The Perfect Server - Fedora 13 x86_64 [ISPConfig 3]

1 Requirements

To install such a system you will need the following:

Download the Fedora 13 DVD iso image from a mirror near you (the list of mirrors can be found here: http://mirrors.fedoraproject.org/publiclist/Fedora/13/), e.g. http://ftp.tuchemnitz.de/pub/linux/fedora/linux/releases/13/Fedora/x86_64/iso/Fedora-13-x86_64-DVD.iso an Internet connection...

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

3 Install The Base System

Boot from your Fedora 13 DVD. Select Install a new system or upgrade an existing system:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

It can take a long time to test the installation media so we skip this test here:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

The welcome screen of the Fedora installer appears. Click on Next:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

Choose your language next:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

Select your keyboard layout:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

I assume that you use a locally attached hard drive, so you should select Basic Storage Devices here:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

If you see the following message (Error processing drive: /dev/sda. This device may need to be reinitialized. REINITIALIZING WILL CAUSE ALL DATA TO BE LOST!), please click on Re-initialize:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

Fill in the hostname of the server:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

Choose your time zone:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

Give root a password:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

Next we do the partitioning. Select Replace existing Linux system(s). This will give you a small /boot partition and a large / partition which is fine for our purposes:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

Select Write changes to disk:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

The hard drive is being formatted:

Now we select the software we want to install. Uncheck Graphical Desktop and check Web server instead. Then check Customize now. Afterwards, select the additional repositories Fedora 13 - x86_64 and Fedora 13 - x86_64 - Updates (if you are on an i386 system, the names are probably Fedora 13 - i386 and Fedora 13 - i386 - Updates):

(JavaScript must be enabled in your browser to view the large image as an image overlay.) As the last two repositories need an Internet connection, a new window pops up where you have to configure your network card. Select Enable IPv4 support, but disable Use dynamic IP configuration (DHCP); then give your network card a static IP address and netmask (in this tutorial I'm using the IP address 192.168.0.100 and netmask 255.255.255.0 for demonstration purposes; if you are not sure about the right values, http://www.subnetmask.info might help you). Also fill in your gateway (e.g. 192.168.0.1) and one nameserver (e.g. 145.253.2.75):

(JavaScript must be enabled in your browser to view the large image as an image overlay.) The details for the last two repositories should now be retrieved, and the checkboxes in front of them should be marked. Click on Next:

(JavaScript must be enabled in your browser to view the large image as an image overlay.) Now we must select the package groups we want to install. Select Editors, Text-based Internet, Development Libraries, Development Tools, DNS Name Server, FTP Server, Mail Server, MySQL Database, Server Configuration Tools, Web Server, Administration Tools, Base, Hardware Support, Java, System Tools (unselect all other package groups) and click on Next:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

The installation begins. This will take a few minutes:

(JavaScript must be enabled in your browser to view the large image as an image overlay.) Finally, the installation is complete, and you can remove your DVD from the computer and reboot it:

(JavaScript must be enabled in your browser to view the large image as an image overlay.) After the reboot, you will see this screen. Select Firewall configuration and hit Run Tool:

(JavaScript must be enabled in your browser to view the large image as an image overlay.) I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default Fedora firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the Fedora firewall). Hit OK afterwards:

(JavaScript must be enabled in your browser to view the large image as an image overlay.) Confirm your choice by selecting Yes:

(JavaScript must be enabled in your browser to view the large image as an image overlay.) Next select Network configuration:

(JavaScript must be enabled in your browser to view the large image as an image overlay.) If you did not configure your network card during the installation (because you did not select the additional online repositories), you can do that now by going to Device configuration:

(JavaScript must be enabled in your browser to view the large image as an image overlay.) Select your network interface (usually eth0):

(JavaScript must be enabled in your browser to view the large image as an image overlay.) Then fill in your network details - disable DHCP and fill in a static IP address, a netmask, and your gateway, then hit Ok:

(JavaScript must be enabled in your browser to view the large image as an image overlay.) Next select Save:

(JavaScript must be enabled in your browser to view the large image as an image overlay.) What you should do in all cases (regardless of whether you configured your network connection during the installation or just now) is specify nameservers (during the intial installation, you

could fill in just one nameserver, therefore you should specify at least a second one now). Select DNS configuration:

(JavaScript must be enabled in your browser to view the large image as an image overlay.) Now you can fill in additional nameservers and hit Ok:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

Hit Save&Quit afterwards...

(JavaScript must be enabled in your browser to view the large image as an image overlay.) ... and leave the Choose a Tool window by selecting Quit:

(JavaScript must be enabled in your browser to view the large image as an image overlay.) You should run

ifconfig now to check if the installer got your IP address right. Now I disable Fedora's NetworkManager and enable "normal" networking. NetworkManager is good for desktops where network connections can change (e.g. LAN vs. WLAN), but on a server you usually don't change network connections: chkconfig NetworkManager off chkconfig --levels 35 network on /etc/init.d/network restart Check your /etc/resolv.conf if it lists all nameservers that you've previously configured: cat /etc/resolv.conf If nameservers are missing, run system-config-network and add the missing nameservers again. Now, on to the configuration...
4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this: vi /etc/hosts

127.0.0.1 localhost.localdomain localhost 192.168.0.100 server1.example.com server1 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

It is important that you add a line for server1.example.com and remove server1.example.com and server1 from the 127.0.0.1 line.

5 Configure The Firewall

(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation.)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default Fedora firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the Fedora firewall). Run system-config-firewall and disable the firewall. To check that the firewall has really been disabled, you can run iptables -L afterwards. The output should look like this: [root@server1 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@server1 ~]#

6 Disable SELinux

SELinux is a security extension of Fedora that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

Edit /etc/selinux/config and set SELINUX=disabled: vi /etc/selinux/config

# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted

Afterwards we must reboot the system: reboot

7 Install Some Software

Next we update our existing packages on the system: yum update Now we install some software packages that are needed later on:

yum groupinstall 'Development Tools' yum groupinstall 'Development Libraries'

8 Journaled Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.) To install quota, we run this command: yum install quota Edit /etc/fstab and add ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the / partition (/dev/mapper/vg_server1-lv_root): vi /etc/fstab
# # /etc/fstab # Created by anaconda on Mon May 31 16:25:30 2010 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/vg_server1-lv_root / ext4 defaults,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 1 1 UUID=732ef9e2-879b-4196-a9e4-95402cf29505 /boot ext4 defaults 1 2 /dev/mapper/vg_server1-lv_swap swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0

Then run touch /aquota.user /aquota.group chmod 600 /aquota.* mount -o remount /

quotacheck -avugm quotaon -avug to enable quota.

9 Install Apache, MySQL, phpMyAdmin

This can all be installed with one single command: yum install ntp httpd mysql-server php php-mysql php-mbstring php-mcrypt phpMyAdmin
10 Install Dovecot

Dovecot can be installed as follows: yum install dovecot dovecot-mysql rm -fr /usr/lib/dovecot/ ln -s /usr/lib64/dovecot/ /usr/lib/dovecot Now we create the system startup links for Dovecot: chkconfig --levels 235 dovecot on /etc/init.d/dovecot start

11 Install Postfix

Postfix can be installed as follows: yum install postfix Then turn off Sendmail and start Postfix and MySQL: chkconfig --levels 235 mysqld on /etc/init.d/mysqld start chkconfig --levels 235 sendmail off chkconfig --levels 235 postfix on /etc/init.d/sendmail stop /etc/init.d/postfix start

12 Install Getmail

Getmail can be installed as follows: yum install getmail

13 Set MySQL Passwords And Configure phpMyAdmin

Set passwords for the MySQL root account: mysql_secure_installation [root@server1 ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): <-- ENTER OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation. Set root password? [Y/n] <-- ENTER New password: <-- yourrootsqlpassword Re-enter new password: <-- yourrootsqlpassword Password updated successfully! Reloading privilege tables.. ... Success!

By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a

production environment. Remove anonymous users? [Y/n] <-- ENTER ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] <-- ENTER ... Success! By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] <-- ENTER - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] <-- ENTER ... Success! Cleaning up...

All done! If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL!

[root@server1 ~]#

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory /usr/share/phpMyAdmin/> stanza): vi /etc/httpd/conf.d/phpMyAdmin.conf
# phpMyAdmin - Web based MySQL browser written in php # # Allows only localhost by default # # But allowing phpMyAdmin to anyone other than localhost should be considered # dangerous unless properly secured by SSL Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin #<Directory /usr/share/phpMyAdmin/> # order deny,allow # deny from all # allow from 127.0.0.1 # allow from ::1 #</Directory> # This directory does not require access over HTTP - taken from the original # phpMyAdmin upstream tarball # <Directory /usr/share/phpMyAdmin/libraries> Order Deny,Allow Deny from All Allow from None </Directory> # This configuration prevents mod_security at phpMyAdmin directories from

# filtering SQL etc. This may break your mod_security implementation. # #<IfModule mod_security.c> # <Directory /usr/share/phpMyAdmin> # SecRuleInheritance Off # </Directory> #</IfModule>

Then we create the system startup links for Apache and start it: chkconfig --levels 235 httpd on /etc/init.d/httpd start Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.

14 Install Amavisd-new, SpamAssassin And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command: yum install amavisd-new spamassassin clamav clamav-data clamav-server clamav-update unzip bzip2 perl-DBD-mysql When we installed ClamAV, a cron job got installed that tries to update the ClamAV virus database every three hours. But this works only if we enable it in /etc/sysconfig/freshclam and /etc/freshclam.conf: vi /etc/sysconfig/freshclam Comment out the FRESHCLAM_DELAY line at the end:
## When changing the periodicity of freshclam runs in the crontab, ## this value must be adjusted also. Its value is the timespan between ## two subsequent freshclam runs in minutes. E.g. for the default ## ## | 0 */3 * * * ... ## ## crontab line, the value is 180 (minutes). # FRESHCLAM_MOD= ## A predefined value for the delay in seconds. By default, the value is ## calculated by the 'hostid' program. This predefined value guarantees ## constant timespans of 3 hours between two subsequent freshclam

runs. ## ## This option accepts two special values: ## 'disabled-warn' ... disables the automatic freshclam update and ## gives out a warning ## 'disabled' ... disables the automatic freshclam silently # FRESHCLAM_DELAY= ### !!!!! REMOVE ME !!!!!! ### REMOVE ME: By default, the freshclam update is disabled to avoid ### REMOVE ME: network access without prior activation #FRESHCLAM_DELAY=disabled-warn # REMOVE ME

vi /etc/freshclam.conf Comment out the Example line:

[...] # Comment or remove the line below. #Example [...]

Then we start freshclam, amavisd, and clamd... sa-update chkconfig --levels 235 amavisd on chkconfig --levels 235 clamd.amavisd on /usr/bin/freshclam /etc/init.d/amavisd start /etc/init.d/clamd.amavisd start If /etc/init.d/amavisd start gives you the following error... [root@server1 ~]# /etc/init.d/amavisd start Starting amavisd: Problem in Amavis::DB or Amavis::DB::SNMP code: BerkeleyDB needs compatible versions of libdb & db.h you have db.h version 4.8.26 and libdb version 4.8.30 Compilation failed in require at (eval 82) line 19. BEGIN failed--compilation aborted at (eval 82) line 19. [FAILED] [root@server1 ~]# ... you must downgrade db4: yum downgrade db4*

Then try to start amavisd again: /etc/init.d/amavisd start Finally change the ownership of some directories: chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db rm -f /var/spool/amavisd/clamd.sock mkdir /var/run/clamav.amavisd /var/run/clamd.amavisd chown amavis /var/run/clamav.amavisd chown amavis /var/run/clamd.amavisd ln -sf /var/spool/amavisd/clamd.sock /var/run/clamav.amavisd/clamd.sock ln -sf /var/spool/amavisd/clamd.sock /var/run/clamd.amavisd/clamd.sock /etc/init.d/clamd.amavisd restart
15 Installing mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis. We can install Apache2 with mod_php5, mod_fcgid, and PHP5 as follows: yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel Next we open /etc/php.ini... vi /etc/php.ini ... and change the error reporting (so that notices aren't shown any longer) and add cgi.fix_pathinfo = 1 at the end of the file:
[...] ;error_reporting = E_ALL & ~E_DEPRECATED error_reporting = E_ALL & ~E_NOTICE [...] cgi.fix_pathinfo = 1

Next we install suPHP: cd /tmp wget http://www.suphp.org/download/suphp-0.7.1.tar.gz tar xvfz suphp-0.7.1.tar.gz cd suphp-0.7.1/

./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --withapxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --withphp=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enableSUPHP_USE_USERGROUP=yes make make install Then we add the suPHP module to our Apache configuration... vi /etc/httpd/conf.d/suphp.conf
LoadModule suphp_module modules/mod_suphp.so

... and create the file /etc/suphp.conf as follows: vi /etc/suphp.conf

[global] ;Path to logfile logfile=/var/log/httpd/suphp.log ;Loglevel loglevel=info ;User Apache is running as webserver_user=apache ;Path all scripts have to be in docroot=/ ;Path to chroot() to before executing script ;chroot=/mychroot ; Security options allow_file_group_writeable=true allow_file_others_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false ;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true ;Send minor error messages to browser errors_to_browser=false ;PATH environment variable env_path=/bin:/usr/bin ;Umask to set, specify in octal notation umask=0077 ; Minimum UID

min_uid=100 ; Minimum GID min_gid=100 [handlers] ;Handler for php-scripts x-httpd-suphp="php:/usr/bin/php-cgi" ;Handler for CGI-scripts x-suphp-cgi="execute:!self"

Finally we restart Apache: /etc/init.d/httpd restart

16 Install PureFTPd

PureFTPd can be installed with the following command: yum install pure-ftpd Then create the system startup links and start PureFTPd: chkconfig --levels 235 pure-ftpd on /etc/init.d/pure-ftpd start

17 Install BIND

We can install BIND as follows: yum install bind bind-utils Then we create the startup links:

chkconfig --levels 235 named on We don't start BIND now because it must be configured first - this will be done automatically by the ISPConfig 3 installer later on.

18 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows: yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder cd /tmp wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz tar xvfz vlogger-1.3.tar.gz mv vlogger-1.3/vlogger /usr/sbin/ rm -rf vlogger*

19 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!): cd /tmp wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz tar xvfz jailkit-2.11.tar.gz cd jailkit-2.11

./configure make make install cd .. rm -rf jailkit-2.11*

20 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log: yum install fail2ban chkconfig --levels 235 fail2ban on /etc/init.d/fail2ban start

21 Install rkhunter

rkhunter can be installed as follows: yum install rkhunter

22 Install SquirrelMail

To install the SquirrelMail webmail client, run... yum install squirrelmail ... and restart Apache: /etc/init.d/httpd restart Then configure SquirrelMail: /usr/share/squirrelmail/config/conf.pl We must tell SquirrelMail that we are using Courier-IMAP/-POP3: SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------Main Menu -1. Organization Preferences 2. Server Settings

3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> <-- D

SquirrelMail Configuration : Read: config.php --------------------------------------------------------While we have been building SquirrelMail, we have discovered some preferences that work better with some servers that don't work so well with others. If you select your IMAP server, this option will set some pre-defined settings for that server. Please note that you will still need to go through and make sure everything is correct. This does not change everything. There are only a few settings that this will change. Please select your IMAP server: bincimap = Binc IMAP server courier = Courier IMAP server cyrus = Cyrus IMAP server dovecot = Dovecot Secure IMAP server exchange = Microsoft Exchange IMAP server hmailserver = hMailServer macosx = Mac OS X Mailserver mercury32 = Mercury/32 uw = University of Washington's IMAP server gmail = IMAP access to Google mail (Gmail) accounts quit = Do not change anything Command >> <-- dovecot

SquirrelMail Configuration : Read: config.php

--------------------------------------------------------While we have been building SquirrelMail, we have discovered some preferences that work better with some servers that don't work so well with others. If you select your IMAP server, this option will set some pre-defined settings for that server. Please note that you will still need to go through and make sure everything is correct. This does not change everything. There are only a few settings that this will change. Please select your IMAP server: bincimap = Binc IMAP server courier = Courier IMAP server cyrus = Cyrus IMAP server dovecot = Dovecot Secure IMAP server exchange = Microsoft Exchange IMAP server hmailserver = hMailServer macosx = Mac OS X Mailserver mercury32 = Mercury/32 uw = University of Washington's IMAP server gmail = IMAP access to Google mail (Gmail) accounts quit = Do not change anything Command >> dovecot imap_server_type = dovecot default_folder_prefix = <none> trash_folder = Trash sent_folder = Sent draft_folder = Drafts show_prefix_option = false default_sub_of_inbox = false show_contain_subfolders_option = false optional_delimiter = detect delete_folder = false Press any key to continue... <-- press a key

SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------Main Menu -1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options

5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> <--S

SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------Main Menu -1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> <--Q

One last thing we need to do is modify the file /etc/squirrelmail/config_local.php and comment out the $default_folder_prefix variable - if you don't do this, you will see the following error message in SquirrelMail after you've logged in: Query: CREATE "Sent" Reason Given: Invalid mailbox name. vi /etc/squirrelmail/config_local.php
<?php /** * Local config overrides. * * You can override the config.php settings here. * Don't do it unless you know what you're doing. * Use standard PHP syntax, see config.php for examples. * * @copyright &copy; 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id: config_local.php,v 1.2 2006/07/11 03:33:47 wtogami Exp $ * @package squirrelmail * @subpackage config */ //$default_folder_prefix ?> = '';

Now you can type in http://server1.example.com/webmail or http://192.168.0.100/webmail in your browser to access SquirrelMail.

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

23 Install ISPConfig 3

To install ISPConfig 3 from the latest released version, do this: cd /tmp wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.2.1.tar.gz?use_mirror= tar xvfz ISPConfig-3.0.2.1.tar.gz cd ispconfig3_install/install/ The next step is to run php -q install.php This will start the ISPConfig 3 installer: [root@server1 install]# php -q install.php

-------------------------------------------------------------------------------_____ ___________ _____ __ _ |_ _/ ___| ___ \ / __ \ / _(_) | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | __/ | |___/ --------------------------------------------------------------------------------

>> Initial configuration Operating System: Redhat or compatible, unknown version. Following will be a few questions for primary configuration so be careful. Default values are in [brackets] and can be accepted with <ENTER>. Tap in "quit" (without the quotes) to stop the installer.

Select language (en,de) [en]: <-- ENTER Installation mode (standard,expert) [standard]: <-- ENTER Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <- ENTER MySQL server hostname [localhost]: <-- ENTER MySQL root username [root]: <-- ENTER MySQL root password []: <-- yourrootsqlpassword MySQL database to create [dbispconfig]: <-- ENTER MySQL charset [utf8]: <-- ENTER Generating a 2048 bit RSA private key ...................................................+++ .................+++ writing new private key to 'smtpd.key' ----You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----Country Name (2 letter code) [XX]: <-- ENTER State or Province Name (full name) []: <-- ENTER Locality Name (eg, city) [Default City]: <-- ENTER Organization Name (eg, company) [Default Company Ltd]: <-- ENTER Organizational Unit Name (eg, section) []: <-- ENTER Common Name (eg, your name or your server's hostname) []: <-- ENTER Email Address []: <-- ENTER Configuring Jailkit Configuring SASL Configuring PAM Configuring Dovecot Configuring Spamassassin Configuring Amavisd PHP Warning: copy(/etc/authlib/amavisd.conf~): failed to open stream: No such file or directory in /tmp/ispconfig3_install/install/dist/lib/fedora.lib.php on line 346 Configuring Getmail Configuring Pureftpd Configuring BIND Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Firewall Installing ISPConfig ISPConfig Port [8080]: <-- ENTER Configuring DBServer Installing Crontab no crontab for root no crontab for getmail Restarting services ... Stopping mysqld: [ OK ] Starting mysqld: [ OK ] Shutting down postfix: [ OK ] Starting postfix: [ OK ] Stopping saslauthd: [FAILED] Starting saslauthd: [ OK ] Waiting for the process [2195] to terminate Waiting for the process [2195] to terminate Daemon [2195] terminated by SIGTERM Shutting down amavisd: [ OK ] amavisd stopped Starting amavisd: [ OK ]

Stopping clamd.amavisd: [ OK ] LibClamAV Warning: *********************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq *** LibClamAV Warning: *********************************************************** Starting clamd.amavisd: [ OK ] Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: [ OK ] Stopping httpd: [ OK ] [Mon May 31 18:04:46 2010] [warn] NameVirtualHost *:80 has no VirtualHosts Starting httpd: [ OK ] Stopping pure-ftpd: [ OK ] Starting pure-ftpd: [ OK ] Installation completed. [root@server1 install]# The installer automatically configures all underlying services, so no manual configuration is needed. Afterwards you can access ISPConfig 3 under http://server1.example.com:8080/ or http://192.168.0.100:8080/. Log in with the username admin and the password admin (you should change the default password after your first login):

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

The system is now ready to be used.