Debian optional configuration

Setup of the Apache web server

Apache is the most widely used web server, but it's configuration is very cumbersome to understand. Incomplete or erroneous configurations are pointed out in incomprehensible error messages.
When you see this message
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
you may not have a problem with Apache. First check that you have your /etc/hosts setup correctly. If your IP address is likely to change, you will have 127.0.0.1 as the first characters in the second line of /etc/hosts
Apache supports serving web sites from many different domains with one single Apache installation.
When you have set up the server, it comes with a default virtual host. I suggest you leave it's configuration intact. Let us assume you have a server bar in the domain foo.org.

hostname:~# cp /etc/apache2/sites-available/000-default /etc/apache2/sites-available/bar.foo.org␍
Edit this for something like

  <VirtualHost *:80>
  ServerAdmin webmaster@localhost
  ServerName bar.foo.org
  DocumentRoot /var/www
  
  <Directory />
    Options FollowSymLinks
    AllowOverride None
  </Directory>
  
  <Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
  </Directory>
  
  ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
  <Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
  </Directory>
  
  ErrorLog /var/log/apache2/bar_error.log
  
  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel warn
  
  CustomLog /var/log/apache2/bar_access.log combined
</VirtualHost>
This file stays in sites-available. It only becomes a valid virtual host when it is part of the sites-enabled directory. The easiest way to do that is to set up a symbolic link.
hostname:~# ln -s /etc/apache2/sites-available/lilchris.openlib.org /etc/apache2/sites-enabled/␍

Setup of email files

The file /etc/aliases is used by mailing programs to set aliases to local, or even remote users. On a freshly istalled host, it may look like
# /etc/aliases

mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: admnin1
The minimum change you should do it to change whomever mail to root should be changed to to your personal account,
# /etc/aliases

mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: me
You can also set another email address
root: me@othermail.com
or you can have the mail delivered to both a local and a remote address. For example
root: meme@othermail.com
Note the use of the comma here.
The file /etc/mailname is used by mailing programs to set the domain part of outgoing mail. This could be the same as the domain name or the fully qualified damain name. Say you have bought lis651.org and want to have email of user "me" to come from "me@lis508.org" you set the contents of /etc/mailname to
lis508.org

Setup of the Exim mailer

Exim is the default mailer on a Debian machine. It's configurations live in /etc/exim4. Example
hostname:/etc/exim4# ls -l␍
total 112
drwxr-xr-x 9 root root         4096 2007-06-08 16:00 conf.d
-rw-r--r-- 1 root root        76029 2009-05-10 04:23 exim4.conf.template
-rw-r----- 1 root Debian-exim   204 2007-01-20 04:46 passwd.client
-rw-r--r-- 1 root root        17683 2008-06-25 13:14 sa-exim.conf
-rw-r--r-- 1 root root         1070 2009-07-21 07:23 update-exim4.conf
Configurating a mailer is generally very complicated. The Debian version of exim's configuration is no exeption. The basic configuration is held in two ways. It is stored in the conf.d directory, where it lives in a large number of small files. And it is stored in a single large file exim4.conf.template. You have to decide one way to maintain it, and then you better stick to it. I used big single file, actually I think this is the default option. To change that file, you need to be a bit of a wizard. For basic changes to the mailer, there is a special file update-exim4.conf.conf that you can edit. Here is the main part of version that is the default with serverpronto
dc_eximconfig_configtype='local'
dc_other_hostnames='sp.serverpronto.com.serverpronto.com'
dc_local_interfaces='127.0.0.1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
dc_eximconfig_configtype='internet'
If you set the value to internet, this means you are ready to receive mail from other Internet hosts for your local users. If the value is local, your mailer will not deliver mail from other hosts, it will only deliver mail locally, betw
dc_other_hostnames='lis508.org:friday.openlib.org'
This variable set what domains your are accepting mail for. This should be a list of domain names separate by :. Here I tell it to deliver mail locally for the domaint lis508.org and hostname.openlib.org.
dc_local_interfaces='0.0.0.0'
This variable set what domains ip addresses exim should listen to for connections. In the default installation it listens to the local ip address only. This can to be changed to '0.0.0.0' if you want to take mail from the Internet. In that case it means the IP addresses of all interfaces.
Other settings don't need changing.
To make your changes work, you need to apply the settings. This is done with two commands.
hostname:/etc/exim4# update-exim4.conf␍
hostname:/etc/exim4# /etc/init.d/exim4 restart␍
You will see something like
Stopping MTA for restart: exim4_listener.
Restarting MTA: exim4.
If you are accepting email from the Internet, you may also want to make sure you have spam filtering configured. Skip to the end of this section if you don't want to configure a spam filter. Edit the file /etc/exim4/exim4.conf.template. Between
#####################################################
### end main/03_exim4-config_tlsoptions
#####################################################
and this passage
#####################################################
### main/90_exim4-config_log_selector
#####################################################
insert the following
#####################################################
# This will enable sa-exim, but it won't actually scan and possibly reject
# messsages before you enable this in sa-exim.conf (see SAEximRunCond)
#
# For a starter, you'd probably want to read the documentation at:
#   /usr/share/doc/sa-exim/README.Debian
# and
#   /usr/share/doc/sa-exim/README.gz
#
local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so
#####################################################
Here is what is you can do to get an initial, reasonable configuration of sa-exim, the software that bridges exim and spamassassin.
hostname:~# GET http://dlib.info/home/krichel/courses/lis652/configs/sa-exim.conf > /etc/exim4/sa-exim.conf
However, please edit the end of the /etc/exim4/sa-exim.conf file to change my personal details with yours.
In this configuration, a number of directorise are references where spammassissined mail is saved into. It is useful to create these directories and to assign proper permissions to them
hostname:~# mkdir /var/spool/sa-exim/SAtempreject␍
hostname:~# chown Debian-exim.Debian-exim /var/spool/sa-exim/SAtempreject␍
hostname:~# chmod 770 /var/spool/sa-exim/SAtempreject␍
hostname:~# mkdir /var/spool/sa-exim/SAteergrube␍
hostname:~# chown Debian-exim.Debian-exim /var/spool/sa-exim/SAteergrube␍
hostname:~# chmod 755 /var/spool/sa-exim/SAteergrube␍
hostname:~# mkdir /var/spool/sa-exim/SAdevnull␍
hostname:~# chown Debian-exim.Debian-exim /var/spool/sa-exim/SAdevnull␍
hostname:~# chmod 755 /var/spool/sa-exim/SAdevnull␍
hostname:~# mkdir /var/spool/sa-exim/SAerrorsave␍
hostname:~# chown Debian-exim.Debian-exim /var/spool/sa-exim/SAerrorsave␍
hostname:~# chmod 755 /var/spool/sa-exim/SAerrorsave␍
hostname:~# mkdir /var/spool/sa-exim/SAnotspam␍
hostname:~# chown Debian-exim.Debian-exim /var/spool/sa-exim/SAnotspam␍
hostname:~# chmod 755 /var/spool/sa-exim/SAnotspam␍
hostname:~# mkdir /var/spool/sa-exim/SApermreject␍
hostname:~# chown Debian-exim.Debian-exim /var/spool/sa-exim/SApermreject␍
hostname:~# chmod 770 /var/spool/sa-exim/SApermreject␍
For your convieninec you can use the create_sa-exim_directories script.
For security reasons, spamassissin is initially disabled. To enable it, you need to edit the file /etc/default/spamassassin. There find a couple of lines
# Change to one to enable spamd
ENABLED=0
Change this to
# Change to one to enable spamd
ENABLED=1
If you want to configure spamassissin, eddt the file /etc/spamassassin/local.cf
You are now ready to update your mail programs
hostname:/etc/exim4# update-exim4.conf␍
hostname:/etc/exim4# /etc/init.d/exim4 restart␍
Stopping MTA for restart: exim4_listener.
Restarting MTA: exim4.
After that, start spamassassin
hostname:/etc/exim4# /etc/init.d/spamassassin restart␍
Starting SpamAssassin Mail Filter Daemon: spamd.
Now become yourself, where me is your user name
hostname:/etc/exim4# su me
send a test mail
me@hostname:~$ echo test | mutt -s 'a test mail' krichel@openlib.org␍

Useful scheduled jobs as root

Let us create a directory etc, that will contain the scheduled job table (aka crontab) of user root.
hostname:~# mkdir /root/etc␍
and then one for the data iself
hostname:~# mkdir /root/var␍
Now get a file /root/etc/crontab from Thomas' handy collection
hostname:~#  GET http://dlib.info/home/krichel/courses/lis652/configs/root_crontab > /root/etc/crontab␍
Make this the file the crontab for root
hostname:~# crontab /root/etc/crontab␍
You can then list it, for checking
hostname:~# crontab -l␍

Valid XHTML 1.0!