Difference between revisions of "User:Paul/sandbox/Install Mail-in-a-Box to local server on residential ISP"
Line 1: | Line 1: | ||
− | The Mail-in-a-Box (MiaB) project automatically installs and configures a robust and modern mail server while remaining very easy to configure for users already familiar with the command line and Ubuntu Server. The project is most commonly used in a VPS server, | + | The [//mailinabox.email/ Mail-in-a-Box (MiaB) project] automatically installs and configures a robust and modern mail server while remaining very easy to configure for users already familiar with the command line and Ubuntu Server. The project is most commonly used in a VPS server, but can also be used on local hardware, which this article covers. |
− | Hardware can be very light. This admin has | + | Hardware can be very light. This admin has MiaB running on an Atom D510 with 4GB RAM. |
+ | |||
+ | == Install Ubuntu 18.04 LTS == | ||
Download [https://www.ubuntu.com/download/server Ubuntu Server 18.04] and write the ISO to your preferred install media and boot to the target hardware. | Download [https://www.ubuntu.com/download/server Ubuntu Server 18.04] and write the ISO to your preferred install media and boot to the target hardware. | ||
Line 12: | Line 14: | ||
Near the end of the options selection, the installer offers the option to install SSH public keys from Launchpad or GitHub user profiles by entering the username. | Near the end of the options selection, the installer offers the option to install SSH public keys from Launchpad or GitHub user profiles by entering the username. | ||
+ | |||
+ | === Initial configuration === | ||
+ | |||
+ | Update and upgrade the default packages, then reboot the server. | ||
Update packages: | Update packages: | ||
user@servername:~$ sudo apt update && sudo apt upgrade | user@servername:~$ sudo apt update && sudo apt upgrade | ||
user@servername:~$ sudo reboot | user@servername:~$ sudo reboot | ||
+ | |||
+ | === Configure SSH === | ||
Enable SSH password login: | Enable SSH password login: | ||
Line 24: | Line 32: | ||
PasswordAuthentication yes | PasswordAuthentication yes | ||
− | Log into Ubuntu using the password login. | + | Log into Ubuntu from a local network device using the password login. |
Follow the instructions to configure SSH in the article [[Initialize_VPS_UNPM_Server#Change_login_method|Initialize VPS UNPM Server - Change login method]] section. It is not necessary to add a public key if that was performed during installation. | Follow the instructions to configure SSH in the article [[Initialize_VPS_UNPM_Server#Change_login_method|Initialize VPS UNPM Server - Change login method]] section. It is not necessary to add a public key if that was performed during installation. | ||
− | The <code>ureadahead</code> package currently generates an enormous number of log entries to the point of nearly being a malware. Check <code>syslog</code> for <code>ureadahead</code> entries: | + | === Configure logs === |
+ | |||
+ | ==== ureadahed ==== | ||
+ | |||
+ | The <code>ureadahead</code> package, installed by default from the Ubuntu development team, currently generates an enormous number of log entries to the point of nearly being a malware. Check <code>syslog</code> for <code>ureadahead</code> entries: | ||
user@servername:~$ grep ureadahead /var/log/syslog | user@servername:~$ grep ureadahead /var/log/syslog | ||
Line 74: | Line 86: | ||
user@servername:~$ sudo apt-get purge ureadahead.service | user@servername:~$ sudo apt-get purge ureadahead.service | ||
user@servername:~$ sudo reboot | user@servername:~$ sudo reboot | ||
+ | |||
+ | ==== cloud-init ==== | ||
The <code>cloud-init</code> package is default installed though used only for supporting cloud-related services. It can generate log noise and disabling it does not impact MiaB. | The <code>cloud-init</code> package is default installed though used only for supporting cloud-related services. It can generate log noise and disabling it does not impact MiaB. | ||
Line 79: | Line 93: | ||
user@servername:~$ sudo touch /etc/cloud/cloud-init.disabled | user@servername:~$ sudo touch /etc/cloud/cloud-init.disabled | ||
− | + | ==== UFW ==== | |
− | |||
− | |||
− | |||
− | |||
UFW, which stands for "Uncomplicated Firewall," is a service that makes it much easier to manage [https://en.wikipedia.org/wiki/Iptables iptables]. However, this service tends to generate a lot of noise in various logs even though it also logs to <code>/var/logs/ufw.log</code>. To prevent <code>ufw</code> from logging to other logs, make the following change: | UFW, which stands for "Uncomplicated Firewall," is a service that makes it much easier to manage [https://en.wikipedia.org/wiki/Iptables iptables]. However, this service tends to generate a lot of noise in various logs even though it also logs to <code>/var/logs/ufw.log</code>. To prevent <code>ufw</code> from logging to other logs, make the following change: | ||
Line 94: | Line 104: | ||
username@servername:~$ sudo service rsyslog restart | username@servername:~$ sudo service rsyslog restart | ||
+ | |||
+ | ==== rsyslog ==== | ||
The <code>rsyslog</code> service manages logging to <code>/var/log/syslog</code>, which can get really noisy, and elsewhere. Logging too much information to <code>/var/log/syslog</code> can make it difficult to diagnose problems. To reduce noise, some logs can be kept elsewhere: | The <code>rsyslog</code> service manages logging to <code>/var/log/syslog</code>, which can get really noisy, and elsewhere. Logging too much information to <code>/var/log/syslog</code> can make it difficult to diagnose problems. To reduce noise, some logs can be kept elsewhere: | ||
Line 109: | Line 121: | ||
There are additional options to change or add based on what kind of noise is observed in <code>/var/log/syslog</code>. | There are additional options to change or add based on what kind of noise is observed in <code>/var/log/syslog</code>. | ||
− | Run <code>logrotate</code> to initiate rotations: | + | ==== Initial server rotations ==== |
+ | |||
+ | Run <code>logrotate</code> once to initiate server rotations: | ||
user@servername:~$ sudo logrotate -f /etc/logrotate.conf | user@servername:~$ sudo logrotate -f /etc/logrotate.conf | ||
+ | |||
+ | === Configure apcupsd client === | ||
+ | |||
+ | It is important to protect the power to the server so it can always safely shut itself down in the event of a power outage. | ||
+ | |||
+ | There are two popular packages for monitoring UPS devices, <code>apcupsd</code> and <code>nut</code>. This article covers <code>apcupsd</code> for monitoring a local <code>apcupsd</code> server connected to an APC Smart UPS. | ||
+ | |||
+ | user@servername:~$ sudo apt install apcupsd | ||
+ | user@servername:~$ sudo nano /etc/apcupsd/apcupsd.conf | ||
+ | |||
+ | Change: | ||
+ | |||
+ | UPSCABLE ether | ||
+ | |||
+ | UPSTYPE net | ||
+ | DEVICE <apcupsd server address>:3551 | ||
+ | |||
+ | user@servername:~$ sudo service apcupsd restart | ||
+ | |||
+ | Verify the configuration using the <code>apcaccess</code> command: | ||
+ | |||
+ | user@servername:~$ apcaccess | ||
+ | APC : 001,027,0712 | ||
+ | DATE : 2019-01-26 09:43:24 -0800 | ||
+ | HOSTNAME : mail.example.net | ||
+ | VERSION : 3.14.14 (31 May 2016) debian | ||
+ | UPSNAME : SMT1500 | ||
+ | CABLE : Ethernet Link | ||
+ | DRIVER : NETWORK UPS Driver | ||
+ | UPSMODE : Stand Alone | ||
+ | STARTTIME: 2019-01-26 09:43:23 -0800 | ||
+ | MASTERUPD: 2019-01-26 09:43:24 -0800 | ||
+ | MASTER : 192.168.1.1:3551 | ||
+ | MODEL : Smart-UPS 1500 | ||
+ | STATUS : ONLINE SLAVE | ||
+ | BCHARGE : 100.0 Percent | ||
+ | TIMELEFT : 206.0 Minutes | ||
+ | MBATTCHG : 5 Percent | ||
+ | MINTIMEL : 3 Minutes | ||
+ | MAXTIME : 0 Seconds | ||
+ | BATTV : 27.3 Volts | ||
+ | NUMXFERS : 0 | ||
+ | TONBATT : 0 Seconds | ||
+ | CUMONBATT: 0 Seconds | ||
+ | XOFFBATT : N/A | ||
+ | STATFLAG : 0x05000408 | ||
+ | SERIALNO : ABC123456 | ||
+ | NOMBATTV : 24.0 Volts | ||
+ | FIRMWARE : UPS 09.4 / ID=18 | ||
+ | END APC : 2019-01-26 09:43:27 -0800 | ||
+ | |||
+ | == Install MiaB == | ||
+ | |||
+ | Download and install MiaB. Note that the DH parameter, currently set for 2048 bits by the MiaB project, may take a while to calculate depending on hardware, though it is performed as part of the final, unattended steps of the installation. | ||
+ | |||
+ | user@servername:~$ curl -s <nowiki>https://mailinabox.email/setup.sh</nowiki> | sudo -E bash | ||
+ | |||
+ | Set the email address as user@example.net, rather than whatever it recommends. Due to a bug, only use the letter, number, right arrow, left arrow, and backspace keys or else the installation will crash. If a subdomain besides <tt>box</tt> is preferred, be sure to change that in the hostname option. | ||
+ | |||
+ | == External links == | ||
+ | |||
+ | [//apcupsd.com/manual/manual.html APCUPSD User Manual] |
Revision as of 18:21, 26 January 2019
The Mail-in-a-Box (MiaB) project automatically installs and configures a robust and modern mail server while remaining very easy to configure for users already familiar with the command line and Ubuntu Server. The project is most commonly used in a VPS server, but can also be used on local hardware, which this article covers.
Hardware can be very light. This admin has MiaB running on an Atom D510 with 4GB RAM.
Install Ubuntu 18.04 LTS
Download Ubuntu Server 18.04 and write the ISO to your preferred install media and boot to the target hardware.
Since the server will be used exclusively for MiaB, using the default options suggested by Ubuntu will be suitable for most applications.
The server name should not include any domains (e.g., just servername
, not servername.com
).
Since the Ubuntu project now prefers users download the 'Live' installation ISO, be sure the server is connected to the Internet, but make sure it is securely behind a firewall.
Near the end of the options selection, the installer offers the option to install SSH public keys from Launchpad or GitHub user profiles by entering the username.
Initial configuration
Update and upgrade the default packages, then reboot the server.
Update packages:
user@servername:~$ sudo apt update && sudo apt upgrade user@servername:~$ sudo reboot
Configure SSH
Enable SSH password login:
user@servername:~$ sudo nano /etc/ssh/sshd_config
Uncomment:
PasswordAuthentication yes
Log into Ubuntu from a local network device using the password login.
Follow the instructions to configure SSH in the article Initialize VPS UNPM Server - Change login method section. It is not necessary to add a public key if that was performed during installation.
Configure logs
ureadahed
The ureadahead
package, installed by default from the Ubuntu development team, currently generates an enormous number of log entries to the point of nearly being a malware. Check syslog
for ureadahead
entries:
user@servername:~$ grep ureadahead /var/log/syslog Jan 19 22:10:18 servername systemd[1]: Starting Stop ureadahead data collection... Jan 19 22:10:18 servername systemd[1]: Stopping Read required files in advance... Jan 19 22:10:18 servername systemd[1]: Started Stop ureadahead data collection. Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:dev: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:etc: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:modules-load.d: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:run: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:usr: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:local: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:lib: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:usr: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:lib: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:modules-load.d: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:lib: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:modules-load.d: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:sys: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:module: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:thermal: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:sys: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:module: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:r8169: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:sys: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:module: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:cpuidle: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:sys: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:module: Ignored relative path
If something similar to the above is printed, run the following:
user@servername:~$ sudo systemctl stop ureadahead.service user@servername:~$ sudo systemctl disable ureadahead.service user@servername:~$ sudo apt-get purge ureadahead.service user@servername:~$ sudo reboot
cloud-init
The cloud-init
package is default installed though used only for supporting cloud-related services. It can generate log noise and disabling it does not impact MiaB.
user@servername:~$ sudo touch /etc/cloud/cloud-init.disabled
UFW
UFW, which stands for "Uncomplicated Firewall," is a service that makes it much easier to manage iptables. However, this service tends to generate a lot of noise in various logs even though it also logs to /var/logs/ufw.log
. To prevent ufw
from logging to other logs, make the following change:
username@servername:~$ sudo nano /etc/rsyslog.d/20-ufw.conf
Uncomment the last line:
& stop
username@servername:~$ sudo service rsyslog restart
rsyslog
The rsyslog
service manages logging to /var/log/syslog
, which can get really noisy, and elsewhere. Logging too much information to /var/log/syslog
can make it difficult to diagnose problems. To reduce noise, some logs can be kept elsewhere:
username@servername:~$ sudo nano /etc/rsyslog.d/50-default.conf
Change:
cron.* /var/log/cron.log
*.*;auth,authpriv,cron.none -/var/log/syslog
username@servername:~$ sudo service rsyslog restart
There are additional options to change or add based on what kind of noise is observed in /var/log/syslog
.
Initial server rotations
Run logrotate
once to initiate server rotations:
user@servername:~$ sudo logrotate -f /etc/logrotate.conf
Configure apcupsd client
It is important to protect the power to the server so it can always safely shut itself down in the event of a power outage.
There are two popular packages for monitoring UPS devices, apcupsd
and nut
. This article covers apcupsd
for monitoring a local apcupsd
server connected to an APC Smart UPS.
user@servername:~$ sudo apt install apcupsd user@servername:~$ sudo nano /etc/apcupsd/apcupsd.conf
Change:
UPSCABLE ether
UPSTYPE net DEVICE <apcupsd server address>:3551
user@servername:~$ sudo service apcupsd restart
Verify the configuration using the apcaccess
command:
user@servername:~$ apcaccess APC : 001,027,0712 DATE : 2019-01-26 09:43:24 -0800 HOSTNAME : mail.example.net VERSION : 3.14.14 (31 May 2016) debian UPSNAME : SMT1500 CABLE : Ethernet Link DRIVER : NETWORK UPS Driver UPSMODE : Stand Alone STARTTIME: 2019-01-26 09:43:23 -0800 MASTERUPD: 2019-01-26 09:43:24 -0800 MASTER : 192.168.1.1:3551 MODEL : Smart-UPS 1500 STATUS : ONLINE SLAVE BCHARGE : 100.0 Percent TIMELEFT : 206.0 Minutes MBATTCHG : 5 Percent MINTIMEL : 3 Minutes MAXTIME : 0 Seconds BATTV : 27.3 Volts NUMXFERS : 0 TONBATT : 0 Seconds CUMONBATT: 0 Seconds XOFFBATT : N/A STATFLAG : 0x05000408 SERIALNO : ABC123456 NOMBATTV : 24.0 Volts FIRMWARE : UPS 09.4 / ID=18 END APC : 2019-01-26 09:43:27 -0800
Install MiaB
Download and install MiaB. Note that the DH parameter, currently set for 2048 bits by the MiaB project, may take a while to calculate depending on hardware, though it is performed as part of the final, unattended steps of the installation.
user@servername:~$ curl -s https://mailinabox.email/setup.sh | sudo -E bash
Set the email address as user@example.net, rather than whatever it recommends. Due to a bug, only use the letter, number, right arrow, left arrow, and backspace keys or else the installation will crash. If a subdomain besides box is preferred, be sure to change that in the hostname option.