The Perfect Server - CentOS 6.3 x86_64 (Apache2, Courier, ISPConfig 3) - Page 4

10 Install Courier-IMAP, Courier-Authlib, And Maildrop

Unfortunately there are no rpm packages for Courier-IMAP, Courier-Authlib, and Maildrop, therefore we have to build them ourselves.

First remove Dovecot:

yum remove dovecot dovecot-mysql

Then install the prerequisites that we need to build Courier rpm packages:

yum install rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel gamin-devel libidn-devel

RPM packages should not be built as root; courier-imap will even refuse to compile if it detects that the compilation is run as the root user. Therefore we create a normal user account now (falko in this example) and give him a password:

useradd -m -s /bin/bash falko
passwd falko

We will need the sudo command later on so that the user falko can compile and install the rpm packages. But first, we must allow falko to run all commands using sudo:

Run

visudo

In the file that opens there's a line root ALL=(ALL) ALL. Add a similar line for falko just below that line:

[...]
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
falko   ALL=(ALL)       ALL
[...]

Now we are ready to build our rpm package. First become the user falko:

su falko

Next we create our build environment:

mkdir $HOME/rpm
mkdir $HOME/rpm/SOURCES
mkdir $HOME/rpm/SPECS
mkdir $HOME/rpm/BUILD
mkdir $HOME/rpm/BUILDROOT
mkdir $HOME/rpm/SRPMS
mkdir $HOME/rpm/RPMS
mkdir $HOME/rpm/RPMS/i386
mkdir $HOME/rpm/RPMS/x86_64

echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros

Now we create a downloads directory and download the source files from http://www.courier-mta.org/download.php:

mkdir $HOME/downloads
cd $HOME/downloads

wget --no-check-certificate https://sourceforge.net/projects/courier/files/authlib/0.64.0/courier-authlib-0.64.0.tar.bz2/download
wget --no-check-certificate https://sourceforge.net/projects/courier/files/imap/4.9.3/courier-imap-4.9.3.tar.bz2/download
wget --no-check-certificate https://sourceforge.net/projects/courier/files/maildrop/2.5.5/maildrop-2.5.5.tar.bz2/download

(Please note that I use Courier-IMAP 4.9.3 here instead of the newer 4.10.0 because 4.10.0 depends on systemctl which exists for Fedora, but not for CentOS.)

Now (still in $HOME/downloads) we can build courier-authlib:

sudo rpmbuild -ta courier-authlib-0.64.0.tar.bz2

After the build process, the rpm packages can be found in /root/rpmbuild/RPMS/x86_64 (/root/rpmbuild/RPMS/i686 if you are on an i686 system). The command

sudo ls -l /root/rpmbuild/RPMS/x86_64

shows you the available rpm packages:

[falko@server1 downloads]$ sudo ls -l /root/rpmbuild/RPMS/x86_64
total 524
-rw-r--r-- 1 root root 125304 Jul 11 19:09 courier-authlib-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 263700 Jul 11 19:09 courier-authlib-debuginfo-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  37804 Jul 11 19:09 courier-authlib-devel-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  17264 Jul 11 19:09 courier-authlib-ldap-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  13864 Jul 11 19:09 courier-authlib-mysql-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  13004 Jul 11 19:09 courier-authlib-pgsql-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root   8240 Jul 11 19:09 courier-authlib-pipe-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  34644 Jul 11 19:09 courier-authlib-userdb-0.64.0-1.el6.x86_64.rpm
[falko@server1 downloads]$

Select the ones you want to install, and install them like this:

sudo rpm -ivh /root/rpmbuild/RPMS/x86_64/courier-authlib-0.64.0-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/courier-authlib-mysql-0.64.0-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/courier-authlib-devel-0.64.0-1.el6.x86_64.rpm

Now we go back to our downloads directory:

cd $HOME/downloads

Run the following commands to create required directories/change directory permissions (because otherwise the build process for Courier-Imap will fail):

sudo mkdir -p /var/cache/ccache/tmp
sudo chmod o+rwx /var/cache/ccache/
sudo chmod 777 /var/cache/ccache/tmp

Now run rpmbuild again, this time without sudo, otherwise the compilation will fail because it was run as root:

rpmbuild -ta courier-imap-4.9.3.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/x86_64 ($HOME/rpm/RPMS/i686 if you are on an i686 system):

cd $HOME/rpm/RPMS/x86_64

The command

ls -l

shows you the available rpm packages:

[falko@server1 x86_64]$ ls -l
total 1108
-rw-rw-r-- 1 falko falko 331736 Jul 12 15:17 courier-imap-4.9.3-1.x86_64.rpm
-rw-rw-r-- 1 falko falko 800664 Jul 12 15:17 courier-imap-debuginfo-4.9.3-1.x86_64.rpm
[falko@server1 x86_64]$

You can install courier-imap like this:

sudo rpm -ivh courier-imap-4.9.3-1.x86_64.rpm

Now we go back to our downloads directory:

cd $HOME/downloads

and run rpmbuild again, this time to build a maildrop package:

sudo rpmbuild -ta maildrop-2.5.5.tar.bz2

After the build process, the rpm packages can be found in /root/rpmbuild/RPMS/x86_64 (/root/rpmbuild/RPMS/i686 if you are on an i686 system). The command

sudo ls -l /root/rpmbuild/RPMS/x86_64

shows you the available rpm packages:

[falko@server1 downloads]$ sudo ls -l /root/rpmbuild/RPMS/x86_64
total 1708
-rw-r--r-- 1 root root 125316 Jul 12 15:08 courier-authlib-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 263720 Jul 12 15:08 courier-authlib-debuginfo-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  37804 Jul 12 15:08 courier-authlib-devel-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  17264 Jul 12 15:08 courier-authlib-ldap-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  13864 Jul 12 15:08 courier-authlib-mysql-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  13008 Jul 12 15:08 courier-authlib-pgsql-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root   8244 Jul 12 15:08 courier-authlib-pipe-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  34648 Jul 12 15:08 courier-authlib-userdb-0.64.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 286476 Jul 12 15:25 maildrop-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 751216 Jul 12 15:25 maildrop-debuginfo-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 102096 Jul 12 15:25 maildrop-devel-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root  65928 Jul 12 15:25 maildrop-man-2.5.5-1.x86_64.rpm
[falko@server1 downloads]$

You can now install maildrop like this:

sudo rpm -ivh /root/rpmbuild/RPMS/x86_64/maildrop-2.5.5-1.x86_64.rpm

After you have compiled and installed all needed packages, you can become root again by typing

exit

Now start Courier-IMAP/-POP3 as follows:

/etc/init.d/courier-imap start

 

11 Install Postfix

Postfix can be installed as follows:

yum install postfix

Then turn off Sendmail and start Postfix and MySQL:

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
/etc/init.d/sendmail stop
/etc/init.d/postfix restart

 

12 Install Getmail

Getmail can be installed as follows:

yum install getmail

 

13 Set MySQL Passwords And Configure phpMyAdmin

Set passwords for the MySQL root account:

mysql_secure_installation

[root@server1 tmp]# mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n]
 <-- ENTER
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]
 <-- ENTER
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
 <-- ENTER
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]
 <-- ENTER
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]
 <-- ENTER
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


[root@server1 tmp]#

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory "/usr/share/phpmyadmin"> stanza):

vi /etc/httpd/conf.d/phpmyadmin.conf

#
#  Web application to manage MySQL
#

#<Directory "/usr/share/phpmyadmin">
#  Order Deny,Allow
#  Deny from all
#  Allow from 127.0.0.1
#</Directory>

Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin

Next we change the authentication in phpMyAdmin from cookie to http:

vi /usr/share/phpmyadmin/config.inc.php

[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
[...]

Then we create the system startup links for Apache and start it:

chkconfig --levels 235 httpd on
/etc/init.d/httpd start

Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.

Share this page:

23 Comment(s)

Add comment

Comments

From: at: 2013-01-17 18:01:28

Can this process be used to install ISPConfig 3 on CentOS 6 32bit versions?

Please Reply!

From: oakleeman at: 2012-09-20 19:00:38

Heads up that if your HDD is bigger than 50GB or so in size the CentOS 6.3 install will create a 45GB or so / partition and then setup the rest as /home. If this isn't what you want then check the box to review the partitioning layout and delete the /home lv and increase the size of the / lv. 

This bites me in the rear every time I follow Falko's guides for CentOS 6 and forget about the partition issue until I get to the step for editing fstab for quota...then I have to delete the VM hard-disk and start over since that is faster for me then extending the lv.  

From: Dizfunkshunal at: 2013-01-10 20:33:03

change

epel-release-6-7.noarch.rpm  all instances

to 

epel-release-6-8.noarch.rpm

From: ally at: 2013-07-20 13:20:18

Also if installing on OpenVZ it's a different process for enabling quotas. Has to be enabled by the sys admin or hardware node admin for  your container.

From: Payne at: 2013-10-21 01:26:33

Another note, in order to get the RepoForge repositories to work correctly (in step 7) I had to follow instructions on the following link:

http://wiki.centos.org/AdditionalResources/Repositories/RPMForge#head-f0c3ecee3dbb407e4eed79a56ec0ae92d1398e01

Hope that helps!

 

From: Emo at: 2014-03-08 09:22:15

its now https:// , http:// is not working anymore.

From: admin at: 2012-07-28 07:54:01

It's no mistake - the tutorial is working for me exactly as written.

From: Anonymous at: 2012-07-27 16:02:29

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/x86_64 ($HOME/rpm/RPMS/i686 if you are on an i686 system):

has to correct in 

After the build process, the rpm packages can be found in $HOME/rpmbuild/RPMS/x86_64 ($HOME/rpmbuild/RPMS/i686 if you are on an i686 system):

Thnx

From: Mike at: 2012-11-24 14:24:13

Postfix would not receive incoming emails or respond to telnet into port 25.  The maillog showed:

fatal : no SASL authentication method available

The fix was to install missing package cyrus-sasl-plain:

yum install cyrus-sasl-plain

After restarting postfix, incoming emails started to arrive.

From: at: 2013-03-03 22:45:47

Just something of note here:

Courier by default will limit the number of connections per ip to 4.  Most email clients use 5 connections per email account.  See the problem?

Make sure to just update this now to get it out of the way so you aren't wondering later why you can't connect to your IMAP account and start blaming ISPConfig for it

What value should you use for max connections per ip?

Generally speaking, for the ip with the most email accounts:

MAXPERIP = MAX_NUMBER_OF_EMAIL_ACCOUNTS * 5

Then you can just update the config and restart courier and you'll never have to worry about this later (unless the max number of email accounts for an ip increases)

TIP:  If you have your mail setup on your phone and ipad and both are using the same internet ip as your laptop you now have 3 email clients per account instead of just 1.  Either turn off your mail at home on your phone/ipad or increase your MAXPERIP to compensate. 

I like to use 105 for my default MAXPERIP (7 accounts per ip, 3 devices per account):

sed -i 's/MAXPERIP=4/MAXPERIP=105/g' /usr/lib/courier-imap/etc/imapd
service courier-imap restart

From: r4faga at: 2012-09-04 23:06:07

when i try to do make on suphp, there is make it a error. And dont install. 
 
g++ -DOPT_CONFIGFILE=\"/etc/suphp.conf\" -g -O2 -o suphp API.o API_Helper.o API_Linux.o API_Linux_Logger.o Application.o CommandLine.o Configuration.o Environment.o Exception.o File.o GroupInfo.o IOException.o IniFile.o IniSection.o KeyNotFoundException.o Logger.o LookupException.o OutOfRangeException.o PathMatcher.o ParsingException.o PointerException.o SecurityException.o SoftException.o SystemException.o UserInfo.o Util.o
make[3]: se sale del directorio `/tmp/suphp-0.7.1/src'
make[2]: se sale del directorio `/tmp/suphp-0.7.1/src'
make[1]: se sale del directorio `/tmp/suphp-0.7.1/src'
make[1]: se ingresa al directorio `/tmp/suphp-0.7.1'
make[1]: No se hace nada para `all-am'.
make[1]: se sale del directorio `/tmp/suphp-0.7.1'

From: Martin at: 2012-09-27 09:33:22

You ask us to remove original init script from rc.* and add

clamd.amavisd

 however there is no such file included (Centos 5.3 following every step to my knowledge)

 

From: at: 2012-12-05 19:02:04

i had 2 installations were i had to

 cp /etc/awstats/awstats.model.conf /etc/awstats/awstats.conf

for awstats to work. info @ http://www.howtoforge.com/forums/showthread.php?t=35485&page=8

From: JNPerez at: 2013-04-25 15:46:24

the link for the mod_ruby-1.3.0.tar.gz is down... Use this mirror http://ftp.riken.go.jp/pub/FreeBSD/distfiles/ruby/mod_ruby-1.3.0.tar.gz


 :D

 

From: at: 2013-05-27 23:04:36

Make sure you do not leave /etc/named.conf unconfigured.   By default you are offering recursive name service to the whole world.   You'll notice this one day when you run top and see named using up 50%+ CPU because some bots are using your Bind for DNS DDoS attacks.   Rather than leave the configuration file as the default, at very least update it to the following to protect yourself, your clients, and the victims:

include "/etc/rndc.key";

controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

//
// named.conf for Red Hat caching-nameserver
//

acl "trusted" {
127.0.0.1;
};

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
forwarders { 127.0.0.1; };
};

Above config found at: http://forum.codecall.net/topic/47953-check-etcnamedconf-for-recursion-restrictions/

From: Alex at: 2012-10-11 16:05:11

Hi

I am in  vi   /etc/aliases file and try to add what it says , but I can't write pipe key  after 

 

mailman:    " 

 

could anyone can tell me how to enter pipe key  in vi editor?

 

thanks

Alex

 

From: at: 2013-06-19 08:24:34

Hello,

I get this error when I try to login to webmail; 
ERROR: Connection dropped by IMAP server.. 

 

The problem is resolved.  I had not installed ISPConfig yet when I tried to access and check the mail server.  After I installed the ISPConfig, I was able to connect, send and receive mail.  

From: sth at: 2014-06-15 06:14:16

I have followed the instructions as per the instructions for  "Perfect Server - Centros 6.3 x 86_64...:


Apart from a hiccup in find in the  "mod_ruby" file (eventually found one at another site) all appears to have gone well except that I do not appear to be able to run Firefox.


It seems that Firefox was not installed as part of the "Basic Server" set up when Centros was installed and indicated on page two of the instructions.  ANy way Firefox is easy enough to install.  However, when I try to start Firefox either as root or the user I get a message


cannot open display: :0


 Have tried    export DISPLAY=:0   with no result


Have installed xorg.x11-server-utils     An sill get no result.


 


Any one any ideas as to how to fix this and be able to run Fix so I can check the Webmail asn WEB Admis screens as shown in the instructions?


 


Thanks



From: at: 2012-07-31 15:44:13

After all check, if bastille-firewall works:


iptables -L

If not, You can start it by typing:


/etc/init.d/bastille-firewall start

and configure: 


chkconfig --levels 235 bastille-firewall on

Now, You can check firewall again:


iptables -L

On all of my servers configured with the articles "CentOS/ISPC3 Perfect Server": 5.7, 6.0, 6.2, 6.3 from howtoforge.com, never Bastille firewall start automatically. 


From: hb at: 2012-10-11 15:37:41

we just us one, so why should be download two DVDs ?

From: at: 2013-03-19 03:42:45

in the end when this is all set up and working for the most part, I have one problem.

 

Basically ftp into the correct area, then when trying to browse to the page it runs some cached version rather than the actual file that's been uploaded.  This has nothing to do with the client side cache as I've tried it on at least 5-10 machines which have never even been to the domain :(

 ANY help would be sincerely appreciated.

From: Ergec at: 2013-06-26 16:30:12

Let say we have a solid network, only one website on the server and we ignore the security weakness of the php code.

 How secure is this particulat setup for direct attacks? Of course there is no immune system but is it solid enough to serve an important website?

From: Anonymous at: 2013-08-06 18:52:54

after a fair bit of prodding I fixed this myself.

basically in ispconfig 3 it was a small tweak.