Virtual Hosting Howto With Virtualmin On CentOS 5.1 - Page 5

Want to support HowtoForge? Become a subscriber!
Submitted by topdog (Contact Author) (Forums) on Sun, 2008-03-02 18:43. ::

Clamav Milter Setup

  • Edit /etc/sysconfig/clamav-milter:
  • Patch the init file to fix socket permissions:

patch /etc/init.d/clamav-milter < clamav-milter.patch


MySQL Setup

Basic Config

  • Listen only to the localhost, edit /etc/my.cnf under the mysqld section:
bind-address =


Set Root Password

  • Set the root password:

service mysqld start
mysqladmin -u root password NEWPASSWORD


SpamAssassin Setup

Basic Config

required_hits 5
report_safe 0
rewrite_header Subject [SPAM]


Create MySQL Database

  • Create the database:

mysqladmin -p create bayes

  • Populate the database:

mysql -p bayes < /usr/share/doc/spamassassin-$(rpm --qf %{VERSION} -q spamassassin)/sql/bayes_mysql.sql

  • Create the user:

mysql -p
mysql> GRANT ALL ON bayes.* TO bayes@localhost IDENTIFIED BY 'password';


Configure To Use DB

  • Edit the file /etc/mail/spamassassin/ and add:
bayes_store_module  Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn       DBI:mysql:bayes:localhost
bayes_sql_override_username bayes
bayes_sql_username  bayes
bayes_sql_password  password


Configure FuzzyOCR

We will be storing the image hashes in a mysql database to improve on performance such that images that we have already scanned do not get scanned again as OCR is a resource intense activity.


Create MySQL Database

  • The sql script creates the database and tables and adds a user fuzzyocr with the password fuzzyocr:

mysql -p < /usr/local/src/devel/FuzzyOcr.mysql

  • Change the password:

mysqladmin -u fuzzyocr -p fuzzyocr password


Basic Settings

  • Edit /etc/mail/spamassassin/ and set the basic options:
focr_path_bin /usr/bin:/usr/local/bin
focr_minimal_scanset 1
focr_autosort_scanset 1
focr_enable_image_hashing 3
focr_logfile /tmp/FuzzyOcr.log


Make FuzzyOCR Use The Database

  • Edit the file /etc/mail/spamassassin/ and add:
focr_mysql_db FuzzyOcr
focr_mysql_hash Hash
focr_mysql_safe Safe
focr_mysql_user fuzzyocr
focr_mysql_pass password
focr_mysql_host localhost
focr_mysql_port 3306
focr_mysql_socket /var/lib/mysql/mysql.sock


SARE Rule Updates

  • Import the GPG key used to sign the rules:

mkdir /etc/mail/spamassassin/sa-update-keys/
chmod 700 /etc/mail/spamassassin/sa-update-keys/
sa-update --import GPG.KEY

  • Create the channels file /etc/mail/spamassassin/sare-sa-update-channels.txt:
  • Create an update script /usr/local/bin/update-sa:
sa-update -D --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A &>/var/log/sa-updates.log
  • Make it executable and add to cron:

chmod +x /usr/local/bin/update-sa
ln -s /usr/local/bin/update-sa /etc/cron.daily/
ln -s /usr/local/bin/update-sa /etc/cron.hourly/


Spamass-milter Setup

Basic Configuration

  • Edit /etc/sysconfig/spamass-milter:
EXTRA_FLAGS="-m -r 8"



We need to patch the init file to fix the permissions of the socket created such that postfix is able to use the socket.

patch /etc/rc.d/init.d/spamass-milter < spamass-milter.patch


Apache Setup

Disable Modules

We will disable some modules that we are not using thus freeing up memory and also improving security.

  • Edit /etc/httpd/conf/httpd.conf and comment out the modules as below.
#LoadModule ldap_module modules/
#LoadModule authnz_ldap_module modules/
#LoadModule dav_module modules/
#LoadModule status_module modules/
#LoadModule dav_fs_module modules/
#LoadModule proxy_module modules/
#LoadModule proxy_balancer_module modules/
#LoadModule proxy_ftp_module modules/
#LoadModule proxy_http_module modules/
#LoadModule proxy_connect_module modules/
#LoadModule cache_module modules/
#LoadModule disk_cache_module modules/
#LoadModule file_cache_module modules/
#LoadModule mem_cache_module modules/
  • Edit /etc/httpd/conf.d/proxy_ajp.conf and comment out as below:
#LoadModule proxy_ajp_module modules/


Listen To One IP For HTTPS

Apache has to be configured to listed to one address for port 443 as webmin will be using the same port. Edit /etc/httpd/conf.d/ssl:

Listen 192,168.1.6:443


Enable Gzip Compression

We setup gzip compression via the mod_deflate module to improve web server performance and to cut down on bandwidth usage by compressing responses to the client.

SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary

Set up logging for the deflate module:

DeflateFilterNote deflate_ratio
LogFormat "%v %h %l %u %t \"%r\" %>s %b mod_deflate: %{deflate_ratio}n pct." vhost_with_deflate_info
CustomLog logs/deflate_access_log vhost_with_deflate_info


Increase PHP Max Memory

Edit the file /etc/php.ini and set the following:

memory_limit = 64M


Enable Virtual Hosting

NameVirtualHost *:80


Create Default Virtual Host

This needs to be the first virtual host, it will be the default on the server the equivalent of the server with out virtual hosting.

<VirtualHost *:80>
        Servername localhost.localdomain
        Serveradmin root@localhost.localdomain


Roundcube Webmail Setup

Create Database

  • Create the database and add the roundcube user.

mysqladmin -p create roundcube
mysql -p
mysql> GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY 'password';

  • Initialize the database:

mysql -u roundcube -p roundcube < /usr/share/doc/roundcube-0.1/SQL/mysql5.initial.sql


Basic Config

  • Configure database DSN in /var/www/roundcube/config/
$rcmail_config['db_dsnw'] = 'mysql://roundcube:password@localhost/roundcube';
  • Configure roundcube in /var/www/roundcube/config/
$rcmail_config['default_host'] = 'localhost';
$rcmail_config['default_port'] = 143;
$rcmail_config['virtuser_file'] = '/etc/postfix/virtual';
$rcmail_config['smtp_server'] = 'localhost';
$rcmail_config['smtp_port'] = 25;
$rcmail_config['smtp_helo_host'] = 'localhost';


Set Up Catch All Virtualhost

As we will be providing webmail for all domains that are created on the system we need to setup a catch all virtualhost that can display roundcube when ever a user accesses http://webmail.domainname. Edit /etc/httpd/conf/httpd.conf and append:

<VirtualHost *:80>
ServerAlias webmail.*
DocumentRoot /var/www/roundcube
<Directory /var/www/roundcube>
Options -Indexes IncludesNOEXEC FollowSymLinks
allow from all


Firewall Setup


This is a basic firewall it may not suit your needs, firewalling is an art so i recommend to read into it to improve on this basic one.


Basic Config

Add these rules in your configuration file /etc/sysconfig/iptables:

-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m multiport -j ACCEPT --dports 80,443,25,110,143,53
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p icmp -m icmp -m limit --icmp-type 8 --limit 5/min -j ACCEPT


Activate Config

service iptables restart

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by hwyman (registered user) on Fri, 2009-04-10 21:29.

It seems that in Centos 5.3, the clamav-milter daemon periodically reloads and loses the group permission that the clamav-milter.patch sets up.  In other words, it's reverts back to the clamav group which causes a permission problem with Postfix.  The easiest fix is to make the postfix user a member of the clamav group.

Submitted by Acorp Computers (not registered) on Fri, 2008-09-19 03:45.

In case it helps anyone else, my "Spamassassin Basic Config" was located in:



Submitted by Pawel (not registered) on Sun, 2009-02-08 15:43.

/etc/httpd/conf.d/ssl.conf in CentOS 5.2

 Great tutorial!