ispconfig3

Assumed nginx, mariaBD
add ntp date
apt-get install ntp ntpdate
We assumed mariadb so skip installing mysql
apt-get install mysql-client mysql-server
add postfix, dovecot etc
apt-get install postfix postfix-mysql postfix-doc openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve
edit /etc/postfix/master.cf
nano /etc/postfix/master.cf
Uncomment the sumbission and smtps part
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
Restart postfix
/etc/init.d/postfix restart
check if mysql is running on * if not comment bind-address in /etc/mysql/my.cnf
netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      28333/mysqld
install amavisd-new, SpamAssassin, and ClamAV
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin
/etc/init.d/spamassassin stop
update-rc.d -f spamassassin remove

Skip from here if you used boa

Nginx is available as a package for Ubuntu which we can install as follows:
apt-get install nginx
If Apache2 is already installed on the system, stop it now...
/etc/init.d/apache2 stop
... and remove Apache's system startup links, alternatively let it listen to a different port
update-rc.d -f apache2 remove
Start nginx afterwards:
/etc/init.d/nginx start
If both Apache2 and nginx are installed, the ISPConfig 3 installer will ask you which one you want to use - answer nginx in this case. We can make PHP5 work in nginx through PHP-FPM (PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites) which we install as follows:
apt-get install php5-fpm
PHP-FPM is a daemon process (with the init script /etc/init.d/php5-fpm) that runs a FastCGI server on port 9000. To get MySQL support in PHP, we can install the php5-mysql package. It's a good idea to install some other PHP5 modules as well as you might need them for your applications. You can search for available PHP5 modules like this:
apt-cache search php5
Pick the ones you need and install them like this:
apt-get install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
Xcache is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It's similar to other PHP opcode cachers, such as eAccelerator and APC. It is strongly recommended to have one of these installed to speed up your PHP page. Xcache can be installed as follows:
apt-get install php5-xcache
Reload PHP-FPM:
/etc/init.d/php5-fpm reload
</code
To get CGI support in nginx, we install Fcgiwrap.
<code>
apt-get install fcgiwrap

End of skip part

Install Mailman
apt-get install mailman
a first mailing list called mailman must be created:
newlist mailman
nano /etc/aliases
<code>
add the folowing lines:
<code>
## mailman mailing list
mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"
Run
newaliases
afterwards and restart Postfix:
/etc/init.d/postfix restart
Then start the Mailman daemon:
/etc/init.d/mailman start
After you have installed ISPConfig 3, you can access Mailman as follows: The ISPConfig apps vhost on port 8081 for nginx comes with a Mailman configuration, so you can use http://server1.example.com:8081/cgi-bin/mailman/admin/ or http://server1.example.com:8081/cgi-bin/mailman/listinfo/ to access Mailman. Config derective to use mailman trough cgi:
        location /cgi-bin/mailman {
               root /usr/lib/;
               fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
               include /etc/nginx/fastcgi_params;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               fastcgi_param PATH_INFO $fastcgi_path_info;
               fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
               fastcgi_intercept_errors on;
               fastcgi_pass unix:/var/run/fcgiwrap.socket;
        }
        location /images/mailman {
               alias /usr/share/images/mailman;
        }
        location /pipermail {
               alias /var/lib/mailman/archives/public;
               autoindex on;
        }
PureFTPd and quota can be installed with the following command:
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
Edit the file /etc/default/pure-ftpd-common...
nano /etc/default/pure-ftpd-common
... and make sure that the start mode is set to standalone and set VIRTUALCHROOT=true:
[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]
Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. If you want to allow FTP and TLS sessions, run
echo 1 > /etc/pure-ftpd/conf/TLS
In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:
mkdir -p /etc/ssl/private/
Afterwards, we can generate the SSL certificate as follows:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Change the permissions of the SSL certificate:
chmod 600 /etc/ssl/private/pure-ftpd.pem
Then restart PureFTPd:
/etc/init.d/pure-ftpd-mysql restart
edit /etc/fstab and add quota support: ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0
nano /etc/fstab
remount and enable quota
mount -o remount /
quotacheck -avugm
quotaon -avug
Install BIND DNS Server
Install Vlogger, Webalizer, And AWstats
<code>
apt-get install vlogger webalizer awstats geoip-database
edit /etc/cron.d/awstats
nano /etc/cron.d/awstats
comment everything Install Jailkit
apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold
now we build it from source:
cd /usr/local/src
wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz
tar xvfz jailkit-2.15.tar.gz 
cd jailkit-2.15
./debian/rules binary
You can now install the Jailkit .deb package as follows:
cd ..
dpkg -i jailkit_2.14-1_*.deb
Install fail2ban
apt-get install fail2ban
create the file /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.local
add the config
[pureftpd]
 
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3
 
 
[dovecot-pop3imap]
 
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5
then create /etc/fail2ban/filter.d/pureftpd.conf
nano /etc/fail2ban/filter.d/pureftpd.conf
and add
[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =
and
nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf
with:
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =
restart fail2ban afterwards:
/etc/init.d/fail2ban restart
Install SquirrelMail <-- replace with another client
apt-get install squirrelmail
Then configure SquirrelMail:
squirrelmail-configure
d, dovecot, S, Q. You can now find SquirrelMail in the /usr/share/squirrelmail/ directory. After you have installed ISPConfig 3, you can access SquirrelMail as follows: The ISPConfig apps vhost on port 8081 for nginx comes with a SquirrelMail configuration, so you can use http://server1.example.com:8081/squirrelmail or http://server1.example.com:8081/webmail to access SquirrelMail. If you want to use a /webmail or /squirrelmail alias that you can use from your web sites, this is a bit more complicated than for Apache because nginx does not have global aliases (i.e., aliases that can be defined for all vhosts). Therefore you have to define these aliases for each vhost from which you want to access SquirrelMail. To do this, paste the following into the nginx Directives field on the Options tab of the web site in ISPConfig:
        location /squirrelmail {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/squirrelmail/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $request_filename;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_param PATH_INFO $fastcgi_script_name;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /webmail {
               rewrite ^/* /squirrelmail last;
        }
for https
        location /squirrelmail {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/squirrelmail/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_param HTTPS on; # <-- add this line
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $request_filename;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_param PATH_INFO $fastcgi_script_name;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /webmail {
               rewrite ^/* /squirrelmail last;
        }
If you use both http and https for your vhost, you need to add the following section to the http {} section in /etc/nginx/nginx.conf (before any include lines) which determines if the visitor uses http or https and sets the $fastcgi_https variable (which we will use in our SquirrelMail configuration) accordingly:
and change
<code>
[...]
http {
[...]
        ## Detect when HTTPS is used
        map $scheme $fastcgi_https {
          default off;
          https on;
        }
[...]
}
[...]
Don't forget to reload nginx afterwards:
/etc/init.d/nginx reload
Then go to the nginx Directives field again, and instead of fastcgi_param HTTPS on; you add the line fastcgi_param HTTPS $fastcgi_https; so that you can use SquirrelMail for both http and https requests:
       location /squirrelmail {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/squirrelmail/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_param HTTPS $fastcgi_https; # <-- add this line
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $request_filename;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_param PATH_INFO $fastcgi_script_name;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /webmail {
               rewrite ^/* /squirrelmail last;
        }
Install ISPConfig 3 Before you start the ISPConfig installation, make sure that Apache is stopped (if it is installed - it is possible that some of your installed packages have installed Apache as a dependency without you knowing). If Apache2 is already installed on the system, stop it now...
/etc/init.d/apache2 stop
... and remove Apache's system startup links:
update-rc.d -f apache2 remove
Make sure that nginx is running:
/etc/init.d/nginx restart
download ispconfig3 make admin user for isp
wget http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.4.6.tar.gz
tar xfz ISPConfig-3.0.4.6.tar.gz
cd ispconfig3_install/install
php -q install.php
<code>
en, standard, ....
src: http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-nginx-bind-dovecot-ispconfig-3-p6

 

Hessen Kasselstraat 8
5615 SM Eindhoven
phone: +316-81888456