the perfect server - centos 5.4 x86_64 (ispconfig 3)

36
The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3) Version 1.0 Author: Falko Timme <ft [at] falkotimme [dot] com> Last edited 10/28/2009 This tutorial shows how to prepare a CentOS 5.4 x86_64 server for the installation of ISPConfig 3, and how to install ISPConfig 3. ISPConfig 3 is a webhosting control panel that allows you to configure the following services through a web browser: Apache web server, Postfix mail server, MySQL, MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and many more. Please note that this setup does not work for ISPConfig 2! It is valid for ISPConfig 3 only! I do not issue any guarantee that this will work for you! 1 Requirements To install such a system you will need the following: Download the CentOS 5.4 DVD or the seven CentOS 5.4 CDs from a mirror next to you (the list of mirrors can be found here: http://isoredirect.centos.org/centos/5/isos/x86_64/ ). a fast Internet connection. 2 Preliminary Note In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate. 3 Install The Base System Boot from your first CentOS 5.4 CD (CD 1) or the CentOS 5.4 DVD. Press <ENTER> at the boot prompt:

Upload: yahya-nursalim

Post on 18-Nov-2014

153 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

Version 1.0 Author: Falko Timme <ft [at] falkotimme [dot] com> Last edited 10/28/2009

This tutorial shows how to prepare a CentOS 5.4 x86_64 server for the installation of ISPConfig 3, and how to install ISPConfig 3. ISPConfig 3 is a webhosting control panel that allows you to configure the following services through a web browser: Apache web server, Postfix mail server, MySQL, MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and many more.

Please note that this setup does not work for ISPConfig 2! It is valid for ISPConfig 3 only!

I do not issue any guarantee that this will work for you!

1 Requirements

To install such a system you will need the following:

Download the CentOS 5.4 DVD or the seven CentOS 5.4 CDs from a mirror next to you (the list of mirrors can be found here: http://isoredirect.centos.org/centos/5/isos/x86_64/).

a fast Internet connection.

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

3 Install The Base System

Boot from your first CentOS 5.4 CD (CD 1) or the CentOS 5.4 DVD. Press <ENTER> at the boot prompt:

Page 4: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

Select your keyboard layout:

I'm installing CentOS 5.4 on a fresh system, so I answer Yes to the question Would you like to initialize this drive, erasing ALL DATA?

Page 5: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

Now we must select a partitioning scheme for our installation. For simplicity's sake I select Remove linux partitions on selected drives and create default layout. This will result in a small /boot and a large / partition as well as a swap partition. Of course, you're free to partition your hard drive however you like it. Then I hit Next:

Answer the following question (Are you sure you want to do this?) with Yes:

Page 6: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

On to the network settings. The default setting here is to configure the network interfaces with DHCP, but we are installing a server, so static IP addresses are not a bad idea... Click on the Edit button at the top right.

In the window that pops up uncheck Use dynamic IP configuration (DHCP) and Enable IPv6 support and give your network card a static IP address (in this tutorial I'm using the IP address 192.168.0.100 for demonstration purposes) and a suitable netmask (e.g. 255.255.255.0; if you are not sure about the right values, http://www.subnetmask.info might help you):

Page 7: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

Set the hostname manually, e.g. server1.example.com, and enter a gateway (e.g. 192.168.0.1) and up to two DNS servers (e.g. 213.191.92.86 and 145.253.2.75):

Choose your time zone:

Page 8: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

Give root a password:

Now we select the software we want to install. Select nothing but Server (uncheck everything else). Also don't check Packages from CentOS Extras. Then check Customize now, and click on Next:

Page 9: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

Now we must select the package groups we want to install. Select Editors, Text-based Internet, Development Libraries, Development Tools, DNS Name Server, FTP Server, Mail Server, MySQL Database, Server Configuration Tools, Web Server, Administration Tools, Base, and System Tools (unselect all other package groups) and click on Next:

The installer checks the dependencies of the selected packages:

Page 11: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

The installation begins. This will take a few minutes:

Finally, the installation is complete, and you can remove your CD or DVD from the computer and reboot it:

Page 12: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

After the reboot, you will see this screen. Select Firewall configuration and hit Run Tool:

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).

SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it, too (this is a must if you want to install ISPConfig later on). Hit OK afterwards:

Page 13: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

Then leave the Setup Agent by selecting Exit:

Then log in as root and reboot the system so that your changes can be applied:

reboot

Now, on to the configuration...

4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:

vi /etc/hosts

# Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 192.168.0.100 server1.example.com server1 ::1 localhost6.localdomain6 localhost6

5 Configure Additional IP Addresses

(This section is totally optional. It just shows how to add additional IP addresses to your network interface eth0 if you need more than one IP address. If you're fine with one IP address, you can skip this section.)

Page 14: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

Let's assume our network interface is eth0. Then there is a file /etc/sysconfig/network-scripts/ifcfg-eth0 which contains the settings for eth0. We can use this as a sample for our new virtual network interface eth0:0:

cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0

Now we want to use the IP address 192.168.0.101 on the virtual interface eth0:0. Therefore we open the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 and modify it as follows (we can leave out the HWADDR line as it is the same physical network card):

vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper) DEVICE=eth0:0 BOOTPROTO=static BROADCAST=192.168.0.255 IPADDR=192.168.0.101 NETMASK=255.255.255.0 NETWORK=192.168.0.0 ONBOOT=yes

Afterwards we have to restart the network:

/etc/init.d/network restart

You might also want to adjust /etc/hosts after you have added new IP addresses, although this is not necessary.

Now run

ifconfig

You should now see your new IP address in the output:

[root@server1 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:FD:78:BE inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fefd:78be/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:130 errors:0 dropped:0 overruns:0 frame:0 TX packets:137 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:12592 (12.2 KiB) TX bytes:31876 (31.1 KiB) Base address:0x1070 Memory:ec820000-ec840000 eth0:0 Link encap:Ethernet HWaddr 00:0C:29:FD:78:BE inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Base address:0x1070 Memory:ec820000-ec840000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

Page 15: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

collisions:0 txqueuelen:0 RX bytes:560 (560.0 b) TX bytes:560 (560.0 b) [root@server1 ~]#

6 Disable The Firewall And SELinux

(You can skip this chapter if you have already disabled the firewall and SELinux at the end of the basic system installation (in the Setup Agent).)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).

SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it, too (this is a must if you want to install ISPConfig later on).

Run

system-config-securitylevel

Set both Security Level and SELinux to Disabled and hit OK:

Afterwards we must reboot the system:

Page 16: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

reboot

7 Install Some Software

First we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we update our existing packages on the system:

yum update

Now we install some software packages that are needed later on:

yum groupinstall 'Development Tools' yum groupinstall 'Development Libraries'

8 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00):

vi /etc/fstab

/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1 LABEL=/boot /boot ext3 defaults 1 2 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 /dev/VolGroup00/LogVol01 swap swap defaults 0 0

Then run

touch /aquota.user /aquota.group chmod 600 /aquota.* mount -o remount /

Page 17: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

quotacheck -avugm quotaon -avug

to enable quota.

9 Install Apache, MySQL, phpMyAdmin

First we enable the RPMforge repository on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 5.4 repositories:

rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt cd /tmp wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm rpm -ivh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

(If the above link doesn't work anymore, you can find the current version of rpmforge-release here: http://dag.wieers.com/rpm/packages/rpmforge-release/)

Afterwards we can install the needed packages with one single command (including the packages we need to build Courier-IMAP):

yum install ntp httpd mysql-server php php-mysql php-mbstring php-mcrypt phpmyadmin rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel gamin-devel

10 Install Courier-IMAP, Courier-Authlib, And Maildrop

Unfortunately there are no rpm packages for Courier-IMAP, Courier-Authlib, and Maildrop, therefore we have to build them ourselves.

RPM packages should not be built as root; courier-imap will even refuse to compile if it detects that the compilation is run as the root user. Therefore we create a normal user account now (compileuser in this example) and give him a password:

useradd -m -s /bin/bash compileuser passwd compileuser

We will need the sudo command later on so that the user compileuser can compile and install the rpm packages. But first, we must allow compileuser to run all commands using sudo:

Run

visudo

In the file that opens there's a line root ALL=(ALL) ALL. Add a similar line for compileuser just below that line:

Page 18: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

[...] root ALL=(ALL) ALL compileuser ALL=(ALL) ALL [...]

Now we are ready to build our rpm package. First become the user compileuser:

su compileuser

Next we create our build environment:

mkdir $HOME/rpm mkdir $HOME/rpm/SOURCES mkdir $HOME/rpm/SPECS mkdir $HOME/rpm/BUILD mkdir $HOME/rpm/SRPMS mkdir $HOME/rpm/RPMS mkdir $HOME/rpm/RPMS/i386 mkdir $HOME/rpm/RPMS/x86_64 echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros

Now we download the source files from http://www.courier-mta.org/download.php:

cd /tmp wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.62.4.tar.bz2 wget http://prdownloads.sourceforge.net/courier/courier-imap-4.6.0.tar.bz2 wget http://prdownloads.sourceforge.net/courier/maildrop-2.2.0.tar.bz2

Now (still in /tmp) we can build courier-authlib:

sudo rpmbuild -ta courier-authlib-0.62.4.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/x86_64 ($HOME/rpm/RPMS/i386 if you are on an i386 system):

cd $HOME/rpm/RPMS/x86_64

The command

ls -l

shows you the available rpm packages:

[compileuser@server1 x86_64]$ ls -l total 676 -rw-r--r-- 1 root root 153870 Oct 28 15:39 courier-authlib-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 385183 Oct 28 15:39 courier-authlib-debuginfo-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 36260 Oct 28 15:39 courier-authlib-devel-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 18434 Oct 28 15:39 courier-authlib-ldap-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 14617 Oct 28 15:39 courier-authlib-mysql-0.62.4-

Page 19: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

1.x86_64.rpm -rw-r--r-- 1 root root 13826 Oct 28 15:39 courier-authlib-pgsql-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 8484 Oct 28 15:39 courier-authlib-pipe-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 35388 Oct 28 15:39 courier-authlib-userdb-0.62.4-1.x86_64.rpm [compileuser@server1 x86_64]$

Select the ones you want to install, and install them like this:

sudo rpm -ivh courier-authlib-0.62.4-1.x86_64.rpm courier-authlib-mysql-0.62.4-1.x86_64.rpm courier-authlib-devel-0.62.4-1.x86_64.rpm

Now we go back to the /tmp directory and run rpmbuild again, this time without sudo, otherwise the compilation will fail because it was run as root:

cd /tmp rpmbuild -ta courier-imap-4.6.0.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/x86_64 ($HOME/rpm/RPMS/i386 if you are on an i386 system):

cd $HOME/rpm/RPMS/x86_64

The command

ls -l

shows you the available rpm packages:

[compileuser@server1 x86_64]$ ls -l total 1996 -rw-r--r-- 1 root root 153870 Oct 28 15:39 courier-authlib-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 385183 Oct 28 15:39 courier-authlib-debuginfo-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 36260 Oct 28 15:39 courier-authlib-devel-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 18434 Oct 28 15:39 courier-authlib-ldap-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 14617 Oct 28 15:39 courier-authlib-mysql-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 13826 Oct 28 15:39 courier-authlib-pgsql-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 8484 Oct 28 15:39 courier-authlib-pipe-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 35388 Oct 28 15:39 courier-authlib-userdb-0.62.4-1.x86_64.rpm -rw-r--r-- 1 compileuser compileuser 400497 Oct 28 15:49 courier-imap-4.6.0-1.x86_64.rpm -rw-r--r-- 1 compileuser compileuser 941203 Oct 28 15:49 courier-imap-debuginfo-4.6.0-1.x86_64.rpm [compileuser@server1 x86_64]$

You can install courier-imap like this:

Page 20: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

sudo rpm -ivh courier-imap-4.6.0-1.x86_64.rpm

Now we go back to the /tmp directory and run rpmbuild again, this time to build a maildrop package:

cd /tmp sudo rpmbuild -ta maildrop-2.2.0.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/x86_64 ($HOME/rpm/RPMS/i386 if you are on an i386 system):

cd $HOME/rpm/RPMS/x86_64

The command

ls -l

shows you the available rpm packages:

[compileuser@server1 x86_64]$ ls -l total 3256 -rw-r--r-- 1 root root 153870 Oct 28 15:39 courier-authlib-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 385183 Oct 28 15:39 courier-authlib-debuginfo-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 36260 Oct 28 15:39 courier-authlib-devel-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 18434 Oct 28 15:39 courier-authlib-ldap-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 14617 Oct 28 15:39 courier-authlib-mysql-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 13826 Oct 28 15:39 courier-authlib-pgsql-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 8484 Oct 28 15:39 courier-authlib-pipe-0.62.4-1.x86_64.rpm -rw-r--r-- 1 root root 35388 Oct 28 15:39 courier-authlib-userdb-0.62.4-1.x86_64.rpm -rw-r--r-- 1 compileuser compileuser 400497 Oct 28 15:49 courier-imap-4.6.0-1.x86_64.rpm -rw-r--r-- 1 compileuser compileuser 941203 Oct 28 15:49 courier-imap-debuginfo-4.6.0-1.x86_64.rpm -rw-r--r-- 1 root root 299284 Oct 28 15:55 maildrop-2.2.0-1.x86_64.rpm -rw-r--r-- 1 root root 769256 Oct 28 15:55 maildrop-debuginfo-2.2.0-1.x86_64.rpm -rw-r--r-- 1 root root 134573 Oct 28 15:55 maildrop-devel-2.2.0-1.x86_64.rpm -rw-r--r-- 1 root root 63936 Oct 28 15:55 maildrop-man-2.2.0-1.x86_64.rpm [compileuser@server1 x86_64]$

You can now install maildrop like this:

sudo rpm -ivh maildrop-2.2.0-1.x86_64.rpm

After you have compiled and installed all needed packages, you can become root again by typing

Page 21: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

exit

11 Apply Quota Patch To Postfix

We have to get the Postfix source rpm, patch it with the quota patch, build a new Postfix rpm package and install it.

cd /usr/src wget http://ftp-stud.fht-esslingen.de/pub/Mirrors/centos/5.4/os/SRPMS/postfix-2.3.3-2.1.el5_2.src.rpm rpm -ivh postfix-2.3.3-2.1.el5_2.src.rpm

The last command will show some warnings that you can ignore:

warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root

cd /usr/src/redhat/SOURCES wget http://vda.sourceforge.net/VDA/postfix-2.3.3-vda.patch.gz gunzip postfix-2.3.3-vda.patch.gz cd /usr/src/redhat/SPECS/

Now we must edit the file postfix.spec:

vi postfix.spec

Change %define MYSQL 0 to %define MYSQL 1, add Patch0: postfix-2.3.3-vda.patch to the # Patches stanza, and finally add %patch0 -p1 -b .vda to the %setup -q stanza:

[...] %define MYSQL 1 [...] # Patches Patch0: postfix-2.3.3-vda.patch Patch1: postfix-2.1.1-config.patch Patch3: postfix-alternatives.patch Patch6: postfix-2.1.1-obsolete.patch Patch7: postfix-2.1.5-aliases.patch Patch8: postfix-large-fs.patch Patch9: postfix-2.2.5-cyrus.patch Patch10: postfix-CVE-2008-2936.patch [...] %setup -q # Apply obligatory patches %patch0 -p1 -b .vda %patch1 -p1 -b .config %patch3 -p1 -b .alternatives %patch6 -p1 -b .obsolete %patch7 -p1 -b .aliases %patch8 -p1 -b .large-fs %patch9 -p1 -b .cyrus %patch10 -p1 -b .CVE-2008-2936

Page 22: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

[...]

Then we build our new Postfix rpm package with quota and MySQL support:

rpmbuild -ba postfix.spec

Our Postfix rpm package is created in /usr/src/redhat/RPMS/x86_64 (/usr/src/redhat/RPMS/i386 if you are on an i386 system), so we go there:

cd /usr/src/redhat/RPMS/x86_64

The command

ls -l

shows you the available packages:

[root@server1 x86_64]# ls -l total 11732 -rw-r--r-- 1 root root 3940050 Oct 28 16:02 postfix-2.3.3-2.1.x86_64.rpm -rw-r--r-- 1 root root 7999345 Oct 28 16:02 postfix-debuginfo-2.3.3-2.1.x86_64.rpm -rw-r--r-- 1 root root 49759 Oct 28 16:02 postfix-pflogsumm-2.3.3-2.1.x86_64.rpm [root@server1 x86_64]#

Pick the Postfix package and install it like this:

rpm -ivh postfix-2.3.3-2.1.x86_64.rpm

Then turn off Sendmail and start Postfix, saslauthd, and courier-authlib:

chkconfig --levels 235 courier-authlib on /etc/init.d/courier-authlib start

chkconfig --levels 235 sendmail off chkconfig --levels 235 postfix on chkconfig --levels 235 saslauthd on /etc/init.d/sendmail stop /etc/init.d/postfix start /etc/init.d/saslauthd start

12 Configure Courier

Now we create the system startup links for courier-imap:

chkconfig --levels 235 courier-imap on /etc/init.d/courier-authlib restart /etc/init.d/courier-imap restart

When courier-imap is started for the first time, it automatically creates the certificate files /usr/lib/courier-imap/share/imapd.pem and /usr/lib/courier-imap/share/pop3d.pem from the

Page 23: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

/usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf files. Because the .cnf files contain the line CN=localhost, but our server is named server1.example.com, the certificates might cause problems when you use TLS connections. To solve this, we delete both certificates...

cd /usr/lib/courier-imap/share/ rm -f imapd.pem rm -f pop3d.pem

... and replace the CN=localhost lines in /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf with CN=server1.example.com:

vi /usr/lib/courier-imap/etc/imapd.cnf

[...] CN=server1.example.com [...]

vi /usr/lib/courier-imap/etc/pop3d.cnf

[...] CN=server1.example.com [...]

Then we recreate both certificates...

./mkimapdcert

./mkpop3dcert

... and restart courier-authlib and courier-imap:

/etc/init.d/courier-authlib restart /etc/init.d/courier-imap restart

13 Install Getmail

Getmail can be installed as follows:

yum install getmail

14 Set MySQL Passwords And Configure phpMyAdmin

Start MySQL:

chkconfig --levels 235 mysqld on /etc/init.d/mysqld start

Then set passwords for the MySQL root account:

Page 24: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

mysqladmin -u root password yourrootsqlpassword mysqladmin -h server1.example.com -u root password yourrootsqlpassword

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory "/usr/share/phpmyadmin"> stanza):

vi /etc/httpd/conf.d/phpmyadmin.conf

# # Web application to manage MySQL # #<Directory "/usr/share/phpmyadmin"> # Order Deny,Allow # Deny from all # Allow from 127.0.0.1 #</Directory> Alias /phpmyadmin /usr/share/phpmyadmin Alias /phpMyAdmin /usr/share/phpmyadmin Alias /mysqladmin /usr/share/phpmyadmin

Next we change the authentication in phpMyAdmin from cookie to http:

vi /usr/share/phpmyadmin/config.inc.php

[...] /* Authentication type */ $cfg['Servers'][$i]['auth_type'] = 'http'; [...]

Then we create the system startup links for Apache and start it:

chkconfig --levels 235 httpd on /etc/init.d/httpd start

Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.

15 Install Amavisd-new, SpamAssassin And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrar perl-DBD-mysql

Then we start freshclam, amavisd, and clamd...

chkconfig --levels 235 amavisd on chkconfig --levels 235 clamd on /usr/bin/freshclam

Page 25: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

/etc/init.d/amavisd start /etc/init.d/clamd start

... and create some necessary directories:

mkdir /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db

16 Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.

mod_fcgid is not available in the official CentOS repositories, but there's a package for CentOS 5.x in the centos.karan.org testing repository. We enable the repository as follows:

cd /etc/yum.repos.d/ wget http://centos.karan.org/kbsingh-CentOS-Extras.repo

Next we open /etc/yum.repos.d/kbsingh-CentOS-Extras.repo...

vi /etc/yum.repos.d/kbsingh-CentOS-Extras.repo

... and set gpgcheck to 0 and enabled to 1 in the [kbs-CentOS-Testing] section:

[...] [kbs-CentOS-Testing] name=CentOS.Karan.Org-EL$releasever - Testing gpgcheck=0 gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt enabled=1 baseurl=http://centos.karan.org/el$releasever/extras/testing/$basearch/RPMS/

Afterwards we can install Apache2with mod_php5, mod_fcgid, and PHP5:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel

Next we open /etc/php.ini...

vi /etc/php.ini

... and change the error reporting (so that notices aren't shown any longer) and add cgi.fix_pathinfo = 1 at the end of the file:

[...]

Page 26: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

;error_reporting = E_ALL error_reporting = E_ALL & ~E_NOTICE [...] cgi.fix_pathinfo = 1

Next we install suPHP:

cd /tmp wget http://suphp.org/download/suphp-0.7.1.tar.gz tar xvfz suphp-0.7.1.tar.gz cd suphp-0.7.1/ ./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes make make install

Then we add the suPHP module to our Apache configuration...

vi /etc/httpd/conf.d/suphp.conf

LoadModule suphp_module modules/mod_suphp.so

... and create the file /etc/suphp.conf as follows:

vi /etc/suphp.conf

[global] ;Path to logfile logfile=/var/log/httpd/suphp.log ;Loglevel loglevel=info ;User Apache is running as webserver_user=apache ;Path all scripts have to be in docroot=/ ;Path to chroot() to before executing script ;chroot=/mychroot ; Security options allow_file_group_writeable=true allow_file_others_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false ;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true ;Send minor error messages to browser errors_to_browser=false ;PATH environment variable

Page 27: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

env_path=/bin:/usr/bin ;Umask to set, specify in octal notation umask=0077 ; Minimum UID min_uid=100 ; Minimum GID min_gid=100 [handlers] ;Handler for php-scripts x-httpd-suphp="php:/usr/bin/php-cgi" ;Handler for CGI-scripts x-suphp-cgi="execute:!self"

Finally we restart Apache:

/etc/init.d/httpd restart

17 Install PureFTPd

PureFTPd can be installed with the following command:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

chkconfig --levels 235 pure-ftpd on /etc/init.d/pure-ftpd start

18 Install MyDNS

There's no MyDNS rpm package for the x86_64 architecture, and building MyDNS from the sources on CentOS 5.4 x86_64 fails because of some incompatibilities with the mysql-devel package. Therefore we install the MyDNS rpm package for i386 which works on x86_64 as well:

wget http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm rpm -ivh mydns-mysql-1.1.0-1.i386.rpm

When the system boots, MyDNS must be started after MySQL. The MySQL startup link has the priority 64 on CentOS, so the MyDNS startup link must have a priority between 65 and 99. Therefore we open the MyDNS init script...

vi /etc/init.d/mydns

... and change

Page 28: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

[...] # chkconfig: 345 52 50 [...]

to

[...] # chkconfig: 345 65 50 [...]

Then we create the startup links:

chkconfig --levels 235 mydns on

We don't start MyDNS now because it must be configured first - this will be done automatically by the ISPConfig 3 installer later on.

19 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder

cd /tmp wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz tar xvfz vlogger-1.3.tar.gz mv vlogger-1.3/vlogger /usr/sbin/ rm -rf vlogger*

20 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

cd /tmp wget http://olivier.sessink.nl/jailkit/jailkit-2.10.tar.gz tar xvfz jailkit-2.10.tar.gz cd jailkit-2.10 ./configure make make install rm -rf jailkit-2.10*

Page 29: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

21 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log:

yum install fail2ban

chkconfig --levels 235 fail2ban on /etc/init.d/fail2ban start

22 Install rkhunter

rkhunter can be installed as follows:

yum install rkhunter

23 Install SquirrelMail

To install the SquirrelMail webmail client, run...

yum install squirrelmail

... and restart Apache:

/etc/init.d/httpd restart

Then configure SquirrelMail:

/usr/share/squirrelmail/config/conf.pl

We must tell SquirrelMail that we are using Courier-IMAP/-POP3:

SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> <-- D

Page 30: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

SquirrelMail Configuration : Read: config.php --------------------------------------------------------- While we have been building SquirrelMail, we have discovered some preferences that work better with some servers that don't work so well with others. If you select your IMAP server, this option will set some pre-defined settings for that server. Please note that you will still need to go through and make sure everything is correct. This does not change everything. There are only a few settings that this will change. Please select your IMAP server: bincimap = Binc IMAP server courier = Courier IMAP server cyrus = Cyrus IMAP server dovecot = Dovecot Secure IMAP server exchange = Microsoft Exchange IMAP server hmailserver = hMailServer macosx = Mac OS X Mailserver mercury32 = Mercury/32 uw = University of Washington's IMAP server quit = Do not change anything Command >> <-- courier SquirrelMail Configuration : Read: config.php --------------------------------------------------------- While we have been building SquirrelMail, we have discovered some preferences that work better with some servers that don't work so well with others. If you select your IMAP server, this option will set some pre-defined settings for that server. Please note that you will still need to go through and make sure everything is correct. This does not change everything. There are only a few settings that this will change. Please select your IMAP server: bincimap = Binc IMAP server courier = Courier IMAP server cyrus = Cyrus IMAP server dovecot = Dovecot Secure IMAP server exchange = Microsoft Exchange IMAP server hmailserver = hMailServer macosx = Mac OS X Mailserver mercury32 = Mercury/32 uw = University of Washington's IMAP server quit = Do not change anything Command >> courier imap_server_type = courier default_folder_prefix = INBOX. trash_folder = Trash sent_folder = Sent draft_folder = Drafts show_prefix_option = false

Page 31: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

default_sub_of_inbox = false show_contain_subfolders_option = false optional_delimiter = . delete_folder = true Press any key to continue... <-- press a key SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> <--S SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> <--Q

One last thing we need to do is modify the file /etc/squirrelmail/config_local.php and comment out the $default_folder_prefix variable - if you don't do this, you will see the following error message in SquirrelMail after you've logged in: Query: CREATE "Sent" Reason Given: Invalid mailbox name.

vi /etc/squirrelmail/config_local.php

Page 32: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

<?php /** * Local config overrides. * * You can override the config.php settings here. * Don't do it unless you know what you're doing. * Use standard PHP syntax, see config.php for examples. * * @copyright &copy; 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id: config_local.php,v 1.2 2006/07/11 03:33:47 wtogami Exp $ * @package squirrelmail * @subpackage config */ //$default_folder_prefix = ''; ?>

Now you can type in http://server1.example.com/webmail or http://192.168.0.100/webmail in your browser to access SquirrelMail.

24 Install ISPConfig 3

To install ISPConfig 3 from the latest released version, do this:

Page 33: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

cd /tmp wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.1.6.tar.gz?use_mirror= tar xvfz ISPConfig-3.0.1.6.tar.gz cd ispconfig3_install/install/

(Replace ISPConfig-3.0.1.6.tar.gz with the latest version.)

The next step is to run

php -q install.php

This will start the ISPConfig 3 installer:

[root@server1 install]# php -q install.php -------------------------------------------------------------------------------- _____ ___________ _____ __ _ |_ _/ ___| ___ \ / __ \ / _(_) | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | __/ | |___/ -------------------------------------------------------------------------------- >> Initial configuration Operating System: Redhat or compatible, unknown version. Following will be a few questions for primary configuration so be careful. Default values are in [brackets] and can be accepted with <ENTER>. Tap in "quit" (without the quotes) to stop the installer. Select language (en,de) [en]: <-- ENTER Installation mode (standard,expert) [standard]: <-- ENTER Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <-- ENTER MySQL server hostname [localhost]: <-- ENTER MySQL root username [root]: <-- ENTER MySQL root password []: <-- yourrootsqlpassword MySQL database to create [dbispconfig]: <-- ENTER MySQL charset [utf8]: <-- ENTER Generating a 2048 bit RSA private key

Page 34: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

...........................................................................

.................................................+++

............................................+++ writing new private key to 'smtpd.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]: <-- ENTER State or Province Name (full name) [Berkshire]: <-- ENTER Locality Name (eg, city) [Newbury]: <-- ENTER Organization Name (eg, company) [My Company Ltd]: <-- ENTER Organizational Unit Name (eg, section) []: <-- ENTER Common Name (eg, your name or your server's hostname) []: <-- ENTER Email Address []: <-- ENTER Configuring Jailkit Configuring SASL Configuring PAM Configuring Courier Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring Pureftpd Configuring MyDNS Configuring Apache Configuring vlogger Configuring Firewall Installing ISPConfig ISPConfig Port [8080]: <-- ENTER Configuring DBServer Installing Crontab no crontab for root no crontab for getmail Restarting services ... Stopping MySQL: [ OK ] Starting MySQL: [ OK ] Shutting down postfix: [ OK ] Starting postfix: [ OK ] Stopping saslauthd: [ OK ] Starting saslauthd: [ OK ] Shutting down Mail Virus Scanner (amavisd): [ OK ] Starting Mail Virus Scanner (amavisd): [ OK ] Stopping Courier authentication services: authdaemond Starting Courier authentication services: authdaemond Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl Stopping httpd: [ OK ] [Wed Oct 28 16:24:17 2009] [warn] NameVirtualHost *:80 has no VirtualHosts Starting httpd: [ OK ] Stopping pure-ftpd: [ OK ]

Page 35: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

Starting pure-ftpd: [ OK ] Installation completed. [root@server1 install]#

The installer automatically configures all underlying services, so no manual configuration is needed.

Afterwards you can access ISPConfig 3 under http://server1.example.com:8080/ or http://192.168.0.100:8080/. Log in with the username admin and the password admin (you should change the default password after your first login):

Page 36: The Perfect Server - CentOS 5.4 x86_64 (ISPConfig 3)

The system is now ready to be used.

25 Links

CentOS: http://www.centos.org/ ISPConfig: http://www.ispconfig.org/