CodeCharge TAIWAN

apt-get install openssh-server

apt-get install bind

apt-get install dhcp3-server

apt-get install postfix clamav amavisd-new spamassassin spamc postfix-pcre

apt-get install libsasl2 sasl2-bin

apt-get install dovecot-pop3d dovecot-imapd

把 zone 加入 /etc/bind/named.conf.local

把 Linux 當作 dhcp router的套件

先改 /etc/default/dhcp3-server
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="eth1"

設定檔在 /etc/dhcp3/dhcpd.conf

# option definitions common to all supported networks...
option domain-name "xxx";
option domain-name-servers 168.95.192.1, 168.95.1.1;

default-lease-time 3600;
max-lease-time 72000;

然後下面
# This is a very basic subnet declaration.

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.199;
option routers 192.168.1.254;
}

完成之後 /etc/init.d/dhcp3-server restart

#postfix
main.cf
mydestination = xxx.com.tw, xxx.com.tw, localhost.xxx.com.tw, localhost
relayhost =
mynetworks = 127.0.0.0/8, 192.168.1.0/24, xxx.xxx.xxx.xxx/32
#customized
always_bcc = maillog
mailbox_size_limit = 300000000
message_size_limit = 200000000
mynetworks_style = subnet
#amavis
content_filter = smtp-amavis:[127.0.0.1]:10024

#SPAM
smtpd_client_restrictions = permit_mynetworks, reject_unknown_sender_domain, reject_rbl_client sbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client xbl.spamhaus.org, reject_rhsbl_client dsn.rfc-ignorant.org
smtpd_sender_restrictions = reject_unknown_sender_domain
#SASL
smtpd_sasl_auth_enable = yes
smtpd_delay_reject=yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_auth_destination reject
smtpd_client_restrictions = permit_sasl_authenticated
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

master.cf
smtp inet n - n - - smtpd
#amavis((-o前面要空白))
smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
下面找 pickup 加到下面(-o前面要空白)
-o content_filter=
-o receive_override_options=no_header_body_checks

-----------------------------------------------------------------------------------------------
#spamassassin
改 /etc/default/spamassassin
Spamasssassin autodetects optional components and will use them if they are present. This means that there is no need to configure dcc-client, pyzor and razor. The fine tuning of Spamassassin rules is beyond the scope of this guide. Please refer to the Spamassassin page. Edit /etc/default/spamassassin to activate the Spamassassin daemon change ENABLED=0 to:

ENABLED=1

然後 /etc/init.d/spamassassin restart
-----------------------------------------------------------------------------------------------
#amavis+anti-spam
修改(把前面註解拿掉) /etc/amavis/conf.d/15-content_filter_mode
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

修改 /etc/amavis/conf.d/20-debian_defaults
$final_spam_destiny = D_DISCARD;

然後 /etc/init.d/amavis restart
-----------------------------------------------------------------------------------------------
#dovecot
/etc/dovecot/dovecot.conf

Protocal = pop3 imap
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
disable_plaintext_auth = no

/etc/init.d/dovecot start

-----------------------------------------------------------------------------------------------
#SASL2
warning: --update given but /var/run/saslauthd does not exist
* To enable saslauthd, edit /etc/default/saslauthd and set START=yes

照做, 去編輯 /etc/default/saslauthd 然後把 START=no 改成yes

接者啟動 sasl2
/etc/init.d/saslauthd start

addgroup postfix sasl

postfix 方面的設定
/etc/postfix/sasl 底下要新增一個smtpd.conf
內容
pwcheck_method: saslauthd
mech_list:plain login

apt-get install ntop

ntop –set-admin-password

http://your.ip:3000

修改 iptable的設定, 只讓內部網路可以利用port 3000, 用網頁瀏覽器看 ntop的統計圖表

/etc/iptables -A INPUT -i eth0 -p tcp --dport 3000 -j DROP


Ubuntu 8.04 預設值 https://xxx.xxx.xxx.xxx:4413/
設定密碼
ntop --set-admin-password=password

apt-get install xinetd

nano /etc/xinetd.d/rsync


# default: off
# description: The rsync server is a good addition to am ftp server, as it \
# allows crc checksumming etc. /etc/init.d/xinetd restart

mysql-server
php5-cli
php5-mysql
php5-gd
unzip
nmap
mod-php5



openssl
libauthen-pam-perl
libio-pty-perl
libmd5-perl
libnet-ssleay-perl
webmin dpkg -i webmin_1.441_all.deb

1./etc/postfix/main.cf 2./etc/postfix/master.cf
smtp inet n - - - - smtpd 3./etc/postfix/sasl/smtpd.conf

schumi 寫:apt-get install ntop

ntop –set-admin-password

http://your.ip:3000

修改 iptable的設定, 只讓內部網路可以利用port 3000, 用網頁瀏覽器看 ntop的統計圖表

/etc/iptables -A INPUT -i eth0 -p tcp --dport 3000 -j DROP


Ubuntu 8.04 預設值 https://xxx.xxx.xxx.xxx:4413/
設定密碼
ntop --set-admin-password=password

http://wenku.baidu.com/view/eb25aa660b1 ... 7b40b.html <===NTOP安装手册

ntop -d -b -i eth0 <===更換監測網卡

http://serverfault.com/questions/18707/ ... -forwarded

修改 vi /etc/postfix/master.cf

將
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
改為
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings