FreeBSD Linode Setup

From Pademelon
Jump to: navigation, search

Ok, so you've just installed FreeBSD 11.0. So where do we go from here?

WARNING - Conversion from Debian Etch in progress. NOT COMPLETE


General Setup

Well lets start by setting up a few basics:

Use the Linode console to access your server via ssh.

Setup Network Interface

To setup the network interface for both IPv4 and IPv6 addresses:

Setup Dynamic IPv4 Networking

If you've only have one IPv4 address, the default install will use DHCP to setup your IP address automatically.

Edit /etc/rc.conf


Setup Dynamic IPv6 Networking

If you've only have one IPv6 address, the default install will use SLAAC to setup your IP address automatically.

Edit /etc/rc.conf

 ifconfig_vtnet0_ipv6="inet6 accept_rtadv"

I want to disable IPv6 so replace the above with


Setup Static IPv4 Networking

For this example I'm going to use IP addresses and you should use the two IP addresses assigned to you in place of these if you have them.

To setup multiple addresses on a single network interface

Edit /etc/rc.conf

 ifconfig_vtnet0="inet netmask"
 ifconfig_vtnet0_alias0="inet netmask"

Then restart networking (This will only work from SSH if you have static networking configured)

 # /etc/rc.d/netif restart && /etc/rc.d/routing restart

Set the hostname

Now set the hostname of the machine. We'll be calling it "server" and it will live in our primary domain

Edit /etc/rc.local


Update the hostname

 # service hostname restart

The next time you log back in, the hostname in the prompt will take effect

Setup the servers host name resolution

Edit /etc/hosts      server

Set the timezone

Lets set the time zone to our home location:

 # cp /usr/share/zoneinfo/Australia/Sydney /etc/localtime

Setup the Server Locale

To setup server localization, follow this guide:

Secure Shell Access

By default, the sshd service will be running on all interfaces using port 22 with password based logins enabled.

However, logins by the root user are disabled by default, and we are going to keep it that way.

Turn Off Secure Shell Access

If you want to stop and disable the ssh service and only use the console for access, use the following steps:

Add the following entry to /etc/rc.conf


Now stop the service

 # service sshd stop

Setup Secure Shell Access

If you want keep the ssh service, use the following steps:

Using the LISH console, we are going to change the sshd service to run on our primary interface address using a non-standard port.

Edit /etc/ssh/sshd_config

 Port 22123

Restart sshd

 # service sshd restart

Leave you LISH console running, and login to you server, using your default non-root user you setup during installation, with your ssh client (I'm using Putty)

The server should refuse our key and ask for a password.

As the default non-root user, create the .ssh directory, create the authorized keys file, edit it and paste in your ssh key.

 $ mkdir .ssh
 $ cd .ssh
 $ touch authorized_keys
 $ vi authorized_keys
 Important safety tip.
 When pasting your Putty public key you need to copy it out of the public key window of the Putty Key Generator.
 Don't open it in Wordpad or Notepad and paste it from there, otherwise it won't work. 

Test your default non-root user key based login works, by logging out from your ssh client and logging back in again.

If key based logins are working, you shouldn't be asked for the password this time.

Now swap back to the LISH console and disable password based logins

Edit /etc/ssh/sshd_config

 ChallengeResponseAuthentication no

Then restart sshd

 # service sshd restart

Test password login no longer works by attempting to login without the key.

Setup Network Time Protocol

To enable the NTP service, add the following to /etc/rc.conf


Then start the ntp service

 # service ntp start

NTP configuration is located in /etc/ntp.conf

Setup Logwatch

First we need to install the logwatch package

 pkg install logwatch

By default logwatch will send its output to stdout. To have our logwatch reports emailed, set the following options in the logwatch configuration file:

Edit /usr/local/etc/logwatch/defaults/logwatch.conf

 Output = mail

Now we need to install a cron job to execute the logwatch script each day

 # crontab -e

Enter the following in the editor and save

 # Order of crontab fields
 # min   hour    mday    month   wday    command
 5       0       *       *       *       /usr/local/sbin/

The cron job is saved in:


Now we are using logwatch, change periodic to log to files instead of sending out emails

Edit /etc/periodic.conf


User Accounts

Users no longer have system accounts on my server, however if you need to set them up, this is how.

Setup the skeleton directory structure

First lets setup the skeleton directory, so when we create new users the directories and files in the skeleton directory is copied into the new users home directory.

 # cd /etc/skel
 # mkdir Maildir
 # mkdir public_html
 # touch public_html/index.html
 # touch public_html/robots.txt

Add User Accounts

Lets create accounts for a couple of the cows, to allow them to host their websites and collect mail.

 # adduser girlie
 # adduser littleone

The Package System

Now lets upgrade the existing system to the latest:

 # pkg update
 # pkg upgrage

Setup the DNS

Install Bind 9

Lets install Bind 9, so we can run our own DNS server.

 aptitude install bind9 dnsutils

Add the main domain to the zone

The domain will be owned by the server, girlie will own and littleone will own

 zone "" {
       type master;
       file "/etc/bind/";
       allow-query { any; };
 zone "" {
       type master;
       file "/etc/bind/";
       allow-query { any; };
 zone "" {
       type master;
       file "/etc/bind/";
       allow-query { any; };

Setup the zone file for the server

In this example we will use and for our IP addresses, that way if someone copies this example into a real DNS server, we won't break things. Use the one that is assigned to your linode.

Edit /etc/bind/

 $TTL    86400
 @           IN SOA (
                                       1D )
                          IN NS
                          IN NS
                          IN A
                          IN MX 10      IN TXT       "v=spf1 a -all"
 ns1                      IN A
 ns2                      IN A
 server                   IN A
 www                      IN A
 mail                     IN CNAME
 ftp                      IN CNAME             IN TXT       "v=spf1 a mx ~all"

Setup the zone file for any hosted domains

The zone file for hosted domains will all be similar in this case, with only the domain names changing. Girlie's zone file is below. Littleone's will be the same with substituted for

 $TTL    86400
 @           IN SOA (
                                       1D )
                          IN NS
                          IN NS
                          IN A
                          IN MX 10
 www                      IN A
 mail                     IN CNAME
 ftp                      IN CNAME

Setup the options to Bind 9

First goto DNS Manager in the Linode Control Panel and add the domains from our DNS server as slaves (not Masters), placing our Linode IP address ( for this example) in the Masters textbox and setting Domain Transfers to active.

Now in we need to allow transfers for the IP address of and (see below) from our server, so the Linode slave DNS server can be updated with changes we make to the zone files on our server.

Edit /etc/bind/named.conf.options

 auth-nxdomain no;    # conform to RFC1035
 listen-on-v6 { any; };
 // Disable any queries for domains we don't own
 allow-query { localhost; };
 // Disable recursive queries except from internal/local sources
 allow-recursion { localhost; };
 // Allow zone transfers with Linode Slave DNS Servers (ns1 -
 allow-transfer {;;;;;
 notify yes;

Start bind

 /etc/init.d/bind9 start

Add bind to the nameserver list

To replace the Linode DNS settings to use our own DNS server we need to make the following changes Edit /etc/resolv.conf and replace everything with:


Lastly we setup our domains at our domain registrar to query the Linode name servers, instead of our servers DNS server. This gives us all the benefits of running our own DNS server, while providing redundancy though the Linode DNS servers.

Setup Postfix Mail Server

Now what self respecting cow doesn't have an email address? So we are going to need an email server, and we are going to use postfix.

 aptitude install postfix postfix-tls

Note: This will automatically remove Exim.

As part of the post-install script, Postfix will probably ask some questions:

  • Type of site? Internet Site
  • Where should mail for root go? girlie
  • Mail name?
  • Other destinations to accept mail for?,, localhost
  • Force synchronous updates on mail queue? No

You can see where some of your answers ended up in /etc/postfix/

 myhostname =
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 myorigin = /etc/mailname
 mydestination =,, localhost
 relayhost =
 mynetworks =
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = all
 inet_protocols = all

Setup Postfix to use Virtual Mailboxes

External References:

Create Virtual Mailbox Owner

We are going to create an account which will be used by all virtual users to access email on the server. We will call this account vmail. First we create the group and then the user.

We will assign the user and group ID's to 5000 to keep them away from normal system accounts. Set the shell to /bin/false to prevent logins, and set the home directory to /var/mail/vmail. The home directory will be created for us with the -m option.

 groupadd -g 5000 vmail
 useradd -m -u 5000 -g 5000 -s /bin/false -d /var/mail/vmail vmail

Setup Postfix to use Maildir

We want to use Maildir style mail, so we set that here.

Edit /etc/postfix/

 # The home_mailbox parameter specifies the optional pathname of a
 # mailbox file relative to a user's home directory. The default
 # mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
 # "Maildir/" for qmail-style delivery (the / is required).
 home_mailbox = Maildir/

 # Forward local transport to virtual, otherwise postfix reject all mail as
 # "Recipient address rejected: User unknown in local recipient table;" 
 local_transport = virtual
 local_recipient_maps = $virtual_mailbox_maps
 # Virtual mail users
 virtual_mailbox_base = /var/mail/vmail
 virtual_mailbox_domains = /etc/postfix/virtual/vdomains.txt
 virtual_mailbox_maps = hash:/etc/postfix/virtual/vmailboxes.txt
 virtual_minimum_uid = 1000
 virtual_uid_maps = hash:/etc/postfix/virtual/vuid.txt
 virtual_gid_maps = hash:/etc/postfix/virtual/vgid.txt
 virtual_alias_maps = hash:/etc/postfix/virtual/valias.txt

List the Virtual Mail Domains

Each file located in /etc/postfix/virtual/domains is used to indicate which virtual domains the system sends and receives mail for.

Create these files we use the touch command


Add Users to the Virtual Mail Domains

Once we have created a file for a virtual mail domain, we edit this file to add a list of users that have mail accounts at this domain.

When user names are created, the domain name is include as part of the user name. This allows us to have a user called user1 at both and

Edit /etc/postfix/virtual/domains/ to add users to girlies domain

 # Maildir mail addresses for
 # Comment out the entry below to implement a catch-all.
 #      girlie

The user name of the first user is This users mail will be located on the system in the directory relative to virtual_mailbox_base defined in the virtual mail users setup. So the mail for this user is located in /var/mail/vmail/

Note: Don't neglect the trailing "/" or the file system layout for virtual accounts will not match the file system layout for local accounts. They must match if you intend to have mail for both virtual users and local system users

Associate the Virtual Mail Domains with a Local User

Each file located in /etc/postfix/virtual/uids is used to indicate which virtual domain are owned by this local user. Most local users will own only one domain, but this may not always be the case.

Edit /etc/postfix/virtual/uids/girlie

 # Domains owned by local user girlie (uid/gid) 1000:1000 5000

Where: = all mail for

5000 = the UserID/GroupID of the local user (vmail) who manages the virtual mail for the virtual mail domains

Add Aliases for the Virtual Mail Domains

Currently we don't have any aliases, but we will create the file anyway

Edit /etc/postfix/virtual/aliases/

 # Aliases for

Setup Virtual Mail Building Shell Script

Now we put together a mail building script to tie all these virtual files together

Create /etc/postfix/

 # Create the list of domains
 ls /etc/postfix/virtual/domains > /etc/postfix/virtual/vdomains.txt
 # Create the virtual mailboxes
 cat /etc/postfix/virtual/domains/* > /etc/postfix/virtual/vmailboxes.txt
 postmap /etc/postfix/virtual/vmailboxes.txt
 # Create the virtual aliases
 cat /etc/postfix/virtual/aliases/* > /etc/postfix/virtual/valiases.txt
 postmap /etc/postfix/virtual/valiases.txt
 # Create the list of domain uids
 cat /etc/postfix/virtual/uids/* > /etc/postfix/virtual/vuid.txt
 postmap /etc/postfix/virtual/vuid.txt
 # Create the list of domain gids
 cat /etc/postfix/virtual/uids/* > /etc/postfix/virtual/vgid.txt
 postmap /etc/postfix/virtual/vgid.txt

Make sure user root can run the new script

 chmod 700 /etc/postfix/

Then run the script to build our virtual mail system


Setup Dovecot IMAP / POP Server

Now we have a mail server to accept mail for the cows, we need a way for the cows to get their mail from the mail server, and Dovecot is the answer.

I'm only going to install the pop3 server, if you want imap, just use dovecot-imapd instead.

 aptitude install dovecot-pop3d

Initial Configuration

To configure dovecot edit the file: /etc/dovecot/dovecot.conf

 # Protocols we want to be serving:
 protocols = pop3
 # Disable SSL/TLS support.
 ssl_disable = yes
 # Disable LOGIN command and all other plaintext authentications unless
 # SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and
 # IPv6 ::1 addresses are considered secure, this setting has no effect if
 # you connect from those addresses.
 disable_plaintext_auth = no
 ## Logging
 # Use this logfile instead of syslog(). /dev/stderr can be used if you want to
 # use stderr for logging (ONLY /dev/stderr - otherwise it is closed).
 log_path = /var/log/mail.log
 # For informational messages, use this logfile instead of the default
 #info_log_path =
 # Prefix for each line written to log file. % codes are in strftime(3)
 # format.
 log_timestamp = "%b %d %H:%M:%S "
 #log_timestamp = "%Y-%m-%d %H:%M:%S "
 # Syslog facility to use if you're logging to syslog. Usually if you don't
 # want to use "mail", you'll use local0..local7. Also other standard
 # facilities are supported.
 #syslog_facility = mail
 mail_location = maildir:~/Maildir
 protocol pop3 {
 pop3_uidl_format = %08Xu%08Xv
 auth default {
   mechanisms = plain login
   passdb passwd-file {
   args = /etc/postfix/virtual/passwd
   userdb static {
   args = uid=5000 gid=5000 home=/var/mail/vmail/%d/%n/

Create the Dovecot Password File

To create passwords for the users of the virtual domains use the command:

 dovecotpw -p MyPassword

Where: MyPassword is the password you want to use.

The returned value is the HMAC-MD5 hash of the word "MyPassword"


To add virtual mail users to girlies domain (, edit /etc/postfix/virtual/passwd{HMAC-MD5}274629e1d5632d0154a3bbe40c993766e9db0e4111b73d125d16b5b50d61e869{HMAC-MD5}274629e1d5632d0154a3bbe40c993766e9db0e4111b73d125d16b5b50d61e869

Note: Both user1 and user2 have the same password "MyPassword" in the file above. Don't do this in a real system

Setup SMTP Auth

Currently the mail server will only send mail from localhost, and as our virtual mail users will never have system accounts on the server, they can't send their mail. To allow the server to send mail for virtual users, and to prevent the server becoming an open relay, we are going to setup SMTP Auth.

SMTP Auth requires a SASL library to operate. Now, we have already installed dovecot, which contains a SASL library, and as Postfix supports Dovecot's SASL library, that's what we are going to use.

Modify the Postfix Configuration

First we need to go back to postfix and do the following:

  • Configure it for SMTP Auth
  • Add some basic SASL security
  • Tell Postfix to use Dovecot's SASL library.

Edit /etc/postfix/

 # Standard SMTP Auth Options
 smtpd_sasl_auth_enable = yes
 smtpd_recipient_restrictions = 
 broken_sasl_auth_clients = yes
 # Security Stuff
 smtpd_sasl_security_options = noanonymous
 smtpd_sasl_local_domain = $myhostname
 # Dovecot’s SASL library
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
 #smtpd_tls_auth_only = yes

Modify the Dovecot Configuration

Next we need to go back to Dovecot and do the following:

  • Enable the SMTP Auth library.
  • Set the password access method and file to use for virtual users
  • Set the password access method for system users (they want their mail to)
  • Set the vmail user and location of Dovecot's mail queue
  • Set the user to root
  • Create a socket between Dovecot and Postfix

Edit /etc/dovecot/dovecot.conf

 auth default {
   mechanisms = plain login
   passdb pam {
     args = dovecot
   # passwd-like file with specified location
   passdb passwd-file {
     args = /etc/postfix/virtual/passwd
   # /etc/passwd or similar, using getpwnam()
   userdb passwd {
   # static settings generated from template
   userdb static {
     args = uid=5000 gid=5000 home=/var/mail/vmail/%d/%n/
   user = root
   # It's possible to export the authentication interface to other programs:
   socket listen {
     client listen {
       path = /var/spool/postfix/private/auth
       mode = 0660
       user = postfix
       group = postfix

Setup SPAM Blocking

Setup some optional SPAM blocking for postfix

Edit /etc/postfix/

 ## ------------------------------------------------------------- ##
 # UCE measures
 # See:
 # and Postfix docs for explanation of configuration options.
 ## ------------------------------------------------------------- ##
 # Uncomment when testing!
 #soft_bounce = yes
 # Prevents addr harvesting
 disable_vrfy_command = yes
 # Prefix a new rule with 'warn_if_reject' to prevent real rejects.
 smtpd_helo_required = yes
 smtpd_helo_restrictions =
   # reject_non_fqdn_hostname,
 smtpd_sender_restrictions =
 smtpd_recipient_restrictions =
   # reject_unknown_recipient_domain,
   # check_sender_access
     # hash:/etc/postfix/sender_access,
   # check_recipient_access
     # hash:/etc/postfix/recipient_access,
   # check_helo_access
     # hash:/etc/postfix/secondary_mx_access,
   # check_policy_service unix:private/policy
   # check_policy_service inet:
 smtpd_data_restrictions =

Restart Postfix and Dovecot

Now we are all set, restart postfix and dovecot to test out your mail system.

 /etc/init.d/postfix restart
 /etc/init.d/dovecot restart

Setup Web Server

The cows want to run a website, so were going to need a web server. We'll be installing Apache 2 on our server to do this job.

Install Apache 2

 aptitude install apache2

Now as we want to run websites for two different users and for the server itself, we are going to need virtual hosting.

Set the virtual host directory settings

We are going to setup the servers website as a virtual hosted site, responding to only one of the servers IP addresses.

To do this we need to add the IP address to the ports configuration file.

Edit /etc/apache2/ports.conf

 # Use name-based virtual hosting.

We also need to add the IP address to the servers default website configuration file.

Edit /etc/apache2/sites-available/default

 # Default virtual host - replaces main server

Note: If you only have one IP address, or you want the webserver to respond to all your servers IP addresses, you won't t need to make the changes above.

Setup other virtual hosts pointing to the users home directory

Let's setup girlie's site first.

Edit /etc/apache2/sites-available/

 DocumentRoot "/home/girlie/public_html"
 ScriptAlias /cgi-bin/ /home/girlie/cgi-bin/

Now let's setup littleone's site.

Edit /etc/apache2/sites-available/

 DocumentRoot "/home/littleone/public_html"
 ScriptAlias /cgi-bin/ /home/littleone/cgi-bin/

Only the default site is enabled by default.

Let's enable girlie's site:


Now let's enable littleone's site:


Now lets setup some logging for the server itself and the virtual hosts

By default the server is setup for logging using the common log format, and logging is enabled on only the default virtual host. If you are only running one website and are not hosting any other users, your done. Because we are hosting several users and the server itself, we need to enable logging on all virtual hosts. Now rather than modify every virtual host we are going to specify the logging settings in the global server configuration. So we only have to do it once.

Edit /etc/apache2/apache2.conf and find the following section

 # The following directives define some format nicknames for use with
 # a CustomLog directive (see below).
 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 LogFormat "%h %l %u %t \"%r\" %>s %b" common
 LogFormat "%{Referer}i -> %U" referer
 LogFormat "%{User-agent}i" agent

Now copy and paste the following LogFormat line

 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

and change it to

 LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost


  •  %v - adds the virtual host name to the access log message
  • combinedvhost - creates a new name for this format

Now to activate this new log format for all hosts (we still need to change the default host) add the following line below the new LogFormat line.

 CustomLog /var/log/apache2/access.log combinedvhost

This tells Apache to log all access to the file /var/log/apache2/access.log using the log format described by the LogFormat string called combinedvhost

Change the default vhost to use the combinedvhost format

Edit /etc/apache2/sites-available/default and comment out the following lines

 # ErrorLog /var/log/apache2/error.log
 # LogLevel warn
 # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 # ServerSignature On

This will cause the default vhost to use the server wide logging configuration in apache.conf

When all this is done reload apache with

 /etc/init.d/apache2 force-reload

Setup PHP

Girlie wants to run a CMS that requires PHP. So let's install PHP5 for her. If you want PHP4 just change the 5 to a 4 in the following examples.

There are two ways to install PHP:

  • Installing PHP as an Apache module. This is quick and easy, the downside is that all PHP scripts will run as the webserver, in this case www-data.
  • Installing PHP as a CGI. This is more complicated, especially for virtual domains, the upside is all PHP scripts will run as the user who owns them.

Side-Note: You need to think carefully here. I originally went the Apache Module route, and ran PHP that way for years. Then one day I installed Dokuwiki, which saves it's pages to a data directory in the users home directory, which Apache didn't have access to. PHP as a CGI was the answer, but the change-over process was a real pain (and I'm not going to document it here), so think about what it is you might want to run, and choose wisely

Installing PHP5 as an Apache Module

I'm also going to install the php5-mysql libraries at the same time to avoid doing it later.

 aptitude install php5 php5-pear php5-mysql

Once PHP 5 is installed you probably won't need to make any changes, I didn't. But if you want to have look at the configuration file, it's located here: /etc/php5/apache2/php.ini

Installing PHP5 as a CGI

External References:

 aptitude install php5-cgi php5-mysql

Install and setup MySQL

Lucky we installed those php5-mysql libraries earlier.

Install MySQL

 aptitude install mysql-server

Now change the MySQL root password (Note, this is not the system root, just for MySQL)

 /etc/init.d/mysql reset-password

Again, no changes to the configuration file were required, but it's located here: /etc/mysql/my.cnf

Setup user MySQL databases

What we want to do now is allocate one mysql database for Girlie and one for Littleone. To do this we need to login to mysql

 mysql –u root –p

and create a database for girlie and grant privilege to girlie to access her database.

 create database girlie;
 grant all on girlie.* to girlie identified by ‘girlies_mysql_password’;

now create a database for littleone and grant privilege to littleone to access his database.

 create database littleone;
 grant all on littleone.* to littleone identified by ‘littleones_mysql_password’;

now that's done, we can exit mysql


Restart Apache

Now we need to restart Apache to get everything working.

 /etc/init.d/apache2 restart

Setup FTP Server

The cows are going to need an FTP server so they can copy stuff to their accounts. I'll be installing vsftp for this purpose.

Install vsftpd

 aptitude install vsftpd

General configuration

Edit /etc/vsftpd.conf


There will be no anonymous FTP logins; Users with local accounts can login and upload files; All files created by local users will have permissions 755. (7-0, 7-2, 7-2)

Start the FTP Server

 /etc/init.d/vsftpd start

Install WebMail

Now when the cows are at work, their firewall blocks access to their mail using their normal mail client, so we are going to need webmail to allow them to send and receive mail at work. To do this we are going to use SquirrelMail.

SquirrelMail needs an IMAP server, and since we have already installed Dovecot's POP3 server, and Dovecot also provides an IMAP server, this is what we will use.

 aptitude install dovecot-imap squirrelmail

Add the IMAP Protocol to Dovecot's Configuration

Edit the file: /etc/dovecot/dovecot.conf

 # Protocols we want to be serving:
 protocols = pop3 imap

Now Restart Dovecot for the changes to take effect

 /etc/init.d/dovecot start

Configure SquirrelMail


Just select Q to quit the configure program and Y to save the initial configuration file. Modifications will come later if required.

Setup a Virtual Host for WebMail Accress

Now we want to access our webmail system from our main domain, not one of the virtual domains.

This is because we are running PHP as a CGI. Which means it will execute the Squirrelmail code as the user that owns the domain that calls the code, which is: www-data for, girlie for and littleone for

Because the data directory, where the user preferences are stored, is owned by the user root and the group www-data, only (owned by www-data) will be able to access and save preferences in this directory.

Enable SquirrelMail in Apache

We need to move the apache.conf file from the SquirrelMail config directory to the Apache conf.d directory. Don't sym-link it or it will be readable from the web.

 mv /etc/squirrelmail/apache.conf /etc/apache2/conf.d/squirrelmail.conf

Configure the Apache Virtual Host

Edit /etc/apache2/conf.d/squirrelmail.conf and disable the alias to prevent access from the cows domains, and enable access from a virtual host on the servers domain

 # Alias /squirrelmail /usr/share/squirrelmail
 # users will prefer a simple URL like
   DocumentRoot /usr/share/squirrelmail

Then reload apache

 /etc/init.d/apache2 reload

Update the DNS

We now need to add our new virtual host to the DNS so we can access our webmail, now that the alias has been disabled.

Edit /etc/bind/

 webmail                   IN A

Then reload bind

 /etc/init.d/bind9 reload

Once you have done this, you will probably need to wait a few hours for the DNS to propergate before you can access your webmail virtual host.