console to access your server via ssh.
[edit] Stop and disable sshd
I'm going to stop and disable the ssh service and only use the console for access. If you don't want to you can just ignore the following steps:
/etc/init.d/ssh stop touch /etc/ssh/sshd_not_to_be_run
[edit] Upgrade the base system
Now lets upgrade the existing system to the latest:
apt-get update apt-get dist-upgrade
[edit] Setup Static IP address to network interface
I've got two IP address and I want to make them both static. If you've only got one you can just ignore this bit, as the default install will use DHCP to setup your IP address automatically.
For this example I'm going to use IP addresses 10.10.10.10 and 10.10.10.11 you should use the two IP addresses assigned to you in place of these if you have them.
Edit /etc/network/interfaces
auto eth0 iface eth0 inet static address 10.10.10.10 netmask 255.255.255.0 broadcast 10.10.10.255 gateway 10.10.10.1 auto eth0:1 iface eth0:1 inet static address 10.10.10.11 netmask 255.255.255.0 broadcast 10.10.10.255
Then restart networking
/etc/init.d/networking restart
[edit] Set the timezone
Lets set the time zone to our home location:
ln -sf /usr/share/zoneinfo/Australia/NSW /etc/localtime
[edit] Set the hostname
Now set the hostname of the machine. We'll be calling it "server":
echo server > /etc/hostname hostname -F /etc/hostname
Then logout and log back in for the new hostname to take effect
[edit] Setup the servers host name resolution
Edit /etc/hosts
127.0.0.1 localhost.localdomain localhost 10.10.10.10 server.example.com server
[edit] Setup the Server Locale
aptitude install locales
[edit] User Accounts
Users no longer have system accounts on my server, however if you need to set them up, this is how.
[edit] Setup the skeleton directory structure
First lets setup the skeleton directory, so when we create new users the directories and files in the skeleton directory is copied into the new users home directory.
cd /etc/skel mkdir public_html mkdir public_html/fcgi-bin mkdir Maildir touch public_html/index.html touch public_html/robots.txt
[edit] Add User Accounts
Lets create accounts for a couple of the cows, to allow them to host their websites and collect mail.
adduser girlie adduser littleone
[edit] Setup the DNS
[edit] Install Bind 9
Lets install Bind 9, so we can run our own DNS server.
aptitude install bind9 dnsutils
[edit] Add the main domain to the zone
The domain example.com will be owned by the server, girlie will own example.net and littleone will own example.org
zone "example.com" {
type master;
file "/etc/bind/db.example.com";
allow-query { any; };
};
zone "example.net" {
type master;
file "/etc/bind/db.example.net";
allow-query { any; };
};
zone "example.org" {
type master;
file "/etc/bind/db.example.org";
allow-query { any; };
};
[edit] Setup the zone file for the server
In this example we will use 10.10.10.10 and 10.10.10.11 for our IP addresses, that way if someone copies this example into a real DNS server, we won't break things. Use the one that is assigned to your linode.
Edit /etc/bind/db.example.com
$TTL 86400
$ORIGIN example.com.
@ IN SOA ns1.example.com. dns.example.com (
2007123101
2H
15M
1W
1D )
IN NS ns1.example.com.
IN NS ns2.example.com.
IN A 10.10.10.10
IN MX 10 server.example.com.
server.example.com. IN TXT "v=spf1 a -all"
ns1 IN A 10.10.10.10
ns2 IN A 10.10.10.11
server IN A 10.10.10.10
www IN A 10.10.10.10
mail IN CNAME example.com.
ftp IN CNAME example.com.
example.com. IN TXT "v=spf1 a mx ~all"
[edit] Setup the zone file for any hosted domains
The zone file for hosted domains will all be similar in this case, with only the domain names changing. Girlie's zone file is below. Littleone's will be the same with example.org substituted for example.net
$TTL 86400
$ORIGIN example.net.
@ IN SOA ns1.example.com. dns.example.com (
2007123101
2H
15M
1W
1D )
IN NS ns1.example.com.
IN NS ns2.example.com.
IN A 10.10.10.10
IN MX 10 server.example.com.
www IN A 10.10.10.10
mail IN CNAME example.net.
ftp IN CNAME example.net.
[edit] Setup the options to Bind 9
First goto DNS Manager in the Linode Control Panel and add the domains from our DNS server as slaves (not Masters), placing our Linode IP address (10.10.10.10 for this example) in the Masters textbox and setting Domain Transfers to active.
Now in we need to allow transfers for the IP address of ns1.linode.com and ns2.linode.com (see below) from our server, so the Linode slave DNS server can be updated with changes we make to the zone files on our server.
Edit /etc/bind/named.conf.options
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
// Disable any queries for domains we don't own
allow-query { localhost; };
// Disable recursive queries except from internal/local sources
allow-recursion { localhost; };
// Allow zone transfers with Linode Slave DNS Servers (ns1 - ns5.linode.com)
allow-transfer {
69.93.127.10;
65.19.178.10;
75.127.96.10;
207.192.70.10;
109.74.194.10;
};
notify yes;
[edit] Start bind
/etc/init.d/bind9 start
[edit] Add bind to the nameserver list
To replace the Linode DNS settings to use our own DNS server we need to make the following changes Edit /etc/resolv.conf and replace everything with:
nameserver 127.0.0.1
Lastly we setup our domains at our domain registrar to query the Linode name servers, instead of our servers DNS server. This gives us all the benefits of running our own DNS server, while providing redundancy though the Linode DNS servers.
[edit] Setup Postfix Mail Server
Now what self respecting cow doesn't have an email address? So we are going to need an email server, and we are going to use postfix.
aptitude install postfix postfix-tls
Note: This will automatically remove Exim.
As part of the post-install script, Postfix will probably ask some questions:
- Type of site? Internet Site
- Where should mail for root go? girlie
- Mail name? server.example.com
- Other destinations to accept mail for? server.example.com, localhost.example.com, localhost
- Force synchronous updates on mail queue? No
You can see where some of your answers ended up in /etc/postfix/main.cf
myhostname = server.example.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = server.example.com, localhost.example.com, localhost relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all
[edit] Setup Postfix to use Virtual Mailboxes
External References: http://adminspotting.net/articles/messaging/building-a-messaging-server-part-two.html
[edit] Create Virtual Mailbox Owner
We are going to create an account which will be used by all virtual users to access email on the server. We will call this account vmail. First we create the group and then the user.
We will assign the user and group ID's to 5000 to keep them away from normal system accounts. Set the shell to /bin/false to prevent logins, and set the home directory to /var/mail/vmail. The home directory will be created for us with the -m option.
groupadd -g 5000 vmail useradd -m -u 5000 -g 5000 -s /bin/false -d /var/mail/vmail vmail
[edit] Setup Postfix to use Maildir
We want to use Maildir style mail, so we set that here.
Edit /etc/postfix/main.cf
# DELIVERY TO MAILBOX # # The home_mailbox parameter specifies the optional pathname of a # mailbox file relative to a user's home directory. The default # mailbox file is /var/spool/mail/user or /var/mail/user. Specify # "Maildir/" for qmail-style delivery (the / is required). # home_mailbox = Maildir/ # Virtual mail users virtual_mailbox_base = /var/mail/vmail virtual_mailbox_domains = /etc/postfix/virtual/vdomains.txt virtual_mailbox_maps = hash:/etc/postfix/virtual/vmailboxes.txt virtual_minimum_uid = 1000 virtual_uid_maps = hash:/etc/postfix/virtual/vuid.txt virtual_gid_maps = hash:/etc/postfix/virtual/vgid.txt virtual_alias_maps = hash:/etc/postfix/virtual/valias.txt
[edit] List the Virtual Mail Domains
Each file located in /etc/postfix/virtual/domains is used to indicate which virtual domains the system sends and receives mail for.
Create these files we use the touch command
touch example.net touch example.org
[edit] Add Users to the Virtual Mail Domains
Once we have created a file for a virtual mail domain, we edit this file to add a list of users that have mail accounts at this domain.
When user names are created, the domain name is include as part of the user name. This allows us to have a user called user1 at both example.net and example.org
Edit /etc/postfix/virtual/domains/example.net to add users to girlies domain
# Maildir mail addresses for example.net user1@example.net example.net/user1/Maildir/ user2@example.net example.net/user2/Maildir/ # Comment out the entry below to implement a catch-all. # @example.net girlie
The user name of the first user is user1@example.net This users mail will be located on the system in the directory example.net/user1/Maildir/ relative to virtual_mailbox_base defined in the virtual mail users setup. So the mail for this user is located in /var/mail/vmail/example.net/user1/Maildir/
Note: Don't neglect the trailing "/" or the file system layout for virtual accounts will not match the file system layout for local accounts. They must match if you intend to have mail for both virtual users and local system users
[edit] Associate the Virtual Mail Domains with a Local User
Each file located in /etc/postfix/virtual/uids is used to indicate which virtual domain are owned by this local user. Most local users will own only one domain, but this may not always be the case.
Edit /etc/postfix/virtual/uids/girlie
# Domains owned by local user girlie (uid/gid) 1000:1000 @example.net 5000
Where:
@example.net = all mail for example.net
5000 = the UserID/GroupID of the local user (vmail) who manages the virtual mail for the virtual mail domains
[edit] Add Aliases for the Virtual Mail Domains
Currently we don't have any aliases, but we will create the file anyway
Edit /etc/postfix/virtual/aliases/example.net
# Aliases for example.net
[edit] Setup Virtual Mail Building Shell Script
Now we put together a mail building script to tie all these virtual files together
Create /etc/postfix/build-mail.sh
#!/bin/sh # Create the list of domains ls /etc/postfix/virtual/domains > /etc/postfix/virtual/vdomains.txt # Create the virtual mailboxes cat /etc/postfix/virtual/domains/* > /etc/postfix/virtual/vmailboxes.txt postmap /etc/postfix/virtual/vmailboxes.txt # Create the virtual aliases cat /etc/postfix/virtual/aliases/* > /etc/postfix/virtual/valiases.txt postmap /etc/postfix/virtual/valiases.txt # Create the list of domain uids cat /etc/postfix/virtual/uids/* > /etc/postfix/virtual/vuid.txt postmap /etc/postfix/virtual/vuid.txt # Create the list of domain gids cat /etc/postfix/virtual/uids/* > /etc/postfix/virtual/vgid.txt postmap /etc/postfix/virtual/vgid.txt
Make sure user root can run the new script
chmod 700 /etc/postfix/build-mail.sh
Then run the script to build our virtual mail system
/etc/postfix/build-mail.sh
[edit] Setup Dovecot IMAP / POP Server
Now we have a mail server to accept mail for the cows, we need a way for the cows to get their mail from the mail server, and Dovecot is the answer.
I'm only going to install the pop3 server, if you want imap, just use dovecot-imapd instead.
aptitude install dovecot-pop3d
[edit] Initial Configuration
To configure dovecot edit the file: /etc/dovecot/dovecot.conf
# Protocols we want to be serving:
protocols = pop3
# Disable SSL/TLS support.
ssl_disable = yes
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and
# IPv6 ::1 addresses are considered secure, this setting has no effect if
# you connect from those addresses.
disable_plaintext_auth = no
##
## Logging
##
# Use this logfile instead of syslog(). /dev/stderr can be used if you want to
# use stderr for logging (ONLY /dev/stderr - otherwise it is closed).
log_path = /var/log/mail.log
# For informational messages, use this logfile instead of the default
#info_log_path =
# Prefix for each line written to log file. % codes are in strftime(3)
# format.
log_timestamp = "%b %d %H:%M:%S "
#log_timestamp = "%Y-%m-%d %H:%M:%S "
# Syslog facility to use if you're logging to syslog. Usually if you don't
# want to use "mail", you'll use local0..local7. Also other standard
# facilities are supported.
#syslog_facility = mail
mail_location = maildir:~/Maildir
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
auth default {
mechanisms = plain login
passdb passwd-file {
args = /etc/postfix/virtual/passwd
}
userdb static {
args = uid=5000 gid=5000 home=/var/mail/vmail/%d/%n/
}
}
[edit] Create the Dovecot Password File
To create passwords for the users of the virtual domains use the command:
dovecotpw -p MyPassword
Where: MyPassword is the password you want to use.
The returned value is the HMAC-MD5 hash of the word "MyPassword"
{HMAC-MD5}274629e1d5632d0154a3bbe40c993766e9db0e4111b73d125d16b5b50d61e869
To add virtual mail users to girlies domain (example.net), edit /etc/postfix/virtual/passwd
user1@example.net:{HMAC-MD5}274629e1d5632d0154a3bbe40c993766e9db0e4111b73d125d16b5b50d61e869
user2@example.net:{HMAC-MD5}274629e1d5632d0154a3bbe40c993766e9db0e4111b73d125d16b5b50d61e869
Note: Both user1 and user2 have the same password "MyPassword" in the file above. Don't do this in a real system
[edit] Setup SMTP Auth
Currently the mail server will only send mail from localhost, and as our virtual mail users will never have system accounts on the server, they can't send their mail. To allow the server to send mail for virtual users, and to prevent the server becoming an open relay, we are going to setup SMTP Auth.
SMTP Auth requires a SASL library to operate. Now, we have already installed dovecot, which contains a SASL library, and as Postfix supports Dovecot's SASL library, that's what we are going to use.
[edit] Modify the Postfix Configuration
First we need to go back to postfix and do the following:
- Configure it for SMTP Auth
- Add some basic SASL security
- Tell Postfix to use Dovecot's SASL library.
Edit /etc/postfix/main.cf
# Standard SMTP Auth Options
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
broken_sasl_auth_clients = yes
# Security Stuff
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
# Dovecot’s SASL library
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
#smtpd_tls_auth_only = yes
[edit] Modify the Dovecot Configuration
Next we need to go back to Dovecot and do the following:
- Enable the SMTP Auth library.
- Set the password access method and file to use for virtual users
- Set the password access method for system users (they want their mail to)
- Set the vmail user and location of Dovecot's mail queue
- Set the user to root
- Create a socket between Dovecot and Postfix
Edit /etc/dovecot/dovecot.conf
auth default {
mechanisms = plain login
passdb pam {
args = dovecot
}
# passwd-like file with specified location
passdb passwd-file {
args = /etc/postfix/virtual/passwd
}
# /etc/passwd or similar, using getpwnam()
userdb passwd {
}
# static settings generated from template
# http://wiki.dovecot.org/UserDatabase/Static
userdb static {
args = uid=5000 gid=5000 home=/var/mail/vmail/%d/%n/
}
user = root
# It's possible to export the authentication interface to other programs:
socket listen {
client listen {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
[edit] Setup SPAM Blocking
Setup some optional SPAM blocking for postfix
Edit /etc/postfix/main.cf
## ------------------------------------------------------------- ## # UCE measures # See: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt # http://www.freesoftwaremagazine.com/articles/focus_spam_postfiX # and Postfix docs for explanation of configuration options. ## ------------------------------------------------------------- ## # # Uncomment when testing! #soft_bounce = yes # Prevents addr harvesting disable_vrfy_command = yes # # Prefix a new rule with 'warn_if_reject' to prevent real rejects. # smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, check_helo_access hash:/etc/postfix/helo_access, # reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_recipient_restrictions = reject_non_fqdn_recipient, # reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, # check_sender_access # hash:/etc/postfix/sender_access, # check_recipient_access # hash:/etc/postfix/recipient_access, # check_helo_access # hash:/etc/postfix/secondary_mx_access, reject_rbl_client zen.spamhaus.org, # check_policy_service unix:private/policy # check_policy_service inet:127.0.0.1:10023 permit smtpd_data_restrictions = reject_unauth_pipelining, permit
[edit] Restart Postfix and Dovecot
Now we are all set, restart postfix and dovecot to test out your mail system.
/etc/init.d/postfix restart /etc/init.d/dovecot restart
[edit] Setup Web Server
The cows want to run a website, so were going to need a web server. We'll be installing Apache 2 on our server to do this job.
[edit] Install Apache 2
aptitude install apache2
Now as we want to run websites for two different users and for the server itself, we are going to need virtual hosting.
[edit] Set the virtual host directory settings
We are going to setup the servers website as a virtual hosted site, responding to only one of the servers IP addresses.
To do this we need to add the IP address to the ports configuration file.
Edit /etc/apache2/ports.conf
# Use name-based virtual hosting. NameVirtualHost 10.10.10.10:80
We also need to add the IP address to the servers default website configuration file.
Edit /etc/apache2/sites-available/default
# Default virtual host - replaces main server <VirtualHost 10.10.10.10:80>
Note: If you only have one IP address, or you want the webserver to respond to all your servers IP addresses, you won't t need to make the changes above.
[edit] Setup other virtual hosts pointing to the users home directory
Let's setup girlie's site first.
Edit /etc/apache2/sites-available/example.net
<VirtualHost 10.10.10.10:80> ServerName example.net ServerAlias www.example.net DocumentRoot "/home/girlie/public_html" ScriptAlias /cgi-bin/ /home/girlie/cgi-bin/ </VirtualHost>
Now let's setup littleone's site.
Edit /etc/apache2/sites-available/example.org
<VirtualHost 10.10.10.10:80> ServerName example.org ServerAlias www.example.org DocumentRoot "/home/littleone/public_html" ScriptAlias /cgi-bin/ /home/littleone/cgi-bin/ </VirtualHost>
Only the default site is enabled by default.
Let's enable girlie's site:
a2ensite example.net
Now let's enable littleone's site:
a2ensite example.org
[edit] Now lets setup some logging for the server itself and the virtual hosts
By default the server is setup for logging using the common log format, and logging is enabled on only the default virtual host. If you are only running one website and are not hosting any other users, your done. Because we are hosting several users and the server itself, we need to enable logging on all virtual hosts. Now rather than modify every virtual host we are going to specify the logging settings in the global server configuration. So we only have to do it once.
Edit /etc/apache2/apache2.conf and find the following section
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
Now copy and paste the following LogFormat line
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
and change it to
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
Where:
- %v - adds the virtual host name to the access log message
- combinedvhost - creates a new name for this format
Now to activate this new log format for all hosts (we still need to change the default host) add the following line below the new LogFormat line.
CustomLog /var/log/apache2/access.log combinedvhost
This tells Apache to log all access to the file /var/log/apache2/access.log using the log format described by the LogFormat string called combinedvhost
[edit] Change the default vhost to use the combinedvhost format
Edit /etc/apache2/sites-available/default and comment out the following lines
# ErrorLog /var/log/apache2/error.log
# LogLevel warn
# LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
# ServerSignature On
This will cause the default vhost to use the server wide logging configuration in apache.conf
When all this is done reload apache with
/etc/init.d/apache2 force-reload
[edit] Setup PHP
Girlie wants to run a CMS that requires PHP. So let's install PHP5 for her. If you want PHP4 just change the 5 to a 4 in the following examples.
There are two ways to install PHP:
- Installing PHP as an Apache module. This is quick and easy, the downside is that all PHP scripts will run as the webserver, in this case www-data.
- Installing PHP as a CGI. This is more complicated, especially for virtual domains, the upside is all PHP scripts will run as the user who owns them.
Side-Note: You need to think carefully here. I originally went the Apache Module route, and ran PHP that way for years. Then one day I installed Dokuwiki, which saves it's pages to a data directory in the users home directory, which Apache didn't have access to. PHP as a CGI was the answer, but the change-over process was a real pain (and I'm not going to document it here), so think about what it is you might want to run, and choose wisely
[edit] Installing PHP5 as an Apache Module
I'm also going to install the php5-mysql libraries at the same time to avoid doing it later.
aptitude install php5 php5-pear php5-mysql
Once PHP 5 is installed you probably won't need to make any changes, I didn't. But if you want to have look at the configuration file, it's located here: /etc/php5/apache2/php.ini
[edit] Installing PHP5 as a CGI
External References: http://jp-larocque.livejournal.com/49475.html
aptitude install php5-cgi php5-mysql
[edit] Install and setup MySQL
Lucky we installed those php5-mysql libraries earlier.
[edit] Install MySQL
aptitude install mysql-server
Now change the MySQL root password (Note, this is not the system root, just for MySQL)
/etc/init.d/mysql reset-password
Again, no changes to the configuration file were required, but it's located here: /etc/mysql/my.cnf
[edit] Setup user MySQL databases
What we want to do now is allocate one mysql database for Girlie and one for Littleone. To do this we need to login to mysql
mysql –u root –p
and create a database for girlie and grant privilege to girlie to access her database.
create database girlie; grant all on girlie.* to girlie identified by ‘girlies_mysql_password’;
now create a database for littleone and grant privilege to littleone to access his database.
create database littleone; grant all on littleone.* to littleone identified by ‘littleones_mysql_password’;
now that's done, we can exit mysql
quit
[edit] Restart Apache
Now we need to restart Apache to get everything working.
/etc/init.d/apache2 restart
[edit] Setup FTP Server
The cows are going to need an FTP server so they can copy stuff to their accounts. I'll be installing vsftp for this purpose.
[edit] Install vsftpd
aptitude install vsftpd
[edit] General configuration
Edit /etc/vsftpd.conf
anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022
There will be no anonymous FTP logins; Users with local accounts can login and upload files; All files created by local users will have permissions 755. (7-0, 7-2, 7-2)
[edit] Start the FTP Server
/etc/init.d/vsftpd start
[edit] Install WebMail
Now when the cows are at work, their firewall blocks access to their mail using their normal mail client, so we are going to need webmail to allow them to send and receive mail at work. To do this we are going to use SquirrelMail.
SquirrelMail needs an IMAP server, and since we have already installed Dovecot's POP3 server, and Dovecot also provides an IMAP server, this is what we will use.
aptitude install dovecot-imap squirrelmail
[edit] Add the IMAP Protocol to Dovecot's Configuration
Edit the file: /etc/dovecot/dovecot.conf
# Protocols we want to be serving: protocols = pop3 imap
Now Restart Dovecot for the changes to take effect
/etc/init.d/dovecot start
[edit] Configure SquirrelMail
squirrelmail-configure
Just select Q to quit the configure program and Y to save the initial configuration file. Modifications will come later if required.
[edit] Setup a Virtual Host for WebMail Accress
Now we want to access our webmail system from our main domain, not one of the virtual domains.
This is because we are running PHP as a CGI. Which means it will execute the Squirrelmail code as the user that owns the domain that calls the code, which is: www-data for example.com, girlie for example.net and littleone for example.org
Because the data directory, where the user preferences are stored, is owned by the user root and the group www-data, only example.com (owned by www-data) will be able to access and save preferences in this directory.
[edit] Enable SquirrelMail in Apache
We need to move the apache.conf file from the SquirrelMail config directory to the Apache conf.d directory. Don't sym-link it or it will be readable from the web.
mv /etc/squirrelmail/apache.conf /etc/apache2/conf.d/squirrelmail.conf
[edit] Configure the Apache Virtual Host
Edit /etc/apache2/conf.d/squirrelmail.conf and disable the alias to prevent access from the cows domains, and enable access from a virtual host on the servers domain
# Alias /squirrelmail /usr/share/squirrelmail # users will prefer a simple URL like http://webmail.example.com <VirtualHost 10.10.10.10:80> DocumentRoot /usr/share/squirrelmail ServerName webmail.example.com </VirtualHost>
Then reload apache
/etc/init.d/apache2 reload
[edit] Update the DNS
We now need to add our new virtual host to the DNS so we can access our webmail, now that the alias has been disabled.
Edit /etc/bind/db.example.com
webmail IN A 10.10.10.10
Then reload bind
/etc/init.d/bind9 reload
Once you have done this, you will probably need to wait a few hours for the DNS to propergate before you can access your webmail virtual host.
