Initial install ... "system is adequately configured"

[24jedi]

Disclaimer...I am new to Mail:Toaster and somewhat of a novice to FreeBSD and *nix alike. My background has been primarily with MS and networking...no *nix servers in a production environment. I am not afraid of breaking anything and willing to spend time learning. My FreeBSD experience has been limited to installing it several times at home and work for applications like mysql, php, and apache primarily as a sandbox for website stagging.

I want to migrate from our existing windows based mailserver to Mail:Toaster. We are a small company with hands-on control of this box. I am not so-much interested in setting up Toaster at this point, as I am sure the doc's will provide the needed information later.

Question... From the install page:

The installation process assumes that you already have a server built, the OS installed, and the system is adequately configured to serve out the rest of it's life as an email system.

Has anyone documented the "system is adequately configured" part of how the initial system needs to be installed. Any novice can load the OS from a cd. Since I would eventually like to put a system into a production environment, what steps should I take.

1. Am I installing from the commandline with a limtied install? ie..no GUI
2. Are there certain services/applications/caveats I need to be aware of during initial installation?
3. Is the initial installation to include locking down services and setup the firewall, or do the Toaster scripts do this?
4. I am planning on using FreeBSD 5.x, as most of the Toaster installation documentation seems to support this version.

I suppose I could Google for FreeBSD install and lock down how-to's, but as the saying goes... "Your mileage may vary"

So I am hoping someone here can provide some insight, tips, links and/or doc's. I document most everything I do, so I would have no problem volunteering on a How-to, if someone can help me pull this information together.

Much appreciated,

Don

[24jedi]

I found something out on the web. The original author's name is Leigh Renfrow, aka...Soup4you2. His/her name is mentioned in several forums and lists. I have basically copied the article from http://www.littlewhitedog.com/content-72.html , to create a pdf. It's 51 pages ~ 403KB. I used OpenOffice to create a version to edit for changes and updates.

I have posted the pdf at my site http://www.munyak.com/index.php?id=12

Code Select Expand


I have modified my website since originally posting. The new link is:
http://www.munyak.com/Projects/EmailServer.html
The direct link still works

For direct download use this link

http://www.munyak.com/downloads/How_To_Install_a_Secure_BSD_System.pdf

Maybe with some help, we can create a good Pre-Toaster how-to

Don

[matt]

You are making it far more work that it needs to be. FreeBSD is a server grade operating system. That means you simply install it and you have a fairly secure robust platform to build upon. To keep it that way, don't install all sorts of stuff on. Don't make a lot of changes. The more software you install, the more likely you are to introduce bugs and insecurities. When it comes to security and reliability, less is truly more.

For our purposes, simply install a recently released version of FreeBSD and then install Mail::Toaster. There are notes around about how to configure the disks, but that really depends a lot on the volume of mail the toaster will handle. If small, then it really won't matter. If large (>1000 users), it will matter immensely, but you'll have the resources (and likely knowledge) to deal with that.

If you're paranoid, configure IPF of IPFW and use them for firewalling.

[24jedi]

Well, I'm all about the kiss principle.

To keep it that way, don't install all sorts of stuff on. Don't make a lot of changes. The more software you install, the more likely you are to introduce bugs and insecurities. When it comes to security and reliability, less is truly more.

This is the part that I was initially refering to. "What to install". I have only installed *nix from the perspective of a users on a LAN. Having read The Complete FreeBSD book a few times, especially the install chapter, FreeBSD can be installed several different ways. I was envisioning that the install process for a production-public server would start out as a "minimal install" with "parnoid settings" and then update the system relative to recent security patches.

As for tweaking the kernel or adding unneccessary application...these were never in my plan.

Do you still think I am overly-complicating things by starting out with a minimal installation?
If starting out with a minimal installation as described above, will this meet the requirements (generally speaking) so that I can use your scripts?

Would I be complicating things by using a FreeBSD Jail for the toaster ?

Thanks

[matt]

A minimum install + ports should be just fine. A standard install + ports is well tested and known to work quite reliably.  Mail::Toaster will also run just fine in a jail, but certain things won't work correctly such as SNMP monitoring and DNS services. This is because UDP is not fully functional within a jail.

Matt

[24jedi]

Thanks a bunch.

I will probably load and reload several times in a vmware virtual for my own learning/testing.

I will also still document and post later the pre-toaster steps I took as well. Who knows, maybe some other noob like me will benefit from my experiences.