Difference between revisions of "User:Paul/sandbox/Install Mail-in-a-Box to local server on residential ISP"
Line 194: | Line 194: | ||
[http://dnsviz.net/ DNSViz | A DNS visualization tool] | [http://dnsviz.net/ DNSViz | A DNS visualization tool] | ||
+ | |||
+ | [[Category:Mail-in-a-Box]] |
Latest revision as of 17:20, 10 July 2020
The Mail-in-a-Box (MiaB) project automatically installs and configures a robust and modern mail server while remaining very easy to configure for users already familiar with the command line and Ubuntu Server. The project is most commonly used in a VPS server, but can also be used on local hardware, which this article covers.
Hardware can be very light. This admin has MiaB running on an Atom D510 with 4GB RAM.
Install Ubuntu 18.04 LTS
Download Ubuntu Server 18.04 and write the ISO to your preferred install media and boot to the target hardware.
Since the server will be used exclusively for MiaB, using the default options suggested by Ubuntu will be suitable for most applications.
The server name should not include any domains (e.g., just servername
, not servername.com
).
Since the Ubuntu project now prefers users download the 'Live' installation ISO, be sure the server is connected to the Internet, but make sure it is securely behind a firewall.
Near the end of the options selection, the installer offers the option to install SSH public keys from Launchpad or GitHub user profiles by entering the username.
Initial configuration
Update and upgrade the default packages, then reboot the server.
Update packages:
user@servername:~$ sudo apt update && sudo apt upgrade user@servername:~$ sudo reboot
Configure SSH
Enable SSH password login:
user@servername:~$ sudo nano /etc/ssh/sshd_config
Uncomment:
PasswordAuthentication yes
Log into Ubuntu from a local network device using the password login.
Follow the instructions to configure SSH in the article Initialize VPS UNPM Server - Change login method section. It is not necessary to add a public key if that was performed during installation.
Configure logs
ureadahed
The ureadahead
package, installed by default from the Ubuntu development team, currently generates an enormous number of log entries to the point of nearly being a malware. Check syslog
for ureadahead
entries:
user@servername:~$ grep ureadahead /var/log/syslog Jan 19 22:10:18 servername systemd[1]: Starting Stop ureadahead data collection... Jan 19 22:10:18 servername systemd[1]: Stopping Read required files in advance... Jan 19 22:10:18 servername systemd[1]: Started Stop ureadahead data collection. Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:dev: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:etc: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:modules-load.d: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:run: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:usr: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:local: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:lib: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:usr: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:lib: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:modules-load.d: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:lib: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:modules-load.d: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:sys: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:module: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:thermal: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:sys: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:module: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:r8169: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:sys: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:module: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:cpuidle: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:sys: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:module: Ignored relative path
If something similar to the above is printed, run the following:
user@servername:~$ sudo systemctl stop ureadahead.service user@servername:~$ sudo systemctl disable ureadahead.service user@servername:~$ sudo apt-get purge ureadahead.service user@servername:~$ sudo reboot
cloud-init
The cloud-init
package is default installed though used only for supporting cloud-related services. It can generate log noise and disabling it does not impact MiaB.
user@servername:~$ sudo touch /etc/cloud/cloud-init.disabled
UFW
UFW, which stands for "Uncomplicated Firewall," is a service that makes it much easier to manage iptables. However, this service tends to generate a lot of noise in various logs even though it also logs to /var/logs/ufw.log
. To prevent ufw
from logging to other logs, make the following change:
username@servername:~$ sudo nano /etc/rsyslog.d/20-ufw.conf
Uncomment the last line:
& stop
username@servername:~$ sudo service rsyslog restart
rsyslog
The rsyslog
service manages logging to /var/log/syslog
, which can get really noisy, and elsewhere. Logging too much information to /var/log/syslog
can make it difficult to diagnose problems. To reduce noise, some logs can be kept elsewhere:
username@servername:~$ sudo nano /etc/rsyslog.d/50-default.conf
Change:
cron.* /var/log/cron.log
*.*;auth,authpriv,cron.none -/var/log/syslog
username@servername:~$ sudo service rsyslog restart
There are additional options to change or add based on what kind of noise is observed in /var/log/syslog
.
Initial server rotations
Run logrotate
once to initiate server rotations:
user@servername:~$ sudo logrotate -f /etc/logrotate.conf
Configure apcupsd client
It is important to protect the power to the server so it can always safely shut itself down in the event of a power outage.
There are two popular packages for monitoring UPS devices, apcupsd
and nut
. This article covers apcupsd
for monitoring a local apcupsd
server connected to an APC Smart UPS.
user@servername:~$ sudo apt install apcupsd user@servername:~$ sudo nano /etc/apcupsd/apcupsd.conf
Change:
UPSCABLE ether
UPSTYPE net DEVICE <apcupsd server address>:3551
user@servername:~$ sudo service apcupsd restart
Verify the configuration using the apcaccess
command:
user@servername:~$ apcaccess APC : 001,027,0712 DATE : 2019-01-26 09:43:24 -0800 HOSTNAME : mail.example.net VERSION : 3.14.14 (31 May 2016) debian UPSNAME : SMT1500 CABLE : Ethernet Link DRIVER : NETWORK UPS Driver UPSMODE : Stand Alone STARTTIME: 2019-01-26 09:43:23 -0800 MASTERUPD: 2019-01-26 09:43:24 -0800 MASTER : 192.168.1.1:3551 MODEL : Smart-UPS 1500 STATUS : ONLINE SLAVE BCHARGE : 100.0 Percent TIMELEFT : 206.0 Minutes MBATTCHG : 5 Percent MINTIMEL : 3 Minutes MAXTIME : 0 Seconds BATTV : 27.3 Volts NUMXFERS : 0 TONBATT : 0 Seconds CUMONBATT: 0 Seconds XOFFBATT : N/A STATFLAG : 0x05000408 SERIALNO : ABC123456 NOMBATTV : 24.0 Volts FIRMWARE : UPS 09.4 / ID=18 END APC : 2019-01-26 09:43:27 -0800
Install MiaB
Download and install MiaB. Note that the DH parameter, currently set for 2048 bits by the MiaB project, may take a while to calculate depending on hardware, though it is performed as part of the final, unattended steps of the installation.
user@servername:~$ curl -s https://mailinabox.email/setup.sh | sudo -E bash
Set the email address as user@example.net, rather than whatever it recommends. Due to a bug, only use the letter, number, right arrow, left arrow, and backspace keys or else the installation will crash. If a subdomain besides box is preferred, be sure to change that in the hostname option.