Extending Perfect Server - Debian Squeeze [ISPConfig 3] - Page 2
Following the above instructions you can install roundcube via apt-get. However following another logic (if you have the time and the courage) you can install roundcube in it's own subdomain, manually.
In "Perfect Server ...." you usually install Squirrelmai. However if you don't want it you can remove it:
apt-get remove squirrelmail
and delete the /etc/apache2/conf.d/squirrelmail.conf:
OR if you want it edit the /etc/apache2/conf.d/squirrelmail.conf and change the alias to something like 'webmail1'.
Install roundcube. (You MUST have the mysql administrator's password before you proceed -- Let dbconfig-common configure the database. You will be asked some questions about the password of the db administrator and the password of the new user that will be created for roundcube. Answer those questions and continue:
apt-get install roundcube roundcube-mysql
If something goes wrong you can always run:
For more information, please see this post.
For everyone to be able to access his webmail (under his domain name) you have to create or edit the file /etc/apache2/conf.d/roundcube so as to set the alias to 'webmail'. If you want SSL you should include the last two directives (IfModule mod_rewrite.c) to have apache ALWAYS redirect to your SSL installation of ISPConfig.
# Those aliases do not work properly with several hosts on your apache server
and SET some variables in the file (if this is the first time you edit the file the lines are 60 and 66):
auto_create_user = TRUE;
If you will install the following plugin (the logger that helps fail2ban) you have to extend the list of plugins in the same file. If the only plugin is the one that will be istalled right afterward you have to edit the line (42) as below:
$rcmail_config['plugins'] = array('fail2ban');
Install the roundcube logger plugin from http://mattrude.com/projects/roundcube-fail2ban-plugin/.
Basically you have to download the file (fail2ban.php) and paste it in the fail2ban folder in the plugins folder of roundcube. Finally you must have this file: /usr/share/roundcube/plugins/fail2ban/fail2ban.php. Execute:
This plugin will update the log file with each failed login attempt: /var/log/roundcube/userlogins
Don't forget to edit the link for the webmail in ISPConfig (System -> Interface Config -> (tab) Mail) and set it to /webmail. Lastly, restart apache.
You can now access webmail at http://www.example.com/webmail
Extend the jail.local file that falko suggests in The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Courier [ISPConfig 3]: /etc/fail2ban/jail.local
You have to append or edit the following:
The 50443 port in roundcube is only needed if you enabled the redirection to https (look in the beggining of this tutorial).
Last (and very important) don't forget to create the roundcube.conf file /etc/fail2ban/filter.d/roundcube.conf.
with the following contents:
[Definition] failregex = FAILED login for .*. from <host> ignoreregex =
Lucky us the webmin-auth and the ssh filters are already done for us by the fail2ban itself. Restart fail2ban:
If someone adds a lot of jails in fail2ban, then some of them may not start (errors in /var/log/fail2ban.log but not in the output !!!). See it by yourself by executing:
iptables -L -n
Unfortunately the solution is a bit of a hack... but at least it is a solution:
In the file /usr/bin/fail2ban-client at line 145 you have to insert time.sleep(0.1) or time.sleep(0.05):
So before the change the file looks like this:
And afterward the file looks like this:
Restart again fail2ban:
You can check that all jails are active with the command:
iptables -L -n