1. Install Apache2 and PHP5 (as an Apache module)

apt-get install apache2 php5 libapache2-mod-php5 php5-mysql


2. Install MySql server

apt-get install mysql-server


3. At this point you may need to restart Apache

/etc/init.d/apache2 restart


3. Create a test php file

echo "<?php phpinfo(); ?>" > /var/www/info.php


The default document root for Debian is in /var/www so you can access the test file on this location: http://yourserver/info.php

3. Install phpMyAdmin (optional but preferred by most developers and administrators)

apt-get install phpmyadmin


By default, phpmyadmin will be accessible on: http://yourserver/phpmyadmin

eAccelerator only works with mod_php or php in fastcgi mode. It can't be used in cgi or cli because eAccelerator needs to set up shared memory, and this can only be done when all php instances that need to access it are forks of the first process.

1. Download the eAccelerator source. The latest version is mirrored on www.debiantutorials.com as it's not available on the official site anymore.

cd /tmp
wget http://www.debiantutorials.com/static/eaccelerator-0.9.6.1.tar.bz2


2. Extract

tar -xvjf eaccelerator-0.9.6.1.tar.bz2


3. Install php5-dev

apt-get install php5-dev


3. Compile and install the eAccelerator

phpize
./configure
make
make install


4. Configure eAccelerator as PHP extension (create a new config file: pico /etc/php5/conf.d/eaccelerator.ini)

extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/var/cache/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"


5. Create a cache directory

mkdir -p /var/cache/eaccelerator
chmod 0777 /var/cache/eaccelerator


5. Restart apache

/etc/init.d/apache2 restart


1. Update all packages currently installed to the latest lenny versions

apt-get update
apt-get upgrade


2. Replace all occurrences of lenny with squeeze in the apt sources file (pico /etc/apt/sources.list). Here's an example of what the file could look like after the change:

deb http://ftp.uk.debian.org/debian/ squeeze main non-free
deb-src http://ftp.uk.debian.org/debian/ squeeze main non-free
deb http://security.debian.org/ squeeze/updates main contrib
deb-src http://security.debian.org/ squeeze/updates main contrib


3. Update apt repository

apt-get update


4. Upgrade apt, dpkg and aptitude packages first

apt-get install apt dpkg aptitude


5. Do a dist-upgrade to upgrade the rest of the system

apt-get dist-upgrade


6. Reboot

reboot


7. Check the debian version

cat /etc/debian_version


It should read version 6.0.0 or greater

1. Add these lines to the apt sources (pico /etc/apt/sources.list)

deb http://php53.dotdeb.org stable all
deb-src http://php53.dotdeb.org stable all


2. Download and import the dotdeb key

wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | sudo apt-key add -


3. Update apt and dist-upgrade

apt-get update
apt-get dist-upgrade


1. Installing the XCache package

apt-get install php5-xcache


2. Restart Apache

/etc/init.d/apache2 restart


That's it. XCache is now installed.

It's assumed that you have already installed and configured Postfix according to this tutorial:
Installing Postfix with MySql backend and SASL for SMTP authentication

1. Install required packages

apt-get install dovecot-imapd dovecot-pop3d


2. Configure Dovecot (pico /etc/dovecot/dovecot.conf)

protocols = imap imaps pop3 pop3s
ssl_disable = no
mail_location = maildir:/home/vmail/%d/%n
auth default {
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
}
disable_plaintext_auth = no
user = vmail


Add or edit the above properties and leave everything else with the default value or configure according to your needs

3. Configure the MySql connector (pico /etc/dovecot/dovecot-sql.conf)

driver = mysql
connect = host=127.0.0.1 dbname={database} user={username} password={password}
default_pass_scheme = CRYPT
password_query = SELECT email as user, password FROM users WHERE email = '%u'
user_query = SELECT CONCAT('/home/vmail/',SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') as home, '5000' as uid, '5000' as gid FROM users WHERE email = '%u'


{database} = MySql database name
{username} = MySql username
{password} = MySql password

4. Restart Dovecot daemon

/etc/init.d/dovecot restart


It's assumed that you have already installed and configured Postfix according to this tutorial: Installing Postfix with MySql backend and SASL for SMTP authentication

1. Install required packages

apt-get install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl


2. Make Courier use MySql backend (pico /etc/courier/authdaemonrc)

authmodulelist="authmysql"


3. Configure the MySql connector (pico /etc/courier/authmysqlrc)

MYSQL_SERVER 127.0.0.1
MYSQL_USERNAME {username}
MYSQL_PASSWORD {password}
MYSQL_PORT 0
MYSQL_DATABASE {database}
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
MYSQL_QUOTA_FIELD quota


{database} = MySql database name
MySql username
MySql password

4. Restart Courier daemons

/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop restart
/etc/init.d/courier-pop-ssl restart


Install and configure Postfix

1. Install Postfix and SASL

apt-get install postfix postfix-mysql libsasl2-modules-sql sasl2-bin libsasl2-2 postfix-tls libpam-mysql
> Internet Site
> host.domain.com


2. Create database and tables (mysql -u root -p)

# Create the database
CREATE DATABASE mail;
 
# Create user and allow him to read from the mail database
GRANT SELECT ON mail.* TO '{username}'@'localhost' IDENTIFIED BY '{password}';
FLUSH PRIVILEGES;
 
# Select the mail database
USE mail;
 
# Create table containing domains handled by this mail server
CREATE TABLE domains (
domain varchar(255) NOT NULL,
PRIMARY KEY (domain)
) TYPE=MyISAM;
 
# Create table for e-mail address forwardings
CREATE TABLE forwardings (
source varchar(255) NOT NULL,
destination varchar(255) NOT NULL,
PRIMARY KEY (source)
) TYPE=MyISAM;
 
# Create table for e-mail accounts / users
CREATE TABLE users (
email varchar(255) NOT NULL,
password varchar(255) NOT NULL,
quota int(10) DEFAULT '104857600',
PRIMARY KEY (email)
) TYPE=MyISAM;
 
# Create table for transports
CREATE TABLE transport (
domain varchar(255) NOT NULL,
transport varchar(255) NOT NULL,
UNIQUE KEY domain (domain)
) TYPE=MyISAM;


{username} = A new MySql user used by Postfix to access the MySql data
{password} = A password for the new MySql user

3. Create Postfix to MySql mappings

Domains (pico /etc/postfix/mysql-virtual_domains.cf)

user = {username}
password = {password}
dbname = mail
table = domains
select_field = 'virtual'
where_field = domain
hosts = 127.0.0.1


Forwards (pico /etc/postfix/mysql-virtual_forwardings.cf)

user = {username}
password = {password}
dbname = mail
table = forwardings
select_field = destination
where_field = source
hosts = 127.0.0.1


Mailboxes / Users (pico /etc/postfix/mysql-virtual_mailboxes.cf)

user = {username}
password = {password}
dbname = mail
table = users
select_field = CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
where_field = email
hosts = 127.0.0.1


E-mail to E-mail (pico /etc/postfix/mysql-virtual_email2email.cf)

user = {username}
password = {password}
dbname = mail
table = users
select_field = email
where_field = email
hosts = 127.0.0.1


Transports (pico /etc/postfix/mysql-virtual_transports.cf)

user = {username}
password = {password}
dbname = mail
table = transport
select_field = transport
where_field = domain
hosts = 127.0.0.1


Quota (pico /etc/postfix/mysql-virtual_mailbox_limit_maps.cf)

user = {username}
password = {password}
dbname = mail
table = users
select_field = quota
where_field = email
hosts = 127.0.0.1


Destinations (pico /etc/postfix/mysql-mydestination.cf)

user = {username}
password = {password}
dbname = mail
table = transport
select_field = domain
where_field = domain
hosts = 127.0.0.1


{username} = The username you selected for the new MySql user
{password} = The password you selected for the new MySql user

4. Change permissions on the new files

chmod 640 /etc/postfix/mysql-*.cf
chgrp postfix /etc/postfix/mysql-*.cf


Make sure they aren't readable by any user because the password is included

5. Create a local user and group for the virtual users

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m


6. Create certificates for TLS

openssl req -new -outform PEM -out /etc/postfix/smtpd.cert -newkey rsa:2048 -nodes -keyout /etc/postfix/smtpd.key -keyform PEM -days 3650 -x509
chmod 640 /etc/postfix/smtpd.key


7. Configure Postfix

postconf -e 'mydestination = localhost, proxy:mysql:/etc/postfix/mysql-mydestination.cf'
postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'
postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf'
postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf'
postconf -e 'virtual_mailbox_base = /home/vmail'
postconf -e 'virtual_uid_maps = static:5000'
postconf -e 'virtual_gid_maps = static:5000'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_helo_required = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'
postconf -e 'strict_rfc821_envelopes = yes'
postconf -e 'disable_vrfy_command = yes'
postconf -e 'transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf'
postconf -e 'virtual_create_maildirsize = yes'
postconf -e 'virtual_mailbox_extended = yes'
postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
postconf -e 'virtual_mailbox_limit_override = yes'
postconf -e 'virtual_maildir_limit_message = "Account is over quota"'
postconf -e 'virtual_overquota_bounce = yes'
postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'


8. Enable secure ports: 465 and 587 (pico /etc/postfix/master.cf)

smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
 
587 inet n - - - - smtpd


Configure SASL for SMTP authentication

9. Add the postfix user to the sasl group

adduser postfix sasl


10. Create a folder for the SASL PID file

mkdir -p /var/spool/postfix/var/run/saslauthd


11. Enable SASL (pico /etc/default/saslauthd)

START=yes
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"


12. Configure SASL to use the new PID file location (pico /etc/init.d/saslauthd)

PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"


Make sure you replace all PIDFILE definations in the file. This is set on a few places.

13. Configure PAM to use MySql backend for authentication (pico /etc/pam.d/smtp)

auth required pam_mysql.so user={username} passwd={password} host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user={username} passwd={password} host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1


{username} = The username you selected for the new MySql user
{password} = The password you selected for the new MySql user

14. Configure Postfix to use SASl for SMTP authentication (pico /etc/postfix/sasl/smtpd.conf)

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: {username}
sql_passwd: {password}
sql_database: mail
sql_select: select password from users where email = '%u'


{username} = The username you selected for the new MySql user
{password} = The password you selected for the new MySql user

15. Restart Postfix and SASL

/etc/init.d/saslauthd restart
/etc/init.d/postfix restart


Test MySql data

1. Handle mail for a domain. This must be done if you will create mailboxes or forwards handled on this server.

INSERT INTO domains VALUES ('domain.com');


2. Create user/mailbox. Users will be able to receive mail and send mails using this server

INSERT INTO users VALUES ('user@domain.com', ENCRYPT('password'), 104857600);


3. Create forward. A e-mail address used to forward to another e-mail address or multiple e-mail addresses

INSERT INTO forwardings VALUES ('user2@domain.com', 'user@domain.com');


Forward to multiple e-mail addresses using a comma to seperate

INSERT INTO forwardings VALUES ('user3@domain.com', 'user@domain.com,user@gmail.com');


4. Forward all mails for a domain to another mail server

INSERT INTO transport VALUES ('domain.com', 'smtp:server2.domain.com');


Next step is to set up services to support POP3 and IMAP:
Installing Courier POP3 and IMAP daemon with MySql backend / Install Courier

1. Install required packages

apt-get install curlftpfs rsync


2. Create directory to mount the ftp site

mkdir /mnt/ftpbackup


3. Add the curlftpfs mount into fstab to make it mount everytime the system is started (pico /etc/fstab)

curlftpfs#{username}:{password}@{host} /mnt/ftpbackup fuse rw,allow_other,uid={userid} 0 0


{username} = FTP username
{password} = FTP password
{host} = FTP host/ip
{userid} = ID of a local user (ex. 1001)

4. Mount the ftp site

mount /mnt/ftpbackup


5. Backup using rsync

rsync -avz --no-owner --no-group /var/www /mnt/ftpbackup


All files in the /var/www folder will be synced to the remote machine into a folder named backup

6. Automate the backup using cron (crontab -e)

0 3 * * * rsync -az --no-owner --no-group /var/www /mnt/ftpbackup >> /dev/null 2>&1


Your /var/www will be synced to the remote machine at 3am every day

If you are securing a service where the client supports encrypting like SMTP, IMAP and POP3 you can skip the client step.

Server

1. Install stunnel

apt-get install stunnel


2. Configure Samba to only listen on localhost only (pico /etc/samba/smb.conf)

interfaces = 127.0.0.0/8
bind interfaces only = yes


3. Restart Samba

/etc/init.d/samba restart


4. Create SSL certificate and a key

openssl req -new -nodes -x509 -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem


5. Configure stunnel to listen for secure connections on port 8139 and forward to port 139 on localhost (pico /etc/stunnel/stunnel.conf)

cert = /etc/stunnel/stunnel.pem
 
[smb]
accept = 8139
connect = 139


6. Enable stunnel (pico /etc/default/stunnel4)

ENABLED=1


7. Start stunnel

/etc/init.d/stunnel4 restart


Client

1. Install stunnel and smbclient

apt-get install smbclient stunnel


2. Configure stunnel to listen for connections on localhost:139 and forward to the server on port 8139 using a secure connection (pico /etc/stunnel/stunnel.conf)

client = yes
 
[smb]
accept = localhost:139
connect = {ip}:8139


Replace {ip} with the IP address of your server previously configured

3. Enable stunnel (pico /etc/default/stunnel4)

ENABLED=1


4. Start stunnel

/etc/init.d/stunnel4 restart


5. Test the connection using smbclient

smbclient -U user1 //localhost/sambashare