Perfect server: Debian 8 (Jessie) V1.0

botond published March 2018, 05, Thu - 03:13 time

Installing the Perfect Server: Debian 8 (Jessie)

Content

Introductory
Update Debian packages
System clock synchronization
Installing Postfix, Dovecot, MySQL, openSSL, rkhunter, binutils
Install Amavisd-new, SpamAssassin, Clamav and archive handlers
Navigation

Introductory

In this description, we will make Debian 8 Perfect Server Version 1.0. In the description, a HowtoForge we are following a recipe, omitting some of it.

I will give this server an 1.0 version number as it will be upgraded with many add-ons later so we can differentiate them more easily.

Several versions of Debian 8 have been created at source. I installed this on this server in early 2017 and have been using it ever since, it works flawlessly, so I can make an authentic statement about it. Therefore, in this description as well, I follow the path we have taken. Of course, since then, I’ve fine-tuned a lot of things on it, and added a number of extras that I’ll cover little by little in my later descriptions.

Update: 2019-03-30:
Debian 8 (Jessie) archived on March 2019, 20 nem LTS libraries so they no longer receive updates.
Therefore, it is highly recommended to install Debian 9 (Stretch) or Debian 10 (Buster) when building a new server! Instead, this description is for reference only.
A The Debian 9 (Stretch) version of the perfect server setup is available here.
A Perfect server: Debian 10 (Buster) V1.0 is here.

As we look at long material, I won't even pull it off, let's get to work!

An earlier description is required to build the server because this description is based on:
Install Debian 8 (Jessie) Minimum Server
And the virtual machine created in the description From here you can download it.
(We have already prepared some things here, we will skip them here)

Update Debian packages

As with all major work, here we start with upgrading storage and packages. First, make sure your repositories are set up properly. The etc / apt / sources.list The file must contain the jessie / updates because it contains the latest security updates, as well as contrib and the non-free components are also enabled because some packages may not be included in the main storage.

If you installed Debian 8.10 based on the previous description mentioned above, it is etc / apt / sources.list our file is almost perfect, we just need to add green parts to the existing content. Open the dwarfwith the file:

#

# deb cdrom:[Debian GNU/Linux 8.10.0 _Jessie_ - Official amd64 NETINST Binary-1 20171209-21:51]/ jessie main

#deb cdrom:[Debian GNU/Linux 8.10.0 _Jessie_ - Official amd64 NETINST Binary-1 20171209-21:51]/ jessie main

deb http://ftp.hu.debian.org/debian/ jessie main contrib non-free
deb-src http://ftp.hu.debian.org/debian/ jessie main contrib non-free

deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free

# jessie-updates, previously known as 'volatile'
deb http://ftp.hu.debian.org/debian/ jessie-updates main contrib non-free
deb-src http://ftp.hu.debian.org/debian/ jessie-updates main contrib non-free

Update: 2019-03-30:
Debian relocated Debian 2019 (Jessie) to non-LTS on March 20, 8 luggage racks to the archive of archive.debian.org, so the jessie-updates repositories can no longer be updated from regular Debian mirrors (404 errors are thrown by the package manager).
Learn how to configure the libraries here. (new window)
Once you have made the necessary changes, you can continue to upgrade using the usual commands without errors.

Then upgrade (as root) to APT package manager database, and then our packages:

apt-get update
apt-get upgrade

System clock synchronization

It is advisable to synchronize your system clock with NTP (Network Time Protocol) help. To keep your system up to date, install ntp packages:

apt-get -y install ntp ntpdate

Installation of Postfix, Dovecot, MySQL, openSSL, rkhunter, binutils

You can install the programs mentioned in the title with a single command:

apt-get -y install \
    postfix postfix-mysql postfix-doc \
    mysql-client mysql-server \
    openssl \
    getmail4 rkhunter binutils \
    dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd

For the sake of clarity, I split it into several lines, which can be copied into the terminal in the same way.

To run the command, you will see the first Postfix settings panel:

If you also want to use email management on the server, select the "Internet Site" option. But if you only want to build a development or test environment, select the "No configuration" option. Now select Internet Site.

It should be noted here that if we are compiling a server for home use and we also want to send emails about it, then we have to request a fixed (about 2-3 thousand forints per month) from our internet service provider. IP address service and then all port blocking required to operate the web server will be unblocked. In addition, a server must be directed to a FQDN domain name, from which we can send out emails. Otherwise, your sent mail will bounce back.

You will then be asked to provide the following information (I am not taking a picture of them all because of the length of the description):

System mail name: enter the full server name here. (with me: server1.linuxportal.info)
Root and postmaster recipient: leave it blank
Other destinations to accept mail for: Here you will be offered the server name and localhost. Here you can enter even the main domain name, com linuxportal.info
Force synchronous updates on mail queue: Choose no here. (Only relevant in case of system crash)
Local networks: Delete the offer and leave it blank. (Postfix default will apply)
Use procmail for local delivery: Gender
Mailbox size limit: 0 (no mailbox limit)
Local address extension character: Leave the specified "+" present.
Internet Protocols to use: Here, if both network protocols are available, select All. Otherwise ipv4.
MySQL root password
password reset

I saved the password here in the file access.txt, which I put in the / root directory of the virtual machine and attached to the machine.

The other packages are then installed and configured automatically.

If you don't already know how to use Postfix or have it set up badly, no problem, you can reconfigure it at any time with the following command:

dpkg-reconfigure postfix

Then open it SSL / TLS and submission ports in Postfix:

nano /etc/postfix/master.cf

Take out the submission and that smtps sections, and replace them with green lines to look exactly like these two sections of the file:

submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

Then restart the postfix eg service command:

service postfix restart

We want you to MySQLwe could connect not only from localhost but also from outside, so we are editing the /etc/mysql/my.cnf file and comment on the "bind-address = 127.0.0.1" line:

nano /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Restart MySQL:

service mysql restart

We can check that it is working properly:

netstat -tap | grep mysql

The output must be something like:

tcp    0    0 *:mysql    *:*    LISTEN    1760/mysqld

Install Amavisd-new, SpamAssassin, Clamav and archive handlers

Install the packages required for the programs mentioned in the apt-get command:

apt-get -y install \
    amavisd-new \
    spamassassin \
    clamav clamav-daemon clamav-docs \
    zip unzip bzip2 arj zoo nomarch lzop cabextract apt-listchanges daemon \
    libnet-ldap-perl libauthen-sasl-perl libio-string-perl \
    libio-socket-ssl-perl libnet-ident-perl libnet-dns-perl

Az ISPConfig 3's installer uses amavisd, which automatically loads the SpamAssassin filter, so we can stop SpamAssassin now:

service spamassassin stop
systemctl disable spamassassin

Related Content, Useful Links:

Title	Viewed
Make bootable flash drives with Rufus 3.3	11,761
How to Build a Bootable Drive with Rufus	8,178
How to share directories between Linux and Windows	6,048
How can we achieve…	5,828
Creating a bootable flash drive on Debian	4,760

Title	Viewed
fsck (linux command)	3
How to run sudo commands without using a password	2
What to do if our VirtualBox virtual machine does not start the installer…	2
Make bootable flash drives with Rufus 3.3	1
How to configure VirtualBox for graphical desktop operating systems	1

Label	occurrences
manual	655
help	609
installation	74
encyclopedia	74
Debian	54
configuration	54
setting	54
article	44
PHP	37
Apache	37

Linuxportal

Perfect server: Debian 8 (Jessie) V1.0

Content

Introductory

Update Debian packages

System clock synchronization

Installation of Postfix, Dovecot, MySQL, openSSL, rkhunter, binutils

Install Amavisd-new, SpamAssassin, Clamav and archive handlers

Navigation

Categories

Popular content

Today's popular content

Frequent tags

Monthly archive

Facebook