The Perfect Server - CentOS 6.3 x86_64 (Apache2, Dovecot, ISPConfig 3) - Page 3

4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:

vi /etc/hosts   localhost localhost.localdomain localhost4 localhost4.localdomain4     server1

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6


5 Configure The Firewall

(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation.)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).



and disable the firewall.

To check that the firewall has really been disabled, you can run

iptables -L

afterwards. The output should look like this:

[root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@server1 ~]#


6 Disable SELinux

SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

Edit /etc/selinux/config and set SELINUX=disabled:

vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.

Afterwards we must reboot the system:



7 Enable Additional Repositories And Install Some Software

First we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we enable the RPMforge and EPEL repositories on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 6.3 repositories:

rpm --import

cd /tmp
rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

(If the above link doesn't work anymore, you can find the current version of rpmforge-release here:

rpm --import
rpm -ivh epel-release-6-7.noarch.rpm

yum install yum-priorities

Edit /etc/yum.repos.d/epel.repo...

vi /etc/yum.repos.d/epel.repo

... and add the line priority=10 to the [epel] section:

name=Extra Packages for Enterprise Linux 6 - $basearch

Then we update our existing packages on the system:

yum update

Now we install some software packages that are needed later on:

yum groupinstall 'Development Tools'


8 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrjquota=aquota.user,,jqfmt=vfsv0 to the / partition (/dev/mapper/vg_server1-lv_root):

vi /etc/fstab

# /etc/fstab
# Created by anaconda on Wed Jul 11 17:52:57 2012
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
/dev/mapper/vg_server1-lv_root /                       ext4    defaults,usrjquota=aquota.user,,jqfmt=vfsv0        1 1
UUID=806910a1-dbdf-4746-bd94-cbe73ce81493 /boot                   ext4    defaults        1 2
/dev/mapper/vg_server1-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0

Then run

mount -o remount /

quotacheck -avugm
quotaon -avug

to enable quota.


9 Install Apache, MySQL, phpMyAdmin

We can install the needed packages with one single command:

yum install ntp httpd mod_ssl mysql-server php php-mysql php-mbstring phpmyadmin


10 Install Dovecot

Dovecot can be installed as follows:

yum install dovecot dovecot-mysql

Now create the system startup links and start Dovecot:

chkconfig --levels 235 dovecot on
/etc/init.d/dovecot start


11 Install Postfix

Postfix can be installed as follows:

yum install postfix

Then turn off Sendmail and start Postfix and MySQL:

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
/etc/init.d/sendmail stop
/etc/init.d/postfix restart


12 Install Getmail

Getmail can be installed as follows:

yum install getmail

Share this page:

19 Comment(s)

Add comment


From: Dylan Myers at: 2012-08-11 06:32:05

Anyone who uses this tutorial should be aware of this bug with the changes ISPConfig3 makes to dovecot on Fedora/CentOS installs:

From: Anonymous at: 2012-07-16 15:11:18

You'll also need to install php-common

 yum install php-common

From: Jack at: 2013-01-05 16:55:42

EPEL name has been upgraded to:

From: at: 2013-01-20 16:21:31

Yum installed dovecot 2.0.9.el6_1.1

and  dovecot-mysql 2.0.9-2.el6_1.1

 This seems to cause a failure in amavis:

amavis[8819]: (08819-01-10) Blocked MTA-BLOCKED in maillog

I have tried 

mv /etc/dovecot/dovecot.conf /etc/dovecot/

cp /etc/dovecot.conf /etc/dovecot/dovecot.conf


service dovecot restart

service amavisd restart

service postfix restart


# this seems to have worked ok for me - mail now being sent out.

From: at: 2013-01-29 20:31:31

I was having errors in my maillog as follows;

Jan 29 20:18:45 centos postfix/smtpd[25440]: warning: SASL: Connect to private/auth failed: No such file or directory
Jan 29 20:18:45 centos postfix/smtpd[25440]: fatal: no SASL authentication mechanisms

The comment above from DFen;

mv /etc/dovecot/dovecot.conf /etc/dovecot/
cp /etc/dovecot.conf /etc/dovecot/dovecot.conf
This fixed my issues

From: noro at: 2012-10-02 18:26:04

pureftp dont use certificat in /etc/ssl/private/
but in /etc/pki/pure-ftpd

commnad for generate certificate:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/pki/pure-ftpd/pure-ftpd.pem -out /etc/pki/pure-ftpd/pure-ftpd.pem

thanks for this tutorial

From: MLK Dual Production at: 2012-12-16 15:53:37

Thank you for the helpful and well explained tutorial.
For some reason the link to download mod_ruby (wget is not working.

Here is one that works


From: Anonymous at: 2012-12-19 09:45:54


Thank for walkthrough

From: Anonymous at: 2013-03-31 00:04:26

I found that on some setups phpmyadmin and squirrelmail can't load. By editing the "squirrelmail.conf" and "phpmyadmin.conf" file in "/etc/httpd/conf" and adding

<Directory "/usr/share/phpmyadmin">

  <IfModule prefork.c>

LoadModule php5_module modules/


<IfModule !prefork.c>

  LoadModule php5_module modules/



# Cause the PHP interpreter to handle files with a .php extension.


<FilesMatch \.php$>

    SetHandler application/x-httpd-php


  Order Allow,Deny

  Allow from all


From: CanaDave at: 2012-07-14 23:37:56 should mention that when you start named:

/etc/init.d/named start takes a few minutes to generate a key...I thought it was crashed so I Ctrl-C'd it a couple of times then eventually I found how to generate the key manually:

]# rndc-confgen -a

]# chmod 666 /etc/rndc.key


]# chkconfig --levels 235 named on
]# /etc/init.d/named start

...I don't know if it would have generated the key on its own, it did say 'Generate Key': but seemed to be waiting for input from me.

Anyway, cool walkthrough...I set it up in a VM in Hyper-V...


From: Pedro Rocha at: 2012-09-27 10:15:18

Vlogger seems no longer available, is there any alternative or does ispconfig really need this?

From: life_watcher at: 2013-01-10 03:54:29

Great tutorial! Thank you!

a little addition - fail2ban seems to conflict with bastille and disable firewall set by ISPConfig (with uses bastille to manage iptables). As result no active firewall except fail2ban rules... I had to remove fail2ban to make it working...

Thank you! 


From: at: 2013-01-11 12:17:30

i will sugest fail2ban + APF  and just disable the ispconfig firewall ( only if you have CLI access )

From: Anonymous at: 2012-09-22 02:36:42

Thank you !

 Best TUTORIAL I'v found online, up-to-date everything just works, unlike many other - half-finished tutorials!!!!

Thanks for your time. 


From: Mike at: 2012-09-29 23:56:03

Simply awesome. Thank you. Only wish I would have come across this information 3 days ago.

From: Anonymous at: 2013-02-07 04:55:07


From: Gijsbert at: 2012-10-21 18:02:48

It's a good tutorial, but I found 2 things that doesn't seem to be right:

1) During the installation of webalizer and awstats an error occurs "No package awstats available". I have no idea where to get it, I checked the art, dag and epel repositories, but no awstats (anymore) :(

2) On a 64-bits Centos 6.3 OS, when installing mod_python the apache error log shows:

[Sun Oct 21 17:48:08 2012] [error] python_init: Python version mismatch, expected '2.6.5', found '2.6.6'.
[Sun Oct 21 17:48:08 2012] [error] python_init: Python executable found '/usr/bin/python'.
[Sun Oct 21 17:48:08 2012] [error] python_init: Python path being used '/usr/lib64/'.

I heard that it's better to remove mod_python and use mod_wsgi instead. I tried this and the errors are gone. However it does show a warning in the error_log:

[Sun Oct 21 20:00:08 2012] [warn] mod_wsgi: Compiled for Python/2.6.2.
[Sun Oct 21 20:00:08 2012] [warn] mod_wsgi: Runtime using Python/2.6.6.

Maybe you can rewrite the manual for these 2 issues so it will be even better in the (near) future!

From: Anonymous at: 2013-02-26 19:30:04

After Install ISPCONFIG 3 ,admin painel show apache test

From: at: 2013-03-30 17:45:19