Difference between revisions of "Debian Wheezy"

From Hexwiki
Jump to navigation Jump to search
Line 41: Line 41:
 
# [[Mail Reputation Management]]
 
# [[Mail Reputation Management]]
  
== Wrapup ==
+
== Logs and Security ==
  
 
# [[Logging (Wheezy)]]
 
# [[Logging (Wheezy)]]

Revision as of 01:04, 10 May 2014

Can make it look more professional later.

Hardware and Hosting

  1. Choosing a Collocation or Dedicated Host
  2. Designing a Server
  3. IPMI Installation (Wheezy)

Linux Core

The following assumes you have Wheezy installed and partitioned to your specifications - either by your host or by yourself via a remote KVM as above.

  1. Network (Wheezy)
  2. OpenSSH (6.0)
  3. Packages (Wheezy)
  4. Sysctl.conf (Wheezy)
  5. Iptables (1.4)
  6. Security (Wheezy)
  7. User Management (Wheezy)

Software Stack

  1. Unbound (1.4) - While I use a DNS service for my authoritative DNS servers, having a local DNS server is extremely handy. In addition to being almost a requirement for any mailserver, it can speed up some website functions immensely.
  2. MySQL (5.5) - Getting the database going early is often a priority.
  3. Nginx (1.4) - Webserver of champions. I do have some older documentation for Apache, but at this point I cannot afford to consider switching back.
  4. PHP (5.4) - FPM and the ancient fastcgi method are covered.

Mail Setup and Stack

  1. MySQL must be setup first for the following configuration, and a working DNS resolver such as Unbound is highly recommended.
  2. Packages used: opendkim opendkim-tools spamc libmail-dkim-perl libmail-spf-perl libio-socket-inet6-perl clamav-docs clamav-freshclam clamav-daemon clamav-milter clamav dovecot-imapd dovecot-mysql postfix postfix-mysql postfix-pcre
    1. We're setting up Postfix as a site.
  3. Mail Setup (Wheezy)
  4. Mail Tables (MySQL)
  5. OpenDKIM (2.6)
  6. Mail and DNS - Once we know what our domains are and have our DKIM key (from OpenDKIM), we can configure our DNS properly.
  7. Spamassassin (3.3) - I've tried others, supposedly for the performance benefits, but honestly, with a handful of custom rules, and a solid postfix configuration, very little spam makes it through.
  8. ClamAV (0.98) - Antivirus IMO should be approached from the viewpoint that it gives a chance for you to avoid the repercussions of your mistakes. Often a small one, but if not intrusive, still better than zero.
  9. Postfix (2.9) - My preferred MTA of choice.
  10. Dovecot (2.1)
  11. Mail Reputation Management

Logs and Security

  1. Logging (Wheezy)
  2. Logcheck (Wheezy)
  3. AppArmor (Wheezy)