Archive for the ‘ISPConfig 2’ Category
Update to latest Spamassassin filter rules in ISPConfig 2
The ISPConfig 2 controlpanel installs its own copy of Spamassassin in the folder /home/admispconfig/ispconfig/tools/spamassassin . To update the Spamassassin filter rules in ISPConfig 2, run this command as root user:
/home/admispconfig/ispconfig/tools/spamassassin/usr/bin/sa-update
To test if Spamassassin works with the new ruleset, run this command:
/home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin –lint
If it does not return an error message, then Spamassassin is working correctly.
Webalizer: Error Opening file /usr/share/GeoIP/GeoIP.dat on Debian Linux
The webalizer package in Debain 6 has currently small bug as the required package for the GeoIP database is not installed automatically when webalizer is isntalled. The symptoms are that webalizer statistics are not created and this error message is displayed when webalizer is run:
Error Opening file /usr/share/GeoIP/GeoIP.dat
The solution is to install the missing package manually:
apt-get install geoip-database
Send all outgoing email trough one IP address in postfix
When a server has more then one IP address, then postfix will use all IP addresses randomly to send out emails. This can cause your emails to be listed as SPAM on other servers because the sending IP does not match the reverse IP of the server hostname. The solution is to bind postfix to the primary IP address of the server.
Edit the postfix main.cf file:
vi /etc/postfix/main.cf
and add the line:
smtp_bind_address = 192.168.0.1
were 192.168.0.1 has to be replaced with the primary IP address of the server. Then restart postfix:
/etc/init.d/postfix restart
Fix for Courier IMAP Error: check for configuration errors with the FAM/Gamin library
I’ve got the following error message on Debian Linux (6.0) with Courier IMAP server:
Filesystem notification initialization error -- contact your mail administrator (check for configuration errors with the FAM/Gamin library)
when I tried to access a IMAP share. The resaon for the problem seems to be that the “fam” package was not working correctly. The solution is to install the gamin package which can replace fam in a courier setup:
apt-get install gamin
Dont worry when you get a message from apt that libfam0 gets uninstalled but is required by courier. This had no geative effects on my server.
Prevent DOS attacks on apache webserver for DEBIAN linux with mod_evasive
The following guide explains the installation of the apache module “mod_evasive”. Mod_evasive tracks the number of requests of files at the apache webserver and blocks the delivery in case that a certain limit has been reached.
Installation
apt-get install libapache2-mod-evasive
Create the log directory for mod_evasive
mkdir -p /var/log/apache2/evasive
chown -R www-data:root /var/log/apache2/evasive
Now we add the configuration for the module at the end of the file /etc/apache2/mods-available/mod-evasive.load
vi /etc/apache2/mods-available/mod-evasive.load
so that it looks like this:
LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 5
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSLogDir “/var/log/apache2/evasive”
and restart apache:
/etc/init.d/apache2 restart
How to solve the PHP XCache error: /dev/zero: No space left on device
If you get the error “/dev/zero: No space left on device” in the apache error.log on a OpenVZ virtual machine, then the shared memory size in the xcache.ini is too high or the xcache.mm_path is set wrong.
Edit the file /etc/php5/conf.d/xcache.ini
vi /etc/php5/conf.d/xcache.ini
and check the mm_path. On a OpenVZ virtual machine it should be set to “/tmp/xcache” as /dev/zero might not work correctly in a virtual machine:
xcache.mmap_path = “/tmp/xcache”
Then restart apache2:
/etc/init.d/apache2 restart
and check if the error has been resolved.
If the roor still occurs after some time, you will have to reduce the xcache.size.
Edite the xcache.ini file:
vi /etc/php5/conf.d/xcache.ini
and set xcache.size to e.g. 8 MB
xcache.size = 8M
Then restart apache2:
/etc/init.d/apache2 restart
Secure /tmp and /dev/shm directories in a OpenVZ enviroment
The /tmp and /dev/shm directories of a OpenVZ virtual machine shall be mounted without suid and exec permissions. To achieve this, create a a shell script on the host server for every virtual machine which contains the commands to remount the directories. This script will be started automatically by openvz when the VM is started.
I will use VPSID as placeholder for the ID of the virtual machine in the commands and the script. Replace VPSID with the id of the virtual machine that you want to create the script for, e.g. replace VPSID with 101.
Create the script:
vi /etc/vz/conf/VPSID.mount
and insert the following lines:
#!/bin/bash
mount -n –bind -onosuid,noexec /vz/vps/VPSID/tmp /vz/root/VPSID/tmp
mount -n –bind -onosuid,noexec /vz/vps/VPSID/shm /vz/root/VPSID/dev/shm
exit ${?}
now make the sscript executable:
chmod 700 /etc/vz/conf/VPSID.mount
Migrate physical server system to OpenVZ virtual machine
In case you plan to virtualize your server infrastructure and migrate physical servers to OpenVZ virtual machines, you may find this tutorial helpful:
http://wiki.openvz.org/Physical_to_container
I used this to migrate a ISPConfig Debian system to OpenVZ successfully.
How to update Spamassassin on ISPConfig 2
The spamassassin installation on a ISPConfig 2 server is normally updated together with ISPConfig. Here are the steps iIf you want to update spamassassin manually without updating ISPConfig 2:
Download the latest Spamassassin sources and unpack the tar.gz file
cd /tmp
wget http://ftp.fernuni-hagen.de/ftp-dir/pub/mirrors/\
www.apache.org/spamassassin/source/Mail-SpamAssassin-3.3.1.tar.gz
tar xfz Mail-SpamAssassin-3.3.1.tar.gz
Configure, make and install spamassassin
cd Mail-SpamAssassin-3.3.1
perl Makefile.PL PREFIX=/home/admispconfig/ispconfig/tools/\
spamassassin/usr SYSCONFDIR=/home/admispconfig/ispconfig/\
tools/spamassassin/etc
make
make install
Cleanup
cd ..
rm -f Mail-SpamAssassin-3.3.1.tar.gz
rm -rf Mail-SpamAssassin-3.3.1
How to enable port 587 (submission) in postfix
Some internet access providers have port 25 disabled in their routers to prevent spam. If you run your own mailserver in a datacenter, you might have to enable the submission port (587) in postfix to be able to send emails from your local email client to your own mailserver.
To enable port 587, edit the file /etc/postfix/master.cf
vi /etc/postfix/master.cf
and remove the # in front of the line:
#submission inet n – n – – smtpd
so that it looks like this:
submission inet n – n – – smtpd
and restart postfix:
/etc/init.d/postfix restart