Change the language of webalizer statistics on Debian and Ubuntu Linux

The language of the generated Webalizer statistics is statically compiled into the Webalizer binary. To change the language, Webalizer has to be recompiled. In the following example, I will recompile Webalizer to change the language to german.

Uninstall Webalizer and install the GD library:

apt-get remove webalizer
apt-get install libgd2-xpm-dev

Download the latest Webalizer sources and uncompress the tar archive:

cd /tmp
tar xzf webalizer-2.23-08-src.tgz
cd webalizer-2.23-08

Reconfigure and compile Webalizer:

./configure --with-language=german
make install

Create a symlink so that other applications find the Webalizer binary in the common place:

ln -s /usr/local/bin/webalizer /usr/bin/webalizer


rm -f /tmp/webalizer-2.23-08-src.tgz
rm -rf /tmp/webalizer-2.23-08

Thanks to planet_fox for this FAQ.

pure-ftpd does not show more then 2000 files on Debian and Ubuntu

The pure-ftp daemon by default has a recursion limit of 2000 files, this prevents the server from showing more then 2000 files when you browse a directory with a FTP client. To expand this Limit to e.g 5000 files, create or edit the file /etc/pure-ftpd/conf/LimitRecursion and add a line "5000 500":

echo "5000 500" > /etc/pure-ftpd/conf/LimitRecursion

and then restart pureftpd:

/etc/init.d/pure-ftpd-mysql restart

How to enable DKIM email signatures in amavisd-new and ISPConfig 3

DKIM is a system to verify the sender and integrity of emails. ISPConfig 3 uses amavisd-new as content filter for spam and virus scanning and amavisd-new is also able to sign messages with DKIM. The next steps explain how to configure amavisd-new to sign messages for a domain named "" with DKIM. The steps below should work with any amavisd-new setup even if you do not use ISPConfig.

1) Create the domain key:

mkdir /var/db/dkim/
amavisd genrsa /var/db/dkim/example-foo.key.pem

2) Configure amavisd to use this key for the domain Edit the amavisd configuration file

vi /etc/amavisd/amavisd.conf

and add the following lines:

$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key('', 'foo', '/var/db/dkim/example-foo.key.pem');
@dkim_signature_options_bysender_maps = (
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
@mynetworks = qw(;  # list your internal networks

3) Run the command:

amavisd showkeys

to get the public key that has to be added as TXT record in the DNS server of the DNS server.

4) Thest the setup with the command:

amavisd testkeys

and if it works properly, restart amavisd:

/etc/init.d/amavis restart

Here is a more detailed description in the amavisd-new manual on how to setup DKIM in amavisd-new:

Blocking .exe attachments with postfix or amavisd-new and ISPConfig 3

If you use postfix and / or amavisd-new on the mail server, you can use the following recipes to block emails with executable (exe, bat, scr) attachments.

Block the attachments with a postfix header filter

In ISPConfig, click on "Email in the upper menu, then on "Content filter" in the left menu and click on the "Add new content filter" button. Enter the following details:


MIME-Header Filter

Regexp. Pattern:



File extension is blacklisted on this server



Use amavisd-new to block the emails with executable attachments.

Edit the amavisd configuration file (/etc/amavisd.conf or /etc/amavisd/amavisd.conf)

vi /etc/amavisd/amavisd.conf

and add the following lines:

$banned_filename_re = new_RE(

then restart amavisd-new:

/etc/init.d/amavis restart

How to access a namebased website without a DNS record

If you want to access a namebased website that you created e.g. in ISPConfig before the DNS records are setup, edit the hosts file on your workstation computer and add a line like this:

Replace the IP address with the IP of your server and with the domain name of the website.

The hosts file on linux and MAC systems is /etc/hosts, on Windows systems the hosts file is C:\Windows\system32\drivers\etc\hosts

The above trick also works if you want to run a website in your internal network (intranet) without having a DNS server availalble for local dns resolving.

ISPConfig 3: How to send copys of incoming emails to other mailboxes

A copy of a incoming email can be sent to a second email address by adding a cc command to the "Custom Rules" field of the mailbox in ISPConfig.

ISPConfig supports sieve as well as maildrop filter rules. The rule language depends on the LDA / POP3 / IMAP-Daemon that you use on your server. If you use courier, then the filter language is maildrop. When dovecot is installed, then the filter language is ieve.

Example in maildrop syntax:

To send a copy to the email address [email protected], add the following code at the beginning of the custom rules field.

cc '![email protected]'

Example in sieve syntax:

redirect '[email protected]';

Solve error message: PHP Startup: Unable to load dynamic library

If you get the following error message in Ubuntu when you use PHP based shell scripts:

PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20060613+lfs/' - /usr/lib/php5/20060613+lfs/ cannot open shared object file: No such file or directory in Unknown on line 0

Then edit the file /etc/php5/cli/php.ini:

vi /etc/php5/cli/php.ini

and remove the lines:

Extension = ""
config_file = ".htaccess"
default_docroot = "/var/www"

As the htscanner module works only for scripts within webservers but not for commandline scripts.

Postfix: “queue file write error”

If you get an error like:

Aug 21 12:41:03 webb4 postfix/sendmail[11234]: fatal: web1_user(12967): queue file write error

in your mail log, then the vale for message_size_limit in postfix is too low. Edit postfix

vi /etc/postfix/

and set the message size limit to a higher value. E.g.

mesage_size_limit = 900000000

and restart postfix:

/etc/init.d/postfix restart

If there is no message_size_limit set in, just add the line.

Set stricter PHP settings to secure joomla and wordpress installations

If you run a joomla or wordpress installation with mod_php, the following settings in the vhost configuration file or the "Apache directives" field in ISPConfig can be used to set stricter securitypolicys. This helps limit the impact of a possible hack to this websiteand protect the other sites on the server.

php_admin_value disable_functions "show_source system shell_exec passthru exec phpinfo popen proc_open"
php_admin_flag allow_url_fopen Off
php_admin_value session.save_path "/var/www/webXXX/phptmp/"
php_admin_value open_basedir "/var/www/webXXX/:/tmp"


disable_functions disables functions that have a potential security impact e.g. because they allow the execution of external applications.

allow_url_fopen disables the ablity to open files via an URL.

session.save_path sets the path were php stores its session files. For ISPConfig 2, the path is e.g. "/var/www/webXXX/phptmp/" and for ISPConfig 3 the path is like "/var/www/clients/client1/web1/tmp/" If you dont use ISPConfig, set this path to a directory which is writable for the webserver user. the directory should be unique for every website.

open_basedir sets the path were php scripts are allowed to open files. For ISPConfig 2, the path is like  "/var/www/webXXX/" and for ISPConfig 3 the path is like "/var/www/clients/client1/web1/" If you dont use ISPConfig, set this path to a the root directory of this vhost. With :/tmp we allow php scripts to use also the /tmp directory of the server.

Configure fail2ban to use route instead of iptables to block connections

Fail2ban uses iptables by default to block incoming connections when they exceed the max.  login retrys. The iptables rules used by fail2ban might conflict with the firewall rules, so it might be nescessary to reconfigure fail2ban to use the route command for blocking incoming connections.

To reconfigure fail2ban for using the route command instead of iptables, edit or create the route.conf file:

vi /etc/fail2ban/action.d/route.conf

And insert the following lines:

# Fail2Ban configuration file

actionban = ip route add unreachable <ip>
actionunban = ip route del unreachable <ip>

Then add or change the banaction in the jail.local file in the [DEFAULT] section to "route":

vi /etc/fail2ban/jail.local

And add or edit these lines:

# Fail2Ban configuration file


banaction = route