The Perfect Server - Ubuntu 9.10 [ISPConfig 3] - Page 4

12 Install Postfix, Courier, Saslauthd, MySQL, rkhunter, binutils

We can install Postfix, Courier, Saslauthd, MySQL, rkhunter, and binutils with a single command:

aptitude install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl getmail4 rkhunter binutils

You will be asked the following questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
SSL certificate required <-- Ok

Next we install maildrop as follows:

update-alternatives --remove-all maildir.5
update-alternatives --remove-all maildirquota.7

aptitude install maildrop

You will ask yourself why we didn't install maildrop together with all the other packages. The reason for this is a bug in the courier-base package - if you install maildrop together with courier-pop, courier-pop-ssl, courier-imap, and courier-imap-ssl, you will get the following error:

update-alternatives: error: alternative link /usr/share/man/man5/maildir.5.gz is already managed by maildir.5.gz.

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      6267/mysqld
root@server1:~#

During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server1.example.com in this tutorial), delete the certificates...

cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem

... and modify the following two files; replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary):

vi /etc/courier/imapd.cnf

[...]
CN=server1.example.com
[...]

vi /etc/courier/pop3d.cnf

[...]
CN=server1.example.com
[...]

Then recreate the certificates...

mkimapdcert
mkpop3dcert

... and restart Courier-IMAP-SSL and Courier-POP3-SSL:

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

 

13 Install Amavisd-new, SpamAssassin, And Clamav

To install amavisd-new, SpamAssassin, and ClamAV, we run

aptitude install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

 

14 Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt

Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt can be installed as follows:

aptitude install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp

You will see the following question:

Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No

Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and include:

a2enmod suexec rewrite ssl actions include

Restart Apache afterwards:

/etc/init.d/apache2 restart

 

15 Install PureFTPd And Quota

PureFTPd and quota can be installed with the following command:

aptitude install pure-ftpd-common pure-ftpd-mysql quota quotatool

Edit the file /etc/default/pure-ftpd-common...

vi /etc/default/pure-ftpd-common

... and make sure that the start mode is set to standalone and set VIRTUALCHROOT=true:

[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]

Then restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

Edit /etc/fstab. Mine looks like this (I added ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/mapper/server1-root /               ext4    errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0       1
# /boot was on /dev/sda5 during installation
UUID=9ea34148-31b7-4d5c-baee-c2e2022562ea /boot           ext2    defaults        0       2
/dev/mapper/server1-swap_1 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

To enable quota, run these commands:

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /

quotacheck -avugm
quotaon -avug

 

16 Install MyDNS

Before we install MyDNS, we need to install a few prerequisites:

aptitude install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev

MyDNS is not available in the Ubuntu 9.10 repositories, therefore we have to build it ourselves as follows:

cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.27.tar.gz
tar xvfz mydns-1.2.8.27.tar.gz
cd mydns-1.2.8
./configure
make
make install

Next we create the start/stop script for MyDNS:

vi /etc/init.d/mydns

#! /bin/sh
#
# mydns         Start the MyDNS server
#
# Author:       Philipp Kern <[email protected]>.
#               Based upon skeleton 1.9.4 by Miquel van Smoorenburg
#               <[email protected]> and Ian Murdock <[email protected]>.
#

set -e

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/mydns
NAME=mydns
DESC="DNS server"

SCRIPTNAME=/etc/init.d/$NAME

# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0

case "$1" in
  start)
        echo -n "Starting $DESC: $NAME"
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        ;;
  stop)
        echo -n "Stopping $DESC: $NAME"
        start-stop-daemon --stop --oknodo --quiet \
                --exec $DAEMON
        echo "."
        ;;
  reload|force-reload)
        echo -n "Reloading $DESC configuration..."
        start-stop-daemon --stop --signal HUP --quiet \
                --exec $DAEMON
        echo "done."
        ;;
  restart)
        echo -n "Restarting $DESC: $NAME"
        start-stop-daemon --stop --quiet --oknodo \
                --exec $DAEMON
        sleep 1
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        ;;
  *)
        echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
        exit 1
        ;;
esac

exit 0

Then we make the script executable and create the system startup links for it:

chmod +x /etc/init.d/mydns
update-rc.d mydns defaults

 

17 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

aptitude install vlogger webalizer

 

18 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

aptitude install build-essential autoconf automake1.9 libtool flex bison

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.10.tar.gz
tar xvfz jailkit-2.10.tar.gz
cd jailkit-2.10
./configure
make
make install
cd ..
rm -rf jailkit-2.10*

 

19 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the fail2ban log:

aptitude install fail2ban

Share this page:

4 Comment(s)

Add comment

Comments

From: Harald at: 2009-11-22 12:52:37

Hallo!

I actually dont know your problem, cause I even dont come to this point. You install - as I did - on Ubuntu 9.10 and I am wondering why you didnt have the following problem as I described with my own posting here:

courier-imap-ssl
i have
courier-imap-ssl.dpkg-new

I tried 32 and 64 bit versions - but in both I have "xxxx.dpkg-new"!

What am I doing wrong?

Please help me!

Harald from Austria

From: Harald at: 2009-11-16 14:39:39

Hi! I have problems with imap/pop-ssl. By doing this:
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart
i acutally cannot do this. my system is ubuntu 9.10 server (both 32bit and 64bit) and instead von

courier-imap-ssl
i have
courier-imap-ssl.dpkg-new

What am I doing wrong?
Please respond to my email as well!

THANX in advance

From: at: 2009-11-05 21:42:15

hello, i instaled ispconfig 3 on ubuntu 9.10, and all my sites are working ok...but when i tried to make subdomains..it didn't work and i tryed every combination, but it doesn't work..

can you make a little tutorial with picture to show me an example to understand were i'm rong (show me pls what i must write in dns, web etc)

 

thanqs a lot.have a good day!bye.

From: walter at: 2010-02-27 01:01:25

no matter, but maybe we can add on step #16 the bellow:

rm -rf mydns-1.2.8*

thanks a lot for this tutorial.