sudo su apt-get install ntpdate apt-get install postfix postfix-mysql postfix-doc openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo nano /etc/postfix/master.cf
/etc/init.d/postfix restart apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
/etc/init.d/spamassassin stop update-rc.d -f spamassassin remove
apt-get install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl apt-get install php5-xcache /etc/init.d/php5-fpm reload apt-get install fcgiwrap apt-get install mailman nano /etc/aliases
[...] ## mailman mailing list mailman: "|/var/lib/mailman/mail/mailman post mailman" mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman" mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman" mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman" mailman-join: "|/var/lib/mailman/mail/mailman join mailman" mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman" mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman" mailman-request: "|/var/lib/mailman/mail/mailman request mailman" mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman" mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"
newaliases /etc/init.d/postfix restart /etc/init.d/mailman start
location /cgi-bin/mailman {
root /usr/lib/;
fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location /images/mailman {
alias /usr/share/images/mailman;
}
location /pipermail {
alias /var/lib/mailman/archives/public;
autoindex on;
}apt-get install bind9 dnsutils nano /etc/cron.d/awstats
Now jailkit
cd /usr/local/src/ wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz tar xvf jailkit-2.15.tar.gz cd jailkit-2.15 ./debian/rules binary cd .. dpkg -i jailkit_*.deb
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool nano /etc/default/pure-ftpd-common
VIRTUALCHROOT=true
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE"). State or Province Name (full name) [Some-State]: <-- Enter your State or Province Name. Locality Name (eg, city) []: <-- Enter your City. Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter your Organization Name (e.g., the name of your company). Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department"). Common Name (eg, YOUR name) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com"). Email Address []: <-- Enter your Email Address.
chmod 600 /etc/ssl/private/pure-ftpd.pem
/etc/init.d/pure-ftpd-mysql restart
nano /etc/fstab ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0
mount -o remount / quotacheck -avugm quotaon -avug
apt-get install fail2ban nano /etc/fail2ban/jail.local
[pureftpd] enabled = true port = ftp filter = pureftpd logpath = /var/log/syslog maxretry = 3 [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] logpath = /var/log/mail.log maxretry = 5
nano /etc/fail2ban/filter.d/pureftpd.conf
[Definition] failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.* ignoreregex =
nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf
[Definition] failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* ignoreregex = /etc/init.d/fail2ban restart
apt-get install squirrelmail
ISP needs a godlike mysql user so we make one for it
mysql grant all privileges on *.* to 'isp3user'@localhost identified by 'password' with grant option; flush privileges;
cd /usr/local/src wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz tar xfz ISPConfig-3-stable.tar.gz cd ispconfig3_install/install/
php -q install.php
We dont use the crap that comes with ispconfig for we have csf.
Afterwards restart phpfpm and nginx.
/etc/init.d/php5-fpm restart /etc/init.d/nginx reload