The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Courier [ISPConfig 3] - Page 6

19 Install ISPConfig 3

To install ISPConfig 3 from the latest released version, do this:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

The next step is to run

php -q install.php

This will start the ISPConfig 3 installer. The installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary.

root@server1:/tmp/ispconfig3_install/install# php -q install.php


--------------------------------------------------------------------------------
 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: Debian 6.0 (Squeeze/Sid) or compatible

    Following will be a few questions for primary configuration so be careful.
    Default values are in [brackets] and can be accepted with <ENTER>.
    Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]:
 <-- ENTER

Installation mode (standard,expert) [standard]: <-- ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [server1.example.com]: <-- ENTER

MySQL server hostname [localhost]: <-- ENTER

MySQL root username [root]: <-- ENTER

MySQL root password []: <-- yourrootsqlpassword

MySQL database to create [dbispconfig]: <-- ENTER

MySQL charset [utf8]: <-- ENTER

Generating a 2048 bit RSA private key
.......+++
...........................................................................................................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
 <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, YOUR name) []: <-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Firewall
Installing ISPConfig
ISPConfig Port [8080]:
 <-- ENTER

Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Stopping SASL Authentication Daemon: saslauthd.
Starting SASL Authentication Daemon: saslauthd.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
Stopping ClamAV daemon: clamd.
Starting ClamAV daemon: clamd .
Stopping Courier authentication services: authdaemond.
Starting Courier authentication services: authdaemond.
Stopping Courier IMAP server: imapd.
Starting Courier IMAP server: imapd.
Stopping Courier IMAP-SSL server: imapd-ssl.
Starting Courier IMAP-SSL server: imapd-ssl.
Stopping Courier POP3 server: pop3d.
Starting Courier POP3 server: pop3d.
Stopping Courier POP3-SSL server: pop3d-ssl.
Starting Courier POP3-SSL server: pop3d-ssl.
Restarting web server: apache2 ... waiting ..
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -H -b -A -O clf:/var/log/pure-ftpd/transfer.log -8 UTF-8 -Y 1 -D -u 1000 -E -B
Stopping domain name service...: bind9 waiting for pid 22267 to die.
Starting domain name service...: bind9.
Installation completed.
root@server1:/tmp/ispconfig3_install/install#

The installer automatically configures all underlying services, so no manual configuration is needed.

Afterwards you can access ISPConfig 3 under http://server1.example.com:8080/ or http://192.168.0.100:8080/. Log in with the username admin and the password admin (you should change the default password after your first login):

The system is now ready to be used.

 

19.1 ISPConfig 3 Manual

 

20 Additional Notes

20.1 OpenVZ

If the Debian server that you've just set up in this tutorial is an OpenVZ container (virtual machine), you should do this on the host system (I'm assuming that the ID of the OpenVZ container is 101 - replace it with the correct VPSID on your system):

VPSID=101
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
  vzctl set $VPSID --capability ${CAP}:on --save
done

 

20.2 SquirrelMail

Lots of people have reported problems (such as getting 404 Not Found errors) using the SquirrelMail webmail package in their web sites created through ISPConfig 3. This guide explains how to configure SquirrelMail on a Debian Squeeze server so that you can use it from within your web sites (created through ISPConfig).

SquirrelMail's Apache configuration is in the file /etc/squirrelmail/apache.conf, but this file isn't loaded by Apache because it is not in the /etc/apache2/conf.d/ directory. Therefore we create a symlink called squirrelmail.conf in the /etc/apache2/conf.d/ directory that points to /etc/squirrelmail/apache.conf and reload Apache afterwards:

cd /etc/apache2/conf.d/
ln -s ../../squirrelmail/apache.conf squirrelmail.conf
/etc/init.d/apache2 reload

Now open /etc/apache2/conf.d/squirrelmail.conf...

vi /etc/apache2/conf.d/squirrelmail.conf

... and add the following lines to the <Directory /usr/share/squirrelmail></Directory> container that make sure that mod_php is used for accessing SquirrelMail, regardless of what PHP mode you select for your website in ISPConfig:

[...]
<Directory /usr/share/squirrelmail>
  Options FollowSymLinks
  <IfModule mod_php5.c>
    AddType application/x-httpd-php .php
    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_admin_flag allow_url_fopen Off
    php_value include_path .
    php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
    php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname:/var/spool/squirrelmail
    php_flag register_globals off
  </IfModule>
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  </IfModule>
  # access to configtest is limited by default to prevent information leak
  <Files configtest.php>
    order deny,allow
    deny from all
    allow from 127.0.0.1
  </Files>
</Directory>
[...]

Create the directory /var/lib/squirrelmail/tmp...

mkdir /var/lib/squirrelmail/tmp

... and make it owned by the user www-data:

chown www-data /var/lib/squirrelmail/tmp

Reload Apache again:

/etc/init.d/apache2 reload

That's it already - /etc/apache2/conf.d/squirrelmail.conf defines an alias called /squirrelmail that points to SquirrelMail's installation directory /usr/share/squirrelmail.

You can now access SquirrelMail from your web site as follows:

http://www.example.com/squirrelmail

You can also access it from the ISPConfig control panel vhost as follows (this doesn't need any configuration in ISPConfig):

http://server1.example.com:8080/squirrelmail

If you'd like to use the alias /webmail instead of /squirrelmail, simply open /etc/apache2/conf.d/squirrelmail.conf...

vi /etc/apache2/conf.d/squirrelmail.conf

... and add the line Alias /webmail /usr/share/squirrelmail:

Alias /squirrelmail /usr/share/squirrelmail
Alias /webmail /usr/share/squirrelmail
[...]

Then reload Apache:

/etc/init.d/apache2 reload

Now you can access Squirrelmail as follows:

http://www.example.com/webmail
http://server1.example.com:8080/webmail

If you'd like to define a vhost like webmail.example.com where your users can access SquirrelMail, you'd have to add the following vhost configuration to /etc/apache2/conf.d/squirrelmail.conf:

vi /etc/apache2/conf.d/squirrelmail.conf

[...]
<VirtualHost 1.2.3.4:80>
  DocumentRoot /usr/share/squirrelmail
  ServerName webmail.example.com
</VirtualHost>

Make sure you replace 1.2.3.4 with the correct IP address of your server. Of course, there must be a DNS record for webmail.example.com that points to the IP address that you use in the vhost configuration. Also make sure that the vhost webmail.example.com does not exist in ISPConfig (otherwise both vhosts will interfere with each other!).

Now reload Apache...

/etc/init.d/apache2 reload

... and you can access SquirrelMail under http://webmail.example.com!

 

21 Links

Share this page:

34 Comment(s)

Add comment

Comments

From: at: 2011-02-13 16:59:43

With this configuration I am unable to fetchmail in ISPConfig due to not being able to resolve the the domain name of the external mailbox. If i turn off the firewall, dns works fine. If I open all ports > 1000 it works fine. I believe this has something to do with the return port of the dns query to my name server? Maybe iptables?

From: JeffryL at: 2011-03-26 17:21:25

Great tutorial but even better if it would also describe how to force ISP over a secure connection (https) which is not very hard to configure. E.g. this site describes one way, although enabling ssh is not necessary anymore after fulfilling this tutorial and ISP3 has some standard configuration lines that can be uncommented... (And why isn't ssl standard in ISP3?!?!)

http://www.faqforge.com/linux/controlpanels/ispconfig3/enable-ssl-for-the-ispconfig-3-controlpanel/

Second, and perhaps a bit more difficult is securing phpmyadmin. I think phpmyadmin as a 'folder' in a website is not very secure since you cannot easily force it to connect over ssl (or can you? Lemme know!) On my server I would prefer phpmyadmin only accessible over ssl.

From: Anonymous at: 2011-06-09 09:42:49

Isn't FAM necessary for Courier IMAP? Most mailclients seem to complain when it is not installed..

From: at: 2012-03-21 17:30:33

remember to apt-get update and apt-get upgrade before start 

apt-get install ssh openssh-server

packages change names ... like happen to me a few minutes a go ...  

From: Idrassi at: 2011-02-11 17:05:18

The following two commands must be run before quotacheck and quotaon :

touch /aquota.user /aquota.group
chmod 600 /aquota.*

From: JeffryL at: 2011-03-26 17:06:41

Not necessary anymore. Files are made automatically with the right permissions.

From: Pilgrim at: 2011-02-21 11:33:58

Hi...

Great tutorial,
but I have a small problem with postfix.
I'm using domain with NSSet to my server. Domain is a for example somestupiddomain.cz.
This domain is a NS domain for nameservers too like ns1.somestupiddomain.cz and ns2.somestupiddomain.cz.

Problem is a with Postfix main.cnf file with mydestination param.
The default settings is a:

mydestination = somestupiddomain.cz, localhost, localhost.localdomain

If I sent email to any mailbox on this domain, the email was not delivered and I delivered back to sender error: Undelivered Mail Returned to Sender - unknown user "test".

Anyother domains on this server are OK and theirs emails were successfully delivered.

I was change this mydestination param for fixing this problem to:

mydestination = assigned-XXX.XXX.XXX.XXX.provider.cz, localhost, localhost.localdomain

After this, all emails to somestupiddomain.cz were succesfully delivered.
The param mydestination must be a FQDN hostname of server.

 (sorry for my english) ;-)

From: Cody at: 2011-05-05 19:17:22

E: Unable to locate package libsas12-2
E: Unable to locate package libsas12-modules
E: Unable to locate package libsas12-modules-sql
E: Unable to locate package sas12-bin

and i can't continue from there because i need SQL to be installed

i'm a newby, how do i check if its been installed and if its running?

(up until here i followed your tutorial exactly [excluding hostname / domainname / username / repositories] and its worked!)

 

From: Anonymous at: 2011-05-20 21:54:08

It's not libsas1 but libsasl with the L not the 1

From: at: 2011-05-18 10:08:13

For the new version of the JailKit, change the following. This fixes the following:

Jailkit 2.14 fixes a infinite loop in jk_cp and jk_init if ldd output for some reason contains two slashes (//lib/libfoo.so). Furthermore, jk_chrootsh can now be called as 'su'

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.14.tar.gz
tar xvfz jailkit-2.14.tar.gz
cd jailkit-2.14
./debian/rules binary
cd ..
dpkg -i jailkit_2.14-1_*.deb
rm -rf jailkit-2.14*

From: Steboo at: 2011-05-27 14:22:36

Don´t forget to install the libfam0 or libgamin0 if you want to use the IMAP-Server.

 

From: lenz at: 2011-06-09 08:52:22

To prevent filesystem error like this:

"IMAP server information: Filesystem notification initialization error -- contact your mail administrator (check for configuration errors with the FAM/Gamin library)"

install gamin:

apt-get install gamin

(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599682 )

From: Ed at: 2011-09-19 19:17:55

Hello,

I can't get past step 10 - I receive an "Abort." on the terminal screen when I enter "Y" to continue with the installation of the packages.

This is a amd 64 bit system that came pre-configured with debian squeeze 64 bit for amd64, but with nothing else, I think.

Why would I receive that Abort by the system when trying to install the packages in step 10?

Thanks for any help - I am new with 64 bit debian and squeze.

 

Ed

From: Ed at: 2011-09-20 09:36:40

Hello,

I solved this problem by using aptitude instead of apt-get

IBM machine with Opteron 2218  squeeze amd64

From: at: 2011-10-24 20:43:16

Are you getting pthread errors? For example, it might complain that pthread is not found:

jk_socketd.c:(.text+0xa94): undefined reference to `pthread_create'

If so, try this solution:

LIBS=-pthread ./debian/rules binary

From: Anonymous at: 2012-01-06 22:31:39

When I try the following command (from the guide) I get an error:

 ./debian/rules binary

Error:

checking whether we are cross compiling... configure: error: in `/tmp/jailkit-2.13':
configure: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.
See `config.log' for more details.
make: *** [config.status] Error 1

 I have checked so "gcc is already the newest version." and libpq5 is installed.
Why cant my debian make this compilation?

From: bjarne at: 2012-02-28 16:25:14

By default the SSL certificates for IMAP and POP3 has a lifetime of 1 year. It is possible to change this by editing mkimapdcert and mkpop3dcert scripts directly:
 
vi /usr/sbin/mkimapdcert
vi /usr/sbin/mkpop3dcert

#look for line /usr/bin/openssl req -new -x509 -days 365 -nodes \

Remove the old certficates and run mkimapdcert and mkpop3dcert again

From: pallermo at: 2012-08-03 07:59:10

Hmm...I am getting this kind of message (error) when I try  "quotacheck -avugm"

 quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option.

Eveything is ql but only this is the problem.  

 fstab is next:

proc /proc proc defaults 0 0

none /dev/pts devpts gid=5,mode=620 0 0

/dev/md0 none swap sw 0 0

/dev/md1 /boot ext3 defaults 0 0

/dev/md2 / ext4 defaults 0 0 errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0       1

From: Rifqi Kennedy at: 2013-03-06 05:06:18

i can't install vim-nox, because this packets there isn't, how about that ??

From: at: 2011-10-29 02:17:34

For fail2ban and SASL read Debian bug #507990, it's important:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507990

From: bandie at: 2012-02-10 13:30:03

May I ask, How to regenerate all apache vhost config files at once? I have 4000 sites maintaned by ISPConfig and vhost template modified.

From: gibbo at: 2012-03-18 14:06:35

Hi

This has been a brilliant tutorial and i ve got my server working because of it, may i just ask how i know what my username and password would be for squirrel Mail Please, im ok with ispconfig but no idea what my password and username would be for the squirrelmail screen above

 Many Thanks

From: Marto at: 2011-02-21 12:59:35

my probelm with http://site.com/webmail not work but download file
Decision:
edit / etc/apache2/mods-enabled/suphp.conf
comment out this section:

# <Directory /usr/share>
# SuPHP_Engine off
# </ Directory>

/ etc/init.d/apache2 restart

edit / etc/apache2/mods-enabled/suphp.conf
uncomment those lines

<Directory /usr/share>
suPHP_Engine off
</ Directory>

a2dismod suphp
/ etc/init.d/apache2 restart

From: at: 2011-02-23 15:14:23

Hi ; put the solution the Marto, is not funtionally, but , if install CMS , example joomla, 

 the error is if install any component appear "error 500 internal error"

 any solution for this solution?

From: Anonymous at: 2011-04-01 20:41:32

Thx, very great Tutorial

From: Mindscape at: 2011-05-02 21:20:44

It works great but i cant send emails. I always get the error Sender address rejected: not logged in.

From: Axel at: 2011-05-19 12:06:01

same here :(

From: Enes Mujovi at: 2011-11-16 03:54:30

for me don't work this?? 20 Additional Notes 20.1 OpenVZ VPSID=101 for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE do vzctl set $VPSID --capability ${CAP}:on --save done please help me

From: at: 2012-03-20 13:07:42

Edit your /etc/vz/conf/<<VZID>>.conf

(Check if it´s on another place i´m using proxmox then on pmox the file is located on this place)

 Check if CAPABILITY line exists. if not copy the line below and put it on your container config.

#Extras Ispconfig3
CAPABILITY="CHOWN:on DAC_READ_SEARCH:on SETGID:on SETUID:on NET_BIND_SERVICE:on NET_ADMIN:on SYS_CHROOT:on SYS_NICE:on SYS_TIME:on"

From: MyName at: 2012-02-07 10:08:35

Hi there,

No troubles at all! All steps on all the pages worked perfectly! 
Thank you for taking the effort to create this manual!

Rgds,

Marcel / Get IT Service

From: pallermo at: 2012-08-03 08:18:19

Hi guys, this is so great tutorial! Till now I had small problem with quota but now I saw another issue with ftp server. Everything is working correctly (I mean on FTP) but when I access to a folder I can easily go up in upper foler from my home directory. At this way I can come to / and to read eveything. (I can't delete but never mind). My home dir for ftp is example: /var/www/clients/client1/web3/ftp - so I can enter to /var/www/clients/client1/web3/ in reverse till root folder / :)

Does anybody know how to block this? PureFTPD doesn't have configuration file, it has run options. Maybe somebody faced also with this kind of problem.
Thanks

 

 

 

From: Adrian at: 2012-08-08 23:15:54

I have big problems with dns...

 root@server1:/nslookup localhost
;; Got SERVFAIL reply from 193.231.236.17, trying next server

 

 Pls help..

From: at: 2013-03-23 16:40:52

Hi Falko,

In my opinion this is the best tutorial for installing ISPConfig 3.  I refer to this time and time again. The amount of detail you put into this is greatly appreciated.

Great!  Thank you...

 Darin

From: Yvanoph at: 2013-06-28 18:40:15

Hi there, use this few times and was well workin, till six months ago, last time in fact I used !

But today, "php -q install.php" is not working ans send me "bash" : php

Deleted all, ask since beginning, but I have every time the same answer !

I bought book about how to use ISPConfig3 at  their Site .org, but unfortunately, nothing explained about to how to put in place ? ? ?

So, something changed ?

Kind regards, Yvanoph---

 

P.S. Sorry for my poor English, I don't use every day to write since may 30 years...