Virtual Hosting Howto With Virtualmin On CentOS 5.1 - Page 5

Clamav Milter Setup

  • Edit /etc/sysconfig/clamav-milter:
  • Patch the init file to fix socket permissions:

patch /etc/init.d/clamav-milter < clamav-milter.patch


MySQL Setup

Basic Config

  • Listen only to the localhost, edit /etc/my.cnf under the mysqld section:
bind-address =


Set Root Password

  • Set the root password:

service mysqld start
mysqladmin -u root password NEWPASSWORD


SpamAssassin Setup

Basic Config

required_hits 5
report_safe 0
rewrite_header Subject [SPAM]


Create MySQL Database

  • Create the database:

mysqladmin -p create bayes

  • Populate the database:

mysql -p bayes < /usr/share/doc/spamassassin-$(rpm --qf %{VERSION} -q spamassassin)/sql/bayes_mysql.sql

  • Create the user:

mysql -p
mysql> GRANT ALL ON bayes.* TO bayes@localhost IDENTIFIED BY 'password';


Configure To Use DB

  • Edit the file /etc/mail/spamassassin/ and add:
bayes_store_module  Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn       DBI:mysql:bayes:localhost
bayes_sql_override_username bayes
bayes_sql_username  bayes
bayes_sql_password  password


Configure FuzzyOCR

We will be storing the image hashes in a mysql database to improve on performance such that images that we have already scanned do not get scanned again as OCR is a resource intense activity.


Create MySQL Database

  • The sql script creates the database and tables and adds a user fuzzyocr with the password fuzzyocr:

mysql -p < /usr/local/src/devel/FuzzyOcr.mysql

  • Change the password:

mysqladmin -u fuzzyocr -p fuzzyocr password


Basic Settings

  • Edit /etc/mail/spamassassin/ and set the basic options:
focr_path_bin /usr/bin:/usr/local/bin
focr_minimal_scanset 1
focr_autosort_scanset 1
focr_enable_image_hashing 3
focr_logfile /tmp/FuzzyOcr.log


Make FuzzyOCR Use The Database

  • Edit the file /etc/mail/spamassassin/ and add:
focr_mysql_db FuzzyOcr
focr_mysql_hash Hash
focr_mysql_safe Safe
focr_mysql_user fuzzyocr
focr_mysql_pass password
focr_mysql_host localhost
focr_mysql_port 3306
focr_mysql_socket /var/lib/mysql/mysql.sock


SARE Rule Updates

  • Import the GPG key used to sign the rules:

mkdir /etc/mail/spamassassin/sa-update-keys/
chmod 700 /etc/mail/spamassassin/sa-update-keys/
sa-update --import GPG.KEY

  • Create the channels file /etc/mail/spamassassin/sare-sa-update-channels.txt:
  • Create an update script /usr/local/bin/update-sa:
sa-update -D --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt --gpgkey 856AA88A &>/var/log/sa-updates.log
  • Make it executable and add to cron:

chmod +x /usr/local/bin/update-sa
ln -s /usr/local/bin/update-sa /etc/cron.daily/
ln -s /usr/local/bin/update-sa /etc/cron.hourly/


Spamass-milter Setup

Basic Configuration

  • Edit /etc/sysconfig/spamass-milter:
EXTRA_FLAGS="-m -r 8"



We need to patch the init file to fix the permissions of the socket created such that postfix is able to use the socket.

patch /etc/rc.d/init.d/spamass-milter < spamass-milter.patch


Apache Setup

Disable Modules

We will disable some modules that we are not using thus freeing up memory and also improving security.

  • Edit /etc/httpd/conf/httpd.conf and comment out the modules as below.
#LoadModule ldap_module modules/
#LoadModule authnz_ldap_module modules/
#LoadModule dav_module modules/
#LoadModule status_module modules/
#LoadModule dav_fs_module modules/
#LoadModule proxy_module modules/
#LoadModule proxy_balancer_module modules/
#LoadModule proxy_ftp_module modules/
#LoadModule proxy_http_module modules/
#LoadModule proxy_connect_module modules/
#LoadModule cache_module modules/
#LoadModule disk_cache_module modules/
#LoadModule file_cache_module modules/
#LoadModule mem_cache_module modules/
  • Edit /etc/httpd/conf.d/proxy_ajp.conf and comment out as below:
#LoadModule proxy_ajp_module modules/


Listen To One IP For HTTPS

Apache has to be configured to listed to one address for port 443 as webmin will be using the same port. Edit /etc/httpd/conf.d/ssl:

Listen 192,168.1.6:443


Enable Gzip Compression

We setup gzip compression via the mod_deflate module to improve web server performance and to cut down on bandwidth usage by compressing responses to the client.

SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary

Set up logging for the deflate module:

DeflateFilterNote deflate_ratio
LogFormat "%v %h %l %u %t \"%r\" %>s %b mod_deflate: %{deflate_ratio}n pct." vhost_with_deflate_info
CustomLog logs/deflate_access_log vhost_with_deflate_info


Increase PHP Max Memory

Edit the file /etc/php.ini and set the following:

memory_limit = 64M


Enable Virtual Hosting

NameVirtualHost *:80


Create Default Virtual Host

This needs to be the first virtual host, it will be the default on the server the equivalent of the server with out virtual hosting.

<VirtualHost *:80>
        Servername localhost.localdomain
        Serveradmin [email protected]


Roundcube Webmail Setup

Create Database

  • Create the database and add the roundcube user.

mysqladmin -p create roundcube
mysql -p
mysql> GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY 'password';

  • Initialize the database:

mysql -u roundcube -p roundcube < /usr/share/doc/roundcube-0.1/SQL/mysql5.initial.sql


Basic Config

  • Configure database DSN in /var/www/roundcube/config/
$rcmail_config['db_dsnw'] = 'mysql://roundcube:password@localhost/roundcube';
  • Configure roundcube in /var/www/roundcube/config/
$rcmail_config['default_host'] = 'localhost';
$rcmail_config['default_port'] = 143;
$rcmail_config['virtuser_file'] = '/etc/postfix/virtual';
$rcmail_config['smtp_server'] = 'localhost';
$rcmail_config['smtp_port'] = 25;
$rcmail_config['smtp_helo_host'] = 'localhost';


Set Up Catch All Virtualhost

As we will be providing webmail for all domains that are created on the system we need to setup a catch all virtualhost that can display roundcube when ever a user accesses http://webmail.domainname. Edit /etc/httpd/conf/httpd.conf and append:

<VirtualHost *:80>
ServerAlias webmail.*
DocumentRoot /var/www/roundcube
<Directory /var/www/roundcube>
Options -Indexes IncludesNOEXEC FollowSymLinks
allow from all


Firewall Setup


This is a basic firewall it may not suit your needs, firewalling is an art so i recommend to read into it to improve on this basic one.


Basic Config

Add these rules in your configuration file /etc/sysconfig/iptables:

-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m multiport -j ACCEPT --dports 80,443,25,110,143,53
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p icmp -m icmp -m limit --icmp-type 8 --limit 5/min -j ACCEPT


Activate Config

service iptables restart

Share this page:

3 Comment(s)

Add comment



It seems that in Centos 5.3, the clamav-milter daemon periodically reloads and loses the group permission that the clamav-milter.patch sets up.  In other words, it's reverts back to the clamav group which causes a permission problem with Postfix.  The easiest fix is to make the postfix user a member of the clamav group.

From: Acorp Computers

In case it helps anyone else, my "Spamassassin Basic Config" was located in:



From: Pawel

/etc/httpd/conf.d/ssl.conf in CentOS 5.2

 Great tutorial!