diff --git a/docs/INSTALL_DEBIAN_5.0_dovecot_bind.txt b/docs/INSTALL_DEBIAN_5.0_dovecot_bind.txt new file mode 100644 index 0000000000000000000000000000000000000000..08c04d9ad67349439bd9741c10d86d9973d4571a --- /dev/null +++ b/docs/INSTALL_DEBIAN_5.0_dovecot_bind.txt @@ -0,0 +1,259 @@ +Installation +----------- + +# It is recommended to use a clean (fresh) Debian lenny install where you just selected "Standard System" as the package selection during +# setup. Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as texteditor, but you ofcourse +# you can use whatever you prefer. You should be root for doing all of this. + + +# Check we have Fully Qualified Domain Name + +/bin/hostname + +# it should return something like "ispconfig.example.com" +# if not, then we assign a hostname (for example ispconfig): + +echo ispconfig.example.com > /etc/hostname + +vi /etc/hosts + +# and add lines similar but appropriate: + +127.0.0.1 localhost.localdomain localhost +192.168.0.100 ispconfig.example.com ispconfig + +# Run: + +/etc/init.d/hostname.sh + +# Some optional choices + +opt0.1) Optionally install SSH-server to get remote shell + +apt-get install ssh openssh-server + +opt0.2) Optionally if you are not running in virtual machine you can set server clocksync via NTP. Virtual quests get this from the host. + +apt-get -y install ntp ntpdate + +opt0.3) Optionally if you want vi editor improvement + +apt-get -y install vim-nox + + +# Next is the real deal + +1) Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!): + +apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d + +# Answer the questions from the package manager as follows. + +Create directories for web-based administration ? <-- No +General type of configuration? <-- Internet site +Mail name? <-- server1.mydomain.tld + SSL certificate required <-- Ok + +# ...use your own domain name of course ;) + + + +# Edit the file /etc/mysql/my.cnf + +vi /etc/mysql/my.cnf + +# and change the line: + +bind-address = 127.0.0.1 + +to: + +#bind-address = 127.0.0.1 + +# then restart mysql + +/etc/init.d/mysql restart + +2) Install Amavisd-new, Spamassassin and Clamav (1 line!): + +apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl + + +3) Install apache, PHP5, phpmyadmin, better fastCGI, suexec, Pear and mcrypt (1 line!): + +apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby + + +# When phpMyAdmin is asking weather to configure itself automatically, select "Apache2" + +# Then run the following to enable the Apache modules suexec, rewrite and ssl: + +a2enmod suexec rewrite ssl actions include + +# restart apache before continuing + +/etc/init.d/apache2 restart + + +4) Install pure-ftpd and quota + +apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool + +# Optional: Enable TLS in pureftpd +echo 1 > /etc/pure-ftpd/conf/TLS +mkdir -p /etc/ssl/private/ +openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem +chmod 600 /etc/ssl/private/pure-ftpd.pem + + +# Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /): + +vi /etc/fstab + +---------------------------------------------------------------------------------------------- +# /etc/fstab: static file system information. +# +# +proc /proc proc defaults 0 0 +/dev/sda1 / ext3 errors=remount-ro,usrquota,grpquota 0 1 +/dev/sda5 none swap sw 0 0 +/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0 +/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0 +---------------------------------------------------------------------------------------------- + +# To enable quota, run these commands: + +touch /quota.user /quota.group +chmod 600 /quota.* +mount -o remount / +quotacheck -avugm +quotaon -avug + + +5) Install BIND DNS Server + +apt-get -y install bind9 dnsutils + +6) Install vlogger and webalizer + +apt-get -y install vlogger webalizer + + +7) Install Jailkit (optional, only needed if you want to use chrroting for SSH users) + +apt-get -y install build-essential autoconf automake1.9 libtool flex bison debhelper +cd /tmp +wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz +tar xvfz jailkit-2.11.tar.gz +cd jailkit-2.11 +./debian/rules binary +cd .. +dpkg -i jailkit_2.11-1_*.deb +rm -rf jailkit-2.11* + +8) Install fail2ban (optional but recomended, because the monitor tries to show the log) +More info at: http://www.howtoforge.com/fail2ban_debian_etch + +apt-get install fail2ban + +9) Install ISPConfig 3 + +cd /tmp +wget http://www.ispconfig.org/downloads/ISPConfig-3.0.2.tar.gz +tar xvfz ISPConfig-3.0.2.tar.gz +cd ispconfig3_install/install/ + +# Now start the installation process by executing: + +php -q install.php + +# The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not nescessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!): + +http://192.168.0.100:8080/ + +# the default login is: + +user: admin +password: admin + +# In case you get a permission denied error from apache, please restart the apache webserver process. + + + +---------------------------------------------------------------------------------------------------------- +Optional: + +Install a webbased Email Client + +apt-get install squirrelmail +ln -s /usr/share/squirrelmail/ /var/www/webmail + +Access squirrelmail: + +http://192.168.0.100/webmail + + +To configure squirrelmail, run: + +/usr/sbin/squirrelmail-configure + +---------------------------------------------------------------------------------------------------------- + +Hints: + +debian 5.0 under openvz: + +VPSID=101 +for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE +do + vzctl set $VPSID --capability ${CAP}:on --save +done + +---------------------------------------------------------------------------------------------------------- + + +Optional recommended packages: + +denyhosts - a utility to help sys admins thwart ssh crackers +rsync - fast remote file copy program (for backup) + +----------------------------------------------------------------------------------------------------------- + +Ispc log files rotate, for now manual add but to add in ispc installer: + +/etc/logrotate.d/logispc3 + +/var/log/ispconfig/ispconfig.log { + weekly + missingok + rotate 4 + compress + delaycompress +} +/var/log/ispconfig/cron.log { + weekly + missingok + rotate 4 + compress + delaycompress +} + + +----------------------------------------------------------------------------------------------------------- + +Possible errors and their solutions +------------------------------------ + +pureftpd login does not work. Take a look at the syslog, if you find an error message like this: +Mar 24 16:26:28 ispconfig pure-ftpd: (?@?) [ERROR] Sorry, invalid address given + +then pureftpd is not able to resolve the hostname. Name resolving can be disabled with these commands: + +echo 'yes' > /etc/pure-ftpd/conf/DontResolve +/etc/init.d/pure-ftpd-mysql restart + + + + + + diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index ba8b22423f7456d0c3754f8f11e96553d7e1a991..42b27b0f9f97207adaa5dd3f8025caaa7e7dfe0f 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -834,6 +834,18 @@ class installer_base { //exec('mkdir -p '.$config_dir.'/conf/ChrootEveryone'); exec('echo "yes" > '.$config_dir.'/conf/ChrootEveryone'); exec('echo "yes" > '.$config_dir.'/conf/BrokenClientsCompatibility'); + + if(is_file('/etc/default/pure-ftpd-common')) { + replaceLine('/etc/default/pure-ftpd-common','STANDALONE_OR_INETD=inetd','STANDALONE_OR_INETD=standalone',1,0); + replaceLine('/etc/default/pure-ftpd-common','VIRTUALCHROOT=false','VIRTUALCHROOT=true',1,0); + } + + if(is_file('/etc/inetd.conf')) { + replaceLine('/etc/inetd.conf','ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper','#ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper',1,0); + if(is_file('/etc/init.d/openbsd-inetd')) exec('/etc/init.d/openbsd-inetd restart'); + } + + if(!is_file('/etc/pure-ftpd/conf/DontResolve')) exec("echo 'yes' > /etc/pure-ftpd/conf/DontResolve"); } public function configure_mydns()