This tutorial has been tested and is working on Debian etch and lenny

1. Install the PowerDNS server and MySql backend using apt

apt-get install pdns-server pdns-backend-mysql


2. Create a new database (or use existing) and execute the following SQL queries to create the PowerDNS table structure:

create table domains (
id INT auto_increment,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
primary key (id)
)type=InnoDB;
 
CREATE UNIQUE INDEX name_index ON domains(name);
 
CREATE TABLE records (
id INT auto_increment,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(6) DEFAULT NULL,
content VARCHAR(255) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
primary key(id)
)type=InnoDB;
 
CREATE INDEX rec_name_index ON records(name);
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
 
create table supermasters (
ip VARCHAR(25) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) DEFAULT NULL
);


3. Configure PowerDNS to use the MySql backend by adding this line into the configuration file (pico /etc/powerdns/pdns.conf)

launch=gmysql


4. Configure MySql login information for the PowerDNS server that can read from the tables you created earlier by adding lines similar to these (pico /etc/powerdns/pdns.d/pdns.local)

gmysql-host=127.0.0.1
gmysql-user=pdns
gmysql-password=password
gmysql-dbname=pdns


Replace the username, password and dbname with a valid login information and database name.

5. Restart PowerDNS

/etc/init.d/pdns restart


Now you should have a fully functional PowerDNS server installed. To manage the database (adding zones and records), consider using the Poweradmin web-based administration tool.

1. Install Apache2 and PHP5 (as an Apache module)

apt-get install apache2 php5 libapache2-mod-php5 php5-mysql


2. Install MySql server

apt-get install mysql-server


3. At this point you may need to restart Apache

/etc/init.d/apache2 restart


3. Create a test php file

echo "<?php phpinfo(); ?>" > /var/www/info.php


The default document root for Debian is in /var/www so you can access the test file on this location: http://yourserver/info.php

3. Install phpMyAdmin (optional but preferred by most developers and administrators)

apt-get install phpmyadmin


By default, phpmyadmin will be accessible on: http://yourserver/phpmyadmin

1. Install Apache2, MySql server and PHP5 with required modules. You may already have some or all of these packages installed.

apt-get install apache2 php5-cli php5 mysql-server libdbd-mysql-perl php5-gd php5-mysql libapache2-mod-php5


2. Download the latest version of MailWatch

wget http://downloads.sourceforge.net/project/mailwatch/mailwatch/1.0.5/mailwatch-1.0.5.tar.gz


At the time this tutorial was written, version 1.0.5 was the latest version. Check this location for latest version: http://sourceforge.net/projects/mailwatch/files/

3. Extract and enter the mailwatch directory

tar zxvf mailwatch-1.0.5.tar.gz
cd mailwatch-1.0.5


4. Create the database and tables

mysql -p < create.sql


5. Create a MySql user used for MailScanner logging (mysql -u root -p)

GRANT ALL ON mailscanner.* TO '{username}'@'localhost' IDENTIFIED BY '{password}';
FLUSH PRIVILEGES;


Replace {username} and {password} with a username and password of choice.

6. Configure the MailScanner logger (pico MailWatch.pm)

my($db_user) = '{username}';
my($db_pass) = '{password}';


On line 43 and 44, input your MySql user created in step 5

7. Move the MailScanner logger to correct directory

mv MailWatch.pm /usr/share/MailScanner/MailScanner/CustomFunctions/


8. Edit Mail Scanner config to enable MailWatch logger (pico /etc/MailScanner/MailScanner.conf)

Always Looked Up Last = &MailWatchLogging


9. Create a MailWatch web admin user (mysql -u root -p)

USE mailscanner;
INSERT INTO users VALUES ('{username}',md5('{password}'),'Administrator name','A','0','0','0','0','0');


Replace {username} and {password} with a username and password used to enter the web interface.

10. Move the web interface to the web server's root

mv mailscanner /var/www/mailwatch


11. Make the temp and cache directories writeable

chmod 777 /var/www/mailwatch/temp
chmod 777 /var/www/mailwatch/images/cache


12. Copy the example config file

mv /var/www/mailwatch/conf.php.example /var/www/mailwatch/conf.php


13. Configure the web interface (pico /var/www/mailwatch/conf.php)

define('DB_USER', '{username}');
define('DB_PASS', '{password}');
define('MAILWATCH_HOME', '/var/www/mailscanner');


Type the MySql username and password created in step 5

14. Install PEAR PHP framework

apt-get install php-pear


15. Install required PEAR packages

pear install DB
pear install DB_Pager
pear install Mail_mimeDecode


16. On line 37, add /usr/share/php to the mailwatch include path (pico /var/www/mailwatch/functions.php)

ini_set('include_path','.:'.MAILWATCH_HOME.'/pear:'.MAILWATCH_HOME.'/fpdf:'.MAILWATCH_HOME.'/xmlrpc:/usr/share/php');


17. Restart Apache and MailScanner

/etc/init.d/apache2 restart
/etc/init.d/mailscanner restart


18. You're all set. Enter the web interface at this location http://yourserver/mailwatch

1. Install MySqlTuner

apt-get install mysqltuner


2. Run MySqlTuner

mysqltuner


Input your MySql administrative login and password

Please enter your MySQL administrative login:
Please enter your MySQL administrative password:


Here are sample results:

-------- General Statistics --------------------------------------------------
[!!] There is a new version of MySQLTuner available
[OK] Currently running supported MySQL version 5.0.51a-24+lenny2-log
[OK] Operating on 32-bit architecture with less than 2GB RAM
 
-------- Storage Engine Statistics -------------------------------------------
[--] Status: +Archive -BDB -Federated +InnoDB -ISAM -NDBCluster
[--] Data in MyISAM tables: 98M (Tables: 81)
[!!] InnoDB is enabled but isn't being used
 
-------- Performance Metrics -------------------------------------------------
[--] Up for: 56d 10h 58m 7s (137M q [28.243 qps], 3M conn, TX: 2B, RX: 1B)
[--] Reads / Writes: 90% / 10%
[--] Total buffers: 2.6M per thread and 106.0M global
[OK] Maximum possible memory usage: 368.5M (18% of installed RAM)
[OK] Slow queries: 0% (75K/137M)
[!!] Highest connection usage: 100% (101/100)
[OK] Key buffer size / total MyISAM indexes: 64.0M/79.3M
[OK] Key buffer hit rate: 100.0%
[OK] Query cache efficiency: 78.4%
[!!] Query cache prunes per day: 269788
[OK] Sorts requiring temporary tables: 0%
[!!] Temporary tables created on disk: 99%
[OK] Thread cache hit rate: 99%
[!!] Table cache hit rate: 1%
[OK] Open file limit used: 27%
[OK] Table locks acquired immediately: 99%
 
-------- Recommendations -----------------------------------------------------
General recommendations:
Add skip-innodb to MySQL configuration to disable InnoDB
Reduce or eliminate persistent connections to reduce connection usage
When making adjustments, make tmp_table_size/max_heap_table_size equal
Reduce your SELECT DISTINCT queries without LIMIT clauses
Increase table_cache gradually to avoid file descriptor limits
Variables to adjust:
max_connections (> 100)
wait_timeout (< 28800)
interactive_timeout (< 28800)
query_cache_size (> 16M)
tmp_table_size (> 32M)
max_heap_table_size (> 16M)
table_cache (> 200)


3. Adjust your MySql config file (/etc/mysql/my.cnf) according to the recommendations. Don't increase or decrease the values too much because it may have negative impact on the server. If this is a production server, just make minor changes each time and test again a few hours/days later and adjust the values again if needed. It may take a few days to figure out the best values for your server.

4. Restart MySql after you have made changes to the config file

/etc/init.d/mysql restart


The install script handles the installation and configuration of the required services. I recommend starting with a clean Debian system to avoid conflicts.

1. Download required EHCP files

wget http://www.ehcp.net/download


2. Uncompress the files

tar zxvf ehcp_latest.tgz


3. Move into the install directory and run the install script

cd ehcp
./install.sh


Read the instructions carefully, your server will send statistical information to the EHCP developers. If you choose to move on, the install script will install all required packages including Apache, MySql and Postfix. You will need to provide some information to configure the services and set the admin passwords.

4. When the installer is finished, enter the control panel using: http://yourserver.

It's assumed that you have already installed and configured Postfix according to this tutorial: Installing Postfix with MySql backend and SASL for SMTP authentication

1. Install required packages

apt-get install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl


2. Make Courier use MySql backend (pico /etc/courier/authdaemonrc)

authmodulelist="authmysql"


3. Configure the MySql connector (pico /etc/courier/authmysqlrc)

MYSQL_SERVER 127.0.0.1
MYSQL_USERNAME {username}
MYSQL_PASSWORD {password}
MYSQL_PORT 0
MYSQL_DATABASE {database}
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
MYSQL_QUOTA_FIELD quota


{database} = MySql database name
MySql username
MySql password

4. Restart Courier daemons

/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop restart
/etc/init.d/courier-pop-ssl restart


Install and configure Postfix

1. Install Postfix and SASL

apt-get install postfix postfix-mysql libsasl2-modules-sql sasl2-bin libsasl2-2 postfix-tls libpam-mysql
> Internet Site
> host.domain.com


2. Create database and tables (mysql -u root -p)

# Create the database
CREATE DATABASE mail;
 
# Create user and allow him to read from the mail database
GRANT SELECT ON mail.* TO '{username}'@'localhost' IDENTIFIED BY '{password}';
FLUSH PRIVILEGES;
 
# Select the mail database
USE mail;
 
# Create table containing domains handled by this mail server
CREATE TABLE domains (
domain varchar(255) NOT NULL,
PRIMARY KEY (domain)
) TYPE=MyISAM;
 
# Create table for e-mail address forwardings
CREATE TABLE forwardings (
source varchar(255) NOT NULL,
destination varchar(255) NOT NULL,
PRIMARY KEY (source)
) TYPE=MyISAM;
 
# Create table for e-mail accounts / users
CREATE TABLE users (
email varchar(255) NOT NULL,
password varchar(255) NOT NULL,
quota int(10) DEFAULT '104857600',
PRIMARY KEY (email)
) TYPE=MyISAM;
 
# Create table for transports
CREATE TABLE transport (
domain varchar(255) NOT NULL,
transport varchar(255) NOT NULL,
UNIQUE KEY domain (domain)
) TYPE=MyISAM;


{username} = A new MySql user used by Postfix to access the MySql data
{password} = A password for the new MySql user

3. Create Postfix to MySql mappings

Domains (pico /etc/postfix/mysql-virtual_domains.cf)

user = {username}
password = {password}
dbname = mail
table = domains
select_field = 'virtual'
where_field = domain
hosts = 127.0.0.1


Forwards (pico /etc/postfix/mysql-virtual_forwardings.cf)

user = {username}
password = {password}
dbname = mail
table = forwardings
select_field = destination
where_field = source
hosts = 127.0.0.1


Mailboxes / Users (pico /etc/postfix/mysql-virtual_mailboxes.cf)

user = {username}
password = {password}
dbname = mail
table = users
select_field = CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
where_field = email
hosts = 127.0.0.1


E-mail to E-mail (pico /etc/postfix/mysql-virtual_email2email.cf)

user = {username}
password = {password}
dbname = mail
table = users
select_field = email
where_field = email
hosts = 127.0.0.1


Transports (pico /etc/postfix/mysql-virtual_transports.cf)

user = {username}
password = {password}
dbname = mail
table = transport
select_field = transport
where_field = domain
hosts = 127.0.0.1


Quota (pico /etc/postfix/mysql-virtual_mailbox_limit_maps.cf)

user = {username}
password = {password}
dbname = mail
table = users
select_field = quota
where_field = email
hosts = 127.0.0.1


Destinations (pico /etc/postfix/mysql-mydestination.cf)

user = {username}
password = {password}
dbname = mail
table = transport
select_field = domain
where_field = domain
hosts = 127.0.0.1


{username} = The username you selected for the new MySql user
{password} = The password you selected for the new MySql user

4. Change permissions on the new files

chmod 640 /etc/postfix/mysql-*.cf
chgrp postfix /etc/postfix/mysql-*.cf


Make sure they aren't readable by any user because the password is included

5. Create a local user and group for the virtual users

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m


6. Create certificates for TLS

openssl req -new -outform PEM -out /etc/postfix/smtpd.cert -newkey rsa:2048 -nodes -keyout /etc/postfix/smtpd.key -keyform PEM -days 3650 -x509
chmod 640 /etc/postfix/smtpd.key


7. Configure Postfix

postconf -e 'mydestination = localhost, proxy:mysql:/etc/postfix/mysql-mydestination.cf'
postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'
postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf'
postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf'
postconf -e 'virtual_mailbox_base = /home/vmail'
postconf -e 'virtual_uid_maps = static:5000'
postconf -e 'virtual_gid_maps = static:5000'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_helo_required = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'
postconf -e 'strict_rfc821_envelopes = yes'
postconf -e 'disable_vrfy_command = yes'
postconf -e 'transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf'
postconf -e 'virtual_create_maildirsize = yes'
postconf -e 'virtual_mailbox_extended = yes'
postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
postconf -e 'virtual_mailbox_limit_override = yes'
postconf -e 'virtual_maildir_limit_message = "Account is over quota"'
postconf -e 'virtual_overquota_bounce = yes'
postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'


8. Enable secure ports: 465 and 587 (pico /etc/postfix/master.cf)

smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
 
587 inet n - - - - smtpd


Configure SASL for SMTP authentication

9. Add the postfix user to the sasl group

adduser postfix sasl


10. Create a folder for the SASL PID file

mkdir -p /var/spool/postfix/var/run/saslauthd


11. Enable SASL (pico /etc/default/saslauthd)

START=yes
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"


12. Configure SASL to use the new PID file location (pico /etc/init.d/saslauthd)

PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"


Make sure you replace all PIDFILE definations in the file. This is set on a few places.

13. Configure PAM to use MySql backend for authentication (pico /etc/pam.d/smtp)

auth required pam_mysql.so user={username} passwd={password} host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user={username} passwd={password} host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1


{username} = The username you selected for the new MySql user
{password} = The password you selected for the new MySql user

14. Configure Postfix to use SASl for SMTP authentication (pico /etc/postfix/sasl/smtpd.conf)

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: {username}
sql_passwd: {password}
sql_database: mail
sql_select: select password from users where email = '%u'


{username} = The username you selected for the new MySql user
{password} = The password you selected for the new MySql user

15. Restart Postfix and SASL

/etc/init.d/saslauthd restart
/etc/init.d/postfix restart


Test MySql data

1. Handle mail for a domain. This must be done if you will create mailboxes or forwards handled on this server.

INSERT INTO domains VALUES ('domain.com');


2. Create user/mailbox. Users will be able to receive mail and send mails using this server

INSERT INTO users VALUES ('user@domain.com', ENCRYPT('password'), 104857600);


3. Create forward. A e-mail address used to forward to another e-mail address or multiple e-mail addresses

INSERT INTO forwardings VALUES ('user2@domain.com', 'user@domain.com');


Forward to multiple e-mail addresses using a comma to seperate

INSERT INTO forwardings VALUES ('user3@domain.com', 'user@domain.com,user@gmail.com');


4. Forward all mails for a domain to another mail server

INSERT INTO transport VALUES ('domain.com', 'smtp:server2.domain.com');


Next step is to set up services to support POP3 and IMAP:
Installing Courier POP3 and IMAP daemon with MySql backend / Install Courier

Master

1. Configure master to listen on all ip addresses (pico /etc/mysql/my.cnf)

#bind-address = 127.0.0.1


Comment out this line or remove it

2. Configure server id, log file location and which databases are allowed to be replicated (pico /etc/mysql/my.cnf)

server-id = 1
log_bin = /var/log/mysql/mysql-bin.log
binlog_do_db = {database}


Replace {database} with the one you would like to replicate

3. Restart MySql

/etc/init.d/mysql restart


4. Create a user and allow it to act as slave for this server (mysql -u root -p)

GRANT REPLICATION SLAVE ON *.* TO {username}@'{ip}' IDENTIFIED BY '{password}';
FLUSH PRIVILEGES;


{username} = Your preferred username
{password} = Your password
{ip} = IP address of the slave system or % to allow all ip addresses

5. Show current log file and position (mysql -u root -p)

SHOW MASTER STATUS;


This will return something like this:

+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000004 | 2751 | {database} | |
+------------------+----------+--------------+------------------+


Keep the file name and position. It will be used later on the slave

6. Transfer data from the master to the slave

You can do this using various methods including exporting and importing using phpMyAdmin, creating a database dump from the master and import to the slave and "LOAD DATA FROM MASTER".

Slave

1. Configure this server to be a slave for the master MySql server (pico /etc/mysql/my.cnf)

server-id = 2
master-host = {master_ip}
master-user = {username}
master-password = {password}
master-connect-retry = 60
replicate-do-db = {database}


{master_ip} = The ip of the master server
{username} = The username you provided earlier on the master server
{password} = The password you provided earlier on the master server
{database} = The database you want to replicate

2. Restart MySql

/etc/init.d/mysql restart


3. Final configurations to make the slave replicate with the master (mysql -u root -p)

SLAVE STOP;
CHANGE MASTER TO MASTER_HOST='{master_ip}', MASTER_USER='{username}', MASTER_PASSWORD='{password}', MASTER_LOG_FILE='{log_file}', MASTER_LOG_POS={log_position};
SLAVE START;


{master_ip} = The ip of the master server
{username} = The username you provided earlier on the master server
{password} = The password you provided earlier on the master server
{log_file} = Log file name from the master (ex. mysql-bin.000004)
{log_position} = Log position from the master (ex. 2751)

mysqldump -h localhost -u {username} -p --all-databases > database_dump.sql


Replace {username} with your MySql username.

You can also export a single database using this command:

mysqldump -h localhost -u {username} -p {database} > database_dump.sql


Replace {username} with your MySql username and {database} with the database you are going to export.

2. Move the database_dump.sql file to your destination server. You could grab it from FTP server or put it on a public web location and use wget on the destination server to receive the file. This process it outside the scope of this tutorial.

3. Import the dump to the destination MySql server by running the following command:

mysql -h localhost -u {username} -p < database_dump.sql


Replace {username} with your MySql username.

If you are only exporting a single database, use this command instead:

mysql -h localhost -u {username} -p {database} < database_dump.sql


Replace {username} with your MySql username and {database} with the database you are going to export.

1. Install required packages (make sure you have installed MySql)

apt-get install vsftpd libpam-mysql


2. Create database and insert the first user (mysql -u root -p)

CREATE DATABASE ftpd;
USE ftpd;
CREATE TABLE users (username varchar (30) NOT NULL, password varchar(50) NOT NULL, PRIMARY KEY (username)) TYPE=MyISAM;
INSERT INTO users (username, password) VALUES ('user1', PASSWORD('password1'));
GRANT SELECT ON ftpd.users to vsftpd@localhost identified by 'yourpassword';
exit;

Replace yourpassword with a strong password used later by vsftpd to authenticate

3. Configure vsftpd (pico /etc/vsftpd.conf)

Edit or add these variables in the config file and leave everything else with the default values.

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
nopriv_user=vsftpd
virtual_use_local_privs=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/$USER
chroot_local_user=YES
hide_ids=YES
guest_username=vsftpd


Set the local_root to the parent directory where the user's home directories are located

4. Configure PAM to check the MySql database for users (pico /etc/pam.d/vsftpd)

auth required pam_mysql.so user=vsftpd passwd=yourpassword host=localhost db=ftpd table=users usercolumn=username passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=yourpassword host=localhost db=ftpd table=users usercolumn=username passwdcolumn=password crypt=2


Make sure you remove everything else from the file

5. Create a local user that's used by the virtual users to authenticate

useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd


6. Restart vsftpd

/etc/init.d/vsftpd restart


7. Create user's home directory since vsftpd doesn't do it automatically

mkdir /var/www/user1
chown vsftpd:nogroup /var/www/user1