Archive for the ‘Controlpanels’ Category
How to set the PassivePortRange in pure-ftpd on Debian and Ubuntu Linux
If you run a firewall on your Linux server and want to use passive FTP connections, you have to define the passive port range in pure-ftpd and your firewall to ensure that the connections dont get blocked. The following example is for pure-ftpd on Debian or Ubuntu Linux and ISPConfig 3:
1) Configure pure-ftpd
echo “40110 40210″ > /etc/pure-ftpd/conf/PassivePortRange
/etc/init.d/pure-ftpd-mysql restart
2) Configure the firewall. If you use ISPConfig 3 on my server to configure the bastille firewall, you can add the nescessera port range in the ISPConfig firewall settings.
Change the list of Open TCP ports from:
20,21,22,25,53,80,110,143,443,3306,8080,10000
to:
20,21,22,25,53,80,110,143,443,3306,8080,10000,40110:40210
and then click on “Save”.
How to redirect an HTTP connection to HTTPS in apache webserver
Http connections can be redirected to https with the apache mod_rewrite module, which should be available in every apache installation. Create a file with the name .htaccess in the website root directory which contains the following lines:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
If you use ISPConfig 2 or 3, you can add these lines also in the apache directives field of the website settings form instead of adding them to a .htaccess file. But the approach with the .htaccess file will work on ISPConfig as well.
Is there a recommended Linux distribution for ISPConfig 3?
ISPconfig 3 is developed on Debian Linux, this means that Debian is the most tested Linux distribution for ISPConfig. Additionally, Debian has almost all required software packages for ISPConfig in its main repositories without the need to compile them manually and Debian has proven to be very stable in Server enviroments.
This leads to my personal recommendation to use Debian Linux for ISPConfig.
I get the following error message after an Ubuntu upgrade: s_connect() failed: Permission denied Invalid user specified.
After running a system upgrade on your Ubuntu based ISPConfig 3 server, it might happen that aptitude overwrites some config files from postfix especially the main.cf file. To fix this, download the latest ISPConfig 3 installer, unpack it and run the update.php script. Choose “yes” when the updater asks if the services shall be reconfigured. ISPConfig will replace the configuration files that had been modified by the ubuntu upgrade.
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php
How to add a root SSL certificate in ISPConfig 2
Most SSL authorities (like godaddy or instantssl) send you a root certificate which has to be installed beside the SSL certificate to proove that the SSL cert is signed from a trusted authority. To add such a root SSL certificate in ISPConfig, copy the file to the ssl subfolder of the website and then add this line into the apache directives field of the website in ISPConfig:
SSLCACertificateFile /var/www/www.yourdomain.tld/ssl/ca.txt
The path to the root certificate file has to be changed to match the path on your system.
Install postfix with MySQL support on CentOS 5.3 (64Bit)
The following article explains the steps to compile postfix MTA with MySQL support on CentOS 5.3 as e.g. needed for ISPConfig 3.
Remove the postfix package from CentOS which does not has MySQL support:
/etc/init.d/postfix stop
rpm -e –nodeps postfix
Download the postfix source RPM and install it:
cd /tmp
wget http://mirror.rackspace.com/CentOS/5.3/os/SRPMS/postfix-2.3.3-2.1.el5_2.src.rpm
rpm -i postfix-2.3.3-2.1.el5_2.src.rpm
Edit the spec file to enable MySQL support.
vi /usr/src/redhat/SPECS/postfix.spec
and change the line:
%define MYSQL 0
to:
%define MYSQL 1
Install a few prerequisites before we build the new postfix RPM package
yum install pcre-devel mysql-devel
Build the postfix RPM with MySQL support:
rpmbuild -ba /usr/src/redhat/SPECS/postfix.spec
and install it.
cd /usr/src/redhat/RPMS/x86_64
rpm -i postfix-2.3.3-2.1.x86_64.rpm
Start postfix and configure it to be started at boot time:
/etc/init.d/postfix start
chkconfig –levels 235 postfix on
Change the language of webalizer statistics on Debian and Ubuntu Linux
The language of the generated webslizer statistics is statically compiled into the webalizer binary. To change the language, webalizer has to be recompiled. In the following example, I will recompile webalizer to change the language to german.
Uninstall webalizer and install the GD library:
apt-get remove webalizer
apt-get install libgd2-xpm-dev
Download the latest webalizer sources and uncompress the tar archive:
cd /tmp
wget http://archive.mgm51.com/mirrors/webalizer-files/webalizer-2.01-10-src.tgz
tar xzf webalizer-2.01-10-src.tgz
cd webalizer-2.01-10
Reconfigure and compile webalizer
./configure –with-language=german
make
make install
Create a symlink so that other applications find the webalizer binary in the common place
ln -s /usr/local/bin/webalizer /usr/bin/webalizer
Cleanup
rm -f /tmp/webalizer-2.01-10-src.tgz
rm -rf /tmp/webalizer-2.01-10
Thanks to planet_fox for this FAQ.
pure-ftpd does not show more then 2000 files on Debian and Ubuntu
The pure-ftp daemon by default has a recursion limit of 2000 files, this prevents the server from showing more then 2000 files when you browse a directory with a FTP client. To expand this Limit to e.g 5000 files, create or edit the file /etc/pure-ftpd/conf/LimitRecursion and add a line “5000 500″:
echo “5000 500″ > /etc/pure-ftpd/conf/LimitRecursion
and then restart pureftpd:
/etc/init.d/pure-ftpd-mysql restart
How to enable DKIM email signatures in amavisd-new and ISPConfig 3
DKIM is a system to verify the sender and integrity of emails. ISPConfig 3 uses amavisd-new as content filter for spam and virus scanning and amavisd-new is also able to sign messages with DKIM. The next steps explain how to configure amavisd-new to sign messages for a domain named “example.com” with DKIM. The steps below should work with any amavisd-new setup even if you do not use ISPConfig.
1) Create the domain key:
mkdir /var/db/dkim/
amavisd genrsa /var/db/dkim/example-foo.key.pem
2) Configure amavisd to use this key for the domain example.com. Edit the amavisd configuration file
vi /etc/amavisd/amavisd.conf
and add the following lines:
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key(‘example.com’, ‘foo’, ‘/var/db/dkim/example-foo.key.pem’);
@dkim_signature_options_bysender_maps = (
{ ‘.’ => { ttl => 21*24*3600, c => ‘relaxed/simple’ } } );
@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
192.168.0.0/16); # list your internal networks
3) Run the command:
amavisd showkeys
to get the public key that has to be added as TXT record in the DNS server of the example.com DNS server.
4) Thest the setup with the command:
amavisd testkeys
and if it works properly, restart amavisd:
/etc/init.d/amavis restart
Here is a more detailed description in the amavisd-new manual on how to setup DKIM in amavisd-new:
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
Blocking .exe attachments with postfix or amavisd-new and ISPConfig 3
If you use postfix and / or amavisd-new on the mail server, you can use the following recipes to block emails with executable (exe, bat, scr) attachments.
Block the attachments with a postfix header filter
In ISPConfig, click on “Email in the upper menu, then on “Content filter” in the left menu and click on the “Add new content filter” button. Enter the following details:
Filter:
MIME-Header Filter
Regexp. Pattern:
/^Content-(Disposition|Type).*name\s*=\s*”?(.*\.(bat|exe|scr))(\?=)?”?\s*(;|$)/x
Data:
File extension is blacklisted on this server
Action:
DISCARD
Use amavisd-new to block the emails with executable attachments.
Edit the amavisd configuration file (/etc/amavisd.conf or /etc/amavisd/amavisd.conf)
vi /etc/amavisd/amavisd.conf
and add the following lines:
$banned_filename_re = new_RE(
qr’.\.(bat|exe|scr)$’i,
qr’^\.(exe|zip|lha|tnef)$’i,
);
then restart amavisd-new:
/etc/init.d/amavis restart