Now my project is finished, and I nolonger have something to do, I am going to explain how I set up my new server.
The Ingredients for today are:
| Ubuntu | [Get it here] |
| VmWare Server | [Get it here] |
| Samba sources | [Get it here] |
| Heimdal Kerberos sources | [Get it here] |
| OpenLDAP | [Get it here] |
| Lots of time |
To give you an impression of the whole picture I created a drawing that reflects the situation:
As you can see I started with a clean Ubuntu install.On top of that I have installed vmware server with the default configuration options. I assume you know how to handle your Linux distro and you know how to install the required packages.
Next we are going to configure Postfix mailserver and the spam and virus filter. First install postfix, and change the following postfix configuration files:
Master.cf
Add or unhash the following line:
transport_maps = hash:/etc/postfix/transport
Change the following to reflect your hostname ( make sure it is resolvable from the internet )
myhostname = YOUR_HOSTNAME_HERE
Change this to all domains you are receiving e-mail for
mydestination = localhost.localdomain, localhost
Change this to reflect your local networks ( mostly local networks )
mynetworks = 192.168.10.0/24, 192.168.0.0/24
This is needed to tell postfix where it should post e-mail to, to scan for spam and virus
content_filter = smtp-amavis:[localhost]:10024
Main.cf
Just copy and past these into your main.cf
smtp-amavis unix – – y – 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n – y – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_header_body_checks
Optionally you can add your own networks behind the -o mynetworks option. But I prefer not to trust any message, not even messages that originated from within my own network 
Postfix should be correctly configured right now. So we move on to the next part: Clamav
After I installed Clamav, I only had to change the /etc/clamav/clamd.conf:
Make sure you remember the location of the clamd.ctl. You will be needing it later.
Mine was located in /var/run/clamav/
Next make sure the clamav deamon runs as the amavisd user:
user amavis
Clamav should be ready now, so let’s go on.
Because I apt-getted amavisd to my machine, your configuration could differ if you didn’t use ubuntu. Ubuntu places these options in different files, and I believe a fresh compile from source places everything in one or two files.
Anyway, I can give you only the files I adjusted:
In /etc/amavis/conf.d/15-av_scanners make sure the following content is there, and make sure the path to clamd.ctl is the same as configured in clamav
### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# NOTE: remember to add the clamav user to the amavis group, and
# to properly set clamd to init supplementary groups
Next we are going to edit /etc/amavis/conf.d/amavisd.conf
First the obvious things:
$mydomain = ‘YOUR DOMAIN.net’;
$myhostname = ‘mail.YOU DOMAIN.net’;
$daemon_user = ‘amavis’;
$daemon_group = ‘amavis’;
The next line is probably already there, just make sure it is un-commented
@bypass_virus_checks_maps = (1);
In the following line you can add more domains for which you relay mail
@local_domains_maps = ( [".$mydomain", "SECOND DOMAIN.net"] );
$inet_socket_port = 10024;
This line should correspond with the content_filter line in the postfix configuration. Postfix pushes all mail on this port to amavis, and they both have to know how to communicate with each other
$final_virus_destiny = D_BOUNCE;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_BOUNCE;
$final_bad_header_destiny = D_PASS;
These fields configure how to react when a certain type of e-mail has been scanned and classified.
Possible options are: D_BOUNCE, D_REJECT, D_PASS, D_DISCARD.
D_DISCARD will discard the e-mail without generating any messages
D_PASS will forward the e-mail, although it has been classified as spam or virus.
D_REJECT and D_BOUNCE are a bit the same, the difference lies in the way the sender is notified the e-mail is undeliverable. D_REJECT is less informative then the D_BOUNCE.
The next file I edited was /etc/amavis/conf.d/20-debian_defaults
These options are to configure when a mail is classified as spam
$sa_spam_subject_tag = ‘[This message could be *SPAM*] ‘;
$sa_tag_level_deflt = undef; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0; # add ’spam detected’ headers at that level
$sa_kill_level_deflt = 5.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent
These options are taken right out of the configuration file and are pretty straight forward to me.
Next you probably have to give the amavis user enough rights on the /var/log/clamav directory.
chown -r amavis:amavis /var/log/clamav
Furthermore I just apt-getted spamassassin to my server, but I did not have to change any configuration files.
So, mail has been configured. I will not explain howto install Apache/mysql/php. Other have done that already, and probably better than I can
Okay, E-mail is ready ( except for some little tweaks, which I will explain after we have installed VmWare and Windows 2003 ). Let us move on to VmWare.
Download the package package and the VmWare console from the VmWare website. You have to register; if you don’t you will not be able to start VmWare because you will need to have a key at installation/configuration.
Make sure you have the following packages installed before even trying to run the installer:
- Glibc version 2.1 or higher
- libXpm.so
- A working inetd
- PERL 5.005x or higher
Start the installation by executing the vmware-install.pl. Just accept all default values for the different questions asked ( it workd for me ).
When the installer succesfully exits run vmware-config.pl. Accept the EULA. The next question is about networking. The answer depends on what you would like. I chose bridging, because I have enough IP addresses and I wanted to give all virtual hosts theire own IP adress on my network. If you do not want this, or you are not authorized to take IP addresses of the network you can use NAT and give youre virtual hosts IP addresses on an other (virtual) network. Then the installer asks you the port number where the VmWare Console should connect. I left it the default value ( 902 ). Next it asks you where to store the Virtual Machines. I pointed it to /VMachines. After that it bugs you with the key you should have gotten from VmWare.
So far for today! Within a few days I will finish the configuration in Ubuntu + VmWare + Exchange Part 2