Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 27th November 2005, 01:30
bersi bersi is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default Mandriva 2006 Install questions

Hi guys,
Installed ispconfig following the perfect setup.... Things went right and than diddn't and now its scrued up. No worry i want to reinstall the system anyhow. But getting deeper into all the infos in the process of my experiments i wonder about couple of things and i hope someone could clear things up befor i endeavour the next reinstall:
1) i would like to install in the paranoid security state (chrooted) or at least hightest. Does that give problems with ispconifig, and exactly what does?
2) i would rather use the standard Mandriva imap services (updates later on), does that give problems with ispc?
3) i would rather use the standard shorewall firewall and disable the firewall in ispc, does that...
4) i would rather use the sasl2 authentification thane the depriciated saslauthd, does that give problems?

Lots of questions but let mee say, it seems that ISPC is right on the spot! Looked long for a good opensource config panel and think i found it
Reply With Quote
Sponsored Links
  #2  
Old 27th November 2005, 15:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by bersi
1) i would like to install in the paranoid security state (chrooted) or at least hightest. Does that give problems with ispconifig, and exactly what does?
I'm almost sure that this will cause problems... These settings are so paranoid that almost nothing is allowed on the system! So don't do it, rather do as suggested by the tutorial.

Quote:
Originally Posted by bersi
2) i would rather use the standard Mandriva imap services (updates later on), does that give problems with ispc?
In the tutorial I use the standard Mandriva imap package...

Quote:
Originally Posted by bersi
3) i would rather use the standard shorewall firewall and disable the firewall in ispc, does that...
Not if you configure it properly... This means that also port 81 must be accessible otherwise you can't access ISPConfig.

Quote:
Originally Posted by bersi
4) i would rather use the sasl2 authentification thane the depriciated saslauthd, does that give problems?
saslauthd is for sasl2, there's no such package for sasl1, so I don't think it's deprecated. Anyway, use it, otherwise you'll have problems with authentication...

The best way to follow the tutorial is to use an SSH client (like PuTTY on Windows) and copy and paste the commands from the tutorial.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 29th November 2005, 09:49
bersi bersi is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default Thanks Falco

Thanks for your reply,
The thing is i followed the tutorial but was a little concerned about security having had soem problems with that in the past. I already run 3 servers under mandrake but use the Higher setting, and than allow ssh by hand. Anything known if that causes trouble with ispc?

Email
When i install the standard imap i dont see anything aubout the "cyrus..." you state in the tutorial, ut maybe thats concealed buy the mardrake installer, so that what confused me.

Mail authentification
Ok, i followed some other thread on that. Since i am not an expert on this i guess ill follow your arumentation on that .

Firewall
Configuring the new ports in shorewall isnt really that big a problem (you have to to that for mysql anyhow, so thats answered for!

So what im really left with is the sec settings.. paranoid won't do, but what about higher? i woulndt mind setting some services back on again but i'll guess, since i am not an expert on this the overall system would be more secure than the standard install?! And what about the chrooted daemons everybody is talking about (bind, proftp) could i set that up together with ispc?
Reply With Quote
  #4  
Old 29th November 2005, 19:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

I think the standard install is already very secure because ISPconfig has its own firewall that blocks requests on all ports that you don't use. I've never tried the "Higher" setting together with ISPConfig so it's up to you to find out if this works.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 29th November 2005, 23:00
bersi bersi is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Smile Ok Falko,

I will do that and report back here, but still arent there exploits wich use just the opened ports? There are as far as i know many descriptions on how to secure lets say bind. So there has to be more on that issue?! Wouldn't you agree? Or for that matter would you consider a whole different distro, lets say the debian based Unbutu or fedora or suse?

Last edited by bersi; 29th November 2005 at 23:05.
Reply With Quote
  #6  
Old 30th November 2005, 00:05
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by bersi
Or for that matter would you consider a whole different distro, lets say the debian based Unbutu or fedora or suse?
If you ask me I'll always recommend Debian (see also http://www.howtoforge.com/forums/showthread.php?t=1393 ), but in the end it's a matter of which distribution you like most.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 3rd February 2006, 17:27
bersi bersi is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default Got it working

Hi Falko,
So i got it working after all. The problrm with security settings under mandrake boils down to the "msec" checks. They alter the standard filesystem chmods and render ISPconfig not working. What wored for me was installing the system as described in the perfect setup guides and than switch on the security functions, all but msec checks. Maybe a seperate site should be set up to cover only the securing van linus under ispconfig...

Now than, of course i still hav some questions for you.
First of all the pop system. When connecting there is a strange lag between connecting and actual reading of the mail. Using thunderbird, or outlook express for that matter a connection is made right away but than everything stops for 15-20 secs before the password is asked and the mail begins to roll. Once mail is coming in everything goes fast and smooth. Trieed a telnet connection and there the popserver answered right away. so i am puzzled.

second:
from one of the sites specified (not all) the mail gets doubled to the Postfix account?? The settings for this mailaccount specifie a forward to xx@xx.xx wich actually is a mailadress handled by the same system (as far as my knowledge reaches a forward to a mailrecipient on the same system should be done directly to the underlying pop account not to the email adress, but i am not shure if that is the problem.. So why or when would an email be send to the postfix account??

Hope iam not boring you too much and keep up the good work!!

Thorsten
Reply With Quote
  #8  
Old 3rd February 2006, 18:18
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by bersi
First of all the pop system. When connecting there is a strange lag between connecting and actual reading of the mail. Using thunderbird, or outlook express for that matter a connection is made right away but than everything stops for 15-20 secs before the password is asked and the mail begins to roll. Once mail is coming in everything goes fast and smooth. Trieed a telnet connection and there the popserver answered right away. so i am puzzled.
Can you see anything related to this in the mail log?
Might also be a firewall problem or related to your security settings...

Quote:
Originally Posted by bersi
second:
from one of the sites specified (not all) the mail gets doubled to the Postfix account?? The settings for this mailaccount specifie a forward to xx@xx.xx wich actually is a mailadress handled by the same system (as far as my knowledge reaches a forward to a mailrecipient on the same system should be done directly to the underlying pop account not to the email adress, but i am not shure if that is the problem.. So why or when would an email be send to the postfix account??

Hope iam not boring you too much and keep up the good work!!
Can you explain a little more in detail?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 7th February 2006, 11:58
bersi bersi is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default Respond 1 the forwarding probllem

Falko,
here info about the forwaarding system, ill do some more checks on the popserver delay:

Forwarding:
2 domeins are registered within ispconfig on the same server x and y, both with each one user info@x and info@y (mail).
When i open the user definition for domain x an there put in a mailforward to info@y (the mailuser from y) and i swich on the keep local copy option, the mail send to info@x ends up in his box (as expected) but also in the postfix box on the system. This is anoying since this box is not emptied automatically and therefore could be flooded.

Another niew problem:
The mailscanner sends an mail with the folowing return adress:
Van: admispconfig@localhost.polderwerken.nl
[mailto:admispconfig@localhost.polderwerken.nl]

How can i get this into an real message? ie: admispconfig@polderwerken.nl or Postmaster@polderwerken.nl

regards
thorsten
Reply With Quote
  #10  
Old 7th February 2006, 12:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
 
Default

Quote:
Originally Posted by bersi
Forwarding:
2 domeins are registered within ispconfig on the same server x and y, both with each one user info@x and info@y (mail).
When i open the user definition for domain x an there put in a mailforward to info@y (the mailuser from y) and i swich on the keep local copy option, the mail send to info@x ends up in his box (as expected) but also in the postfix box on the system. This is anoying since this box is not emptied automatically and therefore could be flooded.
Are info@x and info@y in /etc/postfix/virtusertable? What's in /etc/aliases?

Quote:
Originally Posted by bersi
Another niew problem:
The mailscanner sends an mail with the folowing return adress:
Van: admispconfig@localhost.polderwerken.nl
[mailto:admispconfig@localhost.polderwerken.nl]

How can i get this into an real message? ie: admispconfig@polderwerken.nl or Postmaster@polderwerken.nl
Don't do it! Have a look here: http://www.howtoforge.com/forums/showthread.php?t=821
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
cpan> install DB_File make error Nu2Linux HOWTO-Related Questions 6 13th April 2012 22:06
install error on the end of the installation Vegettex Installation/Configuration 2 20th November 2005 23:50
perfect install 5.04 isp on desktop image? bspratt Server Operation 5 6th November 2005 14:27
Mix of Install Problems shawndb Installation/Configuration 5 15th September 2005 09:09
Fresh Install of FC4 using Perfect Install HowTo latcarf HOWTO-Related Questions 21 10th August 2005 22:55


All times are GMT +2. The time now is 00:58.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.