12. Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils
For installing postfix we need to stop and remove sendmail
service sendmail stop; update-rc.d -f sendmail remove
Now we can install Postfix, Dovecot, MySQL, rkhunter, and binutils with a single command:
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo
You will be asked the following questions:
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
Next open the TLS/SSL and submission ports in Postfix:
vi /etc/postfix/master.cf
Uncomment the submission and smtps sections as follows - add the line -o smtpd_client_restrictions=permit_sasl_authenticated,reject to both sections and leave everything thereafter commented:
[...]
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
[...]
|
Restart Postfix afterwards:
service postfix restart
We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:
vi /etc/mysql/my.cnf
[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
[...]
|
Then we restart MySQL:
service mysql restart
Now check that networking is enabled. Run
netstat -tap | grep mysql
The output should look like this:
root@server1:~# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 21298/mysqld
root@server1:~#
13. Install Amavisd-new, SpamAssassin, And Clamav
To install amavisd-new, SpamAssassin, and ClamAV, we run
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin to free up some RAM:
service spamassassin stop
update-rc.d -f spamassassin remove
14. Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt
Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt can be installed as follows:
apt-get install apache2 apache2-doc apache2-utils libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-python php5-curl php5-intl php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached snmp
The PHP5 mcrypt module has to be enabled manually:
php5enmod mcrypt
You will see the following question:
Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No
Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and include (plus dav, dav_fs, and auth_digest if you want to use WebDAV):
a2enmod suexec rewrite ssl actions include cgi
a2enmod dav_fs dav auth_digest
Next open /etc/apache2/mods-available/suphp.conf...
vi /etc/apache2/mods-available/suphp.conf
... and comment out the <FilesMatch "\.ph(p3?|tml)$"> section and add the line AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml - otherwise all PHP files will be run by SuPHP:
<IfModule mod_suphp.c>
#<FilesMatch "\.ph(p3?|tml)$">
# SetHandler application/x-httpd-suphp
#</FilesMatch>
suPHP_AddHandler application/x-httpd-suphp
AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
<Directory />
suPHP_Engine on
</Directory>
# By default, disable suPHP for debian packaged web applications as files
# are owned by root and cannot be executed by suPHP because of min_uid.
<Directory /usr/share>
suPHP_Engine off
</Directory>
# # Use a specific php config file (a dir which contains a php.ini file)
# suPHP_ConfigPath /etc/php5/cgi/suphp/
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
# suPHP_RemoveHandler <mime-type>
</IfModule>
|
Restart Apache afterwards:
service apache2 restart
If you want to host Ruby files with the extension .rb on your web sites created through ISPConfig, you must comment out the line application/x-ruby rb in /etc/mime.types:
vi /etc/mime.types
[...]
#application/x-ruby rb
[...]
|
(This is needed only for .rb files; Ruby files with the extension .rbx work out of the box.)
Restart Apache afterwards:
service apache2 restart
Login to the MySQL database as root user on the shell:
mysql -u root
Create a new user "admin" with the password "howtoforge". Replace the password "howtoforge" with a secure password in the commands below!
CREATE USER 'admin'@'localhost' IDENTIFIED BY 'howtoforge';
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit
14.1 Xcache
Xcache is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It's similar to other PHP opcode cachers, such as eAccelerator and APC. It is strongly recommended to have one of these installed to speed up your PHP page.
Xcache can be installed as follows:
apt-get install php5-xcache
Now restart Apache:
service apache2 restart
14.2 PHP-FPM
Starting with ISPConfig 3.0.5, there is an additional PHP mode that you can select for usage with Apache: PHP-FPM.
To use PHP-FPM with Apache, we need the mod_fastcgi Apache module (please don't mix this up with mod_fcgid - they are very similar, but you cannot use PHP-FPM with mod_fcgid). We can install PHP-FPM and mod_fastcgi as follows:
apt-get install libapache2-mod-fastcgi php5-fpm
Make sure you enable the module and restart Apache:
a2enmod actions fastcgi alias
service apache2 restart
14.2 Additional PHP Versions
15. Install Mailman
Since version 3.0.4, ISPConfig also allows you to manage (create/modify/delete) Mailman mailing lists. If you want to make use of this feature, install Mailman as follows:
apt-get install mailman
Select at least one language, e.g.:
Languages to support: <-- en (English)
Missing site list <-- Ok
Before we can start Mailman, a first mailing list called mailman must be created:
newlist mailman
root@server1:~# newlist mailman
Enter the email of the person running the list: <-- admin email address, e.g. listadmin@example.com
Initial mailman password: <-- admin password for the mailman list
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases' program:
## mailman mailing list
mailman: "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"
Hit enter to notify mailman owner... <-- ENTER
root@server1:~#
Open /etc/aliases afterwards...
vi /etc/aliases
... and add the following lines:
[...]
## mailman mailing list
mailman: "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"
|
Run
newaliases
afterwards and restart Postfix:
service postfix restart
Finally we must enable the Mailman Apache configuration:
ln -s /etc/mailman/apache.conf /etc/apache2/conf-available/mailman.conf
This defines the alias /cgi-bin/mailman/ for all Apache vhosts, which means you can access the Mailman admin interface for a list at http://<vhost>/cgi-bin/mailman/admin/<listname>, and the web page for users of a mailing list can be found at http://<vhost>/cgi-bin/mailman/listinfo/<listname>.
Under http://<vhost>/pipermail you can find the mailing list archives.
Restart Apache afterwards:
service apache2 restart
Then start the Mailman daemon:
service mailman start