Mandrake 10.2 Internet Server Installation

...  when setting up a web server for Apache, PHP, PHPLIB, PHP-imlib, MySQL, Postfix, CourierIMAP, Cyrus-SASL, SquirrelMail, Amavisd-New, Spamassassin and ClamAV.

Author: Stephen Khoo

Updated: 11 March 2005

This is the first of a set of guides to help you to use a Mandrake 10.2 installation to run the services listed above. It borrows very heavily on the work of others. Most specifically from the TNMailServer "Toaster" by Jaysam Thanki and "Virtual Domains and Users w/ Postfix / Courier-IMAP / MySQL / Quota" by Mischa Peters.

However, we have adapted his work to show you how to use it with a Mandrake 10.2 RPM installation of MySQL, Apache2 and PHP, and also show you how to set up ProFtpd using MySQL authentication.

All guides rely on you having the base setup of MySQL, Apache and PHP installed. This allows us to break the remaining guides into in logical groups that can be installed as a unit.

After you are done, you'll end up with a configured system that has the following features:

  • Postfix Mail Server with SMTP-AUTH
  • MX Backup capability for customer zones
  • Spamassassin and ClamAV Mail scanning
  • POP3 Server
  • IMAP Server
  • Web mail access
  • Auto responding email accounts
  • Quota Support
  • SSL Support for all of the above protocols
  • Mailgraph stats

If you have any comments on these guides please sign up to our discussion forum and leave a note, or drop us an email. We would appreciate any feedback.

Disk Preparation

  1. We partitioned our 100GB RAID servers with /swap at 1GB, /var at 20GB and / the rest. It is always difficult to determine size of partitions at the start, but jailing the changing files such as mail and configuration databases to /var seems a good idea. We tend to alias user databases from /var/lib/mysql to home directories anyway as this keeps things nice and tidy.
  2. We use SGI's XFS format as this seems to have the best reviews for journalled file systems - maybe we are wrong - it's just what we gleaned from various posts on the net. Anyway it seems to work just fine, and if you pull the plug on the server while it is running, it seems to recover the disk very quickly just fine. It seems to be almost imperative to have some form of journaled file system with partitions of this size as otherwise they take for ever and a day to fix if you switch the server off while it is up and running. (OK that is not the thing one should do to the server anyway, but it can happen even with the best will in the world to try to prevent it.)

Mandrake Installer

Here are a few tips to make sure you don't go amiss with the installer.

  1. On installation options you don't need all the client office tools - so leave them all out. You can leave out all the web server stuff as well as you will get that yourself from the rpm website.
  2. The installer makes a muck up of which modules are installed anyway - e.g. apache-common gets installed but does not show up in the drakconf tool as a module you can uninstall.
  3. The installer will insist on installing both apache2 and apache1 as some of the dependancies for 2 seem o require 1. Just leave the apache out and get it yourself later on as otherwise you will end up with configuration files for 1 and 2 and both servers running.
  4. If you have more than one network card in your PC, be carefull over how you configure these as services can get confused as to which card they are running through and you will get lots of "Martian Source" type errors. What is happening is that one network card is set up to expect ip data for port xx while the other one actually gets the data. For our servers which just sit on the internet we simply disable the second network interface. These are really only useful for situations where you want to communicate to another set of servers in the same rack space using local internet addresses. So one NIC is used for the internet and accepts requests using real internet IPs, while the other accepts requests for local addresses such as 192.168.1.xx.
  5. Set the security to Normal, otherwise the security daemons will alter your permissions on /home behind your back which will only irritate if you really want them set in a particular way. Anyway, if you only accept shell login from certain ips, use ssh, use virtual accounts for mail and ftps you should be OK anyway.

RPM Installation Tips

You might well ask "Why install from RPMs when you can compile your own from sources?". Well, we did try compiling from sources using the toaster, but when we benchmarked the installation, we found suprisingly that the compiled version was slower than that of the RPMs, even with compiler optimisation flags, etc. and minimal modules loaded in apache. So why reinvent the wheel, when someone spends all day doing this for you?

We suggest that you subscribe to the Mandrake Club to get your updates. (A little bug we notice is that the update source at sunsite.ac.uk causes a load of errors on update. We found the one at warwick.ac.uk to be much more reliable.)

In your web browser, go to the http://www.mandrakeclub.com site and click on "downloads". do a search for "apache2" and when you get to apache2-2.0.48-5mdk.i586.html follow the link and then update your URPMI using the link you get through to on the actual download page. Run this command as root to use the Irish mirror:

urpmi.addmedia distrib_official_10.2_main ftp://ftp.club-internet.fr/pub/unix/linux/Mandrakelinux/official/10.2/x86_64/media/main

urpmi.addmedia distrib_official_10.2_contrib ftp://ftp.club-internet.fr/pub/unix/linux/Mandrakelinux/official/10.2/i586/media/contrib

u now don't need to use the Mandrake website to do your installations. Simply open drakconf (using the toolbar) and in the Software Update section do a search on "apache2", "mysql" and "php", installing the relevant rpms.

Using the Guides

For the most part, you can cut and paste everything in the yellow boxes, into a terminal window. It should work, althrough read ahead, and make sure there is no manual work required (search and replace). Bold stuff should be done as root. Regular stuff *always* as non root.

As you can see, I put all of the above into a "src" directory, in a normal user's account. I don't like building things as root, so everything (unless stated otherwise) should be built as non-root. Certain packages will not compile as root. Anything you see in this document that is bold means it has to be done as root. All stuff in italics means you can change it to your desired value.