2 essential add-ons for ISPConfig3

[pititis]

For me a essential add-on is cluebringer for postfix. It provides access control, spf check, greylist, helo/ehlo checks and quota support. It's written in perl and support mysql/sqlite/postgresql. All with a web interface, just awesome!

[manarak]

Quote:

Originally Posted by manarak

another (potentially) essential config tweak:

if you are running high-traffic sites, and especially if they sit on a cloud Vserver that usually have limited storage and limited I/O bandwidth, you want to disable the Apache Access log:

http://www.howtoforge.com/forums/showthread.php?t=52180

just use google analytics or another stats provider for stats. they are better anyway - and won't clog your server with 30+ Gigs of logs, hello backup storage!

Just an addendum - I just discovered the logs are written twice!

under /etc/apache2/conf.d is the file other-vhost-access-log that writes a "vhosts combined" log. don't forget to deactivate that one as well.

[manarak]

another observation:
if you install a vserver: these usually don't allow access to IPTABLES, since they are built into the kernel that is common to all vservers on the host.
So your fail2ban is going to be ineffective in the default config.

solution: use hosts.deny instead.

to do this:
in jail.conf
change
banaction = iptables-multiport
into
banaction = hostsdeny
save and restart fail2ban

[manarak]

Quote:

Originally Posted by manarak

another observation:
if you install a vserver: these usually don't allow access to IPTABLES, since they are built into the kernel that is common to all vservers on the host.
So your fail2ban is going to be ineffective in the default config.

solution: use hosts.deny instead.

to do this:
in jail.conf
change
banaction = iptables-multiport
into
banaction = hostsdeny
save and restart fail2ban

I realized later that hosts.deny is not a good solution. see here why:
http://www.howtoforge.com/forums/sho...d.php?p=293131