Commit fdb51429 authored by tbrehm's avatar tbrehm
Browse files

- Added dovecot Support for opensuse

- added installation instructions for opensuse 11.2 with bind and dovecot
- fixed a bug in bind plugin.
- improved opensuse installer.
parent 03c48f09
It is recommended to use a clean (fresh) OpenSUSE installatiom where you selected to install just the minimal packages. A Gnome or KDE desktop is not needed and will just slow down the server. Then follow the steps below to setup your server with ISPConfig 3:
The following guide is for the 32Bit version of openSUSE, for 64Bit installations the package names may differ especially the names of downloaded rpm files.
This guide will use Dovecote as pop3 / imap server and BIND as DNS Server. Dovecot and BIND are supported by ISPConfig version > 3.0.2
Install some basic packes and the compilers that we need later
// yast2 -i findutils readline libgcc glibc-devel findutils-locate gcc flex lynx compat-readline4 db-devel wget gcc-c++ make vim telnet cron iptables iputils man man-pages nano pico
yast2 -i findutils lynx wget vim telnet cron iptables iputils man man-pages nano pico sudo
1) Install Postfix, Divecot, MySQL with the following command line (on one line!):
yast2 -i postfix postfix-mysql mysql mysql-client python libmysqlclient-devel dovecot12 dovecot12-backend-mysql
chkconfig --add mysql
/etc/init.d/mysql start
chkconfig --add postfix
/etc/init.d/postfix start
chkconfig --add dovecot
/etc/init.d/dovecot start
rpm -i
// Set the mysql database password:
2) Install Amavisd-new, Spamassassin and Clamav (1 line!):
yast2 -i amavisd-new clamav clamav-db zoo unzip unrar bzip2 unarj perl-DBD-mysql
Open /etc/amavisd.conf...
vi /etc/amavisd.conf
... and add the $myhostname line with your correct hostname below the $mydomain line:
$mydomain = ''; # a convenient default for other settings
$myhostname = "server1.$mydomain";
then execute:
chkconfig --add amavis
chkconfig --add clamd
/etc/init.d/amavis start
/etc/init.d/clamd start
2.1) Install apache2
yast2 -i apache2 apache2-mod_fcgid
3) Install PHP5 modules (1 line!):
yast2 -i php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dom php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-imap php5-ldap php5-mbstring php5-mcrypt php5-mysql php5-odbc php5-openssl php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp php5-soap php5-sockets php5-sqlite php5-sysvsem php5-tokenizer php5-wddx php5-xmlrpc php5-xsl php5-zlib php5-exif php5-fastcgi php5-pear php5-sysvmsg php5-sysvshm ImageMagick curl apache2-mod_php5
rpm -i
Then run the following to enable the Apache modules:
a2enmod suexec
a2enmod rewrite
a2enmod ssl
a2enmod actions
a2enmod suphp
a2enmod fcgid
// Fix a suexec permission problem
chown root:www /usr/sbin/suexec2
chmod 4755 /usr/sbin/suexec2
// and start apache
chkconfig --add apache2
/etc/init.d/apache2 start
cd /tmp
yast2 -i pwgen
rpm -i
// Warnings like "warning: phpMyAdmin-3.1.2-1.1.src.rpm: Header V3 DSA signature: NOKEY, key ID 367fe7fc" can be ignored.
4) Install pure-ftpd and quota
yast2 -i pure-ftpd quota
chkconfig --add pure-ftpd
/etc/init.d/pure-ftpd start
5) Install Bind
yast2 -i bind
chkconfig --add named
6) Install webalizer
yast2 -i webalizer perl-DateManip
6.1 Install fail2ban
yast2 -i fail2ban
6.2 Install jailkit
rpm -i
7) Install ISPConfig 3
cd /tmp
tar xvfz ISPConfig-3.0.2.tar.gz
cd ispconfig3_install/install/
php -q install.php
The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not nescessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!):
the default login is:
user: admin
password: admin
In case you get a permission denied error from apache, please restart the apache webserver process.
Install a webbased Email Client
rpm -i
......@@ -161,11 +161,11 @@ $conf['powerdns']['init_script'] = 'pdns';
//* BIND DNS Server
$conf['bind']['installed'] = false; // will be detected automatically during installation
$conf['bind']['bind_user'] = 'root';
$conf['bind']['bind_group'] = 'bind';
$conf['bind']['bind_zonefiles_dir'] = '/etc/bind';
$conf['bind']['named_conf_path'] = '/etc/bind/named.conf';
$conf['bind']['named_conf_local_path'] = '/etc/bind/named.conf.local';
$conf['bind']['bind_user'] = 'named';
$conf['bind']['bind_group'] = 'named';
$conf['bind']['bind_zonefiles_dir'] = '/var/lib/named';
$conf['bind']['named_conf_path'] = '/etc/named.conf';
$conf['bind']['named_conf_local_path'] = '/etc/named.conf.include';
$conf['bind']['init_script'] = 'named';
//* Jailkit
......@@ -77,11 +77,21 @@ class installer_dist extends installer_base {
__FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');
//* Creating virtual mail user and group
$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if(is_group($cf['vmail_groupname'])) {
$command = 'groupmod -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
} else {
$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if(is_user($cf['vmail_username'])) {
$command = 'usermod -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' -d '.$cf['vmail_mailbox_base'].' -s /bin/bash '.$cf['vmail_username'];
caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
} else {
$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$postconf_commands = array (
'myhostname = '.$conf['hostname'],
......@@ -172,6 +182,9 @@ class installer_dist extends installer_base {
' flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
// enable tlsmanager
$content = str_replace('#tlsmgr unix - - n 1000? 1 tlsmgr','tlsmgr unix - - n 1000? 1 tlsmgr',$content);
wf($configfile, $content);
//* Writing the Maildrop mailfilter file
......@@ -235,7 +248,7 @@ class installer_dist extends installer_base {
$content = str_replace('/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1','/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -r -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1',$content);
if(is_file($configfile)) wf($configfile,$content);
......@@ -294,12 +307,79 @@ class installer_dist extends installer_base {
wf($configfile, $content);
public function configure_dovecot()
global $conf;
$config_dir = $conf['dovecot']['config_dir'];
//* Configure and add a line for deliver
copy($config_dir.'/', $config_dir.'/');
exec('chmod 400 '.$config_dir.'/');
$content = rf($conf["postfix"]["config_dir"].'/');
// Only add the content if we had not addded it before
if(!stristr($content,"dovecot/deliver")) {
$deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
//* Reconfigure postfix to use dovecot authentication
// Adding the amavisd commands to the postfix configuration
$postconf_commands = array (
'dovecot_destination_recipient_limit = 1',
'virtual_transport = dovecot',
'smtpd_sasl_type = dovecot',
'smtpd_sasl_path = private/auth',
'receive_override_options = no_address_mappings'
// Make a backup copy of the file
// Executing the postconf commands
foreach($postconf_commands as $cmd) {
$command = "postconf -e '$cmd'";
caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* copy dovecot.conf
$configfile = 'dovecot.conf';
copy("$config_dir/$configfile", "$config_dir/$configfile~");
//* dovecot-sql.conf
$configfile = 'dovecot-sql.conf';
copy("$config_dir/$configfile", "$config_dir/$configfile~");
exec("chmod 400 $config_dir/$configfile~");
$content = rf("tpl/opensuse_dovecot-sql.conf.master");
$content = str_replace('{mysql_server_ispconfig_user}',$conf['mysql']['ispconfig_user'],$content);
$content = str_replace('{mysql_server_ispconfig_password}',$conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}',$conf['mysql']['database'],$content);
$content = str_replace('{mysql_server_host}',$conf['mysql']['host'],$content);
wf("$config_dir/$configfile", $content);
exec("chmod 600 $config_dir/$configfile");
exec("chown root:root $config_dir/$configfile");
public function configure_amavis() {
global $conf;
// amavisd user config file
$configfile = 'opensuse_amavisd_conf';
if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) copy($conf["amavis"]["config_dir"].'/amavisd.conf',$conf["courier"]["config_dir"].'/amavisd.conf~');
if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) @copy($conf["amavis"]["config_dir"].'/amavisd.conf',$conf["courier"]["config_dir"].'/amavisd.conf~');
if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
$content = rf("tpl/".$configfile.".master");
$content = str_replace('{mysql_server_ispconfig_user}',$conf['mysql']['ispconfig_user'],$content);
......@@ -218,6 +218,11 @@ class installer_base {
$tpl_ini_array['web']['group'] = $conf['apache']['group'];
$tpl_ini_array['mail']['pop3_imap_daemon'] = ($conf['dovecot']['installed'] == true)?'dovecot':'courier';
$tpl_ini_array['mail']['mail_filter_syntax'] = ($conf['dovecot']['installed'] == true)?'sieve':'maildrop';
$tpl_ini_array['dns']['bind_user'] = $conf['bind']['bind_user'];
$tpl_ini_array['dns']['bind_group'] = $conf['bind']['bind_group'];
$tpl_ini_array['dns']['bind_zonefiles_dir'] = $conf['bind']['bind_zonefiles_dir'];
$tpl_ini_array['dns']['named_conf_path'] = $conf['bind']['named_conf_path'];
$tpl_ini_array['dns']['named_conf_local_path'] = $conf['bind']['named_conf_local_path'];
$server_ini_content = array_to_ini($tpl_ini_array);
$server_ini_content = mysql_real_escape_string($server_ini_content);
# This file is opened as root, so it should be owned by root and mode 0600.
# For the sql passdb module, you'll need a database with a table that
# contains fields for at least the username and password. If you want to
# use the user@domain syntax, you might want to have a separate domain
# field as well.
# If your users all have the same uig/gid, and have predictable home
# directories, you can use the static userdb module to generate the home
# dir based on the username and domain. In this case, you won't need fields
# for home, uid, or gid in the database.
# If you prefer to use the sql userdb module, you'll want to add fields
# for home, uid, and gid. Here is an example table:
# CREATE TABLE users (
# username VARCHAR(128) NOT NULL,
# domain VARCHAR(128) NOT NULL,
# password VARCHAR(64) NOT NULL,
# home VARCHAR(255) NOT NULL,
# );
# Database driver: mysql, pgsql, sqlite
#driver =
# Database connection string. This is driver-specific setting.
# pgsql:
# For available options, see the PostgreSQL documention for the
# PQconnectdb function of libpq.
# mysql:
# Basic options emulate PostgreSQL option names:
# host, port, user, password, dbname
# But also adds some new settings:
# client_flags - See MySQL manual
# ssl_ca, ssl_ca_path - Set either one or both to enable SSL
# ssl_cert, ssl_key - For sending client-side certificates to server
# ssl_cipher - Set minimum allowed cipher security (default: HIGH)
# option_file - Read options from the given file instead of
# the default my.cnf location
# option_group - Read options from the given group (default: client)
# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
# Note that currently you can't use spaces in parameters.
# MySQL supports multiple host parameters for load balancing / HA.
# sqlite:
# The path to the database file.
# Examples:
# connect = host= dbname=users
# connect = dbname=virtual user=virtual password=blarg
# connect = /etc/dovecot/authdb.sqlite
#connect =
# Default password scheme.
# List of supported schemes is in
#default_pass_scheme = MD5
# passdb query to retrieve the password. It can return fields:
# password - The user's password. This field must be returned.
# user - user@domain from the database. Needed with case-insensitive lookups.
# username and domain - An alternative way to represent the "user" field.
# The "user" field is often necessary with case-insensitive lookups to avoid
# e.g. "name" and "nAme" logins creating two different mail directories. If
# your user and domain names are in separate fields, you can return "username"
# and "domain" fields instead of "user".
# The query can also return other fields which have a special meaning, see
# Commonly used available substitutions (see
# for full list):
# %u = entire user@domain
# %n = user part of user@domain
# %d = domain part of user@domain
# Note that these can be used only as input to SQL query. If the query outputs
# any of these substitutions, they're not touched. Otherwise it would be
# difficult to have eg. usernames containing '%' characters.
# Example:
# password_query = SELECT userid AS user, pw AS password \
# FROM users WHERE userid = '%u' AND active = 'Y'
#password_query = \
# SELECT username, domain, password \
# FROM users WHERE username = '%n' AND domain = '%d'
# userdb query to retrieve the user information. It can return fields:
# uid - System UID (overrides mail_uid setting)
# gid - System GID (overrides mail_gid setting)
# home - Home directory
# mail - Mail location (overrides mail_location setting)
# None of these are strictly required. If you use a single UID and GID, and
# home or mail directory fits to a template string, you could use userdb static
# instead. For a list of all fields that can be returned, see
# Examples:
# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
#user_query = \
# SELECT home, uid, gid \
# FROM users WHERE username = '%n' AND domain = '%d'
# If you wish to avoid two SQL lookups (passdb + userdb), you can use
# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
# also have to return userdb fields in password_query prefixed with "userdb_"
# string. For example:
#password_query = \
# SELECT userid AS user, password, \
# home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
# FROM users WHERE userid = '%u'
driver = mysql
connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_server_ispconfig_user} password={mysql_server_ispconfig_password}
default_pass_scheme = CRYPT
password_query = SELECT password FROM mail_user WHERE email = '%u' AND disable%Ls = 'n'
user_query = SELECT email as user, maildir as home, CONCAT(maildir, '/Maildir') as mail, uid, gid, CONCAT('maildir:storage=', quota) AS quota, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE email = '%u' AND disable%Ls = 'n'
## Dovecot configuration file
# If you're in a hurry, see
# "dovecot -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting this file when posting to the Dovecot mailing list.
# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace "
# Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr
# --sysconfdir=/etc --localstatedir=/var --with-ssldir=/etc/ssl
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Protocols we want to be serving: imap imaps pop3 pop3s managesieve
# If you only want to use dovecot-auth, you can set this to "none".
#protocols = imap imaps
protocols = imap imaps pop3 pop3s
# A space separated list of IP or host addresses where to listen in for
# connections. "*" listens in all IPv4 interfaces. "[::]" listens in all IPv6
# interfaces. Use "*, [::]" for listening both IPv4 and IPv6.
# If you want to specify ports for each service, you will need to configure
# these settings inside the protocol imap/pop3/managesieve { ... } section,
# so you can specify different ports for IMAP/POP3/MANAGESIEVE. For example:
# protocol imap {
# listen = *:10143
# ssl_listen = *:10943
# ..
# }
# protocol pop3 {
# listen = *:10100
# ..
# }
# protocol managesieve {
# listen = *:12000
# ..
# }
#listen = *
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes
disable_plaintext_auth = no
# Should all IMAP and POP3 processes be killed when Dovecot master process
# shuts down. Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is eg. because of a security fix). This however
# means that after master process has died, the client processes can't write
# to log files anymore.
#shutdown_clients = yes
shutdown_clients = yes
## Logging
# Log file to use for error messages, instead of sending them to syslog.
# /dev/stderr can be used to log into stderr.
#log_path =
# Log file to use for informational and debug messages.
# Default is the same as log_path.
#info_log_path =
# Prefix for each line written to log file. % codes are in strftime(3)
# format.
#log_timestamp = "%b %d %H:%M:%S "
log_timestamp = "%Y-%m-%d %H:%M:%S "
# Syslog facility to use if you're logging to syslog. Usually if you don't
# want to use "mail", you'll use local0..local7. Also other standard
# facilities are supported.
#syslog_facility = mail
## SSL settings
# IP or host address where to listen in for SSL connections. Remember to also
# add imaps and/or pop3s to protocols setting. Defaults to same as "listen"
# setting if not specified.
#ssl_listen =
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = no
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/ can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
#ssl_cert_file = /etc/ssl/certs/dovecot.pem
#ssl_key_file = /etc/ssl/private/dovecot.pem
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
# world-readable, you may want to place this setting instead to a different
# root owned 0600 file by using !include_try <path>.
#ssl_key_password =
# File containing trusted SSL certificate authorities. Set this only if you
# intend to use ssl_verify_client_cert=yes. The CAfile should contain the
# CA-certificate(s) followed by the matching CRL(s).
#ssl_ca_file =
# Request client to send a certificate. If you also want to require it, set
# ssl_require_client_cert=yes in auth section.
#ssl_verify_client_cert = no
# Which field from certificate to use for username. commonName and
# x500UniqueIdentifier are the usual choices. You'll also need to set
# ssl_username_from_cert=yes.
#ssl_cert_username_field = commonName
# How often to regenerate the SSL parameters file. Generation is quite CPU
# intensive operation. The value is in hours, 0 disables regeneration
# entirely.
#ssl_parameters_regenerate = 168
# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2
# Show protocol level SSL errors.
#verbose_ssl = no
## Login processes
# <doc/wiki/LoginProcess.txt>
# Directory where authentication process places authentication UNIX sockets
# which login needs to be able to connect to. The sockets are created when
# running as root, so you don't have to worry about permissions. Note that
# everything in this directory is deleted when Dovecot is started.
#login_dir = /var/run/dovecot/login
# chroot login process to the login_dir. Only reason not to do this is if you
# wish to run the whole Dovecot without roots. <doc/wiki/Rootless.txt>
#login_chroot = yes
# User to use for the login process. Create a completely new user for this,
# and don't use it anywhere else. The user must also belong to a group where
# only it has access, it's used to control access for authentication process.
# Note that this user is NOT used to access mails. <doc/wiki/UserIds.txt>
#login_user = dovecot
# Set max. process size in megabytes. If you don't use
# login_process_per_connection you might need to grow this.
#login_process_size = 64
# Should each login be processed in it's own process (yes), or should one
# login process be allowed to process multiple connections (no)? Yes is more
# secure, espcially with SSL/TLS enabled. No is faster since there's no need
# to create processes all the time.
#login_process_per_connection = yes
# Number of login processes to keep for listening new connections.
#login_processes_count = 3
# Maximum number of login processes to create. The listening process count
# usually stays at login_processes_count, but when multiple users start logging
# in at the same time more extra processes are created. To prevent fork-bombing
# we check only once in a second if new processes should be created - if all
# of them are used at the time, we double their amount until the limit set by
# this setting is reached.
#login_max_processes_count = 128