Public Data:

Popular Project Sites: Project Sites:

Luke Cole

Donate to Luke Cole
Locations of visitors to this page


This web page provides all the commands required to setup a HTTP, LDAP, SMTP, IMAP, POP, DNS and DHCP server. The emacs commands mean you are required to edit this file. Acquiring example files is discussed at the bottom of this page. The following should work for most flavors of Ubuntu (last updated for 10.10). The package names may have changed somewhat.


server:~>apt-get install apache2
server:~>emacs /etc/apache2/sites-available/default
server:~>/etc/init.d/apache2 restart

NOTE: Server Load Optimization

Multiple Sites (VirtualHost)

Create as many virtual sites as you want in:


To enable any of them:

server:~>ln -s /etc/apache2/sites-available/{name} \
server:~>/etc/init.d/apache2 restart

PHP Support

server:~>apt-get install php5 libapache2-mod-php5
server:~>/etc/init.d/apache2 restart

MySQL Support

server:~>apt-get install mysql-server mysql-client \
 libapache2-mod-auth-mysql php5-mysql
server:~>/etc/init.d/apache2 restart
To enable remote login set bind-address in /etc/mysql/my.cnf to your ip and then:
server:~>/etc/init.d/mysql restart
server:~>mysql -u root -p mysql
mysql>GRANT ALL ON db_name.* TO username@'ip' IDENTIFIED BY 'passwd'

Edit Service Version

Change the ServerTokens and ServerSignature apache directives within /etc/apache2/apache2.conf, e.g.:

ServerTokens ProductOnly
ServerSignature Off


server:~>apt-get install telnet
server:~>telnet localhost 80
Remember to press the ENTER key twice.
server:~>apt-get install lynx
server:~>lynx localhost

SSL Support

server:~>ln -s /etc/apache2/mods-available/ssl.load \
server:~>ln -s /etc/apache2/mods-available/ssl.conf \
Then edit your VirtualHost it looks something like:
NameVirtualHost *:443
<virtualhost *:443>

 ServerAdmin webmaster@localhost

 SSLCertificateFile /etc/apache2/ssl/apache.pem
 SSLEngine on

 # enable strongest 7 ciphers
 SSLProtocol all

Now do:
server:~>a2ensite ssl


server:~>apt-get install slapd ldap-utils ldapscripts \
 libnss-ldap libpam-ldap db4.2-util nscd
server:~>emacs /etc/ldap/slapd.conf
server:~>emacs /etc/pam_ldap.conf
server:~>emacs /etc/libnss-ldap.conf
server:~>emacs /etc/nsswitch.conf
server:~>emacs /etc/pam.d/common-auth
server:~>emacs /etc/pam.d/common-account
server:~>emacs /etc/pam.d/common-password
server:~>/etc/init.d/slapd restart

Web-based Config

server:~>apt-get install phpldapadmin php5-ldap
server:~>emacs /etc/phpldapadmin/config.php
server:~>/etc/init.d/apache2 restart

Create apache2 VirtualHost (see above) to

Remember to export a .ldif file of your ldap directory just incase your ldap database is lost!

Alternative Config Method

server:~>man ldapsearch
server:~>man ldapadd
server:~>man ldapdelete
server:~>man ldapmodify

Current issues with LDAP

There is currently a bug in the latest nss_ldap-249+. If you system is booting slow and you are getting bootup messages like:

udevd[374]: nss_ldap: failed to bind to ldap server
 ldap://server can't connect ldap server
udevd[374]: nss_ldap: reconnecting to ldap server
Then do the following on your server/clients to fix it:
host:~>addgroup --system nvram
and set "bind_policy hard" within /etc/libnss-ldap.conf

More info at and


client:~>apt-get install libnss-ldap libpam-ldap nscd
client:~>emacs /etc/pam_ldap.conf
client:~>emacs /etc/libnss-ldap.conf
client:~>emacs /etc/nsswitch.conf
client:~>emacs /etc/pam.d/common-auth
client:~>emacs /etc/pam.d/common-account
client:~>emacs /etc/pam.d/common-password

SMTP Server HOWTO (Outgoing Email Server)

  1. Install
    server:~> sudo apt-get install exim4
  2. Configure Mail Hostname
    server:~> echo "" > /etc/mailname
  3. Configure Exim as smarthost and split config files
    server:~> sudo dpkg-reconfigure exim4-config
    Exim config file /etc/exim4/update-exim4.conf.conf should look something like:
  4. Edit Service Version (Optional Security by Obscurity) - change the smtp_banner variable within /etc/exim4/conf.d/main/02_exim4-config_options, e.g.:
    smtp_banner = $smtp_active_hostname ESMTP $tod_full

  5. Restart Exim
    server:~>sudo /etc/init.d/exim4 restart


server:~>apt-get install telnet
server:~>telnet localhost 25
RCPT TO: <root@localhost>
Subject:Test Message
This is a test message.
server:~>apt-get install mailutils
server:~>echo "spam is good" | mail -s "31337" root@localhost
server:~>apt-get install swaks


  1. Install
    server:~>sudo apt-get install sa-exim spamassassin
  2. Configure SpamAssassin (Optional)
    server:~>sudo emacs -nw /etc/spamassassin/
  3. Enable SpamAssassin
    • Set ENABLE=1 in /etc/default/spamassassin
    • Comment out SAEximRunCond: 0 from /etc/exim4/sa-exim.conf
  4. Train the bayesian filter what spam is
    sudo sa-learn --spam -u spamd --dir /home/<username>/Maildir/.Junk/* -D
  5. Train the bayesian filter what non-spam is (Optional)
    sudo sa-learn --ham -u spamd --dir /home/<username>/Maildir/cur/* -D
  6. Restart Exim and SpamAssassin
    server:~>sudo /etc/init.d/spamassassin restart
    server:~>sudo /etc/init.d/exim4 restart

Virtual Hosts

  1. Create virtual hosts/emails
    mkdir /etc/exim4/virtual
    echo "*: <username>@localhost" > /etc/exim4/virtual/
    echo "*: <username>@localhost" > /etc/exim4/virtual/
    echo "webmaster: root@localhost" » /etc/exim4/virtual/
  2. Change domainlist local_domains (in /etc/exim4/main/01_exim4-config_listmacrosdefs) from:
    domainlist local_domains = MAIN_LOCAL_DOMAINS
    domainlist local_domains = @:localhost:dsearch;/etc/exim4/virtual
  3. Create Virtual Host Exim Config - add the following file to /etc/exim4/router/350_exim4-config_vdom_aliases
            driver = redirect
            domains = dsearch;/etc/exim4/virtual
            data = \
            pipe_transport   = address_pipe
            file_transport   = address_file
  4. Restart Exim
    server:~>sudo /etc/init.d/exim4 restart

IMAP Server HOWTO (Incoming Email Server)

server:~>apt-get install courier-imap

Testing IMAP

server:~>apt-get install telnet
server:~>telnet localhost 143
1 LOGIN "username" "password"

IMAP over SSL Server HOWTO (Secure Incoming Email Server)

server:~>apt-get install courier-imap-ssl

POP Server HOWTO (Incoming Email Server)

server:~>apt-get install courier-pop

Testing POP

server:~>apt-get install telnet
server:~>telnet localhost 110
USER username
PASS passwd

POP over SSL Server HOWTO (Secure Incoming Email Server)

server:~>apt-get install courier-pop-ssl

Courier IMAP/POP LDAP Support

server:~>apt-get install courier-ldap
server:~>emacs /etc/courier/authdaemonrc
server:~>emacs /etc/courier/authldaprc
server:~>emacs /etc/courier/ldapaliasrc
server:~>/etc/init.d/courier-authdaemon restart
server:~>/etc/init.d/courier-ldap restart

Now restart the services you are running, such as:

server:~>/etc/init.d/courier-imap restart
server:~>/etc/init.d/courier-imap-ssl restart
server:~>/etc/init.d/courier-pop restart
server:~>/etc/init.d/courier-pop-ssl restart

Email Aliases

Use phpldapadmin to add LDAP email aliases or just use the file:

server:~>emacs -nw /etc/aliases


server:~>apt-get install bind9
server:~>emacs -nw /etc/bind/named.conf.options
server:~>emacs -nw /etc/bind/named.conf.local
server:~>emacs -nw /etc/bind/db.{name}
server:~>/etc/init.d/bind9 restart


  • Each time you edit the db files (e.g. or db.0.0.10) you need to increase the serial number.
  • The @ IN NS needs in needs to match the @ IN NS record in db.0.0.10


server:~>apt-get install host dns-browse
server:~>host machine_name
server:~>dig machine_name
server:~>nslookup machine_name


server:~>apt-get install dhcp3-server
server:~>emacs -nw /etc/dchp3/dhcpd.conf
server:~>/etc/init.d/dhcp3-server restart

Client Config

client:~> less /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

client:~>ifup eth0

Jail (chroot)

  1. Install
    server:~> sudo apt-get install rssh jailer
    server:~> sudo chmod u+s /usr/lib/rssh/rssh_chroot_helper
  2. Configure RSSH - allow services (e.g. allowscp) and set chrootpath = /jail in /etc/rssh.conf
  3. Create the /jail/ with
  4. Setup syslog:
    server:~> /sbin/syslogd -a /jail/dev/log
  5. Set jail home path and rssh shell for each jail user in /etc/passwd, e.g.
  6. Remove all non-jail users and set the home path and rssh shell for each jail user in /jail/etc/passwd. e.g.

APT Cache

server:~> apt-get install apt-cacher
server:~> emacs /etc/apt-cacher/apt-cacher.conf
Then change entries in /etc/apt/sources.list form
deb dapper main restricted
deb http://server:3142/apt-cacher/ \
dapper main restricted

Timezone Config

client:~>echo "Australia/Sydney" > /etc/timezone
client:~>ln -s /usr/share/zoneinfo/Australia/Sydney /etc/localtime

NTP Config

client:~>apt-get install ntpdate

Access Point Config

Setup the device in master mode:

server:~>iwconfig ath0 mode master
However if that command returns:
Error for wireless request "Set Mode" (8B06) :
SET failed on device ath0 ; Invalid argument.
Try to set the mode during installation of the module, for example some madwifi modules for Atheros wireless NIC's require:
server:~>modprobe ath_pci autocreate=ap
Then simply set the ESSID and IP address:
server:~>iwconfig ath0 essid my_wireless_name
server:~>ifconfig ath0 up

NOTES: Replace ath0 with the correct NIC device name.

Network Router Config

If your server is connected to the internet via a router, you will need your router to forward incomming traffic on port 25 (SMTP), port 143 (IMAP), port 80 (HTTP) to your server. This can be done via the following script:

Example Port Forwarding Script:



echo 1 > /proc/sys/net/ipv4/ip_forward

/sbin/iptables -t nat -A PREROUTING -p tcp -m multiport /
 --dport $DMZ_PORTS -i $ETH -j DNAT --to $DMZ_HOST

However you may wish to run a serious firewall, so feel free to use Luke Cole's iptables firewall sh script firewall-router.

Prevent SYN flood bombs

Turn ON SYN cookies

echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Increase half-open connections can be kept by the backlog queue.
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog

"Testing" / "Monitoring"

Live-CDs / Frameworks: BackTrack, Phlak, Metasploit

Ubuntu/Debian Packages:

server:~>apt-get install netcat nessus nmap tcpick tcpdump iptraf /
 iproute pktstat traceroute ethereal etherape geoip-bin net-tools /
 sysstat hddtemp hdparm lm-sensors snort psad fail2ban clamav /
 rkhunter chkrootkit nikto dsniff scapy packit nast distributed-net /
 fakepop kismet airsnort weplab aircrack john medussa crack-md5 /
 fcrackzip pdfcrack wordplay an apg gpw otp 

Machine Optimization

  1. svctm (via iostat) should be no greater then 30 (milliseconds) and %util (via iostat) should be no greater then 5 (%). This indicates the system disk(s) are not tuned or are too slow.
  2. %wa (via top) should be no greater then 30 (%). This indicates the system disk(s) are not tuned or are too slow.
  3. procs r (via vmstat) should be no greater then the number of CPUs on the system and no more then four times the number of available CPUs on the system. This indicates shortage of CPU power.
  4. cpu sy (via vmstat) should be no greater then four times cpu us (via vmstat). This indicates shortage of CPU power.

Once you have determined a machine is in overload (e.g. your server is using to much cpu, memory or disk read/write access). Then you can either upgrade the cpu, memory or disk speed. However if disk speed is your problem (a common problem, see above) due to, for example, mysql, you could even the load via moving your /var/lib/mysql/ directory to a second drive or another machine.

For more info, then I recommend you read documents such as

Example Files

Users of this network can ssh to and visit the config backup directory for which provides the current server and router config, crontab and script files:

Otherwise contact Luke Cole for examples.



© 2000-2024 Luke Cole
All rights reserved