7 Configuring VmailMgr. 7.1 Building. Two versions of the guide – one aimed at Red Hat Linux people (since that's. 4 Setting up Qmail. Setting up Qmail is rather trivial, but here are most basic steps you need to take. 4.1 Preparing the scene. Before you do anything, you will need to remove any traces of Sendmail from. LDAP configuration on Ubuntu Linux, Redhat Linux or CentOS (EL4, EL5, EL6) or Fedora. Tutorial includes LDIF examples and configuration file examples to set-up an.

Linux Internet Web Server and Domain Configuration Tutorial HowTo Create an Apache based Linux website server Create a web server with Linux, Apache, FTP and bind DNS: This tutorial covers the Linux server configuration required to host a website. The Apache web server, FTP server and DNS configuration are covered. The Apache web server is required to serve the web pages, the FTP server is required for users to upload content and the DNS server is required to resolve the domain names so that a URL entered into a web browser will point to your web server and properly serve the correct pages. The configurations presented will include virtual hosting which will allow a single Linux server to support multiple web site domains.

Web Site Prerequisites: This tutorial assumes that a computer has Linux installed and running. See for the basics. A connection to the internet is also assumed.

A connection of 128 Mbits/sec or greater will yield the best results. ISDN, DSL, cable modem or better are all suitable. A 56k modem will work but the results will be mediocre at best. The tasks must also be performed with the root user login and password. No single distribution seems to have an advantage.

A Ubuntu, SuSe, Fedora, Red Hat or CentOS distribution will include all of the software you will need to configure a web server. If using Red Hat Enterprise Linux, both the Workstation or the Server edition will support your needs except that the Workstation edition will not include the vsFTP package. It will have to be compiled from source or use sftp. Software Prerequisites: The Apache web server (httpd), FTP (requires xinetd or inetd) and Bind (named) software packages with their dependencies are all required. One can use the rpm command to verify installation: • Fedora Core 1+, Red Hat Enterprise 4/5, CentOS 4/5: rpm -q httpd bind bind-chroot bind-utils system-config-bind xinetd vsftpd RPMs added FC2+: system-config-httpd RPMs added FC3+: httpd-suexec • Red Hat 9.0 rpm -q httpd bind xinetd vsftpd A Red Hat 8.0 wu-ftpd RPM may be installed (Newer version 2.6.2 or later with security fix wu-ftpd-2.6.2-11) or install from (rev 14). • Red Hat 8.0 rpm -q httpd bind xinetd wu-ftpd • Red Hat 7.x: rpm -q apache bind inetd wu-ftpd Use wu-ftpd version 2.6.2 or later to avoid security problems.

• SuSE 9.3: rpm -ivh apache2 apache2-prefork bind bind-chrootenv bind-utils vsftpd Note: The apache2-MPM is a generic term for Apache installation options for 'Multi-Processing Modules (MPM)s 'prefork' or 'worker'. If you try and only install apache2 you will get the following error: apache2-MPM is needed by apache2-2.0.53-9 Also see • Ubuntu (natty 11.04/14.04) / Debian: apt-get install apache2 apt-get install bind9 apt-get install vsftpd • Ubuntu (dapper 6.06/hardy 8.04) / Debian: apt-get install apache2 apache2-common apache2-mpm-prefork apache2-utils apt-get install bind9 apt-get install vsftpd One should also have a working knowledge of the Linux init process so that these services are initiated upon system boot. See the for more info. Apache HTTP Web server configuration: This tutorial is for the Apache HTTP web server (Version 1.3 and 2.0).

See the for a list of other web servers for the Hyper Text Transport Protocol. The Apache web server configuration file is: /etc/httpd/conf/httpd.conf Web pages are served from the directory as configured by the DocumentRoot directive. The default directory location is: Linux distribution Apache web server 'DocumentRoot' Red Hat 7.x-9, Fedora Core, Red Hat Enterprise 4/5/6, CentOS 4/5/6 /var/www/html/ Red Hat 6.x and older /home/httpd/html/ Suse 9.x /srv/www/htdocs/ Ubuntu (dapper 6.06) / Debian /var/www/html Ubuntu (hardy 8.04/natty 11.04/trusty 14.04) / Debian /var/www The default home page for the default configuration is index.html.

Note the pages should not be owned by user apache as this is the process owner of the httpd web server daemon. If the web server process is compromised, it should not be allowed to alter the files.

The files should of course be readable by user apache. Apache may be configured to run as a host for one web site in this fashion or it may be configured to serve for multiple domains.

Serving for multiple domains may be achieved in two ways: • Virtual hosts: One IP address but multiple domains - 'Name based' virtual hosting. • Multiple IP based virtual hosts: One IP address for each domain - 'IP based' virtual hosting. The default configuration will allow one to have multiple user accounts under one domain by using a reference to the user account: domain.com/~user1/.

If no domain is registered or configured, the IP address may also be used: XXX.XXX.XXX.XXX/~user1/. [Potential Pitfall] The default umask for directory creation is correct by default but if not use: chmod 755 /home/ user1/public_html [Potential Pitfall] When creating new ' Directory' configuration directives, I found that placing them by the existing ' Directory' directives to be a bad idea. It would not use the.htaccess file.

This was because the statement defining the use of the.htaccess file was after the ' Directory' statement. Previously in RH 6.x the files were separated and the order was defined a little different. I now place new ' Directory' statements near the end of the file just before the ' VirtualHost' statements. For users of Red Hat 7.1, the GUI configuration tool apacheconf was introduced for the crowd who like to use pretty point and click tools. DocumentRoot '/var/www/html' Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all Require all granted - This is required for Apache 2.4+ Note: The directive ' Require all granted' is new as of Apache httpd 2.4.3. Legacy behavior can be achieved with the command: sudo a2enmod access_compat Grant access to a user's web directory: public_html • Enabling Red Hat / Fedora Linux, Apache public_html user directory access: This will allow users to serve content from their home directories under the sub-directory ' /home/ userid/public_html/' by accessing the URL hostname/~userid/ File: /etc/httpd/conf/httpd.conf LoadModule userdir_module modules/mod_userdir.so.

#UserDir disable - Add comment to this line # # To enable requests to /~user/ to serve the user's public_html # directory, remove the 'UserDir disable' line above, and uncomment # the following line instead: UserDir public_html # Un-comment this line. AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Order allow,deny Allow from all Order deny,allow Deny from all Change to a comment (add '#' at beginning of line) from Fedora Core default UserDir disable and assign the directory public_html as a web server accessible directory. OR Assign a single user the specific ability to share their directory. Options Indexes Includes FollowSymLinks AllowOverride None order allow,deny allow from all Require all granted - This is required for Apache 2.4+ Allows the specific user, ' user1' only, the ability to serve the directory /home/ user1/public_html/ Also use SELinux command to set the security context: setsebool httpd_enable_homedirs true Directory permissions: The Apache web server daemon must be able to read your web pages in order to feed their contents to the network. Use an appropriate umask and file protection. Allow access to web directory: chmod ugo+rx -R public_html.

Note that the user's directory also has to have the appropriate permissions as it is the parent of public_html. Default permissions on user directory: ls -l /home drwx------ 20 user1 user1 4096 Mar 5 12:16 user1 Allow the web server access to operate the parent directory: chmod ugo+x /home/user1 d-wx--x--x 20 user1 user1 4096 Mar 5 12:16 user1 One may also use groups to control permissions. • Enabling Ubuntu's Apache public_html user directory access: Ubuntu has broken out the Apache loadable module directives into the directory /etc/apache2/mods-available/.

To enable an Apache module, generate soft links to the directory /etc/apache2/sites-enabled/ by using the commands a2enmod/ a2dismod to enable/disable Apache modules. Example: • [root@node2]# a2enmod A list of available modules is displayed. Enter 'userdir' as the module to enable. • Restart Apache with the following command: /etc/init.d/apache2 force-reload Note: This is the same as manually generating the following two soft links: • ln -s /etc/apache2/mods-available/userdir.conf /etc/apache2/mods-enabled/userdir.conf• ln -s /etc/apache2/mods-available/userdir.load /etc/apache2/mods-enabled/userdir.load Man page: [Potential Pitfall]: If the Apache web server can not access the file you will get the error '403 Forbidden' 'You don't have permission to access file-name on this server.'

Note the default permissions on a user directory when first created with 'useradd' are: drwx------ 3 userx userx You must allow the web server running as user 'apache' to access the directory if it is to display pages held there. Fix with command: chmod ugo+rx /home/userx drwxr-xr-x 3 userx userx Config File Order Of Operation: The configuration directives are assigned in the order in which they are read. This is important otherwise unexpected behavior may result. Red Hat/CentOS/Fedora/AWS configuration files are read in the following order: • /etc/httpd/conf/httpd.conf reads include files ' Include conf.modules.d/*.conf' and ' IncludeOptional conf.d/*.conf' • /etc/httpd/conf.modules/*.conf • /etc/httpd/conf.d/*.conf (typically virtual domain definitions for various web sites) The conf files are read in alphabetical order. Ubuntu/Debian configuration files are read in the following order: • /etc/apache2/apache2.conf reads include files • /etc/apache2/mods-enabled/*.load • /etc/apache2/mods-enabled/*.conf • /etc/apache2/conf-enabled/*.conf • /etc/apache2/sites-enabled/*.conf (typically virtual domain definitions for various web sites) The conf files are read in alphabetical order.

The server default for access using the IP address is typically the first domain defined in ' conf.d/*.conf' as defined by the alphabetical order. This is also the site hackers see when scanning the net via IP addresses. It is often a curse to have a domain starting with the letter 'a' as mis-configured servers will lead all hacker traffic to this site.

Thus it is good practice to to generate a default configuration for IP address access. File: /etc/httpd/conf.d/1st.conf (Ubuntu: /etc/apache2/sites-enabled/1st.conf) DirectoryIndex index.html ServerName www4.defaultdomain.com DocumentRoot /srv/www/default/html ErrorLog /var/log/httpd/1st-error.log TransferLog /var/log/httpd/1st-access.log Options FollowSymLinks AllowOverride None Options FollowSymLinks MultiViews Includes IndexOptions SuppressLastModified SuppressDescription AllowOverride All Order allow,deny allow from all Default web page: /srv/www/default/html/index.html should be a static simple page with no DB or CMS access. After all the only ones who end up here are hackers.

SELinux security contexts: Fedora Core 3 and Red Hat Enterprise Linux 4 introduced SELinux (Security Enhanced Linux) security policies and context labels. To view the security context labels applied to your web page files use the command: ls -Z The system enables/disables SELinux policies in the file /etc/selinux/config SELinux can be turned off by setting the directive SELINUX. (Then reboot the system): SELINUX=disabled or using the command setenforce 0 to temporarily disable SELinux until the next reboot. When using SELinux security features, the security context labels must be added so that Apache can read your files.

The default security context label used is inherited from the directory for newly created files. Thus a copy ( cp) must be used and not a move ( mv) when placing files in the content directory. Move does not create a new file and thus the file does not receive the directory security context label. The context labels used for the default Apache directories can be viewed with the command: ls -Z /var/www The web directories of users (i.e.

Public_html) should be set with the appropriate context label ( httpd_sys_content_t). Assign a security context for web pages: chcon -R -h -t httpd_sys_content_t /home/ user1/public_html Options: • -R: Recursive. Files and directories in current directory and all sub-directories. • -h: Affect symbolic links. • -t: Specify type of security context.

Use the following security contexts: Context Type Description httpd_sys_content_t Used for static web content. HTML web pages. Httpd_sys_script_exec_t Use for executable CGI scripts or binary executables.

Httpd_sys_script_rw_t CGI is allowed to alter/delete files of this context. Httpd_sys_script_ra_t CGI is allowed to read or append files of this context. Httpd_sys_script_ro_t CGI is allowed to read files and directories of this context. Set the following options: setsebool httpd-option true (or set to false) Policy Description httpd_enable_cgi Allow httpd cgi support. Httpd_enable_homedirs Allow httpd to read home directories. Httpd_ssi_exec Allow httpd to run SSI executables in the same domain as system CGI scripts.

Then restart Apache: • Red Hat/Fedora/Suse and all System V init script based Linux systems: /etc/init.d/httpd restart • Red Hat/Fedora: service httpd restart The default SE boolean values are specified in the file: /etc/selinux/targeted/booleans For more on SELinux see the. Virtual Hosts: The Apache web server allows one to configure a single computer to represent multiple websites as if they were on separate hosts. There are two methods available and we describe the configuration of each. Choose one method for your domain: • Name based virtual host: (most common) A single computer with a single IP address supporting multiple web domains.

The web browser using the http protocol, identifies the domain being addressed. • IP based virtual host: The virtual hosts can be configured as a single multi-homed computer with multiple IP addresses on a single network card, with each IP address representing a different web domain. This has the appearance of a web domain supported by a dedicated computer because it has a dedicated IP address. Configuring a 'name based' virtual host: A virtual host configuration allows one to host multiple web site domains on one server. (This is not required for a dedicated Linux server which hosts a single web site.) NameVirtualHost XXX.XXX.XXX.XXX ServerName www. Your-domain.com - CNAME (DNS alias www) specified in (/var/named/.) ServerAlias your-domain.com - Allows requests without the 'www' prefix.

ServerAdmin user1@ your-domain.com DocumentRoot /home/ user1/public_html ErrorLog logs/ your-domain.com-error_log TransferLog logs/ your-domain.com-access_log Notes: • You can specify more than one IP address. If web server is also being used as a firewall/gateway and you have an external internet IP address as well as a local network IP address. NameVirtualHost XXX.XXX.XXX.XXX NameVirtualHost 192.168.XXX.XXX.. • Use your IP address for XXX.XXX.XXX.XXX, actual domain name and e-mail address.

One can use DNS views to provide different local network DNS results. • The host IP address can be referenced generically to operate on all NICs:..

Note this method is preferred for NAT based hosting like Amazon Web Services (AWS) EC2. • Note that I configure Apache for both requests domain-name.com and domain-name.com. • Once virtual hosts are configured, your default system domain ( /var/www/html) will stop working. Your default domain now must be configured as a virtual domain..

This part remains the same. # Default for when no domain name is given (i.e. Access by IP address) ServerAdmin user1@ your-domain.com DocumentRoot /var/www/html ErrorLog logs/error_log TransferLog logs/access_log # Add a VirtualHost definition for your domain which was once the system default. ServerName www. Your-domain.com ServerAlias your-domain.com ServerAdmin user1@ your-domain.com DocumentRoot /var/www/html ErrorLog logs/error_log TransferLog logs/access_log.. • Forwarding to a primary URL.

It is best to avoid the appearance of duplicated web content from two URLs such as your-domain.com and your-domain.com. Supply a forwarding Apache 'Redirect'. ServerName www. Your-domain.com - Note that no aliases are listed.

# Add a VirtualHost definition to forward to your primary URL ServerName your-domain.com ServerAlias other-domain.com ServerAlias www. Other-domain.com Redirect permanent / your-domain.com.com/.. Note: • See the YoLinux.com • When specifying more domains, they may all use the same IP address or some/all may use their own unique IP address. Specify a 'NameVirtualHost' for each IP address. After the Apache configuration files have been edited, restart the httpd daemon: /etc/rc.d/init.d/httpd restart (Red Hat) or /etc/init.d/apache2 restart (Ubuntu / Debian) Apache virtual domain configuration with Ubuntu: Ubuntu separates out each virtual domain into a separate configuration file held in the directory /etc/apache2/sites-available/.

When the site domain is to become active, a soft link is created to the directory /etc/apache2/sites-enabled/. Example: /etc/apache2/sites-available/supercorp. Log file analysis using Analog: Installation: • Red Hat / Fedora: yum install analog • Ubuntu / Debian: apt-get install analog Installation packages also available from the. Configuration file: /etc/analog.cfg LOGFILE /var/log/httpd/ your-domain.com-access_log* your-domain.com UNCOMPRESS *.gz,*.Z 'gzip -cd' SUBTYPE *.gz,*.Z # OUTFILE /home/ user1/public_html/analog/Report.html # HOSTNAME ' YourDomain.com' HOSTURL your-domain.com.. FTPd and FTP user account configuration: Many FTP programs exist.

This example covers the popular (Red Hat default 9.0, Fedora Core, Suse) and (Washington University) program which comes standard with RedHat (last shipped with RedHat 8.0 but can be installed on any Linux system). (RPM: wu-ftpd) There are other FTP programs including (supports LDAP authentication, Apache like directives, full featured ftp server software),, (free BSD and optional on Suse), etc. For hostile environments set up a chrooted environment for an sftp encrypted connection and the rssh restricted shell for OpenSSH. See the YoLinux.com internet security tutorial for Also see the preferred FTPd and SELinux: To allow FTPd daemon access and FTP access to users home directories: • -P allow_ftpd_full_access=1 Other wise you will get an error in /var/log/messages: SELinux is preventing the ftp daemon from writing files outside the home directory (./public_html).

• setsebool -P ftp_home_dir 1 Follow with the command service vsftpd restart FTPd configuration tutorials: •: Configuration •: Configuration •: Links. FTP Pitfalls: If you get the following error: ftp>ls 227 Entering Passive Mode (208,188,34,109,208,89) ftp: connect: No route to host This means you have firewall issues most probably on the FTP server itself. Start by removing the firewall 'iptables' rules: iptables -F Add rules until you discover what is causing the problem. Passive mode: Passive mode can also help one past the rules: ftp>passive Passive mode on.

This toggles passive mode on and off. When on, FTP will be limited to ports specified in the vsftpd configuration file: vsftpd.conf with the parameters pasv_min_port and pasv_max_port Firewall connection tracking module: # cat /etc/sysconfig/iptables-config grep ip_nat_ftp IPTABLES_MODULES='ip_conntrack_ftp' NAT firewall modules: You can also try adding ip_nat_ftp to the list of auto-loaded modules: (This will also load the dependency: ip_conntrack_ftp.) # cat /etc/sysconfig/iptables-config grep ip_nat_ftp IPTABLES_MODULES='ip_nat_ftp' Then restart the firewall: /etc/init.d/iptables condrestart FTP will change ports during use. The ip_conntrack_ftp module will consider each connection 'RELATED'. If iptables allows RELATED and ESTABLISHED connections then FTP will work. Rule: /etc/sysconfig/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT FTP fails because it can not change to the users home directory: Error: [user1@nodex ~]$ ftp node.domain.com Connected to XXX.XXX.XXX.XXX. 530 Please login with USER and PASS. 530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type Name (XXX.XXX.XXX.XXX:user1): 331 Please specify the password. Password: 500 OOPS: cannot change directory:/home/user1 Login failed. Ftp>bye This is often a result of SELinux preventing the vsftpd process from accessing the user's home directory. As root, grant access with the following command: setsebool -P ftp_home_dir 1 Followed by: service vsftpd restart Test your vsftpd SELinux settings: getsebool -a grep ftp allow_ftpd_anon_write -->off allow_ftpd_full_access -->off allow_ftpd_use_cifs -->off allow_ftpd_use_nfs -->off allow_tftp_anon_write -->off ftp_home_dir -->on ftpd_disable_trans -->off ftpd_is_daemon -->on httpd_enable_ftp_server -->off tftpd_disable_trans -->off. FTP Linux clients: •: GUI GTK+ Multi-threaded client. File transfer directory browsing and compare.

Multiple protocols: FTP, FTPS (control connection only), HTTP, HTTPS, SSH and FSP protocols. Proxy support. Comes with Red Hat / Fedora Core. •: GUI KDE based client.simultaneous FTP sessions in separate tabs. Ability to limit upload and download speed. •: GUI KDE based client.

Connect to multiple servers, transfer files, directory browsing, file content browsing. Comes with S.U.S.e. •: ( /usr/kerberos/bin/ftp) kerberos enabled console ftp client. (RPM package FC3: krb5-workstation). Basic user security: When hosting web sites, there is no need to grant a shell account which only allows the server to have more potential security holes. Current systems can specify the user to have only FTP access with no shell by granting them the 'shell' /sbin/nologin provided with the system or the 'ftponly' shell described below. The shell can be specified in the file /etc/passwd of when creating a user with the command adduser -s /sbin/nologin user-id [Potential Pitfall]: Red Hat 7.3 server with wu-ftp server 2.6.2-5 does not support this configuration to prevent shell access.

It requires users to have a real user shell. /bin/bash It works great in older and current Red Hat versions. If it works for you, use it, as it is more secure to deny the user shell access. You can always deny telnet access. You should NOT be using this problem ridden version of ftpd.

Use the latest wu-ftpd-2.6.2-11 which supports users with shell /opt/bin/ftponly [Potential Pitfall]: Ubuntu - Setting the shell to the pre-configured shell /bin/false will NOT allow vsftp access. One must create the shell 'ftponly' as defined below to allow vsftp access with no shell. • Disable remote telnet login access allowing FTP access only: Change the shell for the user in /etc/passwd from /bin/bash to be /opt/bin/ftponly. Create file: /opt/bin/ftponly. Protection set to -rwxr-xr-x 1 root root with the command: chmod ugo+x /opt/bin/ftponly Contents of file. #!/bin/sh # # ftponly shell # trap '/bin/echo Sorry; exit 0' 1 2 3 4 5 6 7 10 15 # Admin=root@your-domain.com #System=`/bin/hostname`@`/bin/domainname` # /bin/echo /bin/echo '********************************************************************' /bin/echo ' You are NOT allowed interactive access.' /bin/echo /bin/echo ' User accounts are restricted to ftp and web access.'

/bin/echo /bin/echo ' Direct questions concerning this policy to $Admin.' /bin/echo '********************************************************************' /bin/echo # # C'ya # exit 0 The last step is to add this to the list of valid shells on the system. Add the line /opt/bin/ftponly to /etc/shells.

Sample file contents: /etc/shells /bin/bash /bin/bash1 /bin/tcsh /bin/csh /opt/bin/ftponly See. An alternative would be to assign the shell /bin/false or /sbin/nologin which became available in later releases of Red Hat, Debian and Ubuntu. In this case the shell /bin/false or /sbin/nologin would have to be added to /etc/shells to allow them to be used as a valid shell for FTP while disabling ssh or telnet access.

• For more on Linux security see the. Web Server Load Balancing: Load balancing becomes important if your traffic volume becomes too great for either your server or network connection or both.

Multiple options are available for load balancing. • DNS round-robin:, this uses DNS to point users to random server in a list of appropriate servers. This spreads the load among the servers in the list. • Use a Linux Virtual Server to Create a Load Balance Cluster. See next section below.

• Run a reverse proxy. See ('engine X'). From a single external internet network connection, route http, smtp, imap or pop3 traffic to various servers on an internal network. Results are pushed back to the nginx proxy for routing to the internet (no caching). • Run the to offload processing of dynamic content to another web server. This acts as a reverse proxy, routing external traffic to various servers on an internal network.

Using a Linux Virtual Server to Create a Load Balance Cluster: You can use a single Linux server to forward requests to a cluster of servers using iptables for IP masquerading and IPVsadm to scale your load. The load balancing server receiving and routing the requests is called the 'Linux Virtual Server' (LVS).

The LVS receives the requests which are passed to the real servers which process and reply to the request. This reply is forwarded to the client by the LVS.

This feature is available with the Linux 2.4/2.6 kernel. (If compiling kernel: Networking Options + IP: Virtual Server Configuration) Configuration: This example will load balance http traffic to three web servers and ftp traffic to a fourth server. • Enable Forwarding: (Also see ) echo '1' >/proc/sys/net/ipv4/ip_forward • Enable IP Masquerading: iptables -t nat -P POSTROUTING DROP iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE For more on IP Masquerading, iptables and subnet addresses, see the. • Enable virtual server: • Create virtual service and choose scheduler for http (80) and ftp (21): ipvsadm -A -t 66.218.88.103:80 -s wlc ipvsadm -A -t 66.218.88.103:21 -s wrr Command directives: • A: Add a virtual service defined by IP address, port number, and protocol.

• -t: Use TCP service host:port • -s: scheduler: • rr: Robin Robin: distributes jobs equally amongst the avail- able real servers. • wrr: Weighted Round Robin. • lc: Least-Connection: assigns more jobs to real servers with fewer active jobs. • wlc: (Default) Weighted Least-Connection: assigns more jobs to servers with fewer jobs and relative to the real server's weight. • lblc, lblcr, dh, sh, sed, nq.

See man page. • Configure load balancing cluser. Ipvsadm -a -t 66.218.88.103:80 -r 176.168.1.1:80 -m ipvsadm -a -t 66.218.88.103:80 -r 176.168.1.2:80 -m -w 2 ipvsadm -a -t 66.218.88.103:80 -r 176.168.1.3:80 -m ipvsadm -a -t 66.218.88.103:21 -r 176.168.1.4:21 -m Command directives: • -r: Real server. • -m: Use masquerading also known as network address translation (NAT) • -w: Weight is an integer specifying the capacity of a server relative to the others in the pool. The valid values of weight are 0 through to 65535. The default is 1.

Links: • • - Administration tool for IPv4 packet filtering and NAT • - Administer the routing table on a Linux Virtual Server. Managing Web Server Daemons: To view if these services are running, type ps -aux and look for the httpd, inetd and named services (daemons). These are background processes necessary to perform the server tasks. Root 681 0.0 0.5 2304 744? S Sep09 0:01 named nobody 28123 0.0 1.1 3036 1420? S Oct06 0:00 httpd nobody 28186 0.0 0.7 3044 896?

S Oct06 0:00 httpd root 385 0.0 0.1 1136 232? S Sep09 0:00 inetd A new installation will most likely NOT start the named background process which may be started manually after configuration. See the for more information. The inetd (or xinetd) background process is the Internet daemon which starts FTP when an ftp request is made.

On this page • • • • • • • • How To Install Qmailtoaster (CentOS 5.3) Introduction Qmailtoaster () is a project that aims to make the installation of Qmail onto RPM based systems a snap. All of the packages are distributed in source RPMs so building the packages for your particular distro and architecture is as easy as running a script or a simple command for each package. The RPMs have all of the needed and commonly asked for patches included so you can have a mail server up and running in about an hour. When it's all complete, you'll have a full Qmail mail server installation ready for just about anything.

I personally run Qmailtoaster servers for other companies and ISPs who have tens of thousands of users on their systems. The Qmailtoaster project has been around for over 6 years and has it's own wiki for user contributed information and tips, a mailing list where users and other admins can offer support or suggestions on how to fix just about any issue you may run across.

They even now have a 'Video Magazine' that is a weekly video produced to show you how to install, configure, tune, and troubleshoot your Qmailtoaster system. An ISO is available that will install CentOS and Qmailtoaster for you as well. On a VMWare system a typical install (for me and my hardware) takes about 8 minutes with the ISO. Did we forget to mention that they have VMWare images available for download as well?

You need the development libs to build the packages. Once the packages are built, you can just install the binary RPMs on the production machine. No need to install the libs on the production machine that way if you build them in a VM or another machine. In the past we were not allowed to release binary RPMs due to licensing, only source. This has changed and we will be offering a binary version download in the near future.

It takes time to scale and build binary RPMs for the 5 different distributions and 30 different versions of those same distributions. Please dont use qmail. Qmail's insane security design makes it unable to reject mail based on unknown users, without first receiving it, and then bouncing it. With the current spamfilled internet environment, this creates loads of backscatter spam with a default qmail configuration. Likely to get you into a RBL 3. Creating load and queues on your server Also, all this qmailtoaster project would not be nessasary if qmail had a proper license, which it does not.

Qmail is not free software. It is open source, but it is not free. Please support a proper mailserver project. So, please, pretty please, if you can, use a more sane MTA like Postfix, Exim or Sendmail. Thanks for your opinions, but they are wrong. Qmailtoaster will reject messages for unknown recipients without accepting them.

It has been this way for a LONG time. The old license for the software was put into place to ensure that you did not get code with sloppy patches or unknown patches applied. The author required that everyone distribute clean, pristine code as he had written it since he had his money riding on a guarantee that his code was secure. If he allowed just anyone to write code into his software and it created a security hole, he would be responsible for the reward money.

We created source RPMs that compiled Qmail from the original code and applied commonly used patches to it. DJB has since changed his license on the software, so binary packages are now allowed. 'Thanks for your opinions, but they are wrong.'

Or rather outdated, it seems:) 'Qmailtoaster will reject messages for unknown recipients without accepting them. It has been this way for a LONG time.' It is very nice to see that this has changed. You might want to correct the wikipedia-article on qmail, since it states that qmail indeed does accept messages to nonexisting users. 'The old license for the software was put into place to ensure that you did not get code with sloppy patches or unknown patches applied. The author required that everyone distribute clean, pristine code as he had written it since he had his money riding on a guarantee that his code was secure. If he allowed just anyone to write code into his software and it created a security hole, he would be responsible for the reward money.

We created source RPMs that compiled Qmail from the original code and applied commonly used patches to it. DJB has since changed his license on the software, so binary packages are now allowed.' To be honest that sounds like a lame excuse. I didnt not read the terms of his reward, but it seems lame that he should be responsible for other peoples bad code.

The GPL or BSD licences would not have made a difference IMO, so my opinion is still that the old license was lame. However, it is nice to see that the license has changed to public domain (as I read in another thread).

Package Management (RPM & YUM) Commands for RHEL and Fedora Based Linux Distributions Redhat Package Manager (RPM) • RPM is both a installation method as well as a package format. • RPM packages were original created of Red Hat Linux, but now can be used on many Linux distributions like • red Hat enterprise Linux, fedora, SUSE, Mandriva, etc. • Using RPM we can • Install new applications • Upgrade existing applications • Remove installed applications • Query packages RPM Label Pattern Bind-9.3.3-7.el5.i386. Smarthru 4 Samsung Scx 4100 Windows. rpm this examples is given by using following format (Package Name)-(Package Version)-(Package Architecture)-(Package Extension) Methods of Installation • Standalone Method • Installing from a Harddisk, CD, DVD or Pendrive • Network Installation Method • Network file service (NFS). • File transfer Protocol(FTP). Standalone Installation Installing a package [~]# rpm --force Options.