Flexion.Org
Bad grammar and typos for total strangers
Wiki › Debian Sargeand Raven Core
Wiki Index All Recent Edit Bottom

Debian Sarge 3.1 and Raven Core 0.2.3

1.   Introduction
2.   Installing the dependencies
2.1   Essential Tools
2.2   Postfix
2.3   MySQL
2.4   Bind
2.5   vsFTPd
2.6   Apache and PHP
2.7   Dovecot
2.8   Spam Assassin
2.9   AMaViS
2.10   ClamAV
2.11   MRTG
3.   Installing RavenCore
3.1   Debian Compatible AMaViS Configuration
3.2   Agressive Postfix Header Checks
3.3   Initialise RavenCore
4.   Optional Stuff
5.   Known Issues with RavenCore 0.2.3 running on Debian

Introduction

THIS DOCUMENT IS OLD AND INACCURATE, I DO NOT RUN RAVENCORE ANY LONGER SO I WILL NOT BE UPDATING THIS PAGE

The article covers the essentials for getting RavenCore installed and working, but doesn't cover the details of how to use it for virtual hosting. The installation notes below assume that Debian has been installed as per my DebianSargeStableNetInstall article.

Everything described in this article should be done as 'root' user.

Installing the dependencies

First of all we need to install everything RavenCore requires to operate. Some of these are optional, I am just covering everything that RavenCore supports for completeness.

Essential Tools

The following installs a basic GCC toolchain so that the RavenCore can be built and installed. 

 apt-get install build-essential sudo

Postfix

Postfix is the SMTP server RavenCore uses and is installed first to satisfy dependencies of other packages which default to using exim4 if Postfix is not already installed. 

 apt-get install postfix postfix-tls postfix-pcre libsasl2 libsasl2-modules sasl2-bin

Postfix will prompt for additional settings when it is installing.

  • Choose 'Internet Site' when prompted.
  • Send mail for the root user to 'root'.
  • Enter the full hostname (with domain) of the server.
  • Say 'No' to Force syncronous updates.

Due to a bug in Debian we need to remove '/usr/lib/sasl2/libotp.*' to stop your logs filling up with the following error message. 

 OTP unavailable because can't read/write key database /etc/opiekeys: No such file or directory

You'll have to do this after each upgrade of the libsasl2-modules package. 

 rm /usr/lib/sasl2/libotp.*
 /etc/init.d/postfix restart

MySQL

MySQL is a SQL database server and is required for the RavenCore database and also used by many web applications. 

 apt-get install mysql-server-4.1

Bind

Bind is a DNS server. 

 apt-get install bind9 dnsutils

chroot Bind

Putting Bind in a chroot jail so that the daemon will run as the unprivileged user 'bind', chrooted to '/var/lib/named', is fairly painless. 

 vi /etc/default/bind9

Find... 

 OPTIONS="-u bind"

...and change is so that it reads... 

 OPTIONS="-u bind -t /var/lib/named"

Create the necessary directories under '/var/lib'. 

 mkdir -p /var/lib/named/etc
 mkdir /var/lib/named/dev
 mkdir -p /var/lib/named/var/cache/bind
 mkdir -p /var/lib/named/var/run/bind/run

Now move the config directory from /etc to /var/lib/named/etc: 

 mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location to retain compatibility with RavenCore. 

 ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories. 

 mknod /var/lib/named/dev/null c 1 3
 mknod /var/lib/named/dev/random c 1 8
 chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random

Finally, restart Bind and check your logs to ensure everything is working correctly. 

 /etc/init.d/bind start

References

vsFTPd

vsFTPd is a FTP server. RavenCore also supports ProFTPd, but my preference is vsFTPd because it uses less resources and has a better security history. 

 apt-get install vsftpd

Apache and PHP

Apache and PHP are well known. The installation below gives you the essential Apache/PHP components. 

 apt-get install apache2 libapache2-mod-php4 php4 php4-gd php4-imap php4-mysql php4-imagick

libc-client will prompt for additional settings when installing.

  • Choose 'Yes' when asked to 'Continue installing libc-client without Maildir support'.

Dovecot

Dovecot is the POP3 and IMAP4 mail server supported by RavenCore. 

 apt-get install dovecot

Spam Assassin

SpamAssassin does exactly what it says on the tin. This step also installs the utilities required by ClamAV and AMaViS to scan for mailware. 

 apt-get install arc arj bzip2 cabextract cpio file lha lzop pax tnef unrar unzip unzoo zip zoo
 apt-get install spamassassin

SpamAssassin is disabled by default, so we need to ensure it is enabled by doing to following... 

 vi /etc/default/spamassassin

Find the following... 

 ENABLED=0

...and replce it with... 

 ENABLED=1

AMaViS

AMaViS (A Mail Virus Scanner) scans e-mail attachments for viruses using third-party virus scanners available for UNIX environments. The symlink created after installation is required to ensure compatibility with RavenCore. 

 apt-get install amavisd-new
 ln -s /usr/sbin/amavisd-new /usr/sbin/amavisd

ClamAV

ClamAV is an anti vius scanner, the directory ownership changes we make after installation are required to ensure compatibility with AMaViS. 

 apt-get install clamav clamav-daemon

ClamAV will prompt for additional settings when it is installing.

  • Use daemon monitoring
  • Choose a local mirror
  • Enter a proxy address if required.
  • Answer 'Yes' when asked 'Should clamd be notifed after updates'

AMaViS recommends that ClamAV be run using the same account as amavisd hence the changes below. 

 chown -R amavis:amavis /var/lib/clamav
 chown -R amavis:amavis /var/log/clamav

Now we update the configuration file for Freshclam, which periodically updates the anti virus signatures, so that it runs using the 'amavis' account. 

 vi /etc/clamav/freshclam.conf

Find the following... 

 DatabaseOwner clamav

...and replace it with... 

 DatabaseOwner amavis

MRTG

MRTG plots graphs, Ravencore uses it to plot bandwith use. 

 apt-get install mrtg snmpd

When MRTG asks if the mrtg.conf should only be readable to just the mrtg user, select No.

Installing RavenCore

Now that all the required components are installed we can install RavenCore itself. 

 wget http://heanet.dl.sourceforge.net/sourceforge/ravencore/ravencore-0.2.3.tar.gz
 tar zxvf ravencore-0.2.3.tar.gz
 cd ravencore-0.2.3
 make build
 make install
 update-rc.d ravencore defaults

Debian Compatible AMaViS Configuration

The AMaViS configuration which comes with RavenCore is not compatible with the amavisd-new package for Debian. In fact amavisd will refuse to start on Debian when using the RavenCore supplied config. This is easily resolved by copying the amavisd.conf that comes with Debian over the one that comes with RavenCore. 

 cp /usr/local/ravencore/etc/amavisd.conf.in /usr/local/ravencore/etc/amavisd.conf.in.ravencore
 cp /etc/amavis/amavisd.conf /usr/local/ravencore/etc/amavisd.conf.in

All that remains is to edit '/usr/local/ravencore/etc/amavisd.conf.in' is to change the '$mydomain' variable and correct the ClamAV socket. 

 vi /usr/local/ravencore/etc/amavisd.conf.in

To set the '$mydomain' variable, find the following line... 

 $mydomain = 'example.com';

...and replace it with your domain name.

To configure AMaViS to be compatible with the RavenCore defaults for ClamAV, find the following line... 

 \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],

...and replace it with this... 

 \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],

Agressive Postfix Header Checks

I have found that a couple of the Postfix header checks supplied with RavenCore are too agreessive as they reject e-mails that have passed through the free Singlefin Lite Anti Spam service and anything which is sent by MIME::Lite.

I use Singlefin Lite and my hosting provider sends some automated e-mails via MIME::Lite. The default Postfix header checks supplied with RavenCore resulted in legitmate e-mail being rejected.

Therefore, if you use Singlefin Lite you must edit the Postfix header checks but I recommend these changes for everyone. 

 vi /usr/local/ravencore/etc/postfix_header_checks

Find the following rules... 

 /^(Received|Message-Id|X-(Mailer|Sender)):.*\b(AutoMail|E-Broadcaster|Emailer Platinum|eMarksman|Extractor|e-Merge|from stealth[^.]|Global Messenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora|Lite)\b/       REJECT You're using a mass mailer, therefore you're bounced.

 /^X-Mailer:.*\b(Aristotle|Avalanche|Blaster|Bomber|DejaVu|eMerge|Extractor|UltraMail|Sonic|Floodgate|GeoList|Mach10|MegaPro|Aureate|MultiMailer|Bluecom|Achi-Kochi Mail|Direct Email|Andrew's SuperCool Blastoise|MailerGear|Advanced Mass Sender|SpireMail|MailWorkZ|UltimDBMail|Mabry|Lite)\b/        REJECT No mass-mailers, please.

...and replace them with. 

 /^(Received|Message-Id|X-(Mailer|Sender)):.*\b(AutoMail|E-Broadcaster|Emailer Platinum|eMarksman|Extractor|e-Merge|from stealth[^.]|Global Messenger|GroupMaster|Mailcast|MailKing|Match10|MassE-Mail|massmail\.pl|News Breaker|Powermailer|Quick Shot|Ready Aim Fire|WindoZ|WorldMerge|Yourdora)\b/       REJECT You're using a mass mailer, therefore you're bounced.

 /^X-Mailer:.*\b(Aristotle|Avalanche|Blaster|Bomber|DejaVu|eMerge|Extractor|UltraMail|Sonic|Floodgate|GeoList|Mach10|MegaPro|Aureate|MultiMailer|Bluecom|Achi-Kochi Mail|Direct Email|Andrew's SuperCool Blastoise|MailerGear|Advanced Mass Sender|SpireMail|MailWorkZ|UltimDBMail|Mabry)\b/        REJECT No mass-mailers, please.

Initialise RavenCore

Now start Ravencore and it should automatically detect all the services and setup the database. Then the admin password needs to be set. 

 /etc/init.d/ravencore start
 /usr/local/ravencore/sbin/run_cmd passwd

To complete the setup, do the following...

  • Go to http://localhost:8000 and login as 'admin'.
  • Agree to the license.
  • Click the 'submit' button. Yes, all the defaults are compatible with Debian.

RavenCore should now be properly configured and running.

Optional Stuff

These bits are entirely optional.

  • To make the clamav updater service controllable via RavenCore do the following...
 echo freshclam > /usr/local/ravencore/etc/pname.clamav-freshclam
 echo clamav-freshclam >> /usr/local/ravencore/etc/services.amavisd
  • Although this step is optional I do recommend you do it because vsftp will not log to its native log file using the RavenCore defaults. I use Fail2Ban and LogWatch which both require that vsFTPd logs activity using its native format. 
 echo YES > /usr/local/ravencore/etc/vsftpd/vsftpd.conf/dual_log_enable
 chown root:rcadmin /usr/local/ravencore/etc/vsftpd/vsftpd.conf/dual_log_enable
  • The RavenCore defaults do not point to the correct path for the Dovecot SSL certificate and key. Should you want to use secure e-mail (IMAP4 and POP3 over SSL) do the following...
 echo /etc/ssl/certs/dovecot.pem > /usr/local/ravencore/etc/dovecot/dovecot.conf/ssl_cert_file
 echo /etc/ssl/private/dovecot.pem > /usr/local/ravencore/etc/dovecot/dovecot.conf/ssl_key_file
 echo no > /usr/local/ravencore/etc/dovecot/dovecot.conf/ssl_disable
 chown root:rcadmin /usr/local/ravencore/etc/dovecot/dovecot.conf/ssl_cert_file
 chown root:rcadmin /usr/local/ravencore/etc/dovecot/dovecot.conf/ssl_key_file
 chown root:rcadmin /usr/local/ravencore/etc/dovecot/dovecot.conf/ssl_disable

Known Issues with RavenCore 0.2.3 running on Debian

  • If you change the clamav configuration in '/usr/local/ravencore/etc/clamd/clamd.conf/' and restart RavenCore, it does rebuild the config file correctly but fails to restart clamav. This is because RavenCore is trying to restart '/etc/init.d/clamd' which doesn't exist on a Debian system, Debian has '/etc/init.d/clamav-daemon'. Work around : After making any changes the the amavis config restart '/etc/init.d/clamav-daemon' manually.
  • If you change the amavis configuration in '/usr/local/ravencore/etc/amavisd.conf.in' and restart RavenCore, it does rebuild the config file correctly but fails to restart amavis. This is because RavenCore is trying to restart '/etc/init.d/amavisd' which doesn't exist on a Debian system, Debian has '/etc/init.d/amavis'. Work around : After making any changes to the amavis config restart '/etc/init.d/amavis' manually.
  • When you edit the DNS configuration in RavenCore is writes named.conf in '/etc' but Debian doesn't looks for '/etc/bind/named.conf'. Work around : After you make any DNS changes you should manually copy the changes in '/etc/named.conf' to /etc/bind/named.conf' and restart Bind.
  • The RavenCore "System Services" can't detect if Apache is running and when '/etc/init.d/ravencore stopall' is executed Apache is not stopped. Work around : After call a stopall, you must run '/etc/init.d/apache2 stop' manually.
  • Running '/etc/init.d/ravencore statusall' from the command line doesn't work, this is because Debian init scripts rarely support the 'status' parameter. No known work around, but this is not a RavenCore problem and is a very minor issue.

$Id: DebianSargeandRavenCore,v 1.2 2008/01/07 12:02:54 martin Exp $

Wiki Index All Recent Edit Top

Menu

 
© 2008 Flexion.Org. Design by Arcsin
 
Valid XHTML Valid CSS Hacker