The Perfect Server - CentOS 5.5 x86_64 [ISPConfig 3] - 1

http://www.howtoforge.com/perfect-server-centos-5.5-x86_64-ispconfig-3
y a le même tuto pour ubuntu et debian, gl, c'est chronophage comme tuto, surtout, si à la fin, vous voulez que ça fonctionne... :twisted:


This tutorial shows how to prepare a CentOS 5.5 x86_64 server for the installation of ISPConfig 3, and how to install ISPConfig 3. ISPConfig 3 is a webhosting control panel that allows you to configure the following services through a web browser: Apache web server, Postfix mail server, MySQL, BIND nameserver, PureFTPd, SpamAssassin, ClamAV, and many more.

1 Requirements
To install such a system you will need the two CentOS 5.5 DVDs or the eight CentOS 5.5 CDs from a mirror next to you.
(the list of mirrors can be found here: http://isoredirect.centos.org/centos/5/isos/x86_64/ )

2 Preliminary Note
In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

3 Install The Base System
Boot from your first CentOS 5.5 CD (CD 1) or the first CentOS 5.5 DVD. Press at the boot prompt:


It can take a long time to test the installation media so we skip this test here:


The welcome screen of the CentOS installer appears. Click on Next:


Choose your language next:


Select your keyboard layout:


I'm installing CentOS 5.5 on a fresh system, so I answer Yes to the question Would you like to initialize this drive, erasing ALL DATA?


Now we must select a partitioning scheme for our installation. For simplicity's sake I select Remove linux partitions on selected drives and create default layout. This will result in a small /boot and a large / partition as well as a swap partition. Of course, you're free to partition your hard drive however you like it. Then I hit Next:


Answer the following question (Are you sure you want to do this?) with Yes:


On to the network settings. The default setting here is to configure the network interfaces with DHCP, but we are installing a server, so static IP addresses are not a bad idea... Click on the Edit button at the top right.


In the window that pops up uncheck Use dynamic IP configuration (DHCP) and Enable IPv6 support and give your network card a static IP address (in this tutorial I'm using the IP address 192.168.0.100 for demonstration purposes) and a suitable netmask (e.g. 255.255.255.0; if you are not sure about the right values, http://www.subnetmask.info might help you):


Set the hostname manually, e.g. server1.example.com, and enter a gateway (e.g. 192.168.0.1) and up to two DNS servers (e.g. 213.191.92.86 and 145.253.2.75):


Choose your time zone:


Give root a password:

Now we select the software we want to install. Select nothing but Server (uncheck everything else). Also don't check Packages from CentOS Extras. Then check Customize now, and click on Next:



Now we must select the package groups we want to install. Select Editors, Text-based Internet, Development Libraries, Development Tools, DNS Name Server, FTP Server, Mail Server, MySQL Database, Server Configuration Tools, Web Server, Administration Tools, Base, and System Tools (unselect all other package groups) and click on Next:


The installer checks the dependencies of the selected packages:


Click on Next to start the installation:


The hard drive is being formatted:


The installation begins. This will take a few minutes:


Finally, the installation is complete, and you can remove your CD or DVD from the computer and reboot it:


After the reboot, you will see this screen. Select Firewall configuration and hit Run Tool:


I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).

SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it, too (this is a must if you want to install ISPConfig later on). Hit OK afterwards:


Then leave the Setup Agent by selecting Exit:

4 Adjust /etc/hosts

Code:

nano /etc/hosts

Citation :

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.0.100 server1.example.com server1
::1 localhost6.localdomain6 localhost6

5 Configure Additional IP Addresses

(This section is totally optional. It just shows how to add additional IP addresses to your network interface eth0 if you need more than one IP address. If you're fine with one IP address, you can skip this section.)

Let's assume our network interface is eth0. Then there is a file /etc/sysconfig/network-scripts/ifcfg-eth0 which contains the settings for eth0. We can use this as a sample for our new virtual network interface eth0:0:

Code:

cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0

Now we want to use the IP address 192.168.0.101 on the virtual interface eth0:0. Therefore we open the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 and modify it as follows (we can leave out the HWADDR line as it is the same physical network card):

Code:

nano /etc/sysconfig/network-scripts/ifcfg-eth0:0

Citation :

# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=192.168.0.255
IPADDR=192.168.0.101
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes

Afterwards we have to restart the network:

Code:

/etc/init.d/network restart

You might also want to adjust /etc/hosts after you have added new IP addresses, although this is not necessary.
Now run

Code:

ifconfig

You should now see your new IP address in the output:

Citation :

[root@server1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:FD:78:BE
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fefd:78be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:130 errors:0 dropped:0 overruns:0 frame:0
TX packets:137 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:12592 (12.2 KiB) TX bytes:31876 (31.1 KiB)
Base address:0x1070 Memory:ec820000-ec840000

eth0:0 Link encap:Ethernet HWaddr 00:0C:29:FD:78:BE
inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Base address:0x1070 Memory:ec820000-ec840000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)

[root@server1 ~]#

6 Disable The Firewall And SELinux
(You can skip this chapter if you have already disabled the firewall and SELinux at the end of the basic system installation (in the Setup Agent).)

Run

Code:

system-config-securitylevel

Set both Security Level and SELinux to Disabled and hit OK:
Afterwards we must reboot the system:

Code:

reboot

7 Install Some Software

Enable the contrib and centosplus repositories:

Code:

nano /etc/yum.repos.d/CentOS-Base.repo

Edit the lines below:

Citation :

[base]
[...]
exclude=postfix
[...]
[update]
[...]
exclude=postfix
[...]
[centosplus]
[...]
enabled=1
includepkgs=postfix
[...]
[contrib]
[...]
enabled=1
[...]

Then we update our existing packages on the system:

Code:

yum update

Now we install some software packages that are needed later on:

Code:

yum groupinstall 'Development Tools'

Code:

yum groupinstall 'Development Libraries'

8 Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, we run this command:

Code:

yum install quota

Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00):

Code:

nano /etc/fstab

Citation :

/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0

Then run

Code:

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

to enable quota.

9 Install Apache, MySQL, phpMyAdmin

First we enable the RPMforge repository on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 5.5 repositories:

Code:

rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

Code:

rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

(If the above link doesn't work anymore, you can find the current version of rpmforge-release here: http://packages.sw.be/rpmforge-release/)
Afterwards we can install the needed packages with one single command:

Code:

yum install ntp httpd mysql-server php php-mysql php-mbstring php-mcrypt phpmyadmin

10 Install Dovecot

There's a Dovecot package in the CentOS repository, but unfortunately it doesn't support MySQL. Therefore we must remove the existing Dovecot and install another Dovecot package (from http://atrpms.net/) which comes with MySQL support:

Code:

yum remove dovecot

Code:

wget http://packages.atrpms.net/RPM-GPG-KEY.atrpms
rpm --import RPM-GPG-KEY.atrpms

Code:

nano /etc/yum.repos.d/atrpms.repo

Citation :

[atrpms]
name=Red Hat Enterprise Linux 5 - x86_64 - ATrpms
baseurl=http://dl.atrpms.net/el5-x86_64/atrpms/stable
failovermethod=priority
exclude=dovecot-2*
includepkgs=dovecot dovecot-sieve

#
# requires stable
#
[atrpms-testing]
name=Red Hat Enterprise Linux 5 - x86_64 - ATrpms testing
baseurl=http://dl.atrpms.net/el5-x86_64/atrpms/testing
failovermethod=priority
enabled=1
exclude=dovecot-2*
includepkgs=dovecot dovecot-sieve

#
# requires stable and testing
#
[atrpms-bleeding]
name=Red Hat Enterprise Linux 5 - x86_64 - ATrpms bleeding
baseurl=http://dl.atrpms.net/el5-x86_64/atrpms/bleeding
failovermethod=priority
enabled=0

Code:

yum install dovecot dovecot-sieve

Code:

rm -fr /usr/lib/dovecot/
ln -s /usr/lib64/dovecot/ /usr/lib/dovecot

Now we create the system startup links for Dovecot:

Code:

chkconfig --levels 235 dovecot on
/etc/init.d/dovecot start

11 Install Postfix With MySQL Support
The "normal" Postfix package from the CentOS repository doesn't have MySQL, but the Postfix package from the CentOS Plus repository does. Therefore we remove Postfix...

Code:

yum remove postfix

... and install it again, this time from the CentOS Plus repository:

Code:

yum install postfix

Then turn off Sendmail and start Postfix and MySQL:

Code:

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

Code:

chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
/etc/init.d/sendmail stop
/etc/init.d/postfix start

12 Install Getmail

Getmail can be installed as follows:

Code:

yum install getmail

13 Set MySQL Passwords And Configure phpMyAdmin

Set passwords for the MySQL root account:

Code:

mysql_secure_installation

Citation :

[root@server1 tmp]# mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] <-- ENTER
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] <-- ENTER
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <-- ENTER
... Success!

By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] <-- ENTER
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] <-- ENTER
... Success!

Cleaning up...



All done! If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


[root@server1 tmp]#

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the stanza):

Code:

nano /etc/httpd/conf.d/phpmyadmin.conf

Citation :

#
# Web application to manage MySQL
#

#
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
#

Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin

Next we change the authentication in phpMyAdmin from cookie to http:

Code:

nano /usr/share/phpmyadmin/config.inc.php

Citation :

[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
[...]

Then we create the system startup links for Apache and start it:

Code:

chkconfig --levels 235 httpd on
/etc/init.d/httpd start

Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.

14 Install Amavisd-new, SpamAssassin And ClamAV
To install amavisd-new, spamassassin and clamav, run the following command:

Code:

yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrar perl-DBD-mysql

Open /etc/sysconfig/amavisd...

Code:

nano /etc/sysconfig/amavisd

... and add the line CONFIG_FILE="/etc/amavisd/amavisd.conf":

Citation :

### Uncomment this if you want to use amavis with sendmail milter interface.
### See README.milter for details.
#
#MILTER_SOCKET="local:/var/amavis/amavis-milter.sock"
#MILTER_SOCKET="10024@127.0.0.1"

### These are other defaults.
#AMAVIS_ACCOUNT="amavis"
#CONFIG_FILE="/etc/amavisd.conf"
#MILTER_FLAGS=""
CONFIG_FILE="/etc/amavisd/amavisd.conf"

Then we start freshclam, amavisd, and clamd...

Citation :

sa-update
chkconfig --levels 235 amavisd on
chkconfig --levels 235 clamd on
/usr/bin/freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd start

(it is ok if you see this error: Starting Mail Virus Scanner (amavisd): Config file "/etc/amavisd/amavisd.conf" does not exist, at /usr/sbin/amavisd line 1795. - the missing configuration file /etc/amavisd/amavisd.conf will be created by the ISPConfig installer.)

... and create some necessary directories:

Code:

mkdir /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
ln -s /var/run/clamav/clamd.sock /var/spool/amavisd/clamd.sock

Citation :

15 Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.

mod_fcgid is not available in the official CentOS repositories, but there's a package for CentOS 5.x in the centos.karan.org testing repository. We enable the repository as follows:

Code:

cd /etc/yum.repos.d/
wget http://centos.karan.org/kbsingh-CentOS-Extras.repo

Next we open /etc/yum.repos.d/kbsingh-CentOS-Extras.repo...

Code:

nano /etc/yum.repos.d/kbsingh-CentOS-Extras.repo

... and set gpgcheck to 0 and enabled to 1 in the [kbs-CentOS-Testing] section:

[...]
[kbs-CentOS-Testing]
name=CentOS.Karan.Org-EL$releasever - Testing
gpgcheck=0
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
enabled=1
baseurl=http://centos.karan.org/el$releasever/extras/testing/$basearch/RPMS/

Afterwards we can install Apache2with mod_php5, mod_fcgid, and PHP5:

Code:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel

Next we open /etc/php.ini...

Code:

nano /etc/php.ini

... and change the error reporting (so that notices aren't shown any longer) and add cgi.fix_pathinfo = 1 at the end of the file:

Citation :

[...]
;error_reporting = E_ALL
error_reporting = E_ALL & ~E_NOTICE
[...]
cgi.fix_pathinfo = 1

Next we install suPHP:

Code:

cd /tmp
wget http://suphp.org/download/suphp-0.7.1.tar.gz
tar xvfz suphp-0.7.1.tar.gz
cd suphp-0.7.1/
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
make
make install

Then we add the suPHP module to our Apache configuration...

Code:

nano /etc/httpd/conf.d/suphp.conf

Citation :

LoadModule suphp_module modules/mod_suphp.so

... and create the file /etc/suphp.conf as follows:

Code:

nano /etc/suphp.conf

Citation :

[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

Finally we restart Apache:

Code:

/etc/init.d/httpd restart

16 Install PureFTPd

PureFTPd can be installed with the following command:

Code:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

Code:

chkconfig --levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

17 Install A Chrooted DNS Server (BIND9)
To install a chrooted BIND9, we do this:

Code:

yum install bind-chroot

Then do this:

Code:

chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/chroot/var/named/named.local
cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/named.root
touch /var/named/chroot/etc/named.conf.local
nano /var/named/chroot/etc/named.conf

Citation :

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named/chroot/var/named";
dump-file "/var/named/chroot/var/named/data/cache_dump.db";
statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.root";
};
include "/var/named/chroot/etc/named.conf.local";

Code:

chkconfig --levels 235 named on
/etc/init.d/named start

BIND will run in a chroot jail under /var/named/chroot/var/named/. I will use ISPConfig to configure BIND (zones, etc.).

18 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

Code:

yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder

Code:

cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*

19 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

Code:

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz
tar xvfz jailkit-2.11.tar.gz
cd jailkit-2.11
./configure
make
make install
cd ..
rm -rf jailkit-2.11*

20 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log:

Code:

yum install fail2ban

Code:

chkconfig --levels 235 fail2ban on
/etc/init.d/fail2ban start

21 Install rkhunter

rkhunter can be installed as follows:

Code:

yum install rkhunter

22 Install SquirrelMail

To install the SquirrelMail webmail client, run...

Code:

yum install squirrelmail

... and restart Apache:

Code:

/etc/init.d/httpd restart

Then configure SquirrelMail:

Code:

/usr/share/squirrelmail/config/conf.pl

We must tell SquirrelMail that we are using Courier-IMAP/-POP3:

Citation :

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color off
S Save data
Q Quit

Command >> <-- D


SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.

Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington's IMAP server

quit = Do not change anything
Command >> <-- dovecot


SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.

Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington's IMAP server

quit = Do not change anything
Command >> dovecot

imap_server_type = dovecot
default_folder_prefix =
trash_folder = Trash
sent_folder = Sent
draft_folder = Drafts
show_prefix_option = false
default_sub_of_inbox = false
show_contain_subfolders_option = false
optional_delimiter = detect
delete_folder = false

Press any key to continue... <-- press a key


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color off
S Save data
Q Quit

Command >> <--S


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color off
S Save data
Q Quit

Command >> <--Q

One last thing we need to do is modify the file /etc/squirrelmail/config_local.php and comment out the $default_folder_prefix variable - if you don't do this, you will see the following error message in SquirrelMail after you've logged in: Query: CREATE "Sent" Reason Given: Invalid mailbox name.

Code:

nano /etc/squirrelmail/config_local.php

Citation :

/**
* Local config overrides.
*
* You can override the config.php settings here.
* Don't do it unless you know what you're doing.
* Use standard PHP syntax, see config.php for examples.
*
* @copyright © 2002-2006 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: config_local.php,v 1.2 2006/07/11 03:33:47 wtogami Exp $
* @package squirrelmail
* @subpackage config
*/

//$default_folder_prefix = '';
?>

Now you can type in http://server1.example.com/webmail or http://192.168.0.100/webmail in your browser to access SquirrelMail.

Attention, j'ai mit une demi-journée (ou demi-nuit !) à comprendre qu'après l'installation d'Ispconfig, si on peut pas se log, c'est normal...
J'avais finis par m'y loguer à l'arrache avec un user Unix, full permission avec chmod sur boite mail + usermode UID GID sur le user en question.
En clair, c'était Bagdad, pas toucher pour l'instant.

23 Install ISPConfig 3

To install ISPConfig 3 from the latest released version, do this:

Code:

cd /tmp
wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.2.1.tar.gz?use_mirror=
tar xvfz ISPConfig-3.0.2.1.tar.gz
cd ispconfig3_install/install/

(Replace ISPConfig-3.0.2.1.tar.gz with the latest version.)

The next step is to run

Code:

php -q install.php

This will start the ISPConfig 3 installer:

Citation :

>> Initial configuration

Operating System: Redhat or compatible, unknown version.

Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with .
Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]: <-- ENTER

Installation mode (standard,expert) [standard]: <-- ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <-- ENTER

MySQL server hostname [localhost]: <-- ENTER

MySQL root username [root]: <-- ENTER

MySQL root password []: <-- yourrootsqlpassword

MySQL database to create [dbispconfig]: <-- ENTER

MySQL charset [utf8]: <-- ENTER

Generating a 2048 bit RSA private key
......+++
.................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]: <-- ENTER
State or Province Name (full name) [Berkshire]: <-- ENTER
Locality Name (eg, city) [Newbury]: <-- ENTER
Organization Name (eg, company) [My Company Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, your name or your server's hostname) []: <-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring SASL
Configuring PAM
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring vlogger
Configuring Apps vhost
Configuring Firewall
Installing ISPConfig
ISPConfig Port [8080]: <-- ENTER

Configuring DBServer
Installing Crontab
no crontab for root
no crontab for getmail
Restarting services ...
Stopping MySQL: [ OK ]
Starting MySQL: [ OK ]
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
Stopping saslauthd: [FAILED]
Starting saslauthd: [ OK ]
Shutting down Mail Virus Scanner (amavisd): [FAILED]
Starting Mail Virus Scanner (amavisd): [ OK ]
Stopping Dovecot Imap: [ OK ]
If you have trouble with authentication failures,
enable auth_debug setting. See http://wiki.dovecot.org/WhyDoesItNotWork
This message goes away after the first successful login.
Starting Dovecot Imap: [ OK ]
Stopping httpd: [ OK ]
[Tue May 25 18 2010] [warn] NameVirtualHost *:80 has no VirtualHosts
Starting httpd: [ OK ]
Stopping pure-ftpd: [ OK ]
Starting pure-ftpd: [ OK ]
Installation completed.
[root@server1 install]#

The installer automatically configures all underlying services, so no manual configuration is needed.

Afterwards you can access ISPConfig 3 under http://server1.example.com:8080/ or http://192.168.0.100:8080/. Log in with the username admin and the password admin (you should change the default password after your first login):





The system is now ready to be used.

Fin de l'installation (c'est la que j'ai commencé à galérer, mais vous aurez pas a vivre l'enfer

La suite ici
https://tssisaison4.forumsactifs.com/tutoriels-f1/configuration-d-ispconfig-postfix-dovecot-amavisd-t95.htm

mkdir /etc/amavisd
ln -s /etc/amavisd.conf /etc/amavisd/amavisd.conf

pour régler le soucis sur amavisd