The Perfect Server - Fedora 13 x86_64 [ISPConfig 3] - Page 4

10 Install Dovecot

Dovecot can be installed as follows:

yum install dovecot dovecot-mysql

rm -fr /usr/lib/dovecot/
ln -s /usr/lib64/dovecot/ /usr/lib/dovecot

Now we create the system startup links for Dovecot:

chkconfig --levels 235 dovecot on
/etc/init.d/dovecot start

 

11 Install Postfix

Postfix can be installed as follows:

yum install postfix

Then turn off Sendmail and start Postfix and MySQL:

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
/etc/init.d/sendmail stop
/etc/init.d/postfix start

 

12 Install Getmail

Getmail can be installed as follows:

yum install getmail

 

13 Set MySQL Passwords And Configure phpMyAdmin

Set passwords for the MySQL root account:

mysql_secure_installation

[root@server1 ~]# mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
 <-- ENTER
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n]
 <-- ENTER
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]
 <-- ENTER
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
 <-- ENTER
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]
 <-- ENTER
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]
 <-- ENTER
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


[root@server1 ~]#

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory /usr/share/phpMyAdmin/> stanza):

vi /etc/httpd/conf.d/phpMyAdmin.conf

# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
#<Directory /usr/share/phpMyAdmin/>
#   order deny,allow
#   deny from all
#   allow from 127.0.0.1
#   allow from ::1
#</Directory>

# This directory does not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

Then we create the system startup links for Apache and start it:

chkconfig --levels 235 httpd on
/etc/init.d/httpd start

Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.

 

14 Install Amavisd-new, SpamAssassin And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

yum install amavisd-new spamassassin clamav clamav-data clamav-server clamav-update unzip bzip2 perl-DBD-mysql

When we installed ClamAV, a cron job got installed that tries to update the ClamAV virus database every three hours. But this works only if we enable it in /etc/sysconfig/freshclam and /etc/freshclam.conf:

vi /etc/sysconfig/freshclam

Comment out the FRESHCLAM_DELAY line at the end:

## When changing the periodicity of freshclam runs in the crontab,
## this value must be adjusted also. Its value is the timespan between
## two subsequent freshclam runs in minutes. E.g. for the default
##
## | 0 */3 * * *  ...
##
## crontab line, the value is 180 (minutes).
# FRESHCLAM_MOD=

## A predefined value for the delay in seconds. By default, the value is
## calculated by the 'hostid' program. This predefined value guarantees
## constant timespans of 3 hours between two subsequent freshclam runs.
##
## This option accepts two special values:
## 'disabled-warn'  ...  disables the automatic freshclam update and
##                         gives out a warning
## 'disabled'       ...  disables the automatic freshclam silently
# FRESHCLAM_DELAY=


### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
#FRESHCLAM_DELAY=disabled-warn  # REMOVE ME

vi /etc/freshclam.conf

Comment out the Example line:

[...]
# Comment or remove the line below.
#Example
[...]

Then we start freshclam, amavisd, and clamd...

sa-update
chkconfig --levels 235 amavisd on
chkconfig --levels 235 clamd.amavisd on
/usr/bin/freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd.amavisd start

If /etc/init.d/amavisd start gives you the following error...

[root@server1 ~]# /etc/init.d/amavisd start
Starting amavisd: Problem in Amavis::DB or Amavis::DB::SNMP code:
BerkeleyDB needs compatible versions of libdb & db.h
        you have db.h version 4.8.26 and libdb version 4.8.30
Compilation failed in require at (eval 82) line 19.
BEGIN failed--compilation aborted at (eval 82) line 19.
                                                           [FAILED]

[root@server1 ~]#

... you must downgrade db4:

yum downgrade db4*

Then try to start amavisd again:

/etc/init.d/amavisd start

Finally change the ownership of some directories:

chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db

rm -f /var/spool/amavisd/clamd.sock
mkdir /var/run/clamav.amavisd /var/run/clamd.amavisd
chown amavis /var/run/clamav.amavisd
chown amavis /var/run/clamd.amavisd
ln -sf /var/spool/amavisd/clamd.sock /var/run/clamav.amavisd/clamd.sock
ln -sf /var/spool/amavisd/clamd.sock /var/run/clamd.amavisd/clamd.sock
/etc/init.d/clamd.amavisd restart

Share this page:

12 Comment(s)

Add comment

Comments

From: at: 2010-06-19 14:41:47

Has anyone actually managed to get a Squirrelmail login page for Fedora 13?

I've tried the Fedora 13/ISPConfig3 howto once as written, for an x86-64 PC, and twice using i686 architecture (not replacing lib with lib64).

 All three attempts had as a show-stopper, the non-appearance of Squirrelmail at <http://server1.example.com/webmail>, or at the equivalent address.

Fortunately the CentOS x86-64 equivalent eventually worked, so I'm not under pressure, but it still seems extremely curious that the same issue - lack of any kind of Squirrelmail login interface - hit three different machines running the Fedora 13 - ISPConfig howto.
Neither the configuration test nor the Squirrelmail login work. The config test at <http://server1.example.com/src/configtest.php> fails saying:

"Not Found

The requested URL /src/configtest.php was not found on this server."

- and the login page doesn't appear either. Instead,  at <http://server1.example.com/webmail> we find:

"Unable to connect

 Firefox can't establish a connection to the server at server1.example.com." [or the IP address, or localhost].


It is almost as though the aliases (like webmail for /usr/share/squirrelmail) aren't being established. But the files in /etc/httpd/conf.d are certainly being read, because if I enable server-info, it tells me so.

Besides the Squirrelmail issue, webalyzer doesn't run. Firefox tells me I'm forbidden to access http://server1.example.com/usage.

But, both the phpMyAdmin and the ISPConfig pages do appear. It's not ISPConfig which is causing the Squirrelmail problem because it's installed and tested before ISPConfig is even downloaded.

One other peculiarity: some system users (vmail, getmail, ispapps, and ispconfig)  appear in the Fedora login screen now. I think that's because they have user ID numbers greater than the limit in Fedora for system users (499).

User 500 is always present (it's the one you set during install). vmail has user ID 5000. The others seem to take the user ID from the last ID you created (typically then, 501, 502, and 503).

Can anyone duplicate this? Any ideas?

From: Nick at: 2010-07-08 12:48:17

Try to install mod_ssl!

From: Anonymous at: 2011-10-07 12:26:42

thx. installing mod_ssl helped me with fedora 15 + ispcfg 3 as well

From: at: 2010-07-14 15:51:58

If you select the DNS Name Server category of software to install then "bind-chroot" will be installed. In step 17 there are instructions to install "bind". If both are installed then BIND (named) will not start because named will not be able to find the file named.conf.locate. Even if you create a blank "named.conf.local" in /etc or use ISPConfig web admin to create the file named still will not start. See also, related comments on PG5.

From: Pierre at: 2010-07-19 16:42:10

I don't get the option where I get to choose what to install or not install. I saw on another page where a person was complaining about the fact that the live CD doesn't allow older machines to configure setup as one would want. Sort of idiotic if you think about it! After all Linux is the ideal web server and if you have an older machine laying around you want to setup to tinker on, you won't want any type of GUI. So my question is HOW DO I GET AROUND THIS?

 I have an old Pentium 4 (1.4 GHz) I don't want Gnome or any interface, just the good old command prompt. Unfortunately, I'm a novice and I can't figure out how to get around this.

 Thanks for your help.

From: at: 2010-07-07 00:40:21

After completing all steps in this series and logging in to ISPConfig3 as admin I found that in the 'Monitor' section there was 1 error marked in red.  Clicking on 'more' information revealed that 'MyDNS' was not running. Although MyDNS is not installed as part of this procedure. I assumed that was mis-labeled and that BIND was not starting.

I tried to start BIND (named) manually but it gave an error, stated that the file /etc/named.conf.local was missing which it was missing. But I used the ISPConfig3 to add a client then logged in as that client and created a DNS zone and the named.conf.local file was created.

But when trying to start 'named' I still get the error that /etc/named.conf.local is missing even though it is there. It had the group as 'root' instead of named like the other named.* files had so I chgrp on named.conf.local to named but BIND still won't start and gives the same error that /etc/named.conf.local is missing even though it is present.

If I comment out the include in named.conf for named.conf.local named starts without error even though in the ISPConfig MyDNS still shows 'offline'.

Another file included by named.conf is named.rfc1912.zones it is present and is not mentioned in the error message.

The only difference that I can see is that the permissions on named.rfc1912.zones is "-rw-r-----." were on named.conf.local the perms are "-rw-r--r--" NOTE the period is missing. I have no idea what the period in the permissions list is for but that is the only difference I can see between the two files.

So, how can I fix this and what is the period in the permissions list for?

From: at: 2010-07-19 06:25:27

BIND runs in a chroot environment at /var/named

So the path you are looking for is /var/named/etc/named.conf.local

From: at: 2010-07-14 17:39:43

To get suphp to work I had to add quotes:

x-httpd-suphp=php:/usr/bin/php-cgi
to:
x-httpd-suphp="php:/usr/bin/php-cgi"

refer to

http://www.howtoforge.com/forums/showthread.php?t=47203

From: Serge at: 2010-09-13 20:39:43

Hello,

I was wondering php-mhash is no longer in fedora 13 in fact its stopped since late fc11.

in your install notes you refer to yum php-mhash.... do you have an alternative or this can be skipped?

From: Serge at: 2010-09-12 18:38:13

Hello,

I was wondering php-mhash is no longer in fedora 13 in fact its stopped since late fc11.

in your install notes you refer to yum php-mhash.... do you have an alternative or this can be skipped?

From: Anonymous at: 2010-10-11 14:52:00

Why do you people keep using the comments forms when it specifically says not to? You are not going to get your questions answered here.

From: moodz at: 2010-09-17 08:09:17

If you really want it to work properly look in /tmp/ispconfig3_install/install/dist/conf ... you will see a number of conf files ... I copied the fedora9.conf to fedora13.conf and voila ! the DNS bit starts working !!

Oh and mydns will install OK from yum ....

# yum install mydns

 Otherwise it all works OK.