The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Dovecot [ISPConfig 3] - Page 6

19 Install ISPConfig 3

To install ISPConfig 3 from the latest released version, do this:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

The next step is to run

php -q install.php

This will start the ISPConfig 3 installer. The installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary.

root@server1:/tmp/ispconfig3_install/install# php -q install.php


--------------------------------------------------------------------------------
 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: Debian 6.0 (Squeeze/Sid) or compatible

    Following will be a few questions for primary configuration so be careful.
    Default values are in [brackets] and can be accepted with <ENTER>.
    Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]:
 <-- ENTER

Installation mode (standard,expert) [standard]: <-- ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [server1.example.com]: <-- ENTER

MySQL server hostname [localhost]: <-- ENTER

MySQL root username [root]: <-- ENTER

MySQL root password []: <-- yourrootsqlpassword

MySQL database to create [dbispconfig]: <-- ENTER

MySQL charset [utf8]: <-- ENTER

Generating a 2048 bit RSA private key
....+++
............................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
 <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, YOUR name) []: <-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Firewall
Installing ISPConfig
ISPConfig Port [8080]:
 <-- ENTER

Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
Stopping ClamAV daemon: clamd.
Starting ClamAV daemon: clamd Bytecode: Security mode set to "TrustSigned".
.
If you have trouble with authentication failures,
enable auth_debug setting. See http://wiki.dovecot.org/WhyDoesItNotWork
This message goes away after the first successful login.
Restarting IMAP/POP3 mail server: dovecot.
Restarting web server: apache2 ... waiting ..
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -Y 1 -8 UTF-8 -H -D -b -O clf:/var/log/pure-ftpd/transfer.log -E -u 1000 -A -B
Installation completed.
root@server1:/tmp/ispconfig3_install/install#

The installer automatically configures all underlying services, so no manual configuration is needed.

Afterwards you can access ISPConfig 3 under http://server1.example.com:8080/ or http://192.168.0.100:8080/. Log in with the username admin and the password admin (you should change the default password after your first login):

The system is now ready to be used.

 

 

20 Additional Notes

20.1 OpenVZ

If the Debian server that you've just set up in this tutorial is an OpenVZ container (virtual machine), you should do this on the host system (I'm assuming that the ID of the OpenVZ container is 101 - replace it with the correct VPSID on your system):

VPSID=101
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
  vzctl set $VPSID --capability ${CAP}:on --save
done

 

20.2 SquirrelMail

Lots of people have reported problems (such as getting 404 Not Found errors) using the SquirrelMail webmail package in their web sites created through ISPConfig 3. This guide explains how to configure SquirrelMail on a Debian Squeeze server so that you can use it from within your web sites (created through ISPConfig).

SquirrelMail's Apache configuration is in the file /etc/squirrelmail/apache.conf, but this file isn't loaded by Apache because it is not in the /etc/apache2/conf.d/ directory. Therefore we create a symlink called squirrelmail.conf in the /etc/apache2/conf.d/ directory that points to /etc/squirrelmail/apache.conf and reload Apache afterwards:

cd /etc/apache2/conf.d/
ln -s ../../squirrelmail/apache.conf squirrelmail.conf
/etc/init.d/apache2 reload

Now open /etc/apache2/conf.d/squirrelmail.conf...

vi /etc/apache2/conf.d/squirrelmail.conf

... and add the following lines to the <Directory /usr/share/squirrelmail></Directory> container that make sure that mod_php is used for accessing SquirrelMail, regardless of what PHP mode you select for your website in ISPConfig:

[...]
<Directory /usr/share/squirrelmail>
  Options FollowSymLinks
  <IfModule mod_php5.c>
    AddType application/x-httpd-php .php
    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_admin_flag allow_url_fopen Off
    php_value include_path .
    php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
    php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname:/var/spool/squirrelmail
    php_flag register_globals off
  </IfModule>
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  </IfModule>
  # access to configtest is limited by default to prevent information leak
  <Files configtest.php>
    order deny,allow
    deny from all
    allow from 127.0.0.1
  </Files>
</Directory>
[...]

Create the directory /var/lib/squirrelmail/tmp...

mkdir /var/lib/squirrelmail/tmp

... and make it owned by the user www-data:

chown www-data /var/lib/squirrelmail/tmp

Reload Apache again:

/etc/init.d/apache2 reload

That's it already - /etc/apache2/conf.d/squirrelmail.conf defines an alias called /squirrelmail that points to SquirrelMail's installation directory /usr/share/squirrelmail.

You can now access SquirrelMail from your web site as follows:

http://www.example.com/squirrelmail

You can also access it from the ISPConfig control panel vhost as follows (this doesn't need any configuration in ISPConfig):

http://server1.example.com:8080/squirrelmail

If you'd like to use the alias /webmail instead of /squirrelmail, simply open /etc/apache2/conf.d/squirrelmail.conf...

vi /etc/apache2/conf.d/squirrelmail.conf

... and add the line Alias /webmail /usr/share/squirrelmail:

Alias /squirrelmail /usr/share/squirrelmail
Alias /webmail /usr/share/squirrelmail
[...]

Then reload Apache:

/etc/init.d/apache2 reload

Now you can access Squirrelmail as follows:

http://www.example.com/webmail
http://server1.example.com:8080/webmail

If you'd like to define a vhost like webmail.example.com where your users can access SquirrelMail, you'd have to add the following vhost configuration to /etc/apache2/conf.d/squirrelmail.conf:

vi /etc/apache2/conf.d/squirrelmail.conf

[...]
<VirtualHost 1.2.3.4:80>
  DocumentRoot /usr/share/squirrelmail
  ServerName webmail.example.com
</VirtualHost>

Make sure you replace 1.2.3.4 with the correct IP address of your server. Of course, there must be a DNS record for webmail.example.com that points to the IP address that you use in the vhost configuration. Also make sure that the vhost webmail.example.com does not exist in ISPConfig (otherwise both vhosts will interfere with each other!).

Now reload Apache...

/etc/init.d/apache2 reload

... and you can access SquirrelMail under http://webmail.example.com!

 

21 Links

Share this page:

31 Comment(s)

Add comment

Comments

From: Rasmus at: 2012-04-14 11:46:43

Great tutorial, thanks!
I followed it, except using Ubuntu 11.10, and when I was done the package dovecot-mysql was missing - resulting in not being able to login to dovecot. Just a heads ups if anyone else have that problem.

Thanks again.

From: Dr. Yves Kreis at: 2012-10-15 15:01:12
From: Dr. Yves Kreis at: 2012-10-15 15:26:54

For Ubuntu 11.10 follow the following tutorial: http://www.howtoforge.com/perfect-server-ubuntu-11.10-ispconfig-3

From: Dr. Yves Kreis at: 2012-10-28 09:43:16

Even a newer one is available by now: http://www.howtoforge.com/perfect-server-ubuntu-12.10-apache2-bind-dovecot-ispconfig-3

From: Ahmad at: 2012-07-29 07:42:24

Just feel to share the new link for downloading debian iso image cd, the above link i s not working.

for 32 bit pc:http://cdimage.debian.org/debian-cd/6.0.5/i386/iso-cd/debian-6.0.5-i386-netinst.iso

 and for 64 bit pc: http://cdimage.debian.org/debian-cd/6.0.5/amd64/iso-cd/debian-6.0.5-amd64-netinst.iso.

 

hope this helps.

 

From: Dr. Yves Kreis at: 2012-10-15 14:58:28

Better check under http://www.debian.org/distrib/netinst where you always get the latest one...

From: Anonymous at: 2012-07-28 15:31:50

deb http://ftp.de.debian.org/debian squeeze main

From: Rothbard at: 2013-03-05 09:20:49

This script will install all of the necessary programs and changes that need to be made to get ISPConfig running successfully. It uses the Perfect Server guide from Falko Timme as the guide. If you would like, you can manually install all of the things needed using the guides that he has provided. I am just trying to streamline the process.

https://github.com/dclardy64/ISPConfig-3-Debian-Installer

From: at: 2012-04-05 16:05:31

I got some warnings while installing Jailkit

insserv: warning: script 'K01jailkit' missing LSB tags and overrides
insserv: warning: script 'jailkit' missing LSB tags and overrides

so i added the the init.d-config-comment to /etc/init.d/jailkit
 
### BEGIN INIT INFO
# Provides:          jailkit
# Required-Start:    $syslog
# Required-Stop:     $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: jailkit init
# Description:
#
### END INIT INFO

 
 

From: Imam86 at: 2012-08-01 00:51:58

07-06-2012: Jailkit 2.15 released

They resolved the issues:

insserv: warning: script 'K01jailkit' missing LSB tags and overrides
insserv: warning: script 'jailkit' missing LSB tags and overrides

So the revision:

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz
tar xvfz jailkit-2.15.tar.gz
cd jailkit-2.15
./debian/rules binary

cd ..
dpkg -i jailkit_2.15-1_*.deb
rm -rf jailkit-2.15*

From: bikercho at: 2012-05-25 17:28:10

To enable quota, run these commands:

touch /aquota.user /aquota.group
chmod 600 /aquota.*

mount -o remount /

From: Dr. Yves Kreis at: 2012-10-15 15:07:13

This command quotacheck -avugm creates the two files. Thus you do not need to create them on your own...

From: contrail at: 2012-07-26 00:54:33

System set up on a VPS. Could not send email. The default setting,  for inet_interfaces in the config file  in   /etc/postfix/main.cf   is   loopback-only.   In order to use the server as an outgoing email server set the line to,  inet_interfaces = all       then restart server.

 

From: Dr. Yves Kreis at: 2012-10-15 14:56:18

The default setting on Debian Squeeze is already inet_interfaces = all!

From: Anonymous at: 2012-09-04 14:05:24

You may also need to add dovecot-mysql to your apt-get list.

From: Dr. Yves Kreis at: 2012-10-15 14:54:08

There is no package dovecot-mysql in Debian Squeeze!

From: Dr. Yves Kreis at: 2012-10-28 19:03:54

Also check chapter 14 of Ubuntu 12.10 The Perfect Server for additional information regarding Apache & php (especially with ISPConfig 3.0.5 which will be released soon): http://www.howtoforge.com/perfect-server-ubuntu-12.10-apache2-bind-dovecot-ispconfig-3-p4

From: Anonymous at: 2012-12-06 19:03:35

In Debian 6;

You'll run into AUTH problems if you uncomment ( -o smtpd_tls_security_level=encrypt) if you follow the instructions (force TLS). It should be as follows:

In: /etc/postfix/master.cf

smtp      inet  n       -       -       -       -       smtpd
submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

From: Anonymous at: 2012-12-20 04:56:28

(Install on Wheezy/Debian 7)
Also had to install this:
apt-get install dovecot-mysql dovecot-sieve

Otherwise /var/log/mailerr had lines like this:
dovecot: auth: Fatal: Unknown database driver 'mysql'
dovecot: lda: Fatal: Plugin 'sieve' not found from directory /usr/lib/dovecot/modules

From: Aleksandar at: 2013-02-10 18:04:03

On my installation phpmyadmin wasn't accessible from url so i used method similar as you explained on last chapter how to add squirrelmail to link phpmyadmin to apache

 

 cd /etc/apache2/conf.d/
ln -s ../../phpmyadmin/apache.conf phpmyadmin.conf
/etc/init.d/apache2 reload

 phpmyadmin.conf was already configured so i just needed to link it.

From: suther at: 2013-05-06 19:02:05



Why you use open Ports for Mysql. I only allow it from localhost, or if a user has ssh-access, he can tunnel mysql to local port.

With gSTM on linux its easy like 1 2 3

 

 

From: suther at: 2013-05-06 19:47:43

On my Proxmox VM, i only have one comment in fstab:

# UNCONFIGURED FSTAB FOR BASE SYSTEM

Even if i activate Quota for Proxmox-system like this: 7

vzctl set 101 --quotaugidlimit 100 --save

vzctl restart 101

fstab is still empty. How can i got quotas installed?

From: contrail at: 2012-06-25 11:17:05

In the file   jail.local

 filter = pureftpd       should be     filter = pure-ftpd   

else  fail2ban ..fails to start 

 

From: Dr. Yves Kreis at: 2012-10-15 16:34:49

Only if you want to use the default file contained in the Debian package. If you want to use the file created in this tutorial, then filter = pureftpd is correct.

From: at: 2012-08-13 00:10:59

IMPORTANT

This is very basic but important to you, and for your hosting account later to play with php script

After install and configure SquirrelMail, go to http://your_ip/webmail/src/configtest.php

 

And you will see:

ERROR: You have configured PHP not to allow short tags (short_open_tag=off). This shouldn't be a problem with SquirrelMail or any plugin coded coded according to the SquirrelMail Coding Guidelines, but if you experience problems with PHP code being displayed in some of the pages and changing setting to "on" solves the problem, please file a bug report against the failing plugin. The correct contact information is most likely to be found in the plugin documentation.

 

So please change the php configuration at these two files:

/etc/php5/apache2/php.ini

/etc/php5/cgi/php.ini

 

Find and change the value of short_open_tag from Off to On

short_open_tag=On

 

For more information, you can check here:

http://php.net/manual/en/ini.core.php#ini.short-open-tag

It's a basic php configuration, but might be the one of problems with people that use SquirreMail. 

From: Dr. Yves Kreis at: 2012-10-15 16:46:36

By default short_open_tag is set to On in both php.ini files you mention...

From: hesar at: 2011-11-16 07:30:48

Great job - precise thx for this article

From: Mika Nieminen at: 2011-12-13 20:49:06

# this text at the end off the squirrelmail.conf file made squirrelmail a bit more secure

<Directory /usr/share/squirrelmail/*>
  Deny from all
</Directory>
<Directory /usr/share/squirrelmail/images>
  Allow from all
</Directory>
<Directory /usr/share/squirrelmail/plugins>
  Allow from all
</Directory>
<Directory /usr/share/squirrelmail/src>
  Allow from all
</Directory>
<Directory /usr/share/squirrelmail/templates>
  Allow from all
</Directory>
<Directory /usr/share/squirrelmail/themes>
  Allow from all
</Directory>
<Directory /usr/share/squirrelmail/contrib>
  Order Deny,Allow
  Deny from All
  Allow from 127
  Allow from 10
  Allow from 192
</Directory>
<Directory /usr/share/squirrelmail/doc>
  Order Deny,Allow
  Deny from All
  Allow from 127
  Allow from 10
  Allow from 192
</Directory>

From: Anonymous at: 2012-12-20 04:52:27

(Install on Wheezy/Debian 7)
Also had to install:
apt-get install quota quotatool

Otherwise /var/log/ispconfig/cron.log had lines like this:
sh: repquota: command not found

From: rann at: 2013-01-21 18:20:15

Followed your Perfect Server guide for Squeeze and it went perfectly, except for the squirrelmail part. I followed this and got it working, but it's still not working for HTTPS.

Any ideas as to why?

From: at: 2013-04-21 07:34:41

Very good Job!! Thanks!!