Virtual Hosting Howto With Virtualmin On CentOS 5.1 - Page 4

Want to support HowtoForge? Become a subscriber!
Submitted by topdog (Contact Author) (Forums) on Sun, 2008-03-02 18:40. ::

Dovecot Setup


This will setup dovecot as our IMAP/POP3 server.


Basic Configuration

We will setup dovecot for IMAP and POP3 and disable SSL.

protocols = imap pop3
listen = *
ssl_listen = *
ssl_disable = yes



We will use the maildir format as opposed to the default mbox format.

mail_location = maildir:~/Maildir


Authentication & SASL

Configure dovecot to use LOGIN and PLAIN as the authentication mechanisims as many MS clients are unable to use encrypted authentication mechanisms. We also setup the SASL socket to enable postfix to authenticate SMTP connections using dovecot.

auth default {
  mechanisms = plain login
  passdb pam {
  userdb passwd {
  socket listen {
    client {
        path = /var/spool/postfix/private/auth
        mode = 0660
        user = postfix
        group = postfix


Client Issues

Some MS imap clients in the outlook family have issues with both thier IMAP and POP3 implementations so we need to accommodate them by setting up these work arounds:

protocol imap {
 imap_client_workarounds = outlook-idle delay-newmail
protocol pop3 {
 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh


Run IMAP Behind Proxy

The imap server is configured to run on port 10143 such that port 143 is handled by the imap proxy server that will improve performance for your webmail by caching connections to the imap server. The listen option under protocol sets this up.

protocol imap {
 imap_client_workarounds = outlook-idle delay-newmail
 listen =


Sample files


Setup Imap Proxy


imapproxy was written to compensate for webmail clients that are unable to maintain persistent connections to an IMAP server. Most webmail clients need to log in to an IMAP server for nearly every single transaction. This behaviour can cause tragic performance problems on the IMAP server. imapproxy tries to deal with this problem by leaving server connections open for a short time after a webmail client logs out. When the webmail client connects again, imapproxy will determine if there's a cached connection available and reuse it if possible. - according to the imapproxy website.



Make the following changes in the file /etc/imapproxy.conf:

cache_size 3072
listen_port 143
server_port 10143
cache_expiration_time 900
proc_username nobody
proc_groupname nobody
stat_filename /var/run/pimpstats
protocol_log_filename /var/log/imapproxy_protocol.log
syslog_facility LOG_MAIL
send_tcp_keepalives no
enable_select_cache yes
foreground_mode no
force_tls no
enable_admin_commands no


Sample Files


Bind Setup


Bind will be set up chrooted to improve security we will also use views to prevent abuse of the dns server.


Basic Configuration

The basic configuration disables by default, recursive queries and zone transfers. We also obscure the version of BIND we are running such that we are not hit by zero day vulnerabilities from script kiddies.

options {
        directory "/var/named";
        pid-file "/var/run/named/";
        listen-on {
        version "just guess";
        allow-recursion { "localhost"; };
        allow-transfer { "none"; };



The logging is customized to remove the annoying "lame-server" and update errors that appear in the logs:

logging {
        category update { null; };
        category update-security { null;        };
        category lame-servers{ null; };



Ensure that this is set in the file /etc/sysconfig/named (it's usually set by the bind-chroot package):



Point Server

Let the machine use this server for dns resolution edit /etc/resolv.conf and prepend:



Sample files


Vsftpd Setup


We will use vsftpd as our ftp server. This has a better track record as opposed to the proftpd & wuftpd servers.


Basic Setting

Our basic setup disables anonymous users, and enables local system users to connect to the ftp server.

ftpd_banner=Welcome to server



All users will be chrooted to their home directories (except usernames in the /etc/vsftpd/chroot_list file) meaning the cannot break out and see other users files.



Banned Users

Users added to the file /etc/vsftpd/user_list will not be allowed to login:



Sample Files

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.