FreeBSD Install notes
Posted: Fri Mar 14, 2008 6:11 amDownload disk1 ISO image of the FreeBSD version 1.0
Burn it on a cD
Boot new server from the CD and follow prompts.
After Install
If server does not boot FreeBSD from Hard Disk, check the BIOS settings to ensure that the server is looking t boot from the disk you just installed the OS on.
This web site has help with getting started with FreeBSD Basics
http://www.freebsdmadeeasy.com/tutorials/freebsd/freebsd-basics.php
login as root
edit /etc/inetd.conf
and uncomment the services you want to start
eg ssh , lukemftpd
vi /etc/resolv.conf
and set the correct name server
restart inetd
/etc/rc.d/inetd restart
In order to login using ssh remotely you need to login with a non root login then su to root. But you can only su to root if you are a member of the wheel group.
in /etc/rc.conf
contains
hostname
the initial ip addresses for networking
sshd enable
frp enaable
etc
ftp connection refused
http://www.bsdforums.org/forums/archive/index.php/t-26029.html
what you need to do is first start the daemon (as a daemon), then verify that it is running, then verify that it is listening then test.
1. /usr/libexec/ftpd -D (this will start ftpd as a daemon)
2. ps aux (verify that it is running)
3. netstat -an (verify that it is listening on the port specified as "ftp" in /etc/services)
4. try connection to the ftp on the port and interface it's listening on.
you should replace the default *BSD ftpd with more secure and more configurable ftp servers. Try vsftpd or pure-ftpd.
To install the vsftpd system from the PORTS system
cd /usr/ports/ftp/vsftpd
make
for options select RC_NG and vsftpd_ssl
make install
vi /usr/local/etc/vsftpd.conf
write_enable=YES
anonymous_enable=NO
local_enable=YES
listen=YES
background=YES
make clean
add vsftpd_enable="YES" to /etc/rc.conf
vi /etc/rc.conf
#
vsftpd_enable="YES"
Install Apache
using ports system
cd /usr/ports/www/apache22
make
make install
vi /etc/rc.conf
apache22_enable="YES"
vi /usr/local/etc/apache22/httpd.conf
ServerName NAHIS1:80
vi /etc/hosts
192.168.150.20 NAHIS1
192.168.150.20 NAHIS1.
/usr/local/etc/rc.d/apache22 start
/usr/ports/lang/php5
make install
tick Build Apache Module
vi /usr/local/etc/apache22/httpd.conf
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Install Postgresql
cd /usr/ports/databases/postgresql84-server
make install
vi /etc/rc.conf
postgresql_enable="YES"
postgresql_data="/usr/local/pgsql/data"
postgresql_flags="-w -s -m fast"
postgresql_initdb_flags="--encoding=utf-8 --lc-collate=C"
postgresql_class="default"
Create a user for postgresql use.
root# adduser postgres
Create the database directories and create the intiial database
root# mkdir /usr/local/pgsql/data
root# chown postgres /usr/local/pgsql/data
root# su postgres
postgres$ initdb -D /usr/local/pgsql/data
Change postgresql_user to postgress in startup script
vi /usr/local/etc/rc.d/postgresql
postgresql_user=postgres
Start postgresql
/usr/local/etc/rc.d/postgresql start
Install postgis
cd /usr/ports/databases/postgis
make install
tick GEOS Include GEOS - the OpenGIS 'Simple Features for SQL'
vi /usr/share/examples/cvsup/ports-supfile
*default host=cvsup.au.FreeBSD.org
uncomment ports-base
uncomment ports-graphics
comment ports-all
cd /usr/ports/net/cvsup
make install
Install mapserver
cd /usr/ports/graphics/mapserver/
Problem mapserver requires apache 1.3 and we have installed apache 2.2
pkg_delete php5-5.2.11
pkg_delete apache-2.2.13
pkg_add -r mapserver
cd /usr/ports/graphics/mapserver/
make clean
make install
needed updated version of proj
cd /usr/ports/graphics/proj
make deinstall
make reinstall
needed updated version of curl
cd /usr/ports/ftp/curl
make deinstall
make reinstall
shared library curl.6 does not exist
ln -s /usr/local/lib/libcurl.so.5 /usr/local/lib/libcurl.so.6
mapswf.c:3469: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘GetCurrentMovie’
stop in /usr/ports/graphics/mapserver
Change the Apache Version from 13 to 22
vi Makefile
USE_APACHE= 22
Install portupgrade
# cd /usr/ports/ports-mgmt/portupgrade
# make install clean
Scan the list of installed ports with the pkgdb -F command and fix all the inconsistencies it reports. It is a good idea to do this regularly, before every upgrade.
When you run portupgrade -a, portupgrade will begin to upgrade all the outdated ports installed on your system. Use the -i flag if you want to be asked for confirmation of every individual upgrade.
# portupgrade -ai
To Synchronise two servers use csync2
cd /usr/ports/net/csync2
make install
A tutorial on installing Apache
http://www.freebsdmadeeasy.com/tutorials/web-server/configure-apache-web-server-on-freebsd.php
Download the apache22.tar.gz port
extract file
then
default web sites are stored under
httpd.conf stored under
FreeBSD apache http server
how to restart apache
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-apache.html
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/apache22
/usr/local/etc/rc.d/htcacheclean
Install PHP5
http://www.freebsdmadeeasy.com/tutorials/web-server/install-php-5-for-web-hosting.php
For a detailed description of using the ports system
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html
For a installation guide on
Deploying a FreeBSD 6.2 Server
http://www.openaddict.com/node/33
guide to installing ASSP and ClamAV
http://www.asspsmtp.org/wiki/Configuration
ASSP Basic Workflow and reference
http://apps.sourceforge.net/mediawiki/assp/index.php?title=ASSP_Basic_Workflow
To install ASSP (Anti-Spam SMTP Proxy)
To install perl modules
the assp is installed in these folders
programs in here
/usr/local/lib/assp
ie. assp.pl, rebuildspamdb.pl etc
also assp.cfg is located here
and the database in this folder
/var/db/assp/
the database has the spam, nospam, logs folders
thanks to http://dsumsky.blogspot.com/2008/02/monitoring-assp-with-monit.html
create a scrip to start and stop assp in
/usr/local/etc/rc.d/assp
I have modified the script so that it will accept assp_start commands from /etc/rc.conf so
You can start the assp server
(replace 123.123.123.46 with your external ip address of the server)
To configure the assp server
vi /usr/local/lib/assp/assp.cfg
or
browse to the web admin page
http://123.123.123.46:55555
Change the assp Network Setup
SMTP Listen Port to the external ip address:25
Change the SMTP Destination to the localhost:25
You may have to modify rebuildspamdb.pl to change the location to find assp.cfg
eg at line 282
This site has some good explanations of the process
Sendmail+TLS+SMTP-AUTH - A Quick & Dirty howto
http://www.hungryhacker.com/articles/misc/sendmail_howto.html
Notes on FeeBSD as a Secure Mail Server
http://www.puresimplicity.net/~hemi/freebsd/sendmail.html
I have pasted the details below:-
Sendmail setup
1. Install security/cyrus-sasl2-saslauthd from the FreeBSD ports system. Installing security/cyrus-sasl2-saslauthd will also build and install security/cyrus-sasl2 as a dependancy.
cd /usr/ports/security/cyrus-sasl2-saslauthd
make install
2. Saslauthd can be started by /usr/local/etc/rc.d/saslauthd.sh now if you want.
Note. I found this command started Saslauthd /usr/local/etc/rc.d/saslauthd start
yo test isSaslauthd is working
# testsaslauthd -u yourusername -p yourpassword
0: OK "Success."
Starting saslauthd manually will be necessary if you're going to rebuild sendmail outside of a buildworld and not reboot afterwards. Be certain to add the line
saslauthd_enable="YES"
to /etc/rc.conf because the rc script that starts saslauthd checks the value of this variable to determine whether or not saslauthd should be started.
3. Change sendmail build options in /etc/make.conf. FreeBSD's SENDMAIL_* variables in /etc/make.conf are functionally equivalent to creating a site.config.m4 file in the sendmail/devtools/Site directory in a "virgin" sendmail source tree. We need to use the build options to enable cyrus-sasl2 support along with enabling the sendmail server to run on the smtps port (465) as well as on the regular smtp port (25). The lines in /etc/make.conf should look like this:
# SASL (cyrus-sasl v2) sendmail build flags...
SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
# Adding to enable alternate port (smtps) for sendmail...
SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL
4. Rebuild sendmail. You can do this the next time you rebuild the world or you can rebuild sendmail independently. To rebuild sendmail and associated programs separate from the rest of the FreeBSD world you need to do the following:
cd /usr/src/usr.sbin/sendmail
make clean
make depend
make
make install
5. Obtain and install an SSL certificate. You can generate an OpenSSL certificate yourself:
(Note! I am using /etc/ssl/certs )
mkdir /etc/mail/certs
cd /etc/mail/certs
openssl dsaparam 1024 -out dsa1024.pem
openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout mykey.pem
rm dsa1024.pem
chmod -R 600 /etc/mail/certs/*
6. Make sure sendmail is using saslauthd for authentication vi . /usr/local/lib/sasl2/Sendmail.conf controls which password authentication mechanism sasl uses against the local system password database when sendmail requests authentication against a user's password. /usr/local/lib/sasl2/Sendmail.conf needs to be changed to use saslauthd, so the line in the file should look like this:
pwcheck_method: saslauthd
7. Edit sendmail's mc file.
Note: located in /etc/mail
The mc file should be the machine's fully-qualified domain name with .mc after it. If it's not, do a "make all" to generate an mc file with this name. Make changes to that file, not the original freebsd.mc. We need to allow auth types of PLAIN and LOGIN, specify PLAIN and LOGIN auth types as trusted auth mechanisms to allow relaying from hosts that use those auth methods, point sendmail at our SSL certificate and tell sendmail to listen on the smtps port:
define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
Note that only mail clients that support raw TLS connections will be able to play nice with the smtps port cause of the "M=s" in the smtps port line in the mc file. If you want a "regular" smtp port listening at the smtps port just remove the M=s part.
8. Rebuild cf files. From /etc/mail:
make all install restart
9. Try it out! Point your mailer at the mail server, configure the mailer appropriately to use SSL/TLS and auth and give it a shot. If things don't work it's time to start checking your work. If everything looks right bump the LogLevel to 25 in sendmail.cf and watch /var/log/maillog to see where the problem is.
/usr/ports/mail/sendmail-sasl
make install
This port has installed the following binaries which execute with
increased privileges.
/usr/local/sbin/sendmail
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/sendmail
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/sm-client.sh.sample
/usr/local/etc/rc.d/sendmail.sh.sample
sendmail configuration file is in
/usr/share/sendmail/cf/cf
cd to above directory
cp generic-linux.mc to sendmail.mc
make install-cf
the README states
Configuration files are contained in the subdirectory "cf", with a
suffix ".mc". They must be run through "m4" to produce a ".cf" file.
You must pre-load "cf.m4":
m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
Alternatively, you can simply:
cd ${CFDIR}/cf
./Build config.cf
Using dovecot as the pop3 and imap server
see this site for an example install
http://www.freebsddiary.org/dovecot.php
for info on creating a non password key see:
http://www.freebsddiary.org/bacula-tls.php
$ openssl rsa -in lists.example.org.key -out lists.example.org.nopassword.key
Enter pass phrase for lists.example.org.key:
writing RSA key
to change the dovecot config
to start dovecot
to create a server certificate using cacert.org
On your server run
# openssl genrsa -des3 -out imaps.example.org.key 1024
at Enter pass phrase for imaps.example.org.key:
next
# openssl req -new -key imaps.example.org.key -out imaps.example.org.csr -config /etc/ssl/openssl.cnf
at Enter pass phrase for imaps.example.org.key:
http://www.cacert.org
login
click on domains and add your domain into the list of domains you manage.
click Server certificates
click New
paste in your CSR(Certificate Signing Request) in the text area on the form
now copy the generated certificate
and create a new file on the server imaps.example.org.cert
and paste the resulting certificate from CACert into imaps.example.org.cert.
create a nopassword version of file
openssl rsa -in imaps.example.org.key -out imaps.example.org.nopassword.key
copy the imaps.example.org.cert and imaps.example.org.nopassword.key files to the
Edit the dovecot configuration file
vi /usr/local/etc/dovecot.conf
modify the protocols line
protocols = imaps
modify the ssl_cert_file and ssl_key_file
tssl_cert_file = /etc/ssl/certs/imaps.example.org.cert
ssl_key_file = /etc/ssl/private/imaps.example.org.nopassword.key
Installing mysql
here is a tutorial site for installing mysql
http://www.freebsdmadeeasy.com/tutorials/web-server/install-mysql-server-on-freebsd.php
Install phpMyadmin
To transfer mysql file from one server to another
Dump Database from old server
mysqldump -u username -ppassword databasename >databasename.sql
to import
mysql -p -h localhost databasename <databasename.sql
http://forums.mysql.com/read.php?35,75794,162797#msg-162797
Re: ERROR 1153: Got a packet bigger than 'max_allowed_packet' bytes
Posted by: Dan Tasse ()
Date: July 17, 2007 02:01PM
I had the same problem, with an 8gb .sql file. I didn't have any luck with --max_allowed_packet; it seems like it didn't do anything. I just opened two terminals, connected to mysql on one, set the following:
set global max_allowed_packet=1000000000;
set global net_buffer_length=1000000;
http://www.devshed.com/c/a/MySQL/Backing-up-and-restoring-your-MySQL-Database/
adodb
You can add the ADOdb path (default: /usr/local/share/adodb)
to the "include_path=" directive in your php.ini
subversion
/usr/local/share/subversion
cvs to subversion
conversion tool is cvs2svn
turtoisesvn as a windows client
to create a svn repository
svnadmin create /mnt/svn_repos
To Create a partition on the second disk drive
http://www.freebsd.org/doc/en/books/handbook/disks-adding.html
18.3.1 Using sysinstall(8)
1.
Navigating Sysinstall
You may use sysinstall to partition and label a new disk using its easy to use menus. Either login as user root or use the su command. Run sysinstall and enter the Configure menu. Within the FreeBSD Configuration Menu, scroll down and select the Fdisk option.
2.
fdisk Partition Editor
Once inside fdisk, typing A will use the entire disk for FreeBSD. When asked if you want to “remain cooperative with any future possible operating systemsâ€
Burn it on a cD
Boot new server from the CD and follow prompts.
After Install
If server does not boot FreeBSD from Hard Disk, check the BIOS settings to ensure that the server is looking t boot from the disk you just installed the OS on.
This web site has help with getting started with FreeBSD Basics
http://www.freebsdmadeeasy.com/tutorials/freebsd/freebsd-basics.php
login as root
edit /etc/inetd.conf
and uncomment the services you want to start
eg ssh , lukemftpd
vi /etc/resolv.conf
and set the correct name server
restart inetd
/etc/rc.d/inetd restart
In order to login using ssh remotely you need to login with a non root login then su to root. But you can only su to root if you are a member of the wheel group.
in /etc/rc.conf
contains
hostname
the initial ip addresses for networking
sshd enable
frp enaable
etc
ftp connection refused
http://www.bsdforums.org/forums/archive/index.php/t-26029.html
what you need to do is first start the daemon (as a daemon), then verify that it is running, then verify that it is listening then test.
1. /usr/libexec/ftpd -D (this will start ftpd as a daemon)
2. ps aux (verify that it is running)
3. netstat -an (verify that it is listening on the port specified as "ftp" in /etc/services)
4. try connection to the ftp on the port and interface it's listening on.
you should replace the default *BSD ftpd with more secure and more configurable ftp servers. Try vsftpd or pure-ftpd.
To install the vsftpd system from the PORTS system
cd /usr/ports/ftp/vsftpd
make
for options select RC_NG and vsftpd_ssl
make install
vi /usr/local/etc/vsftpd.conf
write_enable=YES
anonymous_enable=NO
local_enable=YES
listen=YES
background=YES
make clean
add vsftpd_enable="YES" to /etc/rc.conf
vi /etc/rc.conf
#
vsftpd_enable="YES"
Install Apache
using ports system
cd /usr/ports/www/apache22
make
make install
vi /etc/rc.conf
apache22_enable="YES"
vi /usr/local/etc/apache22/httpd.conf
ServerName NAHIS1:80
vi /etc/hosts
192.168.150.20 NAHIS1
192.168.150.20 NAHIS1.
/usr/local/etc/rc.d/apache22 start
/usr/ports/lang/php5
make install
tick Build Apache Module
vi /usr/local/etc/apache22/httpd.conf
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Install Postgresql
cd /usr/ports/databases/postgresql84-server
make install
vi /etc/rc.conf
postgresql_enable="YES"
postgresql_data="/usr/local/pgsql/data"
postgresql_flags="-w -s -m fast"
postgresql_initdb_flags="--encoding=utf-8 --lc-collate=C"
postgresql_class="default"
Create a user for postgresql use.
root# adduser postgres
Create the database directories and create the intiial database
root# mkdir /usr/local/pgsql/data
root# chown postgres /usr/local/pgsql/data
root# su postgres
postgres$ initdb -D /usr/local/pgsql/data
Change postgresql_user to postgress in startup script
vi /usr/local/etc/rc.d/postgresql
postgresql_user=postgres
Start postgresql
/usr/local/etc/rc.d/postgresql start
Install postgis
cd /usr/ports/databases/postgis
make install
tick GEOS Include GEOS - the OpenGIS 'Simple Features for SQL'
vi /usr/share/examples/cvsup/ports-supfile
*default host=cvsup.au.FreeBSD.org
uncomment ports-base
uncomment ports-graphics
comment ports-all
cd /usr/ports/net/cvsup
make install
Install mapserver
cd /usr/ports/graphics/mapserver/
Problem mapserver requires apache 1.3 and we have installed apache 2.2
pkg_delete php5-5.2.11
pkg_delete apache-2.2.13
pkg_add -r mapserver
cd /usr/ports/graphics/mapserver/
make clean
make install
needed updated version of proj
cd /usr/ports/graphics/proj
make deinstall
make reinstall
needed updated version of curl
cd /usr/ports/ftp/curl
make deinstall
make reinstall
shared library curl.6 does not exist
ln -s /usr/local/lib/libcurl.so.5 /usr/local/lib/libcurl.so.6
mapswf.c:3469: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘GetCurrentMovie’
stop in /usr/ports/graphics/mapserver
Change the Apache Version from 13 to 22
vi Makefile
USE_APACHE= 22
Install portupgrade
# cd /usr/ports/ports-mgmt/portupgrade
# make install clean
Scan the list of installed ports with the pkgdb -F command and fix all the inconsistencies it reports. It is a good idea to do this regularly, before every upgrade.
When you run portupgrade -a, portupgrade will begin to upgrade all the outdated ports installed on your system. Use the -i flag if you want to be asked for confirmation of every individual upgrade.
# portupgrade -ai
To Synchronise two servers use csync2
cd /usr/ports/net/csync2
make install
A tutorial on installing Apache
http://www.freebsdmadeeasy.com/tutorials/web-server/configure-apache-web-server-on-freebsd.php
Download the apache22.tar.gz port
extract file
- Code: Select all
tar -xvf apache22.tar.gz
cd apache22
make
then
- Code: Select all
make install
default web sites are stored under
- Code: Select all
/usr/local/www/apache22/data
httpd.conf stored under
- Code: Select all
/usr/local/etc/apache22/httpd.conf
FreeBSD apache http server
how to restart apache
- Code: Select all
/usr/local/sbin/apachectl restart
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-apache.html
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/apache22
/usr/local/etc/rc.d/htcacheclean
Install PHP5
http://www.freebsdmadeeasy.com/tutorials/web-server/install-php-5-for-web-hosting.php
For a detailed description of using the ports system
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html
For a installation guide on
Deploying a FreeBSD 6.2 Server
http://www.openaddict.com/node/33
guide to installing ASSP and ClamAV
http://www.asspsmtp.org/wiki/Configuration
ASSP Basic Workflow and reference
http://apps.sourceforge.net/mediawiki/assp/index.php?title=ASSP_Basic_Workflow
To install ASSP (Anti-Spam SMTP Proxy)
- Code: Select all
cd /usr/ports/mail/assp
make install
To install perl modules
- Code: Select all
perl -MCPAN -e shell
install IO::Socket::SSL
install Email::Send
install Email::MIME::Modifier
install Mail::SPF
install Net::CIDR::Lite
install Net::IP::Match::Regexp
install Net::SenderBase
install Net::LDAP
install Net::DNS
install Email::Valid
install Mail::SPF::Query
install Compress::Zlib
install Digest::MD5
install Digest::SHA1
install File::ReadBackwards
install Time::HiRes
install Sys::Syslog
install Net::Syslog
install Tie::RDBM
install Net::IP::Match::Regexp
install Net::CIDR::Lite
install Net::SenderBase
install LWP::Simple
install Email::MIME::Modifier
install Net::SMTP
install Mail::SRS
q
the assp is installed in these folders
programs in here
/usr/local/lib/assp
ie. assp.pl, rebuildspamdb.pl etc
also assp.cfg is located here
and the database in this folder
/var/db/assp/
the database has the spam, nospam, logs folders
thanks to http://dsumsky.blogspot.com/2008/02/monitoring-assp-with-monit.html
create a scrip to start and stop assp in
/usr/local/etc/rc.d/assp
I have modified the script so that it will accept assp_start commands from /etc/rc.conf so
- Code: Select all
#!/bin/sh -e
PATH=/bin:/usr/bin:/sbin:/usr/sbin
. /etc/rc.subr
name="assp"
rcvar=${name}_enable
load_rc_config $name
: ${assp_enable="NO"}
case "$1" in
start|start_assp)
if [ -f /var/run/assp.pid ]
then
echo "The Anti-Spam SMTP Proxy is already started"
else
echo "Starting the Anti-Spam SMTP Proxy"
cd /usr/local/lib/assp
perl assp.pl
ps ax | grep "perl assp.pl" | grep -v grep | awk '{ print $1 }' > /var/run/assp.pid
fi
;;
stop|stop_assp)
echo "Stopping the Anti-Spam SMTP Proxy"
kill -9 `ps ax | grep "perl assp.pl" | grep -v grep | awk '{ print $1 }'`
rm -f /var/run/assp.pid
;;
restart|assp_restart)
$0 stop || true
$0 start
;;
*)
echo "Usage: /usr/local/etc/rc.d/assp {start|stop|restart}"
exit 1
;;
esac
exit 0
You can start the assp server
(replace 123.123.123.46 with your external ip address of the server)
- Code: Select all
/usr/local/etc/rc.d/assp start
To configure the assp server
vi /usr/local/lib/assp/assp.cfg
or
browse to the web admin page
http://123.123.123.46:55555
Change the assp Network Setup
SMTP Listen Port to the external ip address:25
- Code: Select all
listenPort:=123.123.123.46:25
Change the SMTP Destination to the localhost:25
- Code: Select all
smtpDestination:=127.0.0.1:25
You may have to modify rebuildspamdb.pl to change the location to find assp.cfg
eg at line 282
- Code: Select all
# the last one is the one used if all else fails
foreach (
'.', '/usr/local/assp', '/home/assp',
'/etc/assp', '/usr/assp', '/applications/assp',
'/usr/local/lib/assp',
'/assp', '.'
)
{
$base = $_;
last if -e "$base/assp.cfg";
}
This site has some good explanations of the process
Sendmail+TLS+SMTP-AUTH - A Quick & Dirty howto
http://www.hungryhacker.com/articles/misc/sendmail_howto.html
Notes on FeeBSD as a Secure Mail Server
http://www.puresimplicity.net/~hemi/freebsd/sendmail.html
I have pasted the details below:-
Sendmail setup
1. Install security/cyrus-sasl2-saslauthd from the FreeBSD ports system. Installing security/cyrus-sasl2-saslauthd will also build and install security/cyrus-sasl2 as a dependancy.
cd /usr/ports/security/cyrus-sasl2-saslauthd
make install
2. Saslauthd can be started by /usr/local/etc/rc.d/saslauthd.sh now if you want.
Note. I found this command started Saslauthd /usr/local/etc/rc.d/saslauthd start
yo test isSaslauthd is working
# testsaslauthd -u yourusername -p yourpassword
0: OK "Success."
Starting saslauthd manually will be necessary if you're going to rebuild sendmail outside of a buildworld and not reboot afterwards. Be certain to add the line
saslauthd_enable="YES"
to /etc/rc.conf because the rc script that starts saslauthd checks the value of this variable to determine whether or not saslauthd should be started.
3. Change sendmail build options in /etc/make.conf. FreeBSD's SENDMAIL_* variables in /etc/make.conf are functionally equivalent to creating a site.config.m4 file in the sendmail/devtools/Site directory in a "virgin" sendmail source tree. We need to use the build options to enable cyrus-sasl2 support along with enabling the sendmail server to run on the smtps port (465) as well as on the regular smtp port (25). The lines in /etc/make.conf should look like this:
# SASL (cyrus-sasl v2) sendmail build flags...
SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
# Adding to enable alternate port (smtps) for sendmail...
SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL
4. Rebuild sendmail. You can do this the next time you rebuild the world or you can rebuild sendmail independently. To rebuild sendmail and associated programs separate from the rest of the FreeBSD world you need to do the following:
cd /usr/src/usr.sbin/sendmail
make clean
make depend
make
make install
5. Obtain and install an SSL certificate. You can generate an OpenSSL certificate yourself:
(Note! I am using /etc/ssl/certs )
mkdir /etc/mail/certs
cd /etc/mail/certs
openssl dsaparam 1024 -out dsa1024.pem
openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout mykey.pem
rm dsa1024.pem
chmod -R 600 /etc/mail/certs/*
6. Make sure sendmail is using saslauthd for authentication vi . /usr/local/lib/sasl2/Sendmail.conf controls which password authentication mechanism sasl uses against the local system password database when sendmail requests authentication against a user's password. /usr/local/lib/sasl2/Sendmail.conf needs to be changed to use saslauthd, so the line in the file should look like this:
pwcheck_method: saslauthd
7. Edit sendmail's mc file.
Note: located in /etc/mail
The mc file should be the machine's fully-qualified domain name with .mc after it. If it's not, do a "make all" to generate an mc file with this name. Make changes to that file, not the original freebsd.mc. We need to allow auth types of PLAIN and LOGIN, specify PLAIN and LOGIN auth types as trusted auth mechanisms to allow relaying from hosts that use those auth methods, point sendmail at our SSL certificate and tell sendmail to listen on the smtps port:
define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
Note that only mail clients that support raw TLS connections will be able to play nice with the smtps port cause of the "M=s" in the smtps port line in the mc file. If you want a "regular" smtp port listening at the smtps port just remove the M=s part.
8. Rebuild cf files. From /etc/mail:
make all install restart
9. Try it out! Point your mailer at the mail server, configure the mailer appropriately to use SSL/TLS and auth and give it a shot. If things don't work it's time to start checking your work. If everything looks right bump the LogLevel to 25 in sendmail.cf and watch /var/log/maillog to see where the problem is.
/usr/ports/mail/sendmail-sasl
make install
This port has installed the following binaries which execute with
increased privileges.
/usr/local/sbin/sendmail
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/sendmail
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/sm-client.sh.sample
/usr/local/etc/rc.d/sendmail.sh.sample
sendmail configuration file is in
/usr/share/sendmail/cf/cf
cd to above directory
cp generic-linux.mc to sendmail.mc
make install-cf
the README states
Configuration files are contained in the subdirectory "cf", with a
suffix ".mc". They must be run through "m4" to produce a ".cf" file.
You must pre-load "cf.m4":
m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
Alternatively, you can simply:
cd ${CFDIR}/cf
./Build config.cf
Using dovecot as the pop3 and imap server
see this site for an example install
http://www.freebsddiary.org/dovecot.php
for info on creating a non password key see:
http://www.freebsddiary.org/bacula-tls.php
$ openssl rsa -in lists.example.org.key -out lists.example.org.nopassword.key
Enter pass phrase for lists.example.org.key:
writing RSA key
to change the dovecot config
- Code: Select all
vi /usr/local/etc/dovecot.conf
to start dovecot
- Code: Select all
/usr/local/etc/rc.d/dovecot start
to create a server certificate using cacert.org
On your server run
# openssl genrsa -des3 -out imaps.example.org.key 1024
at Enter pass phrase for imaps.example.org.key:
next
# openssl req -new -key imaps.example.org.key -out imaps.example.org.csr -config /etc/ssl/openssl.cnf
at Enter pass phrase for imaps.example.org.key:
http://www.cacert.org
login
click on domains and add your domain into the list of domains you manage.
click Server certificates
click New
paste in your CSR(Certificate Signing Request) in the text area on the form
now copy the generated certificate
and create a new file on the server imaps.example.org.cert
and paste the resulting certificate from CACert into imaps.example.org.cert.
create a nopassword version of file
openssl rsa -in imaps.example.org.key -out imaps.example.org.nopassword.key
copy the imaps.example.org.cert and imaps.example.org.nopassword.key files to the
Edit the dovecot configuration file
vi /usr/local/etc/dovecot.conf
modify the protocols line
protocols = imaps
modify the ssl_cert_file and ssl_key_file
tssl_cert_file = /etc/ssl/certs/imaps.example.org.cert
ssl_key_file = /etc/ssl/private/imaps.example.org.nopassword.key
Installing mysql
here is a tutorial site for installing mysql
http://www.freebsdmadeeasy.com/tutorials/web-server/install-mysql-server-on-freebsd.php
- Code: Select all
cd /usr/ports/databases/mysql50-server
make install
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/libexec/mysqld
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/mysql-server
Install phpMyadmin
phpMyAdmin-2.11.5 has been installed into:
/usr/local/www/phpMyAdmin
Please edit config.inc.php to suit your needs.
To make phpMyAdmin available through your web site, I suggest
that you add something like the following to httpd.conf:
Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
<Directory "/usr/local/www/phpMyAdmin/">
Options none
AllowOverride Limit
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 .example.com
</Directory>
To transfer mysql file from one server to another
Dump Database from old server
mysqldump -u username -ppassword databasename >databasename.sql
to import
mysql -p -h localhost databasename <databasename.sql
http://forums.mysql.com/read.php?35,75794,162797#msg-162797
Re: ERROR 1153: Got a packet bigger than 'max_allowed_packet' bytes
Posted by: Dan Tasse ()
Date: July 17, 2007 02:01PM
I had the same problem, with an 8gb .sql file. I didn't have any luck with --max_allowed_packet; it seems like it didn't do anything. I just opened two terminals, connected to mysql on one, set the following:
set global max_allowed_packet=1000000000;
set global net_buffer_length=1000000;
http://www.devshed.com/c/a/MySQL/Backing-up-and-restoring-your-MySQL-Database/
adodb
You can add the ADOdb path (default: /usr/local/share/adodb)
to the "include_path=" directive in your php.ini
subversion
/usr/local/share/subversion
cvs to subversion
conversion tool is cvs2svn
turtoisesvn as a windows client
to create a svn repository
svnadmin create /mnt/svn_repos
To Create a partition on the second disk drive
http://www.freebsd.org/doc/en/books/handbook/disks-adding.html
18.3.1 Using sysinstall(8)
1.
Navigating Sysinstall
You may use sysinstall to partition and label a new disk using its easy to use menus. Either login as user root or use the su command. Run sysinstall and enter the Configure menu. Within the FreeBSD Configuration Menu, scroll down and select the Fdisk option.
2.
fdisk Partition Editor
Once inside fdisk, typing A will use the entire disk for FreeBSD. When asked if you want to “remain cooperative with any future possible operating systemsâ€