FreeBSD Install notes

FreeBSD Install notes

Postby stephen » Fri Mar 14, 2008 6:11 am

Download disk1 ISO image of the FreeBSD version 1.0

Burn it on a cD

Boot new server from the CD and follow prompts.

After Install
If server does not boot FreeBSD from Hard Disk, check the BIOS settings to ensure that the server is looking t boot from the disk you just installed the OS on.

This web site has help with getting started with FreeBSD Basics
http://www.freebsdmadeeasy.com/tutorials/freebsd/freebsd-basics.php

login as root
edit /etc/inetd.conf
and uncomment the services you want to start
eg ssh , lukemftpd


vi /etc/resolv.conf
and set the correct name server

restart inetd
/etc/rc.d/inetd restart

In order to login using ssh remotely you need to login with a non root login then su to root. But you can only su to root if you are a member of the wheel group.


in /etc/rc.conf
contains
hostname
the initial ip addresses for networking
sshd enable
frp enaable
etc



ftp connection refused

http://www.bsdforums.org/forums/archive/index.php/t-26029.html
what you need to do is first start the daemon (as a daemon), then verify that it is running, then verify that it is listening then test.
1. /usr/libexec/ftpd -D (this will start ftpd as a daemon)
2. ps aux (verify that it is running)
3. netstat -an (verify that it is listening on the port specified as "ftp" in /etc/services)
4. try connection to the ftp on the port and interface it's listening on.

you should replace the default *BSD ftpd with more secure and more configurable ftp servers. Try vsftpd or pure-ftpd.

To install the vsftpd system from the PORTS system
cd /usr/ports/ftp/vsftpd
make
for options select RC_NG and vsftpd_ssl

make install

vi /usr/local/etc/vsftpd.conf
write_enable=YES
anonymous_enable=NO
local_enable=YES
listen=YES
background=YES

make clean

add vsftpd_enable="YES" to /etc/rc.conf
vi /etc/rc.conf
#
vsftpd_enable="YES"


Install Apache
using ports system
cd /usr/ports/www/apache22
make

make install

vi /etc/rc.conf
apache22_enable="YES"

vi /usr/local/etc/apache22/httpd.conf
ServerName NAHIS1:80

vi /etc/hosts
192.168.150.20 NAHIS1
192.168.150.20 NAHIS1.

/usr/local/etc/rc.d/apache22 start

/usr/ports/lang/php5
make install
tick Build Apache Module

vi /usr/local/etc/apache22/httpd.conf
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

Install Postgresql
cd /usr/ports/databases/postgresql84-server
make install

vi /etc/rc.conf
postgresql_enable="YES"
postgresql_data="/usr/local/pgsql/data"
postgresql_flags="-w -s -m fast"
postgresql_initdb_flags="--encoding=utf-8 --lc-collate=C"
postgresql_class="default"

Create a user for postgresql use.
root# adduser postgres

Create the database directories and create the intiial database
root# mkdir /usr/local/pgsql/data
root# chown postgres /usr/local/pgsql/data
root# su postgres
postgres$ initdb -D /usr/local/pgsql/data

Change postgresql_user to postgress in startup script
vi /usr/local/etc/rc.d/postgresql
postgresql_user=postgres

Start postgresql
/usr/local/etc/rc.d/postgresql start


Install postgis
cd /usr/ports/databases/postgis
make install
tick GEOS Include GEOS - the OpenGIS 'Simple Features for SQL'

vi /usr/share/examples/cvsup/ports-supfile
*default host=cvsup.au.FreeBSD.org
uncomment ports-base
uncomment ports-graphics
comment ports-all

cd /usr/ports/net/cvsup
make install

Install mapserver
cd /usr/ports/graphics/mapserver/

Problem mapserver requires apache 1.3 and we have installed apache 2.2
pkg_delete php5-5.2.11
pkg_delete apache-2.2.13
pkg_add -r mapserver
cd /usr/ports/graphics/mapserver/
make clean
make install

needed updated version of proj
cd /usr/ports/graphics/proj
make deinstall
make reinstall

needed updated version of curl
cd /usr/ports/ftp/curl
make deinstall
make reinstall

shared library curl.6 does not exist
ln -s /usr/local/lib/libcurl.so.5 /usr/local/lib/libcurl.so.6

mapswf.c:3469: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘GetCurrentMovie’
stop in /usr/ports/graphics/mapserver

Change the Apache Version from 13 to 22
vi Makefile
USE_APACHE= 22


Install portupgrade
# cd /usr/ports/ports-mgmt/portupgrade
# make install clean

Scan the list of installed ports with the pkgdb -F command and fix all the inconsistencies it reports. It is a good idea to do this regularly, before every upgrade.

When you run portupgrade -a, portupgrade will begin to upgrade all the outdated ports installed on your system. Use the -i flag if you want to be asked for confirmation of every individual upgrade.

# portupgrade -ai

To Synchronise two servers use csync2
cd /usr/ports/net/csync2
make install



A tutorial on installing Apache
http://www.freebsdmadeeasy.com/tutorials/web-server/configure-apache-web-server-on-freebsd.php
Download the apache22.tar.gz port
extract file
Code: Select all
tar -xvf apache22.tar.gz
cd apache22
make


then
Code: Select all
make install


default web sites are stored under
Code: Select all
/usr/local/www/apache22/data


httpd.conf stored under
Code: Select all
/usr/local/etc/apache22/httpd.conf


FreeBSD apache http server
how to restart apache
Code: Select all
/usr/local/sbin/apachectl restart

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-apache.html

This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/apache22
/usr/local/etc/rc.d/htcacheclean


Install PHP5
http://www.freebsdmadeeasy.com/tutorials/web-server/install-php-5-for-web-hosting.php

For a detailed description of using the ports system

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html

For a installation guide on
Deploying a FreeBSD 6.2 Server
http://www.openaddict.com/node/33

guide to installing ASSP and ClamAV
http://www.asspsmtp.org/wiki/Configuration
ASSP Basic Workflow and reference
http://apps.sourceforge.net/mediawiki/assp/index.php?title=ASSP_Basic_Workflow

To install ASSP (Anti-Spam SMTP Proxy)
Code: Select all
cd /usr/ports/mail/assp
make install


To install perl modules
Code: Select all
perl -MCPAN -e shell
install IO::Socket::SSL
install Email::Send
install Email::MIME::Modifier
install Mail::SPF
install  Net::CIDR::Lite 
install  Net::IP::Match::Regexp
install Net::SenderBase
install Net::LDAP
install Net::DNS
install Email::Valid
install Mail::SPF::Query
install Compress::Zlib
install Digest::MD5
install Digest::SHA1
install File::ReadBackwards
install Time::HiRes
install Sys::Syslog
install Net::Syslog
install Tie::RDBM
install Net::IP::Match::Regexp
install Net::CIDR::Lite
install Net::SenderBase
install LWP::Simple
install Email::MIME::Modifier 
install Net::SMTP
install Mail::SRS
q


the assp is installed in these folders
programs in here
/usr/local/lib/assp
ie. assp.pl, rebuildspamdb.pl etc
also assp.cfg is located here

and the database in this folder
/var/db/assp/
the database has the spam, nospam, logs folders


thanks to http://dsumsky.blogspot.com/2008/02/monitoring-assp-with-monit.html
create a scrip to start and stop assp in

/usr/local/etc/rc.d/assp
I have modified the script so that it will accept assp_start commands from /etc/rc.conf so

Code: Select all

#!/bin/sh -e
PATH=/bin:/usr/bin:/sbin:/usr/sbin

. /etc/rc.subr

name="assp"
rcvar=${name}_enable

load_rc_config $name

: ${assp_enable="NO"}


case "$1" in

start|start_assp)

if [ -f /var/run/assp.pid ]
then
  echo "The Anti-Spam SMTP Proxy is already started"
else
echo "Starting the Anti-Spam SMTP Proxy"
cd /usr/local/lib/assp
perl assp.pl
ps ax | grep "perl assp.pl" | grep -v grep | awk '{ print $1 }' > /var/run/assp.pid
fi
;;

stop|stop_assp)
echo "Stopping the Anti-Spam SMTP Proxy"
kill -9 `ps ax | grep "perl assp.pl" | grep -v grep | awk '{ print $1 }'`
rm -f /var/run/assp.pid
;;

restart|assp_restart)
$0 stop || true
$0 start
;;

*)
echo "Usage: /usr/local/etc/rc.d/assp {start|stop|restart}"
exit 1
;;

esac
exit 0


You can start the assp server
(replace 123.123.123.46 with your external ip address of the server)
Code: Select all
/usr/local/etc/rc.d/assp start

To configure the assp server
vi /usr/local/lib/assp/assp.cfg
or
browse to the web admin page
http://123.123.123.46:55555

Change the assp Network Setup
SMTP Listen Port to the external ip address:25
Code: Select all
listenPort:=123.123.123.46:25


Change the SMTP Destination to the localhost:25
Code: Select all
smtpDestination:=127.0.0.1:25


You may have to modify rebuildspamdb.pl to change the location to find assp.cfg
eg at line 282
Code: Select all
        # the last one is the one used if all else fails
        foreach (
            '.',         '/usr/local/assp', '/home/assp',
            '/etc/assp', '/usr/assp',       '/applications/assp',
           '/usr/local/lib/assp',
            '/assp',     '.'
          )
        {
            $base = $_;
            last if -e "$base/assp.cfg";
        }


This site has some good explanations of the process
Sendmail+TLS+SMTP-AUTH - A Quick & Dirty howto
http://www.hungryhacker.com/articles/misc/sendmail_howto.html


Notes on FeeBSD as a Secure Mail Server
http://www.puresimplicity.net/~hemi/freebsd/sendmail.html
I have pasted the details below:-
Sendmail setup

1. Install security/cyrus-sasl2-saslauthd from the FreeBSD ports system. Installing security/cyrus-sasl2-saslauthd will also build and install security/cyrus-sasl2 as a dependancy.

cd /usr/ports/security/cyrus-sasl2-saslauthd

make install
2. Saslauthd can be started by /usr/local/etc/rc.d/saslauthd.sh now if you want.
Note. I found this command started Saslauthd /usr/local/etc/rc.d/saslauthd start
yo test isSaslauthd is working
# testsaslauthd -u yourusername -p yourpassword
0: OK "Success."



Starting saslauthd manually will be necessary if you're going to rebuild sendmail outside of a buildworld and not reboot afterwards. Be certain to add the line

saslauthd_enable="YES"
to /etc/rc.conf because the rc script that starts saslauthd checks the value of this variable to determine whether or not saslauthd should be started.
3. Change sendmail build options in /etc/make.conf. FreeBSD's SENDMAIL_* variables in /etc/make.conf are functionally equivalent to creating a site.config.m4 file in the sendmail/devtools/Site directory in a "virgin" sendmail source tree. We need to use the build options to enable cyrus-sasl2 support along with enabling the sendmail server to run on the smtps port (465) as well as on the regular smtp port (25). The lines in /etc/make.conf should look like this:

# SASL (cyrus-sasl v2) sendmail build flags...
SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
# Adding to enable alternate port (smtps) for sendmail...
SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL

4. Rebuild sendmail. You can do this the next time you rebuild the world or you can rebuild sendmail independently. To rebuild sendmail and associated programs separate from the rest of the FreeBSD world you need to do the following:

cd /usr/src/usr.sbin/sendmail

make clean

make depend

make

make install
5. Obtain and install an SSL certificate. You can generate an OpenSSL certificate yourself:
(Note! I am using /etc/ssl/certs )
mkdir /etc/mail/certs

cd /etc/mail/certs

openssl dsaparam 1024 -out dsa1024.pem

openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout mykey.pem

rm dsa1024.pem

chmod -R 600 /etc/mail/certs/*
6. Make sure sendmail is using saslauthd for authentication vi . /usr/local/lib/sasl2/Sendmail.conf controls which password authentication mechanism sasl uses against the local system password database when sendmail requests authentication against a user's password. /usr/local/lib/sasl2/Sendmail.conf needs to be changed to use saslauthd, so the line in the file should look like this:

pwcheck_method: saslauthd
7. Edit sendmail's mc file.
Note: located in /etc/mail

The mc file should be the machine's fully-qualified domain name with .mc after it. If it's not, do a "make all" to generate an mc file with this name. Make changes to that file, not the original freebsd.mc. We need to allow auth types of PLAIN and LOGIN, specify PLAIN and LOGIN auth types as trusted auth mechanisms to allow relaying from hosts that use those auth methods, point sendmail at our SSL certificate and tell sendmail to listen on the smtps port:

define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

Note that only mail clients that support raw TLS connections will be able to play nice with the smtps port cause of the "M=s" in the smtps port line in the mc file. If you want a "regular" smtp port listening at the smtps port just remove the M=s part.
8. Rebuild cf files. From /etc/mail:

make all install restart
9. Try it out! Point your mailer at the mail server, configure the mailer appropriately to use SSL/TLS and auth and give it a shot. If things don't work it's time to start checking your work. If everything looks right bump the LogLevel to 25 in sendmail.cf and watch /var/log/maillog to see where the problem is.


/usr/ports/mail/sendmail-sasl
make install

This port has installed the following binaries which execute with
increased privileges.
/usr/local/sbin/sendmail

This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/sendmail

This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/sm-client.sh.sample
/usr/local/etc/rc.d/sendmail.sh.sample


sendmail configuration file is in
/usr/share/sendmail/cf/cf
cd to above directory
cp generic-linux.mc to sendmail.mc
make install-cf


the README states
Configuration files are contained in the subdirectory "cf", with a
suffix ".mc". They must be run through "m4" to produce a ".cf" file.
You must pre-load "cf.m4":

m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf

Alternatively, you can simply:

cd ${CFDIR}/cf
./Build config.cf

Using dovecot as the pop3 and imap server
see this site for an example install
http://www.freebsddiary.org/dovecot.php
for info on creating a non password key see:
http://www.freebsddiary.org/bacula-tls.php
$ openssl rsa -in lists.example.org.key -out lists.example.org.nopassword.key
Enter pass phrase for lists.example.org.key:
writing RSA key

to change the dovecot config
Code: Select all
vi /usr/local/etc/dovecot.conf



to start dovecot
Code: Select all
/usr/local/etc/rc.d/dovecot start


to create a server certificate using cacert.org
On your server run
# openssl genrsa -des3 -out imaps.example.org.key 1024
at Enter pass phrase for imaps.example.org.key:
next
# openssl req -new -key imaps.example.org.key -out imaps.example.org.csr -config /etc/ssl/openssl.cnf
at Enter pass phrase for imaps.example.org.key:

http://www.cacert.org
login
click on domains and add your domain into the list of domains you manage.
click Server certificates
click New
paste in your CSR(Certificate Signing Request) in the text area on the form
now copy the generated certificate
and create a new file on the server imaps.example.org.cert
and paste the resulting certificate from CACert into imaps.example.org.cert.

create a nopassword version of file
openssl rsa -in imaps.example.org.key -out imaps.example.org.nopassword.key

copy the imaps.example.org.cert and imaps.example.org.nopassword.key files to the

Edit the dovecot configuration file
vi /usr/local/etc/dovecot.conf
modify the protocols line
protocols = imaps
modify the ssl_cert_file and ssl_key_file
tssl_cert_file = /etc/ssl/certs/imaps.example.org.cert
ssl_key_file = /etc/ssl/private/imaps.example.org.nopassword.key

Installing mysql
here is a tutorial site for installing mysql
http://www.freebsdmadeeasy.com/tutorials/web-server/install-mysql-server-on-freebsd.php
Code: Select all
cd /usr/ports/databases/mysql50-server
make install

This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/libexec/mysqld

This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/mysql-server


Install phpMyadmin

phpMyAdmin-2.11.5 has been installed into:

/usr/local/www/phpMyAdmin

Please edit config.inc.php to suit your needs.

To make phpMyAdmin available through your web site, I suggest
that you add something like the following to httpd.conf:

Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"

<Directory "/usr/local/www/phpMyAdmin/">
Options none
AllowOverride Limit

Order Deny,Allow
Deny from all
Allow from 127.0.0.1 .example.com
</Directory>



To transfer mysql file from one server to another

Dump Database from old server
mysqldump -u username -ppassword databasename >databasename.sql

to import
mysql -p -h localhost databasename <databasename.sql

http://forums.mysql.com/read.php?35,75794,162797#msg-162797
Re: ERROR 1153: Got a packet bigger than 'max_allowed_packet' bytes
Posted by: Dan Tasse ()
Date: July 17, 2007 02:01PM

I had the same problem, with an 8gb .sql file. I didn't have any luck with --max_allowed_packet; it seems like it didn't do anything. I just opened two terminals, connected to mysql on one, set the following:
set global max_allowed_packet=1000000000;
set global net_buffer_length=1000000;



http://www.devshed.com/c/a/MySQL/Backing-up-and-restoring-your-MySQL-Database/

adodb
You can add the ADOdb path (default: /usr/local/share/adodb)
to the "include_path=" directive in your php.ini

subversion
/usr/local/share/subversion

cvs to subversion
conversion tool is cvs2svn
turtoisesvn as a windows client

to create a svn repository
svnadmin create /mnt/svn_repos


To Create a partition on the second disk drive
http://www.freebsd.org/doc/en/books/handbook/disks-adding.html
18.3.1 Using sysinstall(8)

1.

Navigating Sysinstall

You may use sysinstall to partition and label a new disk using its easy to use menus. Either login as user root or use the su command. Run sysinstall and enter the Configure menu. Within the FreeBSD Configuration Menu, scroll down and select the Fdisk option.
2.

fdisk Partition Editor

Once inside fdisk, typing A will use the entire disk for FreeBSD. When asked if you want to “remain cooperative with any future possible operating systemsâ€
stephen
 
Posts: 507
Joined: Thu Feb 09, 2006 9:37 am
Location: Brisbane

PostgresQL Config Notes

Postby stephen » Fri Jun 06, 2008 7:13 am

PostgresQL Config Notes

See this Documentation page for 17.4. Managing Kernel Resources
http://www.postgresql.org/docs/8.3/static/kernel-resources.html

FreeBSD

The default settings are only suitable for small installations (for example, default SHMMAX is 32 MB). Changes can be made via the sysctl or loader interfaces. The following parameters can be set using sysctl:

$ sysctl -w kern.ipc.shmall=32768
$ sysctl -w kern.ipc.shmmax=134217728
$ sysctl -w kern.ipc.semmap=256

To have these settings persist over reboots, modify /etc/sysctl.conf.

The remaining semaphore settings are read-only as far as sysctl is concerned, but can be changed before boot using the loader prompt:

(loader) set kern.ipc.semmni=256
(loader) set kern.ipc.semmns=512
(loader) set kern.ipc.semmnu=256

Similarly these can be saved between reboots in /boot/loader.conf.

You might also want to configure your kernel to lock shared memory into RAM and prevent it from being paged out to swap. This can be accomplished using the sysctl setting kern.ipc.shm_use_phys.


# The maximum size of shared memory is determined by the option SHMMAXPGS (in pages)

# The parameter SEMMNI determines the limit on the number of semaphore sets that can exist on the system at one time. Hence this parameter must be at least ceil((max_connections + autovacuum_max_workers) / 16)
Various other settings related to "semaphore undo", such as SEMMNU and SEMUME, are not of concern for PostgreSQL.

modify /etc/sysctl.conf
Code: Select all
# Added for PostgreSQL increased connections
kern.ipc.shmmax=67108864
kern.ipc.shmall=16384
kern.ipc.shmmin=16
kern.ipc.semmap=128

Modify /boot/loader.conf
Code: Select all
accf_httpd_load="YES"
kern.ipc.semmni=256
kern.ipc.semmns=512
kern.ipc.semmnu=256


Modify kernel file and rebuild kernel
Code: Select all
cpu             I686_CPU
ident           AUSVET_CUSTOM

Code: Select all
#B added for PostgreSQL

options         SHMMAXPGS=65536
options         SEMMNI=40
options         SEMMNS=240
options         SEMUME=40
options         SEMMNU=120
stephen
 
Posts: 507
Joined: Thu Feb 09, 2006 9:37 am
Location: Brisbane

Install stunnel

Postby stephen » Tue Jan 27, 2009 11:30 am

To install stunnel
Code: Select all
cd /usr/ports/security/stunnel
make install

Options for stunnel 4.26

tick the PTHREAD use the pthread(3) threading model (default)

After the install you will see this message
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/bin/stunnel

This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/stunnel

If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.

For more information, and contact details about the security
status of this software, see the following webpage:
http://stunnel.mirt.net/


Taken from /usr/local/etc/rc.d/stunnel
#
# Add some of the following variables to /etc/rc.conf to configure stunnel:
# stunnel_enable (bool): Set to "NO" by default.
# Set it to "YES" to enable stunnel.
# stunnel_config (str): Default "/usr/local/etc/stunnel/stunnel.conf"
# Set it to the full path to the config file
# that stunnel will use during the automated
# start-up.
# stunnel_pidfile (str): Default "/usr/local/var/stunnel/stunnel.pid"
# Set it to the value of 'pid' in
# the stunnel.conf file.
#

Modify /etc/rc.conf and add these lines
Code: Select all
stunnel_enable="YES"
stunnel_config="/usr/local/etc/stunnel/stunnel.conf"
stunnel_pidfile="/usr/local/var/stunnel/stunnel.pid"


Modify
copy /usr/local/etc/stunnel/stunnel.conf-sample
to /usr/local/etc/stunnel/stunnel.conf

Code: Select all
cert = /etc/postfix/ssl/smtpd.crt
key = /etc/postfix/ssl/smtpd.key
debug = local4.5
output = /var/log/stunnel.log

[imaps]
accept = 993
connect = 143

[IMAP4-SSL]
accept = 585
connect = 143

[pop3s]
accept = 995
connect = 10.10.10.183:110

[smtps]
accept = 465
connect = 10.10.10.183:25

stephen
 
Posts: 507
Joined: Thu Feb 09, 2006 9:37 am
Location: Brisbane

sample /etc/rc.conf file

Postby stephen » Tue Jan 27, 2009 12:36 pm

sample /etc/rc.conf
Code: Select all
# Created: Mon Mar 10 18:49:54 2008
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="123.123.123.99"
hostname="server.myserver.com.au"
ifconfig_bge0="inet 123.123.123.46  netmask 255.255.255.0"
inetd_enable="NO"
keymap="us.iso"
linux_enable="YES"
sshd_enable="YES"
vsftpd_enable="YES"
vsftpd_flags="/usr/local/etc/vsftpd.conf"
# -- sjk apache22 # Fri Mar 14
apache22_enable="YES"
apache22_profiles=""
apache22limits_enable="NO"
apache22_flags=""
#B apache22limits_args="-e -C daemon"
#B apache22_http_accept_enable="NO"
# -- sjk use SASL2 for smtp authentication
sslauthd_enable="YES"
dovecot_enable="YES"
# -- sjk assp
assp_enable="YES"
assp_args="/var/b/assp"
assp_logexpire="45"
# -- sysinstall generated deltas -- # Fri Mar 14 04:18:17 2008
check_quotas="YES"
named_enable="YES"
clamav_clamd_enable="YES"
clamav_clamd_flags=""
clamav_clamd_socket="/var/run/clamav/clamd"
clamav_freshclam_enable="YES"
clamav_freshclam_flags="-d -c 8"
mysql_enable="YES"
# -- sysinstall generated deltas -- # Sat Apr 19 18:57:07 2008
gateway_enable="NO"
ntpdate_flags="au.pool.ntp.org"
ntpdate_enable="YES"
ntpd_enable="YES"
# -- BM added
smartd_enable="YES"
postgresql_enable="YES"
postgresql_data="/var/db/pgsql/data"
postgresql_flags="-w -s -m fast"
postgresql_initdb_flags="--encoding=utf-8 --lc-collate=C"
postgresql_class="default"
postgresql2_enable="YES"
postgresql2_data="/usr/home/ben/pgsql/data"
postgresql2_flags="-w -s -m fast"
postgresql2_initdb_flags="--encoding=utf-8 --lc-collate=C"
postgresql2_class="default"

# -- sjk added
Saslauthd_enable="YES"
stunnel_enable="YES"
stunnel_config="/usr/local/etc/stunnel/stunnel.conf"
stunnel_pidfile="/usr/local/var/stunnel/stunnel.pid"

stephen
 
Posts: 507
Joined: Thu Feb 09, 2006 9:37 am
Location: Brisbane

sendmail make install notes

Postby stephen » Tue Jan 27, 2009 10:40 pm

cd /usr/ports/mail/sendmail-sasl
make install
make submit.cf

Have you read /usr/local/share/doc/cyrus-sasl2/Sendmail.README

message from install of sendmail-sasl from ports
---------------------------------------------------
If you update your configuration from 8.11.x you need to install an
additional config file: /etc/mail/submit.cf, you can generate it
by calling the target 'submit.cf', submit.mc will be installed too.
/usr/ports/mail/sendmail$ make submit.cf

you should add in /etc/make.conf:
SENDMAIL_CF_DIR= /usr/local/share/sendmail/cf

To activate only the delivery from the local submission queue see:
/usr/local/etc/rc.d/sm-client.sh.sample
and if you use FreeBSD-RELEASE < 4.6 set your flags in /etc/rc.conf:
sendmail_flags="-L sm-msp-queue -Ac -q1m"

To activate all sendmail processes see:
/usr/local/etc/rc.d/sendmail.sh.sample

To deliver all local mail to your mailhub, edit the last line of submit.mc:
FEATURE(`msp','[mailhub.do.main]`)dnl

To update your configuration look at /usr/local/share/sendmail/cf/README.
---------------------------------------------------
To use the ports versions you may add to your sendmail.mc file:

define(`confEBINDIR', `/usr/local/libexec')dnl
define(`UUCP_MAILER_PATH', `/usr/local/bin/uux')dnl

---------------------------------------------------
To activate sendmail as your default mailer, call the target 'mailer.conf':
$ cd /usr/ports/mail/sendmail && make mailer.conf

Your '/etc/mail/mailer.conf' should look like this:
#
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
#
sendmail /usr/local/sbin/sendmail
send-mail /usr/local/sbin/sendmail
mailq /usr/local/sbin/sendmail
newaliases /usr/local/sbin/sendmail
hoststat /usr/local/sbin/sendmail
purgestat /usr/local/sbin/sendmail

You may also need to update /etc/rc.conf.
---------------------------------------------------
===> Compressing manual pages for sendmail+tls+sasl2-8.14.3
===> Registering installation for sendmail+tls+sasl2-8.14.3
===> SECURITY REPORT:
This port has installed the following binaries which execute with
increased privileges.
/usr/local/sbin/sendmail

This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/sendmail

This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/sm-client.sh.sample
/usr/local/etc/rc.d/sendmail.sh.sample

If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.

For more information, and contact details about the security
status of this software, see the following webpage:
http://www.sendmail.org/
AusVet:root /usr/ports/mail/sendmail-sasl #

stephen
 
Posts: 507
Joined: Thu Feb 09, 2006 9:37 am
Location: Brisbane

add a user

Postby stephen » Wed Jan 28, 2009 5:40 am

to create a user fred
Code: Select all
useradd fred
groupadd fred
stephen
 
Posts: 507
Joined: Thu Feb 09, 2006 9:37 am
Location: Brisbane

to start dovecot at startup

Postby stephen » Wed Feb 11, 2009 2:03 pm

in /etc/rc.conf add the line
dovecot_enable="YES"

in /usr/local/etc/rc.d/
add file dovecot
here is the standard
Code: Select all
#!/bin/sh
#
# $FreeBSD: ports/mail/dovecot/files/dovecot.sh.in,v 1.12 2009/01/18 03:41:05 beech Exp $
#

# PROVIDE: dovecot
# REQUIRE: LOGIN
# KEYWORD: shutdown

# Define dovecot_* variables in one of these files:
#       /etc/rc.conf
#       /etc/rc.conf.local
#       /etc/rc.conf.d/dovecot

. /etc/rc.subr

name=dovecot
rcvar=`set_rcvar`

# read configuration and set defaults
load_rc_config ${name}
: ${dovecot_enable:="NO"}
: ${dovecot_config:="/usr/local/etc/${name}.conf"}

command="/usr/local/sbin/${name}"
start_precmd="start_precmd"
stop_postcmd="stop_postcmd"
restart_cmd="restart_cmd"

start_precmd()
{       # Ensure runtime directories exist with correct permissions
        local login_user login_gid
        login_user=$(${command} ${command_args} -a | /usr/bin/awk -F ': ' '/^login_user:/ { print $2 }')
        login_gid=$(/usr/sbin/pw usershow -n "${login_user}" 2>/dev/null | /usr/bin/cut -d: -f4)
        /usr/bin/install -o root -g wheel -m 0755 -d ${base_dir}
        /usr/bin/install -o root -g ${login_gid} -m 0750 -d ${login_dir}
}

stop_postcmd()
{       # Cleanup runtime directories
        rm -rf ${login_dir} ${base_dir} 2>/dev/null
}

restart_cmd()
{       # Overriding makes rc.subr run this once for each instance
        run_rc_command stop
        run_rc_command start
}

# To start multiple instances of dovecot set dovecot_config to
# a space seperated list of configuration files.
if checkyesno ${name}_enable; then
        for config in ${dovecot_config}; do
                required_files="${config}"
                command_args="-c ${config}"
                base_dir=$(${command} ${command_args} -a | /usr/bin/awk -F ': ' '/^base_dir:/ { print $2 }')
                login_dir=$(${command} ${command_args} -a | /usr/bin/awk -F ': ' '/^login_dir:/ { print $2 }')
                pidfile="${base_dir}/master.pid"
                run_rc_command "$1"
        done
fi

stephen
 
Posts: 507
Joined: Thu Feb 09, 2006 9:37 am
Location: Brisbane


Return to Linux Server Configuration Notes

Who is online

Users browsing this forum: No registered users and 3 guests

cron