The Perfect Server - Ubuntu 12.10 (Apache2, BIND, Dovecot, ISPConfig 3) - Page 6

20 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log:

apt-get install fail2ban

To make fail2ban monitor PureFTPd and Dovecot, create the file /etc/fail2ban/jail.local:

vi /etc/fail2ban/jail.local

[pureftpd]
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

Then create the following two filter files:

vi /etc/fail2ban/filter.d/pureftpd.conf

[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =

vi /etc/fail2ban/filter.d/dovecot-pop3imap.conf

[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =

Restart fail2ban afterwards:

/etc/init.d/fail2ban restart

 

21 Install SquirrelMail

To install the SquirrelMail webmail client, run

apt-get install squirrelmail

Then configure SquirrelMail:

squirrelmail-configure

We must tell SquirrelMail that we are using Dovecot-IMAP/-POP3:

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages

D.  Set pre-defined settings for specific IMAP servers

C   Turn color on
S   Save data
Q   Quit

Command >>
 <-- D


SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others.  If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct.  This does not change everything.  There are
only a few settings that this will change.

Please select your IMAP server:
    bincimap    = Binc IMAP server
    courier     = Courier IMAP server
    cyrus       = Cyrus IMAP server
    dovecot     = Dovecot Secure IMAP server
    exchange    = Microsoft Exchange IMAP server
    hmailserver = hMailServer
    macosx      = Mac OS X Mailserver
    mercury32   = Mercury/32
    uw          = University of Washington's IMAP server
    gmail       = IMAP access to Google mail (Gmail) accounts

    quit        = Do not change anything
Command >>
 <-- dovecot


SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others.  If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct.  This does not change everything.  There are
only a few settings that this will change.

Please select your IMAP server:
    bincimap    = Binc IMAP server
    courier     = Courier IMAP server
    cyrus       = Cyrus IMAP server
    dovecot     = Dovecot Secure IMAP server
    exchange    = Microsoft Exchange IMAP server
    hmailserver = hMailServer
    macosx      = Mac OS X Mailserver
    mercury32   = Mercury/32
    uw          = University of Washington's IMAP server
    gmail       = IMAP access to Google mail (Gmail) accounts

    quit        = Do not change anything
Command >> dovecot

              imap_server_type = dovecot
         default_folder_prefix = <none>
                  trash_folder = Trash
                   sent_folder = Sent
                  draft_folder = Drafts
            show_prefix_option = false
          default_sub_of_inbox = false
show_contain_subfolders_option = false
            optional_delimiter = detect
                 delete_folder = false

Press any key to continue...
 <-- press a key


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages

D.  Set pre-defined settings for specific IMAP servers

C   Turn color on
S   Save data
Q   Quit

Command >>
 <-- S


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages

D.  Set pre-defined settings for specific IMAP servers

C   Turn color on
S   Save data
Q   Quit

Command >>
 <-- Q

Now we will configure SquirrelMail so that you can use it from within your web sites (created through ISPConfig) by using the /squirrelmail or /webmail aliases. So if your website is www.example.com, you will be able to access SquirrelMail using www.example.com/squirrelmail or www.example.com/webmail.

SquirrelMail's Apache configuration is in the file /etc/squirrelmail/apache.conf, but this file isn't loaded by Apache because it is not in the /etc/apache2/conf.d/ directory. Therefore we create a symlink called squirrelmail.conf in the /etc/apache2/conf.d/ directory that points to /etc/squirrelmail/apache.conf and reload Apache afterwards:

cd /etc/apache2/conf.d/
ln -s ../../squirrelmail/apache.conf squirrelmail.conf
/etc/init.d/apache2 reload

Now open /etc/apache2/conf.d/squirrelmail.conf...

vi /etc/apache2/conf.d/squirrelmail.conf

... and add the following lines to the <Directory /usr/share/squirrelmail></Directory> container that make sure that mod_php is used for accessing SquirrelMail, regardless of what PHP mode you select for your website in ISPConfig:

[...]
<Directory /usr/share/squirrelmail>
  Options FollowSymLinks
  <IfModule mod_php5.c>
    AddType application/x-httpd-php .php
    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_admin_flag allow_url_fopen Off
    php_value include_path .
    php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
    php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname
    php_flag register_globals off
  </IfModule>
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  </IfModule>

  # access to configtest is limited by default to prevent information leak
  <Files configtest.php>
    order deny,allow
    deny from all
    allow from 127.0.0.1
  </Files>
</Directory>
[...]

Create the directory /var/lib/squirrelmail/tmp...

mkdir /var/lib/squirrelmail/tmp

... and make it owned by the user www-data:

chown www-data /var/lib/squirrelmail/tmp

Reload Apache again:

/etc/init.d/apache2 reload

That's it already - /etc/apache2/conf.d/squirrelmail.conf defines an alias called /squirrelmail that points to SquirrelMail's installation directory /usr/share/squirrelmail.

You can now access SquirrelMail from your web site as follows:

http://192.168.0.100/squirrelmail
http://www.example.com/squirrelmail

You can also access it from the ISPConfig control panel vhost (after you have installed ISPConfig, see the next chapter) as follows (this doesn't need any configuration in ISPConfig):

http://server1.example.com:8080/squirrelmail

If you'd like to use the alias /webmail instead of /squirrelmail, simply open /etc/apache2/conf.d/squirrelmail.conf...

vi /etc/apache2/conf.d/squirrelmail.conf

... and add the line Alias /webmail /usr/share/squirrelmail:

Alias /squirrelmail /usr/share/squirrelmail
Alias /webmail /usr/share/squirrelmail
[...]

Then reload Apache:

/etc/init.d/apache2 reload

Now you can access Squirrelmail as follows:

http://192.168.0.100/webmail
http://www.example.com/webmail
http://server1.example.com:8080/webmail
(after you have installed ISPConfig, see the next chapter)

If you'd like to define a vhost like webmail.example.com where your users can access SquirrelMail, you'd have to add the following vhost configuration to /etc/apache2/conf.d/squirrelmail.conf:

vi /etc/apache2/conf.d/squirrelmail.conf

[...]
<VirtualHost 1.2.3.4:80>
  DocumentRoot /usr/share/squirrelmail
  ServerName webmail.example.com
</VirtualHost>

Make sure you replace 1.2.3.4 with the correct IP address of your server. Of course, there must be a DNS record for webmail.example.com that points to the IP address that you use in the vhost configuration. Also make sure that the vhost webmail.example.com does not exist in ISPConfig (otherwise both vhosts will interfere with each other!).

Now reload Apache...

/etc/init.d/apache2 reload

... and you can access SquirrelMail under http://webmail.example.com!

Share this page:

25 Comment(s)

Add comment

Comments

From: GoldMan at: 2013-06-15 21:16:12

Hi!

I installed the ubuntu web server like in this lesson.

All work well. But when I send emails to some servers like hotmail.com and some other I get this answer:
550-Message rejected. Spamscore threshold (100 points) reached. Spamscore is 550-110! Details: Suspicious e-mail address; Suspected PTR DNS record points 550 to dynamic IP pool; Untrusted domain zone; Suspicious HELO argument; (in reply to RCPT TO command)

My domain is  glt.md

Can somebody help me? please what I do incorrectly?
Thanks!

From: Jaideep at: 2012-12-23 05:08:49

At the end of step 7, My system is showing "server" in hostname, and "server1.example.com" in hostname -f.

 what should  I do now.

 Pls help me in this.

and , Thanks for this grt work. 

From: Anonymous at: 2013-02-17 17:31:37

Check that you have the rights to write to the file or that you are using the sudo command (ex. sudo echo server1.example.com > /etc/hostname)

From: Lordi at: 2012-10-26 07:53:41

by apt-get install i now see phpMyAdmin to call for install

 

"

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo

"

From: Anonymous at: 2012-11-10 22:11:31

i have many projects running on php 5.3 but i have problems with these projects on php 5.4. i followed this tutorial because i am planning to build an new cms engine on php 5.4. everything is working very well and i'm very happy with this tutorial but i have problems with multiple php versions. php 5.4 is working good but if i add a website in ispconfig and i put this website on php-fpm and php version 5.3 i always get an error 403 forbidden when i browse to the website. first i thought it whas maybe a mis configuration of php 5.3 but i tested with php-fpm and version 5.4 and have the same problem. i think it is a problem with apache. if i add a website and put it on fast-cgi with default php version everything works ok.

 it would be great if someone could help me with this problem.

From: Rakesh at: 2013-01-01 20:33:02

for those who might face 'inserv: command not found', do this -

 ln -s /usr/lib/insserv/insserv /sbin/insserv

From: Anonymous at: 2013-03-25 18:58:13

insserv still saying command not found...I know its there...I looked....? Any suggestions?

From: mboy at: 2013-01-15 17:33:53

 I sorted my fix out .. for php

 

  ./configure --prefix=/opt/php-5.3.18 --with-pdo-pgsql --with-zlib-dir --with-freetype-dir --enable-fpm --enable-mbstring --with-libxml-dir=/usr --enable-soap --enable-calendar --with-curl --with-mcrypt --with-zlib --with-gd --with-pgsql --disable-rpath --enable-inline-optimization --with-bz2 --with-zlib --enable-sockets --enable-sysvsem --enable-sysvshm --enable-pcntl --enable-mbregex --with-mhash --enable-zip --with-pcre-regex --with-mysql --with-pdo-mysql --with-mysqli --with-jpeg-dir=/usr --with-png-dir=/usr --enable-gd-native-ttf --with-openssl --with-fpm-user=www-data --with-fpm-group=www-data --with-libdir=/lib/i386-linux-gnu

From: Graham at: 2013-02-06 18:51:24

Thanks myboy, I was getting the "configure: error: Cannot find libmysqlclient under /usr. Note that the MySQL client library is not bundled anymore" , and your configure with --with-libdir=/lib/i386-linux-gnu fixed the error for me.

Many thanks!

From: Putter at: 2013-04-13 20:25:00

Thanks for an excellent guide.

The --with-libdir parameter worked for me too! 

 

From: AJ at: 2013-02-18 16:44:18

I have compiled and installed additional php5.3.18 as above, however, I have problem starting the service.
It tells me it fails to start after approx 60secs, does not create the PID in /opt/php-5.3.18/var/run yet the processes do spawn and port is bound. I cannot then stop or restart the service and must manually kill.

From: chuck at: 2013-03-12 05:36:14

Thank you for this wonderful tutorial!

However, I have been closely following instructions and doing everything in the terminal. I skipped 14.3 because I don't need to worry about other versions of php. But then the tutorial all of a sudden shows ISPConfig in a browser and I have no idea how to get there because all I have in front of me is a terminal... ???

 You really have to spell everything out for us noobs ;P

From: Steve Metzler at: 2013-07-24 23:08:17

Has any one come across not being able to log on to ISPconfig 3 after installing the server to boot up in virtual box? I'm stumped. I have forwarded the 8080 port network settings are the same, I just created a bridge and a tap but I can not log into ISP. Help please!

From: Anonymous at: 2013-09-02 17:35:57

May I know the reason behind ISPConfig screen here in this page even before you installed it?! 

From: Shella at: 2013-04-03 13:36:02

Hi there,

what if I'd like to change the standard 21 port to another one?

Any tips? I changed the value in /usr/local/ispconfig/server/lib/classes/monitor_tools.inc.php

but I guess it's not enough... right?

Thanks 

From: Anonymous at: 2012-10-25 05:25:14

hi dear,

 I already installed ispconfig 3 use this tutorial.

I can't configure  change password plugin. i install this plugin  change_pass-3.0-1.4.0.tar.gz .

 but, this plugin is not working. please help!!!

 

 thanks for help.

From: eXtReMaL at: 2012-10-30 11:56:49

Great Guide !

But i have few questions . Why when i login using ftp or webdav it shows me huge tree of folders that are locked for access. Is there a way to hide them and leave only folders that works with service that user is using at moment ? I think that should be written somwhere inside of pureftpd and ssh configs

From: at: 2012-11-13 10:52:54

Hi!

Thanks for tutorial!

Could you please improve it with instructions about how to install and configure DKIM (DomainKeys Identified Mail)?

Server works great, but there is problem with Google servers, because they requests SPF and DKIM...

 Thanks in advance!

From: Feby at: 2012-12-18 00:26:05

Hey man, great tutorial, but i have 1 req, can you insert roundcube in the tutorial? i've tried earlier to install it with apt-get but it seems smth went wrong cause the page wouldn't even load it just asked me to save it, added the .php type but still nothin'.

Anyways great tutorial, thanks

From: elricho at: 2013-02-20 14:00:06

I do all of this tutorial with a new and clean pc,  but when i try to install ispconfig3 I received that error,  No PHP MySQL functions available. What can i do ?
 Thanks so much !
 
Installation mode (standard,expert) [standard]:

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [richo.zapto.org]:

No PHP MySQL functions available. Please ensure that the PHP MySQL module is loa              root@richoserver:/tmp/ispconfig3_install/install#

From: Andrew Christensen at: 2013-03-02 18:29:09

Did you ever find a solution to the "No PHP MySQL functions available" problem? I can't get past this part. I did the PHP CGI method as the FPM one didn't work for me (there were missing folders).

Thank you.

From: M3bis at: 2013-03-27 13:56:52

Same problem here! Any solutions?

From: elricho at: 2013-02-20 20:18:35

Excelent Guide !!!

 Thank's a lot ! 

From: Joao at: 2013-05-15 16:33:09

Excellent Tutorial!

Thanks a lot!

From: Yashaswi at: 2014-03-13 10:47:37

Thanks a lot. great tutorial and great forum. Keep up the good work.