Debian optional configuration
Setup of the Apache web server
Apache is the most widely used web server, but it's configuration
is very cumbersome to understand. Incomplete or erroneous
configurations are pointed out in incomprehensible error
messages.
When you see this message
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
you may not have a problem with Apache. First check that you have
your /etc/hosts setup correctly. If your IP address is likely to
change, you need to put 127.0.0.1 as the first characters in the second
line of /etc/hosts.
Apache supports serving web sites from many different
domains with one single Apache installation.
When you have set up the server, it comes with a
default virtual host. I suggest you leave it's configuration
intact. Let us assume you have a server bar
in the domain foo.org.
root@
host:~#
cp /etc/apache2/sites-available/000-default /etc/apache2/sites-available/bar.foo.org␍
Edit this for something like
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName
bar.
foo.org
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/
bar_error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/
bar_access.log combined
</VirtualHost>
This file stays in sites-available. It only becomes a valid virtual
host when it is part of the sites-enabled directory. The easiest way
to do that is to set up a symbolic link.
root@
host:~#
a2ensite
site_file␍
Setup of email files
The file /etc/aliases is used by mailing
programs to set aliases to local, or even remote users.
On a freshly istalled host, it may look like
# /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
The minimum change you should do it to change whomever
mail to root should be changed to to your personal account.
Add a line
root:
your_personal_account
root:
your_personal_account
root:
me@othermail.com
or you can have the mail delivered to both
a local and a remote address. For example
root:
your_personal_account,
me@othermail.com
Note the use of the comma here.
The file /etc/mailname is used by mailing programs to set
the domain part of outgoing mail. This could be the same as the
domain name or the fully qualified damain name. Say you have bought
domain and want to have email of user "me" to come from
"me@domain" you set the contents of /etc/mailname to
domain
Make sure the file just contains the
domain name, and the newline
character.
Setup of the Exim mailer
Exim is the default mailer on a Debian machine. If it is not
there you can install it with
root@
host:~#
aptitude install exim4␍
Its configurations live in /etc/exim4
. Example
root@
host:/etc/exim4#
ls -l␍
total
number
drwxr-xr-x 9 root root
bytes
time conf.d
-rw-r--r-- 1 root root
bytes
time exim4.conf.template
-rw-r----- 1 root Debian-exim
bytes
time passwd.client
-rw-r--r-- 1 root root
bytes
time update-exim4.conf.conf
Configurating a mailer is generally very complicated. The Debian
version of exim’s configuration is no exeption. The basic
configuration is held in two ways. It is stored in the
conf.d
directory, where it lives in a large number of
small files. And it is stored in a single large file
exim4.conf.template
. You have to decide one way to
maintain it, and then you better stick to it. I use the big single file,
actually I think this is the default option. To change that
file, you need to be a bit of a wizard. For basic changes
to the mailer, there is a special file update-exim4.conf.conf
that you can edit. Here is a typical initial setup.
dc_eximconfig_configtype='local'
dc_other_hostnames='
some_domain'
dc_local_interfaces='127.0.0.1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
dc_eximconfig_configtype='internet'
-
If you set the value to
internet
, this means
you are ready to receive mail from other Internet hosts
for your local users. If the value is local
,
your mailer will not deliver mail from other hosts, it will
only deliver mail locally, i.e. between users of the same
computer.
dc_other_hostnames='
domain:
other_domain'
-
This variable set what domains your are accepting mail for. This
should be a list of domain names separate by
:
. Here
you enter all the domains you accept email for, separated by
:
.
dc_local_interfaces='0.0.0.0'
-
This variable set what domains ip addresses exim should
listen to for connections. In the default installation it listens
to the local ip address only. This can to be changed
to '0.0.0.0' if you want to take mail from the Internet.
In that case it means the IP addresses of all interfaces
should be listened to.
Other settings don’t need changing.
To make your changes work, you need to apply the settings. This
is done with two commands.
root@
host:/etc/exim4#
update-exim4.conf␍
root@
host:/etc/exim4#
/etc/init.d/exim4 restart␍
You will see something like
Stopping MTA for restart: exim4_listener.
Restarting MTA: exim4.
If you are accepting email from the Internet, you may also want to
make sure you have spam filtering configured.
Setup of spam configuration.
I am running my spam filtering using sa-exim. Basically, it’s a
separate package that makes exim4 work with spamassassin.
First, you have to make sure you have the package.
root@
host:~#
aptitude install sa-exim␍
This may, of course install some dependencies that you may not yet
have. The installation of sa-exim will not enable it. You have to do
some manual steps. This instruction set assumes that you keep the
exim configuration in one single file.
Edit the file /etc/exim4/exim4.conf.template. Between this
passage
#####################################################
### end main/03_exim4-config_tlsoptions
#####################################################
and this passage
#####################################################
### main/90_exim4-config_log_selector
#####################################################
insert the following
#####################################################
# This will enable sa-exim, but it won't actually scan and possibly reject
# messsages before you enable this in sa-exim.conf (see SAEximRunCond)
#
# For a starter, you'd probably want to read the documentation at:
# /usr/share/doc/sa-exim/README.Debian
# and
# /usr/share/doc/sa-exim/README.gz
#
local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so
#####################################################
Here is what is you can do to get an initial, reasonable
configuration of sa-exim, the software that bridges
exim and spamassassin.
root@
host:~#
GET http://dlib.info/home/krichel/courses/lis652/configs/sa-exim.conf > /etc/exim4/sa-exim.conf
However, please edit the end of the /etc/exim4/sa-exim.conf
file to change my personal details with yours.
In this configuration, a number of directorise are references
where spammassissined mail is saved into. It is useful to create
these directories and to assign proper permissions to them
root@
host:~#
mkdir /var/spool/sa-exim/SAtempreject␍
root@
host:~#
chown Debian-exim.Debian-exim /var/spool/sa-exim/SAtempreject␍
root@
host:~#
chmod 770 /var/spool/sa-exim/SAtempreject␍
root@
host:~#
mkdir /var/spool/sa-exim/SAteergrube␍
root@
host:~#
chown Debian-exim.Debian-exim /var/spool/sa-exim/SAteergrube␍
root@
host:~#
chmod 755 /var/spool/sa-exim/SAteergrube␍
root@
host:~#
mkdir /var/spool/sa-exim/SAdevnull␍
root@
host:~#
chown Debian-exim.Debian-exim /var/spool/sa-exim/SAdevnull␍
root@
host:~#
chmod 755 /var/spool/sa-exim/SAdevnull␍
root@
host:~#
mkdir /var/spool/sa-exim/SAerrorsave␍
root@
host:~#
chown Debian-exim.Debian-exim /var/spool/sa-exim/SAerrorsave␍
root@
host:~#
chmod 755 /var/spool/sa-exim/SAerrorsave␍
root@
host:~#
mkdir /var/spool/sa-exim/SAnotspam␍
root@
host:~#
chown Debian-exim.Debian-exim /var/spool/sa-exim/SAnotspam␍
root@
host:~#
chmod 755 /var/spool/sa-exim/SAnotspam␍
root@
host:~#
mkdir /var/spool/sa-exim/SApermreject␍
root@
host:~#
chown Debian-exim.Debian-exim /var/spool/sa-exim/SApermreject␍
root@
host:~#
chmod 770 /var/spool/sa-exim/SApermreject␍
For your convieninec you can use
the create_sa-exim_directories
script.
For security reasons, spamassissin is initially disabled. To enable it,
you need to edit the file /etc/default/spamassassin
.
There find a couple of lines
# Change to one to enable spamd
ENABLED=0
Change this to
# Change to one to enable spamd
ENABLED=1
If you want to configure spamassissin, edit the file
/etc/spamassassin/local.cf
You are now ready to update your mail programs
root@
host:/etc/exim4#
update-exim4.conf␍
root@
host:/etc/exim4#
/etc/init.d/exim4 restart␍
Stopping MTA for restart: exim4_listener.
Restarting MTA: exim4.
After that, start spamassassin
root@
host:/etc/exim4#
/etc/init.d/spamassassin restart␍
Starting SpamAssassin Mail Filter Daemon: spamd.
Now become yourself, where me is your user name
root@
host:/etc/exim4#
su
me␍
send a test mail
user@
host:~$
echo test | mutt -s 'a test mail' krichel@openlib.org␍
This presumes you have to mutt mail client installed, if you
have not, you sure know how to get it. To look at the log of
the mail, do, as root
root@
host:~#
tail /var/log/exim4/mainlog␍
Here we use a neat utility called tail to look at the end of a file.
user@
host:~$
man tail␍
will tell you more about it.
Useful scheduled jobs as root
Let us create a directory etc
, that will contain the
scheduled job table (aka crontab) of user root.
root@
host:~#
mkdir /root/etc␍
and then one for the data iself
root@
host:~#
mkdir /root/var␍
Now get a file /root/etc/crontab
from Thomas' handy collection
root@
host:~#
GET http://dlib.info/home/krichel/courses/lis652/configs/root_crontab > /root/etc/crontab␍
Make this the file the crontab for root
root@
host:~#
crontab /root/etc/crontab␍
You can then list it, for checking
root@
host:~#
crontab -l␍