First, Execute the Binary:

> mv jre-6u16-linux-x64.bin /usr/lib/java
> cd /usr/lib/java
> chmod 744 jre-6u16-linux-x64.bin
> ./jre-6u16-linux-x64.bin

Download the 32-bit or 64-bit non-RPM binary from Sun’s site here and execute it.

Next, Set Sun’s Java as Default:

> update-alternatives --install "/usr/bin/java" "java" "/usr/lib/java/jre1.6.0_16/bin/java" 1
> update-alternatives --set java /usr/lib/java/jre1.6.0_16/bin/java

We configure the system to use Sun’s Java binaries to execute “java” commands by telling it there is an alternate installation and to use it by default.

Finally, Check the Default Version:

> java -version
java version “1.6.0_16″
Java(TM) SE Runtime Environment (build 1.6.0_16-b01)
Java HotSpot(TM) 64-Bit Server VM (build 14.2-b01, mixed mode)

First, install Mailman via yum:

> yum install mailman

Next, edit its Apache configuration file:

> cd /etc/httpd/conf.d
> vi mailman.conf
RedirectMatch ^/mailman[/]*$ http://domain.com/mailman/listinfo

Uncomment the redirect parameter and enter the correct domain name.

Set the site master password:

> /usr/lib/mailman/bin/mmsitepass password

This password can be used to access any list or any page.

Edit the Mailman configuration file:

> vi /usr/lib/mailman/Mailman/mm_cfg.py
DEFAULT_URL_HOST = ‘domain.com’
DEFAULT_EMAIL_HOST = ‘domain.com’

The URL host parameter usually matches the domain name from the above Apache configuration file. The email host should match the origin of the mail (i.e. the part after the @ of the email address, whether it is host.domain.com or domain.com).

Check for updates:

> cd /usr/lib/mailman
> bin/update
No updates are necessary.

Create the mailman site list and set up the aliases:

> cd /usr/lib/mailman
> bin/newlist mailman

Enter the email of the person running the list: minh@minhtech.com
Initial mailman password: password
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases’ program:

## mailman mailing list
mailman: “|/usr/lib/mailman/mail/mailman post mailman”
mailman-admin: “|/usr/lib/mailman/mail/mailman admin mailman”
mailman-bounces: “|/usr/lib/mailman/mail/mailman bounces mailman”
mailman-confirm: “|/usr/lib/mailman/mail/mailman confirm mailman”
mailman-join: “|/usr/lib/mailman/mail/mailman join mailman”
mailman-leave: “|/usr/lib/mailman/mail/mailman leave mailman”
mailman-owner: “|/usr/lib/mailman/mail/mailman owner mailman”
mailman-request: “|/usr/lib/mailman/mail/mailman request mailman”
mailman-subscribe: “|/usr/lib/mailman/mail/mailman subscribe mailman”
mailman-unsubscribe: “|/usr/lib/mailman/mail/mailman unsubscribe mailman”

Hit enter to notify mailman owner…

> vi /etc/aliases
## mailman mailing list
mailman: “|/usr/lib/mailman/mail/mailman post mailman”
mailman-admin: “|/usr/lib/mailman/mail/mailman admin mailman”
mailman-bounces: “|/usr/lib/mailman/mail/mailman bounces mailman”
mailman-confirm: “|/usr/lib/mailman/mail/mailman confirm mailman”
mailman-join: “|/usr/lib/mailman/mail/mailman join mailman”
mailman-leave: “|/usr/lib/mailman/mail/mailman leave mailman”
mailman-owner: “|/usr/lib/mailman/mail/mailman owner mailman”
mailman-request: “|/usr/lib/mailman/mail/mailman request mailman”
mailman-subscribe: “|/usr/lib/mailman/mail/mailman subscribe mailman”
mailman-unsubscribe: “|/usr/lib/mailman/mail/mailman unsubscribe mailman”

> newaliases

After creating the list, add the listed aliases to the bottom of the aliases file, and then run newaliases.

Finally, restart Apache and start mailman:

> /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]

> /etc/init.d/mailman start
Starting mailman: [ OK ]

> chkconfig –level 2345 mailman on

The documentation is located at /usr/share/doc/mailman-2.1.9/.

First, make sure sendmail is uninstalled:

> yum remove sendmail

We want to use Postfix as our mail transfer agent (MTA) because it is simpler to configure.

Install Postfix:

> yum install postfix

Edit the Posttfix configuration files:

> vi /etc/postfix/main.cf
myhostname = host.domain.com
mydomain = domain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relay_domains = $mydestination

Make sure the myhostname and mydomain parameters are set correctly. Check the /etc/hosts and /etc/sysconfig/network files and use the “hostname” command to make sure network configurations are correct.

Start Postfix:

> /etc/init.d/postfix start
Starting postfix: [ OK ]

Test Postfix:

> telnet localhost smtp
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 host.domain.com ESMTP Postfix
> ehlo host
250-host.domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
> mail from: mnguyen
250 2.1.0 Ok
> rcpt to: mnguyen
250 2.1.5 Ok
> data
354 End data with <CR><LF>.<CR><LF>
> test
> .
250 2.0.0 Ok: queued as 1869B10145
> quit
221 2.0.0 Bye
Connection closed by foreign host.

Log into the server via telnet, check for an extended hello response, send a test message, and quit.

Install Dovecot:

> yum install dovecot

We can send or check for messages locally if a client like mailx is installed. However, we will install a POP3 server so we can send or check for messages remotely from a client such as Outlook, Lotus Notes, or Thunderbird.

Configure Dovecot:

> vi /etc/dovecot.conf
protocols = pop3 pop3s imap imaps
mail_location = mbox:~/mail:INBOX=/var/mail/%u
pop3_uidl_format = %08Xu%08Xv
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

We need to enable the POP3 protocol because it is not enabled by default. We will use the mbox mailbox format. We will also enable the built-in client workarounds.

Start Dovecot:

> /etc/init.d/dovecot start
Starting Dovecot Imap: [ OK ]

Test Dovecot:

> telnet localhost pop3
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
+OK Dovecot ready.
> user mnguyen
+OK
> pass password
+OK Logged in.
> list
+OK 1 messages:
1 488
.
> retr 1
+OK 488 octets
Return-Path: <mnguyen@host.domain.com>
X-Original-To: mnguyen
Delivered-To: mnguyen@host.domain.com
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by host.domain.com (Postfix) with SMTP id 1869B10145
for <mnguyen>; Thu, 9 Oct 2008 14:12:03 -0400 (EDT)
Message-Id: <20081009181211.1869B10145@host.domain.com>
Date: Thu, 9 Oct 2008 14:12:03 -0400 (EDT)
From: mnguyen@host.domain.com
To: undisclosed-recipients:;

test
.
> quit
+OK Logging out.
Connection closed by foreign host.

Log into the POP3 server via telnet and retrieve the message sent earlier.

Configure SASL for SMTP Authentication:

> vi /etc/dovecot.conf
auth default
{
   mechanisms = plain login

   passdb pam
   {
   }

   userdb passwd
   {
   }

   socket listen
   {
      client
      {
         path = /var/spool/postfix/private/auth
         mode = 0660
         user = postfix
         group = postfix
      }
   }
}

> vi /etc/postfix/main.cf
mynetworks = 127.0.0.0/8

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes

We want to configure SMTP authentication to allow only our users to relay mail. Unauthorized users (e.g. spammers) are denied relay. Edit both the Dovecot and Postfix configuration files. Put the SASL lines at the bottom of the Postfix configuration file.

Start SASL and restart Postfix and Dovecot:

> /etc/init.d/postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]

> /etc/init.d/dovecot restart
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]

> /etc/init.d/saslauthd start
Starting saslauthd: [ OK ]

> chkconfig –level 2345 postfix on

> chkconfig –level 2345 dovecot on

> chkconfig –level 2345 saslauthd on

Test the SASL implementation:

> telnet host.domain.com smtp
Trying 123.123.123.123…
Connected to host.domain.com.
Escape character is ‘^]’.
220 host.domain.com ESMTP Postfix
> ehlo host
250-host.domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
> mail from: mnguyen
250 2.1.0 Ok
> rcpt to: minh@minhtech.com
554 5.7.1 <minh@minhtech.com>: Relay access denied
> quit
221 2.0.0 Bye
Connection closed by foreign host.

We are expecting relay access to be denied.

First, install Apache via yum:

> yum install httpd

Next, we will modify the configuration file. Edit the timeout parameter:

> vi /etc/httpd/conf/httpd.conf
Timeout 60

We will be limiting the number of processes to conserve memory so we do not want them held up for too long.

Edit the keep alive parameters:

KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 2

We want to allow a browser to keep alive its connection with the server and use the same connection to request multiple files and maximize bandwidth. Fewer connections means less overhead. We have instructed Apache to close connections after 2 seconds of inactivity. The default 15 seconds is too long. We want to give the browser plenty of time to submit requests but close the connection as soon as possible.

Edit the prefork multi-processing module (MPM):

<IfModule prefork.c>
   StartServers 4
   MinSpareServers 4
   MaxSpareServers 6
   ServerLimit 16
   MaxClients 16
   MaxRequestsPerChild 4000
</IfModule>

So we are instructing Apache to start 4 server processes and keep up at least 4 spare processes ready to go at all times. It may scale up to 16 active processes with a maximum of 6 spare processes at any given moment. Tune these numbers by considering physical memory available to Apache. “ps -ylC httpd –sort:rss” shows the physical memory usage for each process. Spawning too many processes will cause swap and slow the machine down to a crawl.

We are also instructing Apache to recycle processes by having each one handle 4,000 requests before it is killed. Spawning a new process requires a lot of overhead. On the other hand, we do not want to keep a process alive forever since each request may allocate more and more memory that will not be released (i.e. memory leak).

Turn off hostname resolution:

HostnameLookups Off

Enable compression:

AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript

BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

Header append Vary User-Agent env=!dont-vary

We are instructing Apache to compress files of several MIME types to speed up transmission and conserve bandwidth. Some older browsers partially support or do not support gzip compression so we limit or disable compression when they interface the server.

Finally, start Apache:

> /etc/init.d/httpd start
Starting httpd: [ OK ]

> chkconfig –level 2345 httpd on