×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Building A Web-And Mail Server With CentOS 4.3

Hemos posted more than 8 years ago | from the learn-more-about-it dept.

26

hausmasta writes "This is a detailed description how to set up a CentOS 4.3 based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.). This tutorial is written for the 64-bit version of CentOS 4.3, but should apply to the 32-bit version with very little modifications as well."

Sorry! There are no comments related to the filter you selected.

The Perfect Setup Articles (3, Informative)

Bios_Hakr (68586) | more than 8 years ago | (#15235973)

There seem to be "perfect setup" articles about every major Linux distro. I even used one on my own site. However, you need to be aware that these articles are written for ISP Config. In fact, they seem to be almost a viral marketing tool designed to pimp ISP Config.

Now, there is nothing wrong with that. Just be aware that some things may not work if you do not install ISPC.

For instance, a newbie following along may not notice that he disable the ability for his server to run php in /var/www. A newbie may also be perplexed as to why he can get to his site on http://url443/ [url443] but not on https://url./ [url.]

I've even seen examples that suggested installing compilers and tools to build modules needed by SpamAssasin. Anyone installing a compiler on a production web server should be shot.

In short, unless you go on to install the ISPc, your site will be broken and may be vulnerable to attack.

So, buyer (reader?) beware! You may not be getting what you want.

Re:The Perfect Setup Articles (1)

Rosco P. Coltrane (209368) | more than 8 years ago | (#15235997)

However, you need to be aware that these articles are written for ISP Config.

It's clearly written in the blurb and in TFA that it's a set of instructions for ISPs, so what are you warning readers about?

Re:The Perfect Setup Articles (0)

Anonymous Coward | more than 8 years ago | (#15236214)

Anyone installing a compiler on a production web server should be shot.

What do you mean by this? Is this a security issue? How is not having a compiler more secure? If a cracker gets access to your machine, what prevents him from installing his own compiler?

Or is it a "production" versus "testing" thing? I can see that, to some degree. But not to the point of not installing a compiler, or calling for violent retribution for anyone who would. ;)

Re:The Perfect Setup Articles (1)

MrZaius (321037) | more than 8 years ago | (#15238359)

I think he's saying he likes to shoot Gentoo users.

Re:The Perfect Setup Articles (1)

Bios_Hakr (68586) | more than 8 years ago | (#15241070)

The theory is that you should disable root logins (over SSH at least) and only allow users to SSH in. The problem comes from users that use weak passwords and/or use their /. user/pass combo for the webserver. Eventually, a hacker will intercept the user/pass and login as that user. With compiler tools, he can begin building tools and modifying the $PATH so that those tools run vice the ones in /usr/bin.

Now, the hacker just waits for the user to login and try to "su" or "sudo".

After that, the hacker has full access to your box.

Now, could he just build them on his own machine and scp them over? Probably. But, without a lot of homework, he won't know what version of said tool you have or what libraries he can link to.

Shell scripts? (0)

Anonymous Coward | more than 8 years ago | (#15241465)

Couldn't he just write, say, shell scripts?

Re:The Perfect Setup Articles (1)

drsmithy (35869) | more than 8 years ago | (#15236227)

I've even seen examples that suggested installing compilers and tools to build modules needed by SpamAssasin. Anyone installing a compiler on a production web server should be shot.

I think the additional exposure this creates on modern systems is vastly overstated.

It's not like compiling code for an x86 Linux machine is a particularly difficult thing to do.

Re:The Perfect Setup Articles (1)

DrSkwid (118965) | more than 8 years ago | (#15236369)

> Anyone installing a compiler on a production web server should be shot.

whereas hosting your firewall, dns, database, webserver, ftp & email on the same box is just fine and dandy

Is ISP Config a bad thing? (2, Insightful)

Kadin2048 (468275) | more than 8 years ago | (#15237659)

I see your point after reading TFA regarding ISP Config, it definitely expects you to install it. But I have to wonder, after checking out ISP Config, if this is a bad thing. It's not as if this is a closed-source or commercial product, so I don't think that the article writer is getting any sort of kickback from recommending it or using it in his easy setup article. It's BSD licensed, actually, so (depending on your personal definition of free, etc.) it's less thorny an issue in terms of use than Linux itself in many cases.

I guess I'm just wondering what the arguments are against using ISP Config, and why it wouldn't be a good thing to use on a production server or why people dislike it. If you're new enough that you're using a Perfect Setup article to build a server, installing a GUI utility (which is all ISPConfig is) might not be a bad idea. The only downside to it that I can see immediately is that you end up running a totally separate Apache webserver and PHP setup for it, in addition to the one you're using to actually serve web pages. This seems like it might double your security exposure, if it's not kept up to date and patched/locked-down correctly.

It's kind of like all those "how to build a blog" articles that tell the user to install PHPMyAdmin in step 3, and then have later steps that are only explained using PHPMyAdmin, even though they could easily be done using commandline SQL commands. I think the assumption is that if you know how to use the MySQL utilities directly, then you probably are above the level of the intended audience of the howto in the first place.

Firstus Postus? (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15235974)

Firstus Postus?

Give the man a clue! (4, Funny)

RedOregon (161027) | more than 8 years ago | (#15235975)

How long will it be before our buddy in Oklahoma's [slashdot.org] inbox is flooded with this tip??

please (0)

Anonymous Coward | more than 8 years ago | (#15235988)

Let's get the karma whoring Tuttle website-hacking CentOS jokes out of the way right now. Mods please mod this up and all other Tuttle jokes redundant THANK YOU.

Centos Mirror (4, Informative)

zerocool^ (112121) | more than 8 years ago | (#15235998)


Obvious:

CentOS is Red Hat Enterprise, with a :s/RedHat/CentOS/g on the code. They download the RHEL Source RPMs and compile and release it. FYI.

Not so obvious:

They also recompile for additional arches, most notably Alpha (I have a couple of faculty members who don't want to be rid of their Digital machines; this makes a great alternative to paying $1000+/year for a True64 license to HP who hasn't looked at the code for 4.x since they bought it).

Get it here:

http://www.centos.org/modules/tinycontent/index.ph p?id=13 [centos.org]
There are a LOT of mirrors, and being on the listserv, I see more and more being added all the time. Including lots of tier 1 mirrors at Universities, if you're on Internet2. There are also lots of local mirrors around the world, so if you're not a USAian, check for one in your locale; you may get better speeds than a general mirror.
Best mirror? http://mirror.cs.vt.edu/ [vt.edu] =)

~Will

Re:Centos Mirror (3, Informative)

CRCulver (715279) | more than 8 years ago | (#15236018)

Indeed, and since CentOS is RHEL, you can use quality RHEL docs like Wiley's Enterprise Linux 4 Bible [amazon.com] instead of relying on the dubious tutorial here, which requires ISP Config.

Re:Centos Mirror (1)

moro_666 (414422) | more than 8 years ago | (#15236130)

but centos is still missing something from rhel right ? otherwise ... who would buy the rhel at all ? only the customers that need support from a big red hatted company really badly ?

just want to get my facts straight here

haven't touched redhat for 6 years now, looked at article, don't miss it 1 bit. ubuntu & freebsd are easier :D

Re:Centos Mirror (4, Informative)

buysse (5473) | more than 8 years ago | (#15236239)

Redhat has copyright-protected, non-redistributable graphics and docs.

Otherwise, CentOS is RHEL. People do pay Redhat to supply support -- for most corp installs, it is that important. There are a few edge cases as well -- if you're running any commercial software, like Oracle, SPSS, or SAS -- you will definitely run RHEL over CentOS, or your vendor won't even talk to you.

For an academic install, RHEL is cheap enough that it's worth the cost ($50/year/host) to have the possibility of support. Just like it's worth the $120/year/host for basic service on Solaris 10 machines.

Re:Centos Mirror (1)

zerocool^ (112121) | more than 8 years ago | (#15236396)


Our fiberchannel SAN only has drivers for RHEL. We have tested it; the drivers are binary compatablie plug-and-go with CentOS; but, you're absolutely right, the systems attached to the SAN use RHEL because of support issues. Without RHEL, we get no support.

~Will

CentOS is NOT RHEL. (1)

mnmn (145599) | more than 8 years ago | (#15242530)

Theres a major difference. The name.

On my own accord I'd always choose slackware or the debian-based distros like knoppix and ubuntu. If I need enterprise support I'll go with redhat or suse. CentOS doesnt give me the support.

Moreover I'd only use redhat because the commercial world depends on redhat's linux than any other distro. I can install oracle, websphere, domino etc with minimal pain on redhat. Now CentOS doesnt have the name, which these apps check for. That brings down redhat to the importance of other joe-shmoe distros. Lower even, since many things about knoppix, ubuntu, slackware are superior. CentOS doesnt have the majority of the reasons the majority of the people who choose redhat use to be used.

Support. (1)

Kadin2048 (468275) | more than 8 years ago | (#15237761)

To a PHB, RHEL is an "enterprise OS," CentOS is a "free software project."

That is to say, RHEL is made by a company and usually purchased with a service or support contract, comes in a bunch of grades/flavors for different applications, and comes with a lot of documentation and even has certified training courses.

CentOS is just that -- an Operating System. They don't support it, they don't service it, and you can't send Sean From IT to them to take a few training courses on how to administer it. You can basically use all the Red Hat documentation, but of course the documentation says Red Hat and not CentOS on it, so it appears more or less "undocumented."

Basically, CentOS is the operating system, while RHEL is one component of a "solution" sold by Red Hat. A lot of people want more than CentOS is offering, which is why Red Hat stays in business selling Free Software. On the other hand, if you're not afraid to support things yourself and don't need handholding, CentOS encompasses most of the actual software bits that you'd use on your computer. (I think CentOS doesn't include the same package manager as RHEL, but I could be wrong.)

The key is support and branding.

They can complament each other. (1)

LWATCDR (28044) | more than 8 years ago | (#15240515)

CentOS is also great to use for some low priority edge systems and test boxes in a RHEL shop. It is free and you already know how to use it :)
RHEL is well worth the money for an Enterprise. CentOS is well worth it to everyone else.

Nice newbie guide I'm sure (1)

Anonymous Coward | more than 8 years ago | (#15236012)

Personally I'd have used exim as the mail server software and vexim for account management. Dovecot supports vexim for account details, so you end up with a nice integrated setup for email. The article was missing SpamAssassin and ClamAV installation, the former via exim-sa or standalone.

However there were a few nice things in the article that are always useful to have around for someone who might be good at Linux, but not an expert on server configuration, especially in these days of Google searches getting mostly links to crap or 'subscribe to see the answer' type sites.

CentOS is Risky! (1, Funny)

Anonymous Coward | more than 8 years ago | (#15236029)

I don't know if it's such a good idea to run CentOS. Your local city manager might call the FBI on you...

This can be done in one step (2, Interesting)

4/3PI*R^3 (102276) | more than 8 years ago | (#15236907)

SME 7.0 is based on CentOS 4 and is a fairly turn-key installation and it has all these features already built in and it has a web based configuration interface. (http://www.contribs.org [contribs.org] )

Centos 64bit + Dovecot == BAD (1)

the_maddman (801403) | more than 8 years ago | (#15237006)

I ran a mail server on 64bit Centos (dual Opteron 244's) and dovecot for IMAP and POP3 access. Dovecot does not seem like like Opterons, and I had ECC errors and strange hard locks of the system. Same machine with the 32bit release of Centos is rock solid.

What amazingly bad advice (3, Informative)

greg1104 (461138) | more than 8 years ago | (#15240928)

On page 3, the system gets connected to the Internet, at which point he promptly disables the firewall and other important security features that he doesn't understand (that's warning sign #1 right there, the comments about SELinux). Then, on page 6, the system gets re-secured with this ISPConfig software, which may or may not be good.

I hope you're feeling lucky, because I've watched my share of servers get hacked during the period between when the firewall etc. was taken down "just for a minute" and when it was turned back on again. Anyone considering following this unsafe tutorial, do yourself a favor and at least practice this much paranoia: download all the packages recommended, then disconnect your network cable during the period when you have the RedHa...er, CentOS firewall service down. Don't reconnect yourself to the network unless a) you've correctly configured the ISPConfig software, or b) you've turned the firewall back on temporarily because you need to download something else.

Re:What amazingly bad advice (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15295025)

Absolutely bad advice. You want real advice for how to setup a mail server with a given program find a tech support forum for that software, or just be lazy and go find a developer or desing firms like http://godaddy.com/ [godaddy.com] or http://avidcastonline.com/ [avidcastonline.com] Not all geeks are Gods, but the ones that are appreciate the business and the opportunity to flaunt Knowledge, and this article ie pretty much all that it's accomplishing.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?