The mail server quick-cooking t2.micro EC2 running CentOS 7

Working from an administrator account, root, leave payments and check account status, last recommend doing often, as the payment is made for the amount of resources used. Amazon services, engage in this HOWTO — free account if you can not tap once on any button in the control panel Amazon.

Ingredients


the
    the
  • Fixed:
      the
    1. Account Amazon Web Services rights AdministratorAccess (not root).
      2. the
    2. LAMP.
      3. the
    3. Postfix + Policyd + Amavisd + SpamAssassin + ClamAV.
      4. the
    4. Dovecot + Roundcude (plugins: filesystem_attachments, jqueryui, managesieve, password).
      5. the
    5. iRedAdmin.
    • the
  • Related:
      the
    1. Domain.
      2. the
    2. Account ClouDNS.

Tools


    the
  1. PuTTY.
    2. the
  2. PuTTYgen.
    3. the
  3. FileZilla Client.
    4. the
  4. Mozilla Thunderbird.

legend


the
    the
  • => the Next action.
    • the
  • Quote — Response in the interpreter.
    • the
  • domain.tk Replace with your domain!
    • the
  • 5.175.174.8 Replace with your Elastic IP!
    • the
  • Next — Next: Configure Instance Details.

cooking Method


the
    the
  • In control panel create Amazon instance, a section for storage of mail data, Elastic IP, security policies:
    Open EC2: Instances => Launch Instance button => AWS Marketplace => CentOS 7 (x86_64) with Updates HVM => leave as is (t2.micro) => Next => record the Network by default (for example: 172.31.0.0/16) => select a Subnet (for example: 172.31.32.0/20) => mark Protect against accidental termination => Next => Next => Key: EC2 => Value: mailServer => Next => Select an existing security group (default) => Review & Launch => Launch => Select: Create a new key pair => Key pair name: EC2t2micro-mS => Download Key, Pair => Keep it in a safe place => select the check box => Launch Instance => the button View Instances

    Open EC2: Volumes => Create Volume => Size (GiB): 1 => Availability Zone: when you create the instance, chose the "1a ..." so once again, select the "...1a" => Create => select the newly created Volume (size 1GiB) => Actions => Attach Volume => choose an instance installed with CentOS 7 (8GiB) => Attach

    Open EC2: Elastic IPs => Allocate New Address => Yes, Allocate => Select the newly created address => Actions => Associate Address => Instance: select your intstant => Associate

    Open EC2: Security Groups => select the security group (default) => Inbound tab = > Edit button = > delete All traffic => button Add Rule:

    for all: Source: 0.0.0.0/0 (Anywhere)

    Custom ICMP Rule: Echo Reply and Echo Request

    UDP:
    DNS (UDP): 53,

    TCP:
    DNS (TCP): 53
    POP3: 110
    POP3S: 995
    IMAP: 143
    IMAPS: 993
    SMTP: 25
    SMTPS: 465
    HTTP: 80
    HTTPS: 443
    LDAP: 389
    MYSQL/Aurora: 3306
    SSH: 22
    Custom TCP Rule: 24, 111, 387, 587, 2000, 4190, 7777, 9998, 10024, 10025, 10031, 43011, 43200, 43220, 43259, 43325, 43362
    A total of 32 rules.
    To check port numbers after installation: 
    sudo netstat-anpe

    • the
  • In control panel create ClouDNS DNS-record:
    domain.tk A 5.175.174.8 1h(TTL)
    domain.tk MX 10 mail.domain.tk 1h(TTL)
    domain.tk NS ns11.cloudns.net 1h(TTL)
    domain.tk NS ns12.cloudns.net 1h(TTL)
    domain.tk NS ns13.cloudns.net 1h(TTL)
    domain.tk NS ns14.cloudns.net 1h(TTL)
    domain.tk TXT v=spf1 a mx ip4:5.17... 1h(TTL)
    ftp.domain.tk A 5.175.174.8 1h(TTL)
    mail.domain.tk A 5.175.174.8 1h(TTL)
    mail._domainkey.domain... TXT k=rsa; p=... fMA0GCSq 1h(TTL)
    pop.domain.tk A 5.175.174.8 1h(TTL)
    www.domain.tk CNAME domain.tk 1h(TTL)
    _domainkey.domain.tk TXT t=y; o=~; 1h(TTL)

    => Check: http://intodns.com/domain.tk.

    • the
  • Open the PuTTY Key Generator => Load => All files => Save private key => Yes => file Name: EC2t2micro-mS => close the PuTTY Key Generator

    • the
  • Open PuTTY => SSH => Auth => Browse... => Select EC2t2micro-mS.ppk => Open => Session => HostName (or IP address): your Elastic IP => Saved Sessions: EC2t2micro-mS => Save => Open => Yes => centos => Enter =>
    the 
    cat /etc/redhat-release

    CentOS Linux release 7.0.1406 (Core)

    the 
    sudo yum-y update

    the 
    lsblk

    NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
    xvda 202:0 0 8G 0 disk
    L-xvda1 202:1 0 8G 0 part /
    xvdf 202:80 0 1G 0 disk

    Take a look: 
    sudo file-s /dev/xvda1

    SGI XFS filesystem data (blksz 4096, inosz 256, v2 dirs)

    meta-data=/dev/xvdf isize=256 agcount=4, agsize=65536 blks
    = sectsz=512 attr=2, projid32bit=1
    = crc=0 finobt=0
    data = bsize=4096 blocks=262144, imaxpct=25
    = sunit=0 swidth=0 blks
    naming =version 2 bsize=4096 ascii-ci=0 ftype=0
    log =internal log bsize=4096 blocks=2560, version=2
    = sectsz=512 sunit=0 blks, lazy-count=1
    realtime =none extsz=4096 blocks=0, rtextents=0

    Check: 
    sudo file-s /dev/xvdf

    /dev/xvdf: SGI XFS filesystem data (blksz 4096, inosz 256, v2 dirs)

    the 
    sudo mkdir -p /data/mail/

    the 
    sudo mount /dev/xvdf /data/mail/

    Check: 
    lsblk

    NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
    xvda 202:0 0 8G 0 disk
    L-xvda1 202:1 0 8G 0 part /
    xvdf 202:80 0 1G 0 disk /data/mail

    the 
    sudo cp /etc/fstab /etc/fstab.orig

    the 
    sudo vi /etc/fstab

    [Insert]

    # Add a new line to the end of the file for your volume using the following format.
    # device_name mount_point file_system_type fs_mntops fs_freq fs_passno
    /dev/xvdf /data/mail xfs defaults,nofail mount 0 2

    [Esc] :wq [Enter]

    the 
    sudo mount-a

    If there are errors reboot don't fix. More information.

    the 
    sudo vi /etc/hosts

    [Insert]

    127.0.0.1 mail.domain.tk mail localhost localhost.localdomain

    [Esc] :wq [Enter]

    Check: 
    sudo cat /etc/hosts

    127.0.0.1 mail.citr.tk mail localhost localhost.localdomain
    #127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

    the 
    yum repolist all

    C7.0.1406-base/x86_64 CentOS-7.0.1406 — Base disabled
    C7.0.1406-centosplus/x86_64 CentOS-7.0.1406 — CentOSPlus disabled
    C7.0.1406-extras/x86_64 CentOS-7.0.1406 — Extras disabled
    C7.0.1406-fasttrack/x86_64 CentOS-7.0.1406 — CentOSPlus disabled
    C7.0.1406-updates/x86_64 CentOS-7.0.1406 — Updates disabled
    base/7/x86_64 CentOS-7 — Base enabled: 8,652
    base-debuginfo/x86_64 CentOS-7 — Debuginfo disabled
    base-source/7 CentOS-7 — Base Sources disabled
    centosplus/7/x86_64 CentOS-7 — Plus disabled
    centosplus-source/7 CentOS-7 — Plus Sources disabled
    cr/7/x86_64 CentOS-7 — cr disabled
    extras/7/x86_64 CentOS-7 — Extras enabled: 149
    extras-source/7 CentOS-7 — Extras Sources disabled
    fasttrack/7/x86_64 CentOS-7 — fasttrack disabled
    updates/7/x86_64 CentOS-7 — Updates enabled: 1,198
    updates-source/7 CentOS-7 — Updates Sources disabled

    Nothing more!

    the 
    sudo yum  install  php php-mysql

    ... 5.4.16-36.e17_1 ...

    => y => Download to your hard drive and unzip.
    Pour folder iRedMail-0.9.2 using FileZilla (Editing => settings => SFTP => Add key file (EC2t2micro-mS.ppk) ip with your Elastic IP => Connect). Make sure that all files were transferred successfully.
    the 
    sudo cp-r /home/centos/iRedMail-0.9.2 /root

    Check: 
    sudo ls /root

    iRedMail-0.9.2

    the 
    rm-rf /home/centos/iRedMail-0.9.2

    Turned off and no longer include: 
    sudo vi /etc/selinux/config

    [Insert]

    SELINUX=disabled

    [Esc] :wq [Enter]

    Check: 
    sudo cat /etc/selinux/config

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    # enforcing — SELinux security policy is enforced.
    # permissive — SELinux prints warnings instead of enforcing.
    # disabled — No SELinux policy is loaded.
    #SELINUX=enforcing
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    # targeted — Targeted processes are protected,
    # minimum — Modification of targeted policy. Only selected processes are protected.
    # mls — Multi Level Security protection.
    SELINUXTYPE=targeted

    the 
    sudo reboot

    Check: 
    getenforce

    Disabled

    the 
    sudo su -

    the 
    vi /etc/hostname

    [Insert]

    # Delete old value [D][D] on the line under the cursor
    mail.domain.tk

    [Esc] :wq [Enter]

    Check: 
    sudo cat /etc/hostname

    mail.domain.tk

    the 
    hostname mail.domain.tk

    Check: 
    hostname

    mail.domain.tk

    the 
    cd /root/iRedMail-0.9.2

    the 
    bash iRedMail.sh

    => Yes
    => /data/mail
    => Apache
    => MariaDB
    => Create the root password of the database
    =>
    => postmaster-password
    => DKIM signing/verification
    iRadAdmin
    Roundcubemail
    Awstats
    => y except use firewall rules n
    => Updated database of ClamAV, though not the first time...
    ********************************************************************
    * Congratulations, mail server setup completed successfully. Please
    * read below file for more information:
    *
    * — /root/iRedMail-0.9.2/iRedMail.tips
    *
    * And it's sent to your mail account postmaster@citr.tk.
    ********************* WARNING **************************************
    *
    * Rebooting your system is required to enable mail services.
    *
    ********************************************************************

    Output from root:
    exit

    the 
    sudo reboot

    Check if everything is correct, the links will reference your domain:
    the 
    sudo cat /root/iRedMail-0.9.2/iRedMail.tips

    Move to a safe place: 
    sudo cat /root/iRedMail-0.9.2/config

    the 
    sudo rm-f /root/iRedMail-0.9.2/config

    after rebooting the system hostname flies:
    the 
    sudo hostname mail.domain.tk

    the 
    sudo rm-f /var/www/html/index.html

    the 
    sudo chmod 777 /var/www/html

    => using FileZilla pour your index file here: /var/www/html

    the 
    sudo chmod 755 /var/www/html

    the 
    sudo yum-y update

    the 
    sudo openssl passwd -1 Your postmaster password

    # Values are different.
    $1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0

    the 
    mysql -u root-p

    => Enter the root password of the database.

    the 
    USE vmail;

    Reading table information for completion of table and column names
    You can turn off this feature to get a quicker startup with-A

    Database changed

    the 
    UPDATE mailbox SET password='$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0' WHERE username='postmaster@domain.tk';

    Query OK, 1 row affected (0.00 sec)
    Rows matched: 1 Changed: 1 Warnings: 0

    the 
    exit

    the 
    exit

    • the

  • Try a finished product


    domain.tk/iredadmin
    mail.domain.tk/mail
    mail.domain.tk/cluebringer
    mail.domain.tk/awstats/awstats.pl?config=web
    mail.domain.tk/awstats/awstats.pl?config=smtp
    Mozilla Thunderbird


Sources:


    the
  1. Install iRedMail on Red Hat Enterprise Linux, CentOS
    2. the
  2. Making an Amazon EBS Volume Available for Use
    3. the
  3. Reset user password
Article based on information from habrahabr.ru

Комментарии

Отправить комментарий

Популярные сообщения из этого блога

Tactoom. How about the middle of blogging?

Изображение
*Auto-invite works only with this page, click on the logo* UPD: Registration is open. the Evolution. “Angels” unleashed us wings were given full freedom in the formation of the concept of the project is not only to launch, but some time after. Initially we knew about Tactoom one — it will be a web-based platform for communication on the basis of mutual interests. No social network, not a forum, but a universal way to communicate on different topics with different people, most importantly, on mutually interesting topics. In less than 6 months from closed beta, Tactum was evolution, changing from “do not know what the” in: 1. Social blogging platform based on your interests. the Essence in one sentence: tags in your posts are the interests of other people. Roughly speaking, the ability to write for the target audience — the function by default. 2. Service middle blogs. Yes, that's what you thought, in the middle between microblogging and blogging classic. ...
Далее...

SumIT Weekend of 18-19 February, the idea for iPad and Hackathon

Изображение
the Good news SumIT Weekend there are only 2 days, but still have the opportunity to apply to participate in the contest ideas and win iPad ! do Not have time until Friday? Come in Saturday February 18 at SumIT Weekend and present your projects to the experts. Maybe you will get 20 000$ on March 14 in a closed invest-session SumIT . If no ideas, but want to join an interesting and promising project, you will be happy to SumIT Weekend. Take a look and choose now http://startup-network.ru/ideas . But if you already have an established startup that is looking for employees in permanent jobs, freelance or option, place the job IT Portfolio . SumIT Weekend will take place on 18 and 19 February, i.e. next weekend. Meeting place same as last time, the Assembly hall of the ITMO University, Saint petersubrg, 49 Kronverkskiy prospect (entrance from Sytninskaya street). What? Saturday (18 Feb) 13:00 – 13:30 Registration. Morning coffee 13:30 – 14:45 Openin...
Далее...

Knowledge base. Part 2. Freebase: make requests to the Google Knowledge Graph

Изображение
More than a year ago, Google announced that from now on in their search is the mysterious Knowledge Network (an official translation of the Knowledge Graph). Perhaps not everyone knows that a significant part of the data Network available for anyone to use and available via well described APIs. This part is the knowledge base Freebase, supported by Google and enthusiasts. In this article, we first a little nuts, and then try to do a few simple queries in MQL. This article is the second of the knowledge Base. Stay tuned. the the Part 1 — Introduction the Part 2 — Freebase: we make requests to the Google Knowledge Graph the Part 3 — Dbpedia — a kernel of the world of Linked Data the Part 4 — Wikidata — semantic Wikipedia Google Knowledge Graph from the point of view of an ordinary user One of the visible manifestations of the Google Knowledge Graph is the information panel that briefly describes the object that you are looking for. They often arise from the se...
Далее...