A Server (Almost) of Your Own

 in
Set up a virtual host for e-mail on your virtual private server.

Would you like to have a dedicated server at an ISP, for the price of a mere virtual hosting account? For most Linux users, the answer is certainly, yes. You want root access to your own box and the ability to run the software that you choose—even if the budget calls for virtual hosting.

In this case, the solution is a Virtual Private Server (VPS). VPS accounts effectively partition a physical computer's resources into several virtual machines. You get root access to your VPS and configure it just like you would a dedicated server.

Of course, the flexibility of a VPS comes at the price of increased complexity. You are the system administrator of your VPS, not your ISP. The correct operation of the virtual machine—particularly security—is your responsibility.

The typical VPS account holder, however, needs to support only a small number of users, with a few relatively simple services. This makes the task of administering the system much easier. If you are at least somewhat comfortable with managing a Linux machine from the command line, you should be able to make a successful transition to a VPS account.

In this article, we focus our attention on the most critical aspect of switching to a VPS from virtual hosting—getting your e-mail working. E-mail is one of the most important communication tools today. With the exception of DNS, it is also the most complex service you are likely to encounter. Learning how to get your e-mail working should give you a good overall sense of how to manage your VPS.

With respect to DNS, you may want your VPS provider to handle it for you entirely, at least in the beginning. Ask about the additional fees before you sign up. They should be a few extra dollars per year. Some domain name registrars and third parties also can provide you with DNS service.

Getting Started

We use the VPS service provided by tummy.com to implement and test our e-mail solution. Its VPS accounts are based on Red Hat's Fedora by default, but you easily can choose Debian instead during the sign-up process. We use the Fedora-based VPS for this article—Fedora Core 3 at the time of writing. Some of the steps shown in the following discussion are specific to Fedora, but most are applicable to any recent Linux distribution. Updates for more recent Linux distributions are available at /article/9380. There is a corrections notice at the start of that document—just keep reading past it to get to the updates.

Here are some names that you will see in the examples. Your VPS hostname is myvps, your workstation is ws, your first domain name is first.domain, and your second domain name is second.domain. Your user name on your workstation is usera, and the mail users on the VPS are maila and mailb.

Additional domain names beyond the first one are optional—only remember to delete all references to second.domain when you use any of the code from the article. You also can host more than two domain names—simply configure them in the same way as second.domain is configured in the examples.

Of course, the actual domain names that you use should be valid and registered to you. For example, my first.domain is openlight.com. You also can call your VPS and workstation anything you want. Now, let's begin.

Log in to your new VPS account as root with ssh root@MY.VPS.IP.ADDRESS. You would have already chosen your root password when you signed up for the account, and your VPS provider should have given you the IP address of your virtual machine.

One of the first tasks when you set up a new Linux server is to configure the built-in iptables firewall. Your VPS provider may have set reasonable defaults, but you should always verify this yourself.

On the Fedora Linux distribution, run the following command:

[root@myvps ~]# system-config-securitylevel-tui

You can now move from one control to another with the cursor keys. Use the spacebar to activate buttons and toggle check boxes. Make sure that the Security Level is set to Enabled. Then, activate the Customize button.

On the next screen, you must enable SSH, WWW and Mail. Do not enable any Trusted Devices.

Next, scroll down to the Other ports text box, and add the entry https:tcp, which allows secure https connections. You will need https if you decide to configure Web mail, as described later in this article.

Activate the OK button when you are finished with the customization screen. Also, activate OK on the next screen. Finally, restart iptables to make sure that the changes take effect:

[root@myvps ~]# /etc/init.d/iptables restart

You must be very careful when you reconfigure your iptables. In addition to the usual danger of creating new vulnerabilities, it is easy to lock yourself out of the remote VPS server. In that situation, you will have to ask your VPS provider for help. Other common ways to render the VPS inaccessible are shutting down networking, the SSH dæmon (sshd) or halting the virtual machine.

Next, create an ordinary user login that you will use later to read and send e-mail. Set the password for the new account:

[root@myvps ~]# useradd maila
[root@myvps ~]# passwd maila
Changing password for user maila.
New UNIX password:

Use names such as maila or pseudonyms for logins. This is more secure and guards against inadvertent release of personal information on-line. Verify that you can log in to the new account. You are now ready to configure your mail server.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

The articles is good,

elf's picture

The articles is good, however when it comes about email I think qmail offers more flexibility. From my experience I found Debian to be more apropriate for VPS than Fedora.

great article :)

statistik-tutorial's picture

Since I prefer postfix, too and use it together with dovecot I found this article very helpful. I think postfix together with dovecot is easy to configure and flexible enough for most tasks. Though it's a matter of personal taste as always.

the article is very good :P

Pedro Simões's picture

I desagree with that i prefer postfix than qmail much easier to personalize and resolving problems and qmail u allways to have a patch to fix something or add something.....

Helpful

Tattoo Design's picture

The article is very informative.....thanks for providing such an in depth knowledge

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState