Difference between revisions of "Debian Standard Packages to install afterwards"

From Edgar BV Wiki
Jump to: navigation, search
Line 16: Line 16:
 
</pre>
 
</pre>
  
Make sure it is set as a satellite host (because ziggo blocks port 25, but allows port 587 traffic) for mail.edgarbv.com. Then in the mail.edgarbv.com add the domain name to /etc/postfix/sender_whitelist and postmap sender_whitelist. /etc/postfix/main.cf should have the following line in it
+
Make sure it is set as a satellite host (because ziggo blocks port 25, but allows port 587 traffic) for mail.edgarbv.com.  
 +
 
 +
Then on the '''mail.edgarbv.com server''' add the domain name to  
 +
  /etc/postfix/sender_whitelist
 +
and  
 +
  postmap sender_whitelist
 +
  postfix reload
 +
 
 +
/etc/postfix/main.cf on the '''satellite server''' should have the following line in it
 
<pre>
 
<pre>
 
relayhost = mail.edgarbv.com:587
 
relayhost = mail.edgarbv.com:587
</pre>
 
 
  
and in /etc/postfix/main.cf
 
<pre>
 
 
inet_protocols = ipv4
 
inet_protocols = ipv4
 
</pre>
 
</pre>

Revision as of 09:15, 14 June 2019

After a standard install of debian, these packages still need installing.

apt-get install vim mc iproute hal atsar sysstat systune snmpd ncftp fail2ban nscd needrestart ntpdate ntp mlocate mutt postfix

maybe need installing

postfix openssh-server zip unzip bzip2 arj ncftp

possible to need to do

dpkg-reconfigure postfix

Make sure it is set as a satellite host (because ziggo blocks port 25, but allows port 587 traffic) for mail.edgarbv.com.

Then on the mail.edgarbv.com server add the domain name to

  /etc/postfix/sender_whitelist

and

  postmap sender_whitelist
  postfix reload

/etc/postfix/main.cf on the satellite server should have the following line in it

relayhost = mail.edgarbv.com:587

inet_protocols = ipv4

Notes: Choose between nscd or pdnsd for DNS caching. nscd can be buggy, pdnsd needs resolvconf

vim-tiny is installed by debian by default. This is horrible, and which is why we install vim first!

/etc/default/sysstat: turn ENABLED="true"

/etc/default/snmpd: get rid of 127.0.0.1 from SNMPDOPTS

vi /etc/snmp/snmpd.conf: change the community names

nscd is only usefull for servers not running bind themselves

fail2ban

vi /etc/fail2ban/jail.local

[DEFAULT]

ignoreip = 127.0.0.1/8 92.109.193.251
bantime  = 6000

[proftpd]

enabled  = true

[dovecot]

enabled = true
logpath = /var/log/auth.log

[postfix]

enabled  = true
logpath  = /var/log/mail/mail.log

maybe destemail too

NB don't edit jail.conf

might need apt-get install resolvconf but I don't like it much

obsolete

vi /etc/denyhosts.com

set PURGE_DENY = 1w and ADMIN_EMAIL = red@email.com and SMTP_FROM = Denyhosts $machinename <nobody@localhost>

Also, if a host keeps getting denied, you can stop it from going in the /etc/hosts.deny file by putting the IP address into a line in /var/lib/denyhosts/allowed-hosts