You are on page 1of 16

Instalar Exim en CentOS

Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009
Instalar Servidor de Correo

En este tutorial instalaremos un servidor de correo basado en Exim, MySQL, Cyrus-Imapd y Horde. El sistema se capaz de dar servicio HTTP, HTTPS, SMTP, TLS, SMTP-AUTH, IMAP,y clientes POP3, adems de ser capaz de alojar y gestionar ms de un dominio en el sistema.

El cliente de webmail IMP provee un potente interfaz con libreta de direcciones, calendario, y la habilidad de resetear las contraseas, todo con un gran sistema de configuracin, y la posibilidad de modificar la aparencia de la interfaz.

Lo primero que debemos de hacer es actualizar el sistema. yum update Para instalar los paquetes y dependencias necesarias debemos usar el repo de RPMforge, para ello debemos de ejecutar el siguiente comando. rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm Lo mejor es dejar el repositorio desactivado y simplemente llamarlo cuando sea necesario. Esta operacin la realizamos para que los paquetes que existan en los repositorios originales no sean "machacados" por los de RPMforge. vi /etc/yum.d/rpmforge.repo Cambiar la linea que ponga enabled=1 por enabled=0 [...] enabled=0
Instalar Apache

Debemos de instalar Apache con todos los servicios y dependencias necesarios para entrelazar los diferentes servicios y servidores. yum install httpd php php-mysql php-xml php-imap php-mbstring php-mcrypt php-pecl-Fileinfo php-pear-DB php-pear-File php-pear-Log php-pear-Mail-Mime php-pear-Auth-SASL php-pear-Date php-pear-HTTP-Request php-pear-Mail

1 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

php-pear-Net-Sieve php-pear-Net-Socket php-pear-Net-SMTP openssl mod_ssl -y


Instalar Exim

Debemos de instalar Exim y las dependencias necesarias.


Instalar MySQL

yum install exim system-switch-mail -y

Tenemos que instalar el Motor de Base de Datos MySQL. yum install mysql mysql-server -y
Instalar Horde

Ahora instalaremos el interfaz web Horde y los mdulos necesarios. yum install horde imp-h3 ingo-h3 turba-h3 kronolith-h3 -y wget ftp://ftp.horde.org/pub/passwd/passwd-h3-3.0.1.tar.gz tar xzvf passwd-h3-3.0.1.tar.gz -C /usr/share/horde mv /usr/share/horde/passwd-h3-3.0.1 /usr/share/horde/passwd
Instalar Cyrus-Imapd

Ahora instalaremos Cyrus-Imapd y sus dependencias. yum install db4-utils cyrus-imapd cyrus-imapd-perl cyrus-imapd-utils Es preferible instalar las versiones rpm ya que contienen numerosas mejoras frente a las que se incluyen en los repositorios de CentOS o RPMforge. En nuestro caso por facilidad y sencillez hemos optado por instalar las estandard.
Instalar Pam-MySQL

rpm -Uvh http://www.topdog-software.com/oss/pam_mysql/pam_mysql-0.7RC1-1.i386.rpm

2 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009
Instalar ClamAV

yum --enablerepo=rpmforge install clamav clamav-db clamd -y

Instalar Spamassassin

yum install spamassassin -y

Configurar Apache

Ahora lo primero que debemos hacer es habilitar el VirtualHost de Apache editando su archivo de configuracin y crear el Def aultVirtualHost . vi /etc/httpd/conf/httpd.conf NameVirtualHost *:80 <VirtualHost *:80> webmaster@home.topdog-software.com </VirtualHost> Debemos de crear un VirtualHost para el Horde. <VirtualHost *:80> Servername mail.home.topdog-software.com DocumentRoot /usr/share/horde ErrorLog logs/mail-error_log CustomLog logs/mail-access_log common </VirtualHost> Debemos habilitar las opciones de seguridad de Horde que se encuentran en su archivo de configuracin. vi /etc/httpd/conf.d/horde.conf #Alias /horde /usr/share/horde <Directory /usr/share/horde> Options +FollowSymLinks php_admin_flag safe_mode off php_admin_flag magic_quotes_runtime off php_flag session.use_trans_sid off php_flag session.auto_start off php_admin_flag file_uploads on #php_admin_flag allow_url_fopen on php_value post_max_size 20M php_value upload_max_filesize 10M php_admin_value open_basedir &quot;/usr/share/horde:/usr/share/horde/config:/usr/share/pear:/tmp&quot; php_admin_flag register_globals off </Directory> <Directory /usr/share/horde/config> Order Deny,Allow Deny from all </Directory> <DirectoryMatch &quot;^/usr/share/horde/(.*/)?(config|lib|locale|po|scripts|templates)/(.*)?&quot;> Order Deny,Allow Deny from all </DirectoryMatch> Y aumentar el limite de la menoria de PHP. vi /etc/php.ini memory_limit = 64M ServerAdmin

Ahora habilitaremos el Horde para que use SSL aadiendo las siguientes lineas al Default VirtualHost

3 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

entre <VirtualHost_default_:443><VirtualHost> Servername mail.home.topdog-software.com:443 DocumentRoot /usr/share/horde


Configurar Exim

Debemos cambiar el sistema de mail de MTA a Exim, para ello lo haremos con el siguiente comando. system-switch-mail (select exim)
Antivirus / Seguridad

Debemos de configurar Exim para que revise los correos entrantes y salientes en busca de virus con ClamAV. vi /etc/exim/exim.conf
Configurar las Listas Negras

av_scanner = clamd:/var/run/clamav/clamd.sock

Se han de configurar bajo acl_check_rcpt drop message = REJECTED because $sender_host_address is in a black list spamhaus.org dnslists = zen.spamhaus.org drop message = REJECTED because $sender_host_address is in a black list at $dnslist_domainn$dnslist_text dnslists = bl.spamcop.net drop message = REJECTED because $sender_host_address is in a black list at $dnslist_domainn$dnslist_text dnslists dnsbl.sorbs.net
Anti-Spam

Si deseamos rechazar los mensajes de aquellos servidores que no tengan configurado correctamente las DNS inversas, debemos de aadir las siguientes lneas bajo acl_check_rcpt

4 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

drop message = REJECTED - We don't accept messages from hosts without reverse DNS log_message = No reverse DNS domains = ! lsearch;/etc/exim/checks_exempt_hosts !verify = reverse_host_lookup !verify = sender/callout=2m,defer_ok !condition = ${if eq{$sender_verify_failure}{}} Si deseamos rechazar los mensajes de servidores que no respondan a las peticiones de HELO/EHLO debemos de aadir las siguientes lneas. drop message = REFUSED - no HELO/EHLO greeting log_message = remote host did not present greeting condition = ${if def:sender_helo_name {false}{true}} Tambin puedes limitar la cantidad de conexiones de tu servidor aadiendo las siguentes lneas bajo acl_check_connect deny ratelimit = 250 / 15m / strict message = You can only send $sender_rate per $sender_rate_period log_message = RATE: $sender_rate/$sender_rate_period (max $sender_rate_limit) accept Detener los robots de spam que buscan en el servidor. smtp_accept_max_nonmail = 30 smtp_max_unknown_commands = 1 No avisar a los tuneles. pipelining_advertise_hosts = Habilitar las comprobaciones de Spamassassin spamd_address = /var/run/spamassassin/spamd.sock Rechazar todos los mensajes con una puntuacin de 6 (acl_check_data) accept condition = ${if >={$message_size}{100000} {1}} add_header = X-Spam-Note: SpamAssassin run bypassed due to message size warn spam = nobody/defer_ok add_header = X-Spam-Flag: YES accept condition = ${if !def:spam_score_int {1}} add_header = X-Spam-Note: SpamAssassin invocation failed warn add_header = X-Spam-Score: $spam_score ($spam_bar)n # X-Spam-Report: $spam_report drop condition = ${if >{$spam_score_int}{60} {1}} message = Your message scored $spam_score SpamAssassin point. Report follows:n $spam_report
Enrutar Correo

Habilitar el acceso a la Base de Datos MySQL

5 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

hide mysql_servers = localhost/horde/horde/hordepassword Modificar la ruta de entrega local a Cyrus verificando previamente que el usuario exista antes de entregar el correo. (exim.conf) localuser: driver = accept local_parts = ${lookup mysql {SELECT REPLACE(user_uid,'${quote_mysql:@$domain}','') as user FROM horde_users WHERE user_uid='${quote_mysql:$local_part@$domain}'}{$value}} transport = local_delivery cannot_route_message = Unknown user Crear un transporte para entregar el correo a Cyrus a travs de un socket lmpt local_delivery: cyrus
Autenticacin SMTP

driver = lmtp

socket = /var/lib/imap/socket/lmtp

batch_max = 50

user =

Aadir las siguientes lneas en la seccin de authentication en /etc/exim/exim.conf plain: driver = plaintext public_name = PLAIN server_prompts = : server_set_id = $2 server_condition = ${if saslauthd{{$2}{$3}{pop}}{1}{0}} server_advertise_condition = true login: driver = plaintext public_name = LOGIN server_prompts = &quot;Username:: : Password::&quot; server_condition = ${if saslauthd{{$1}{$2}{pop}}{1}{0}} server_set_id = $1 server_advertise_condition = true
Archivos de Ejemplo de Configuracin

Aqu encontrareis unos archivos de ejemplo de configuracin de Exim.


Configurar MySQL

Deshabilitar TCPNetworking en la seccin de MySQL. vi /etc/my.cnf skip-networking

Asignar el password de root /usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root -h your_host_name password 'new-password' -p

6 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

Configurar Horde

Editar el archivo sql y cambiar el password de MySQL para el usuario de Horde cp /usr/share/horde/scripts/sql/create.mysql.sql . vi create.mysql.sql REPLACE INTO user (host, user, password) VALUES ( 'localhost', 'horde', -- IMPORTANT: Change this password! PASSWORD('hordepassword') ); Crear el usuario de Horde en MySQL mysql -p < create.mysql.sql Crear las tablas para Turba (Libreta de Direcciones) mysql -p horde < /usr/share/horde/turba/scripts/sql/turba_objects.mysql.sql Crear las tablas para Kronolith (Calendario) mysql -p horde < /usr/share/horde/kronolith/scripts/sql/kronolith.mysql.sql Crear la configuracin base de Horde vi /usr/share/horde/config/conf.php <?php $conf['debug_level'] = E_ALL; $conf['max_exec_time'] = 0; $conf['compress_pages'] = true; $conf['umask'] = 077; $conf['use_ssl'] = 2; $conf['server']['name'] = $_SERVER['SERVER_NAME']; $conf['server']['port'] = $_SERVER['SERVER_PORT']; $conf['session']['name'] = 'Horde'; $conf['session']['use_only_cookies'] = true; $conf['session']['cache_limiter'] = 'nocache'; $conf['session']['timeout'] = 0; $conf['cookie']['domain'] = $_SERVER['SERVER_NAME']; $conf['cookie']['path'] = '/'; $conf['sql']['username'] = 'horde'; $conf['sql']['password'] = 'hordepassword'; $conf['sql']['socket'] = '/var/lib/mysql/mysql.sock'; $conf['sql']['protocol'] = 'unix'; $conf['sql']['database'] = 'horde'; $conf['sql']['charset'] = 'iso-8859-1'; $conf['sql']['phptype'] = 'mysqli'; $conf['auth']['admins'] = array('Administrator', 'andrew@home.topdog-software.com'); $conf['auth']['checkip'] = true; $conf['auth']['checkbrowser'] = true; $conf['auth']['alternate_login'] = false; $conf['auth']['redirect_on_logout'] = false; $conf['auth']['params']['driverconfig'] = 'horde'; $conf['auth']['params']['table'] = 'horde_users'; $conf['auth']['params']['username_field'] = 'user_uid'; $conf['auth']['params']['password_field'] = 'user_pass'; $conf['auth']['params']['encryption'] = 'md5-hex'; $conf['auth']['params']['show_encryption'] = false; $conf['auth']['driver'] = 'sql'; $conf['signup']['allow'] = false; $conf['log']['priority'] = PEAR_LOG_NOTICE; $conf['log']['ident'] = 'HORDE'; $conf['log']['params'] = array(); $conf['log']['name'] = '/tmp/horde.log'; $conf['log']['params']['append'] = true; $conf['log']['type'] = 'file'; $conf['log']['enabled'] = true; $conf['log_accesskeys'] = false; $conf['prefs']['params']['driverconfig'] = 'horde'; $conf['prefs']['driver'] = 'sql';

7 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

$conf['datatree']['params']['driverconfig'] = 'horde'; $conf['datatree']['driver'] = 'sql'; $conf['group']['driver'] = 'datatree'; $conf['cache']['default_lifetime'] = 1800; $conf['cache']['params']['dir'] = Horde::getTempDir(); $conf['cache']['params']['gc'] = 86400; $conf['cache']['driver'] = 'file'; $conf['token']['driver'] = 'none'; $conf['mailer']['params']['auth'] = '0'; $conf['mailer']['type'] = 'smtp'; $conf['vfs']['params']['driverconfig'] = 'horde'; $conf['vfs']['type'] = 'sql'; $conf['sessionhandler']['params']['persistent'] = false; $conf['sessionhandler']['params']['rowlocking'] = true; $conf['sessionhandler']['params']['socket'] = '/var/lib/mysql/mysql.sock'; $conf['sessionhandler']['params']['protocol'] = 'unix'; $conf['sessionhandler']['params']['hostspec'] = 'localhost'; $conf['sessionhandler']['params']['username'] = 'horde'; $conf['sessionhandler']['params']['password'] = 'hordepassword'; $conf['sessionhandler']['params']['database'] = 'horde'; $conf['sessionhandler']['type'] = 'mysql'; $conf['problems']['email'] = 'webmaster@home.topdog-software.com'; $conf['problems']['maildomain'] = 'home.topdog-software.com'; $conf['problems']['tickets'] = false; $conf['menu']['apps'] = array(); $conf['menu']['always'] = true; $conf['menu']['links']['help'] = 'authenticated'; $conf['menu']['links']['help_about'] = true; $conf['menu']['links']['options'] = 'authenticated'; $conf['menu']['links']['problem'] = 'never'; $conf['menu']['links']['login'] = 'all'; $conf['menu']['links']['logout'] = 'authenticated'; $conf['hooks']['permsdenied'] = false; $conf['hooks']['username'] = false; $conf['hooks']['preauthenticate'] = false; $conf['hooks']['postauthenticate'] = false; $conf['hooks']['authldap'] = false; $conf['portal']['fixed_blocks'] = array(); $conf['accounts']['driver'] = 'null'; $conf['imsp']['enabled'] = false; $conf['kolab']['enabled'] = false; Cambiar las preferencias de Horde para hacer que Webmail sea la aplicacin por defecto. vi /usr/share/horde/config/prefs.php Modificar $_prefs['initial_application'] para que se parezca al cdigo que sigue. $_prefs['initial_application'] = array( 'value' => 'imp', 'locked' => true, 'shared' => true, 'type' => 'select', 'desc' => sprintf(_(&quot;What application should %s display after login?&quot;), $GLOBALS['registry']->get('name')) ); Hacer que Horde trabaje desde fuera del directorio raiz del servidor web. vi /usr/share/horde/config/registry.php Modificar $thisapplications['horde'] como sigue a continuacin. $this->applications['horde'] = array( 'fileroot' => dirname(__FILE__) . '/..', 'webroot' => '', 'initial_page' => 'login.php', 'name' => _(&quot;Horde&quot;), 'status' => 'active', 'templates' => dirname(__FILE__) . '/../templates', 'provides' => 'horde' );
Configuracin IMP

8 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

Crear la configuracin base de IMP. vi /usr/share/horde/imp/config/conf.php <?php $conf['utils']['spellchecker'] = '/usr/bin/aspell'; $conf['utils']['gnupg'] = '/usr/bin/gpg'; $conf['utils']['gnupg_keyserver'] = array('pgp.mit.edu'); $conf['utils']['gnupg_timeout'] = '10'; $conf['utils']['openssl_cafile'] = '/etc/pki/tls/certs'; $conf['utils']['openssl_binary'] = '/usr/bin/openssl'; $conf['menu']['apps'] = array('ingo', 'kronolith', 'passwd', 'turba'); $conf['user']['select_sentmail_folder'] = false; $conf['user']['allow_resume_all_in_drafts'] = true; $conf['user']['allow_folders'] = true; $conf['user']['allow_resume_all'] = false; $conf['user']['allow_view_source'] = true; $conf['user']['alternate_login'] = false; $conf['user']['redirect_on_logout'] = false; $conf['server']['change_server'] = false; $conf['server']['change_port'] = false; $conf['server']['change_protocol'] = false; $conf['server']['change_smtphost'] = false; $conf['server']['change_smtpport'] = false; $conf['server']['server_list'] = 'none'; $conf['server']['sort_limit'] = '0'; $conf['server']['cache_folders'] = false; $conf['server']['cache_msgbody'] = true; $conf['mailbox']['show_attachments'] = false; $conf['mailbox']['show_preview'] = false; $conf['mailbox']['show_xpriority'] = false; $conf['fetchmail']['show_account_colors'] = false; $conf['fetchmail']['size_limit'] = '4000000'; $conf['msgsettings']['filtering']['words'] = './config/filter.txt'; $conf['msgsettings']['filtering']['replacement'] = '****'; $conf['spam']['reporting'] = false; $conf['notspam']['reporting'] = false; $conf['msg']['prepend_header'] = true; $conf['msg']['append_trailer'] = true; $conf['compose']['allow_cc'] = true; $conf['compose']['allow_bcc'] = true; $conf['compose']['allow_receipts'] = true; $conf['compose']['special_characters'] = true; $conf['compose']['use_vfs'] = false; $conf['compose']['link_attachments'] = false; $conf['compose']['add_maildomain_to_unexpandable'] = false; $conf['compose']['attach_size_limit'] = '0'; $conf['compose']['attach_count_limit'] = '0'; $conf['hooks']['vinfo'] = false; $conf['hooks']['signature'] = false; $conf['hooks']['trailer'] = false; $conf['hooks']['fetchmail_filter'] = false; $conf['hooks']['mbox_redirect'] = false; $conf['hooks']['mbox_icon'] = false; $conf['hooks']['spam_bounce'] = false; $conf['maillog']['use_maillog'] = true; $conf['tasklist']['use_tasklist'] = true; $conf['notepad']['use_notepad'] = true; Crear la configuracin de servidores IMP. Eliminar el resto. vi /usr/share/horde/imp/config/servers.php <?php $servers['cyrus'] = array( 'name' => 'localserver', 'server' => 'localhost', 'hordeauth' => 'full', 'protocol' => 'imap/notls', 'port' => 143, 'maildomain' => '', 'smtphost' => 'localhost', 'smtpport' => 25, 'realm' => '', 'preferred' => '', 'admin' => array( 'params' => array( 'login' => 'cyrus', 'password' => '', 'userhierarchy' => 'user.', 'protocol' => 'imap/notls', 'hostspec' => 'localhost', 'port' => 143 ) ), 'quota' => array( 'driver' => 'cyrus', 'params' => array(), ), 'acl' => array( 'driver' => 'rfc2086', ), ); Evitar que la ventana de composicin aparezaca como una ventana emergente

9 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

vi /usr/share/horde/imp/config/prefs.php Cambiar la variable $_prefs['compose_window'] para que quede como sigue. $_prefs['compose_popup'] = array( 'value' => 0, 'locked' => true, 'shared' => true, 'type' => 'checkbox', 'desc' => _(&quot;Compose messages in a separate window?&quot;));
Configurar Kronolith

Crear el archivo de configuracin base de Kronolith vi /usr/share/horde/kronolith/config/conf.php <?php $conf['calendar']['params']['table'] = 'kronolith_events'; $conf['calendar']['params']['driverconfig'] = 'horde'; $conf['calendar']['driver'] = 'sql'; $conf['storage']['params']['table'] = 'kronolith_storage'; $conf['storage']['params']['driverconfig'] = 'horde'; $conf['storage']['driver'] = 'sql'; $conf['metadata']['keywords'] = false; $conf['reminder']['server_name'] = 'home.topdog-software.com'; $conf['reminder']['from_addr'] = 'postmaster@home.topdog-software.com'; $conf['autoshare']['shareperms'] = 'none'; $conf['menu']['print'] = true; $conf['menu']['import_export'] = true; $conf['menu']['apps'] = array('imp', 'ingo', 'kronolith', 'turba');
Configuracin de Turba

Configurar la configuracin base de Turba. vi /usr/share/horde/turba/config/conf.php <?php $conf['menu']['apps'] = array('imp', 'kronolith', 'turba'); $conf['storage']['driver'] = 'prefs'; $conf['storage']['maxblacklist'] = 0; $conf['storage']['maxwhitelist'] = 0; $conf['rules']['userheader'] = true; $conf['rules']['usefolderapi'] = true;
Configurar Ingo

Configurar la configuracin base de Ingo. vi /usr/share/horde/ingo/config/conf.php <?php $conf['menu']['apps'] = array('imp', 'kronolith', 'turba'); $conf['storage']['driver'] = 'prefs'; $conf['storage']['maxblacklist'] = 0; $conf['storage']['maxwhitelist'] = 0; $conf['rules']['userheader'] = true;

10 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

$conf['rules']['usefolderapi'] = true Configurar el Backend de Ingo para usar timsieved. Eliminar el resto de Backends vi /usr/share/horde/ingo/config/backends.php <?php $backends['sieve'] = array( 'driver' => 'timsieved', 'preferred' => 'localhost', 'hordeauth' => 'full', 'params' => array( 'hostspec' => 'localhost', 'logintype' => 'PLAIN', 'usetls' => true, 'port' => 2000, 'scriptname' => 'ingo', ), 'script' => 'sieve', 'scriptparams' => array() );
Configurar Passwd

Configurar la configuracin base de Passwd vi /usr/share/horde/passwd/config/conf.php <?php $conf['menu']['apps'] = array('imp', 'ingo', 'kronolith', 'turba'); $conf['backend']['backend_list'] = 'hidden'; $conf['user']['change'] = true; $conf['user']['refused'] = array('root', 'bin', 'daemon', 'adm', 'lp', 'shutdown', 'halt', 'uucp', 'ftp', 'anonymous', 'nobody', 'httpd', 'operator', 'guest', 'diginext', 'bind', 'cyrus', 'courier', 'games', 'kmem', 'mailnull', 'man', 'mysql', 'news', 'postfix', 'sshd', 'tty', 'www'); $conf['password']['strengthtests'] = false; $conf['hooks']['full_name'] = true; $conf['hooks']['default_username'] = false; $conf['hooks']['username'] = false; $conf['hooks']['userdn'] = false; Configurar el Backend de Passwd para usar la base de datos MySQL de Horde. Eliminar el resto. vi /usr/share/horde/passwd/config/backends.php <?php $backends['hordesql'] = array ( 'name' => 'Horde Authentication', 'preferred' => '', 'password policy' => array( 'minLength' => 5, 'maxLength' => 8, 'maxSpace' => 0, 'minUpper' => 1, 'minLower' => 1, 'minNumeric' => 1, 'minSymbols' => 1 ), 'driver' => 'sql', 'params' => array_merge($conf['sql'], array('table' => 'horde_users', 'user_col' => 'user_uid', 'pass_col' => 'user_pass', 'show_encryption' => false)), ); chown apache:root -R /usr/share/horde/config chown apache:root -R /usr/share/horde/*/config chmod -R go-rwx /usr/share/horde/config chmod -R go-rwx /usr/share/horde/*/config chown -R root:root /usr/share/horde/scripts chown -R root:root /usr/share/horde/*/scripts chmod -R go-rwx /usr/share/horde/scripts chmod -R go-rwx /usr/share/horde/*/scripts chmod a-rwx /usr/share/horde/test.php chmod a-rwx /usr/share/horde/*/test.php find /usr/share/horde/ -iname readme -exec rm -f {} ; find /usr/share/horde/ -iname todo -exec rm -vf {} ; find /usr/share/horde/ -iname license -exec rm -vf
Asegurar la instalacin de Horde

11 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

{} ; find /usr/share/horde/ -iname copying -exec rm -vf {} ; find /usr/share/horde/ -iname docs -exec rm -vrf {} ;
Configurar Cyrus-imapd

El sistema de cyrus-imapd viene con el VirtualHosting activado, scripts, quota fijada a 10MB, auto creacin y auto suscripcin de los buzones con las carpetas, etc.

Crear el archivo e configuracin. vi /etc/imapd.conf Crear la configuracin con el siguiente contenido. configdirectory: /var/lib/imap servername: TDS-IMAP/POP3 partition-default: /var/spool/imap virtdomains: on defaultdomain: localhost.localdomain admins: andrew@home.topdog-software.com postmaster: support@home.topdog-software.com quotawarn: 85 lmtp_over_quota_perm_failure: 1 lmtp_strict_quota: 1 autocreatequota: 10240 createonpost: 1 autocreateinboxfolders: sent-mail|drafts|spam|trash autosubscribeinboxfolders: sent-mail|drafts|spam|trash autocreate_sieve_script: /etc/default_sieve autocreate_sieve_compiledscript: /etc/default_sieve_script.bc sievedir: /var/lib/imap/sieve md5_dir: /var/lib/imap/md5 #sievenotifier: sms #sendsms: /usr/bin/mysmsprog sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN allowplainwithouttls: 0 tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt loglevel: info Crear el archivo. vi /etc/cyrus.conf Crear el siguiente cdigo. START { # do not delete this entry! recover cmd=&quot;ctl_cyrusdb -r&quot; # this is only necessary if using idled for IMAP IDLE idled cmd=&quot;idled&quot; # replication # syncclient cmd=&quot;/usr/lib/cyrus-imapd/sync_client -r&quot; } # UNIX sockets start with a slash and are put into /var/lib/imap/sockets SERVICES { # add or remove based on preferences imap cmd=&quot;imapd&quot; listen=&quot;imap&quot; prefork=1 proto=tcp maxchild=100 maxfds=1000 provide_uuid=1 # imaps cmd=&quot;imapd -s&quot; listen=&quot;imaps&quot; prefork=1 pop3 cmd=&quot;pop3d&quot; listen=&quot;pop3&quot; prefork=1 proto=tcp maxchild=100 maxfds=1000 provide_uuid=1 #

12 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

pop3s cmd=&quot;pop3d -s&quot; listen=&quot;pop3s&quot; prefork=1 sieve cmd=&quot;timsieved&quot; listen=&quot;localhost:sieve&quot; prefork=0 proto=tcp maxfds=1000 provide_uuid=1 # these are only necessary if receiving/exporting usenet via NNTP # nntp cmd=&quot;nntpd&quot; listen=&quot;nntp&quot; prefork=3 # nntps cmd=&quot;nntpd -s&quot; listen=&quot;nntps&quot; prefork=1 #fud # fud cmd=&quot;fud&quot; listen=&quot;fud&quot; prefork=1 proto=&quot;udp&quot; # at least one LMTP is required for delivery # lmtp cmd=&quot;lmtpd&quot; listen=&quot;lmtp&quot; prefork=0 lmtpunix cmd=&quot;lmtpd&quot; listen=&quot;/var/lib/imap/socket/lmtp&quot; prefork=1 maxfds=1000 provide_uuid=1 # this is only necessary if using notifications notify cmd=&quot;notifyd&quot; listen=&quot;/var/lib/imap/socket/notify&quot; proto=&quot;udp&quot; prefork=1 # replication } EVENTS { # this is required checkpoint cmd=&quot;ctl_cyrusdb -c&quot; period=30 maxfds=1000 # this is only necessary if using duplicate delivery suppression, # Sieve or NNTP delprune cmd=&quot;cyr_expire -E 3&quot; at=0400 # this is only necessary if caching TLS sessions #tlsprune cmd=&quot;tls_prune&quot; at=0400 squat cmd=&quot;squatter&quot; period=30 }
Configurar Pam-mysql

Pam-mysql ser usado para autenticar los servicios de Cyrus-imapd con la base de datos de MySQL.

Habilitar la configuracin de los servicios realizando los siguientes cambios. vi /etc/pam.d/imap auth optional pam_mysql.so user=horde passwd=hordepassword =/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3 account required pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3 vi /etc/pam.d/pop auth optional pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3 account required pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3 vi /etc/pam.d/sieve auth optional pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3 account required pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3 vi /etc/pam.d/lmtp auth optional pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3 account required pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users

13 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

usercolumn=user_uid passwdcolumn=user_pass crypt=3 vi /etc/pam.d/csync auth optional pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3 account required pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3
Configurar Saslauthd

Editar y modificar el siguiente archivo como sigue vi /etc/sysconfig/saslauthd SOCKETDIR=/var/run/saslauthd # Mechanism to use when checking passwords. Run &quot;saslauthd -v&quot; to get a list # of which mechanism your installation was compiled to use. MECH=pam # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. FLAGS=&quot;-r -n 0 -c&quot;
Configurar ClamAV

Aadir el usuario de ClamAV al grupo de Exim usermod -G exim clamav Cambiar la localizacin del socket y deshabilitar el TCP vi /etc/clamd.conf LocalSocket /var/run/clamav/clamd.socket #TCPSocket 3310 #TCPAddr 127.0.0.1 Instalar las firmas de seguridad wget http://www.sanesecurity.co.uk/clamav/update_sanesecurity.txt -O /usr/local/bin/update_sanesecurity.sh chmod +x /usr/local/bin/update_sanesecurity.sh ln -s /usr/local/bin/update_sanesecurity.sh /etc/cron.hourly/ /usr/local/bin/update_sanesecurity.sh Habilitar el mdulo local selinux para ClamAV. Crear el archivo clamdlocal.te y aadir el siguiente cdigo. module clamdlocal 1.0; require { type proc_t; type var_t; type sysctl_kernel_t; type var_spool_t; type clamd_t; class dir { write search read remove_name add_name }; class file { write getattr read lock create unlink }; } #============= clamd_t ============== allow

14 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

clamd_t proc_t:file { read getattr }; allow clamd_t sysctl_kernel_t:dir search; allow clamd_t sysctl_kernel_t:file read; allow clamd_t var_spool_t:dir read; allow clamd_t var_spool_t:file { read getattr }; allow clamd_t var_t:dir { write read add_name remove_name }; allow clamd_t var_t:file { write getattr read lock create unlink }; Compilar y cargar el mdulo. checkmodule -M -m -o clamdlocal.mod clamdlocal.te semodule_package -o clamdlocal.pp -m clamdlocal.mod semodule -i clamdlocal.pp
Configurar Spamassassin

Modificar como sigue las opciones de inicio vi /etc/sysconfig/spamassassin SPAMDOPTIONS=&quot; -l -d -c -m5 -H -m 10 --socketpath=/var/run/spamassassin/spamd.sock --socketowner=exim&quot; Habilitar el mdulo local spamd para spamassassin, crear el archivo spamdlocal.te y aadir lo siguiente. module spamdlocal 1.0; require { type spamd_t; type spamd_var_run_t; class capability { fowner chown kill }; class sock_file { write create unlink getattr setattr }; } #============= spamd_t ============== allow spamd_t self:capability { fowner chown kill }; allow spamd_t spamd_var_run_t:sock_file { write create unlink getattr setattr }; Compilar e instalar el mdulo. checkmodule -M -m -o spamdlocal.mod spamdlocal.te semodule_package -o spamdlocal.pp -m spamdlocal.mod semodule -i spamdlocal.pp
Toques Finales

Deshabilitar los servicios innecesarios usando este script.Habilitar los servicios chkconfig --level 234 exim on chkconfig --level 234 mysqld on chkconfig --level 234 spamassassin on chkconfig --level 234 clamd on chkconfig --level 234 httpd on chkconfig --level 234 saslauthd on chkconfig --level 234 cyrus-imapd on service mysqld restart service saslauthd restart service spamassassin restart service clamd restart service exim restart service cyrus-imapd restart service httpd restart

15 / 16

Instalar Exim en CentOS


Escrito por F. Javier Lancharro Ramiro Jueves 02 de Abril de 2009 06:09 - Revisada Mircoles 01 de Abril de 2009

Para crear el usuario Admin crear el archivo admin.sql y aadir el siguiente contenido. USE horde; REPLACE INTO horde_users (user_uid,user_pass) VALUES ( 'andrew@home.topdog-software.com', -- Change this md5('verystrongpassword') ); Modificar el password para que cumpla sus necesidades.Aadir el usuario a la base de datos. mysql -p horde < admin.sql Para el cortafuegos. Aadir las siguientes reglas. vi /etc/sysconfig/iptables *raw :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT *filter :FORWARD DROP [0:0] :INPUT DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m multiport -j ACCEPT --dports 80,443,25,110,143 -A INPUT -p icmp -m icmp -m limit --icmp-type 8 --limit 5/min -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -s 192.168.1.4 -j ACCEPT COMMIT
Referencias

http://www.horde.org http://wiki.horde.org/CentOS5InstallationNotes http://sanesecurity.co.uk/clamav/ http://www.exim.org/ http://cyrusimap.web.cmu.edu/imapd/install.html http://pam-mysql.sourceforge.net/ http://dev.mysql.com/

16 / 16