Slashdot Mirror

← Back to Stories (view on slashdot.org)

Building A Web-And Mail Server With CentOS 4.3

Posted by ryuzaki0 on from the learn-more-about-it dept.

hausmasta writes "This is a detailed description how to set up a CentOS 4.3 based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.). This tutorial is written for the 64-bit version of CentOS 4.3, but should apply to the 32-bit version with very little modifications as well."

26 comments

  1. The Perfect Setup Articles by Bios_Hakr · · Score: 3, Informative

    There seem to be "perfect setup" articles about every major Linux distro. I even used one on my own site. However, you need to be aware that these articles are written for ISP Config. In fact, they seem to be almost a viral marketing tool designed to pimp ISP Config.

    Now, there is nothing wrong with that. Just be aware that some things may not work if you do not install ISPC.

    For instance, a newbie following along may not notice that he disable the ability for his server to run php in /var/www. A newbie may also be perplexed as to why he can get to his site on http://url443/ but not on https://url./

    I've even seen examples that suggested installing compilers and tools to build modules needed by SpamAssasin. Anyone installing a compiler on a production web server should be shot.

    In short, unless you go on to install the ISPc, your site will be broken and may be vulnerable to attack.

    So, buyer (reader?) beware! You may not be getting what you want.

    --
    I'd rather you do it wrong, than for me to have to do it at all.
    1. Re:The Perfect Setup Articles by Rosco+P.+Coltrane · · Score: 1

      However, you need to be aware that these articles are written for ISP Config.

      It's clearly written in the blurb and in TFA that it's a set of instructions for ISPs, so what are you warning readers about?

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    2. Re:The Perfect Setup Articles by Anonymous Coward · · Score: 0

      Anyone installing a compiler on a production web server should be shot.

      What do you mean by this? Is this a security issue? How is not having a compiler more secure? If a cracker gets access to your machine, what prevents him from installing his own compiler?

      Or is it a "production" versus "testing" thing? I can see that, to some degree. But not to the point of not installing a compiler, or calling for violent retribution for anyone who would. ;)

    3. Re:The Perfect Setup Articles by drsmithy · · Score: 1
      I've even seen examples that suggested installing compilers and tools to build modules needed by SpamAssasin. Anyone installing a compiler on a production web server should be shot.

      I think the additional exposure this creates on modern systems is vastly overstated.

      It's not like compiling code for an x86 Linux machine is a particularly difficult thing to do.

    4. Re:The Perfect Setup Articles by DrSkwid · · Score: 1

      > Anyone installing a compiler on a production web server should be shot.

      whereas hosting your firewall, dns, database, webserver, ftp & email on the same box is just fine and dandy

      --
      There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
    5. Re:The Perfect Setup Articles by MrZaius · · Score: 1

      I think he's saying he likes to shoot Gentoo users.

    6. Re:The Perfect Setup Articles by Bios_Hakr · · Score: 1

      The theory is that you should disable root logins (over SSH at least) and only allow users to SSH in. The problem comes from users that use weak passwords and/or use their /. user/pass combo for the webserver. Eventually, a hacker will intercept the user/pass and login as that user. With compiler tools, he can begin building tools and modifying the $PATH so that those tools run vice the ones in /usr/bin.

      Now, the hacker just waits for the user to login and try to "su" or "sudo".

      After that, the hacker has full access to your box.

      Now, could he just build them on his own machine and scp them over? Probably. But, without a lot of homework, he won't know what version of said tool you have or what libraries he can link to.

      --
      I'd rather you do it wrong, than for me to have to do it at all.
  2. Give the man a clue! by RedOregon · · Score: 4, Funny

    How long will it be before our buddy in Oklahoma's inbox is flooded with this tip??

    --
    Skivvy Niner? Email me!
    HEY! Look left just ONE MORE TIME!
  3. please by Anonymous Coward · · Score: 0

    Let's get the karma whoring Tuttle website-hacking CentOS jokes out of the way right now. Mods please mod this up and all other Tuttle jokes redundant THANK YOU.

  4. Centos Mirror by zerocool^ · · Score: 4, Informative


    Obvious:

    CentOS is Red Hat Enterprise, with a :s/RedHat/CentOS/g on the code. They download the RHEL Source RPMs and compile and release it. FYI.

    Not so obvious:

    They also recompile for additional arches, most notably Alpha (I have a couple of faculty members who don't want to be rid of their Digital machines; this makes a great alternative to paying $1000+/year for a True64 license to HP who hasn't looked at the code for 4.x since they bought it).

    Get it here:

    http://www.centos.org/modules/tinycontent/index.ph p?id=13
    There are a LOT of mirrors, and being on the listserv, I see more and more being added all the time. Including lots of tier 1 mirrors at Universities, if you're on Internet2. There are also lots of local mirrors around the world, so if you're not a USAian, check for one in your locale; you may get better speeds than a general mirror.
    Best mirror? http://mirror.cs.vt.edu/ =)

    ~Will

    --
    sig?
    1. Re:Centos Mirror by CRCulver · · Score: 3, Informative

      Indeed, and since CentOS is RHEL, you can use quality RHEL docs like Wiley's Enterprise Linux 4 Bible instead of relying on the dubious tutorial here, which requires ISP Config.

    2. Re:Centos Mirror by moro_666 · · Score: 1

      but centos is still missing something from rhel right ? otherwise ... who would buy the rhel at all ? only the customers that need support from a big red hatted company really badly ?

      just want to get my facts straight here

      haven't touched redhat for 6 years now, looked at article, don't miss it 1 bit. ubuntu & freebsd are easier :D

      --

      I'd tell you the chances of this story being a dupe, but you wouldn't like it.
    3. Re:Centos Mirror by buysse · · Score: 4, Informative
      Redhat has copyright-protected, non-redistributable graphics and docs.

      Otherwise, CentOS is RHEL. People do pay Redhat to supply support -- for most corp installs, it is that important. There are a few edge cases as well -- if you're running any commercial software, like Oracle, SPSS, or SAS -- you will definitely run RHEL over CentOS, or your vendor won't even talk to you.

      For an academic install, RHEL is cheap enough that it's worth the cost ($50/year/host) to have the possibility of support. Just like it's worth the $120/year/host for basic service on Solaris 10 machines.

      --
      -30-
    4. Re:Centos Mirror by zerocool^ · · Score: 1


      Our fiberchannel SAN only has drivers for RHEL. We have tested it; the drivers are binary compatablie plug-and-go with CentOS; but, you're absolutely right, the systems attached to the SAN use RHEL because of support issues. Without RHEL, we get no support.

      ~Will

      --
      sig?
  5. Nice newbie guide I'm sure by Anonymous Coward · · Score: 1

    Personally I'd have used exim as the mail server software and vexim for account management. Dovecot supports vexim for account details, so you end up with a nice integrated setup for email. The article was missing SpamAssassin and ClamAV installation, the former via exim-sa or standalone.

    However there were a few nice things in the article that are always useful to have around for someone who might be good at Linux, but not an expert on server configuration, especially in these days of Google searches getting mostly links to crap or 'subscribe to see the answer' type sites.

  6. CentOS is Risky! by Anonymous Coward · · Score: 1, Funny

    I don't know if it's such a good idea to run CentOS. Your local city manager might call the FBI on you...

  7. This can be done in one step by 4/3PI*R^3 · · Score: 2, Interesting

    SME 7.0 is based on CentOS 4 and is a fairly turn-key installation and it has all these features already built in and it has a web based configuration interface. (http://www.contribs.org)

  8. Centos 64bit + Dovecot == BAD by the_maddman · · Score: 1

    I ran a mail server on 64bit Centos (dual Opteron 244's) and dovecot for IMAP and POP3 access. Dovecot does not seem like like Opterons, and I had ECC errors and strange hard locks of the system. Same machine with the 32bit release of Centos is rock solid.

  9. Is ISP Config a bad thing? by Kadin2048 · · Score: 2, Insightful

    I see your point after reading TFA regarding ISP Config, it definitely expects you to install it. But I have to wonder, after checking out ISP Config, if this is a bad thing. It's not as if this is a closed-source or commercial product, so I don't think that the article writer is getting any sort of kickback from recommending it or using it in his easy setup article. It's BSD licensed, actually, so (depending on your personal definition of free, etc.) it's less thorny an issue in terms of use than Linux itself in many cases.

    I guess I'm just wondering what the arguments are against using ISP Config, and why it wouldn't be a good thing to use on a production server or why people dislike it. If you're new enough that you're using a Perfect Setup article to build a server, installing a GUI utility (which is all ISPConfig is) might not be a bad idea. The only downside to it that I can see immediately is that you end up running a totally separate Apache webserver and PHP setup for it, in addition to the one you're using to actually serve web pages. This seems like it might double your security exposure, if it's not kept up to date and patched/locked-down correctly.

    It's kind of like all those "how to build a blog" articles that tell the user to install PHPMyAdmin in step 3, and then have later steps that are only explained using PHPMyAdmin, even though they could easily be done using commandline SQL commands. I think the assumption is that if you know how to use the MySQL utilities directly, then you probably are above the level of the intended audience of the howto in the first place.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  10. Support. by Kadin2048 · · Score: 1

    To a PHB, RHEL is an "enterprise OS," CentOS is a "free software project."

    That is to say, RHEL is made by a company and usually purchased with a service or support contract, comes in a bunch of grades/flavors for different applications, and comes with a lot of documentation and even has certified training courses.

    CentOS is just that -- an Operating System. They don't support it, they don't service it, and you can't send Sean From IT to them to take a few training courses on how to administer it. You can basically use all the Red Hat documentation, but of course the documentation says Red Hat and not CentOS on it, so it appears more or less "undocumented."

    Basically, CentOS is the operating system, while RHEL is one component of a "solution" sold by Red Hat. A lot of people want more than CentOS is offering, which is why Red Hat stays in business selling Free Software. On the other hand, if you're not afraid to support things yourself and don't need handholding, CentOS encompasses most of the actual software bits that you'd use on your computer. (I think CentOS doesn't include the same package manager as RHEL, but I could be wrong.)

    The key is support and branding.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  11. They can complament each other. by LWATCDR · · Score: 1

    CentOS is also great to use for some low priority edge systems and test boxes in a RHEL shop. It is free and you already know how to use it :)
    RHEL is well worth the money for an Enterprise. CentOS is well worth it to everyone else.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  12. What amazingly bad advice by greg1104 · · Score: 3, Informative

    On page 3, the system gets connected to the Internet, at which point he promptly disables the firewall and other important security features that he doesn't understand (that's warning sign #1 right there, the comments about SELinux). Then, on page 6, the system gets re-secured with this ISPConfig software, which may or may not be good.

    I hope you're feeling lucky, because I've watched my share of servers get hacked during the period between when the firewall etc. was taken down "just for a minute" and when it was turned back on again. Anyone considering following this unsafe tutorial, do yourself a favor and at least practice this much paranoia: download all the packages recommended, then disconnect your network cable during the period when you have the RedHa...er, CentOS firewall service down. Don't reconnect yourself to the network unless a) you've correctly configured the ISPConfig software, or b) you've turned the firewall back on temporarily because you need to download something else.

  13. Shell scripts? by Anonymous Coward · · Score: 0

    Couldn't he just write, say, shell scripts?

  14. CentOS is NOT RHEL. by mnmn · · Score: 1

    Theres a major difference. The name.

    On my own accord I'd always choose slackware or the debian-based distros like knoppix and ubuntu. If I need enterprise support I'll go with redhat or suse. CentOS doesnt give me the support.

    Moreover I'd only use redhat because the commercial world depends on redhat's linux than any other distro. I can install oracle, websphere, domino etc with minimal pain on redhat. Now CentOS doesnt have the name, which these apps check for. That brings down redhat to the importance of other joe-shmoe distros. Lower even, since many things about knoppix, ubuntu, slackware are superior. CentOS doesnt have the majority of the reasons the majority of the people who choose redhat use to be used.

    --
    "Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky