Posts Tagged ‘ISPConfig 3’
How to set the PassivePortRange in pure-ftpd on Debian and Ubuntu Linux
If you run a firewall on your Linux server and want to use passive FTP connections, you have to define the passive port range in pure-ftpd and your firewall to ensure that the connections dont get blocked. The following example is for pure-ftpd on Debian or Ubuntu Linux and ISPConfig 3:
1) Configure pure-ftpd
echo “40110 40210″ > /etc/pure-ftpd/conf/PassivePortRange
/etc/init.d/pure-ftpd-mysql restart
2) Configure the firewall. If you use ISPConfig 3 on my server to configure the bastille firewall, you can add the nescessera port range in the ISPConfig firewall settings.
Change the list of Open TCP ports from:
20,21,22,25,53,80,110,143,443,3306,8080,10000
to:
20,21,22,25,53,80,110,143,443,3306,8080,10000,40110:40210
and then click on “Save”.
How to redirect an HTTP connection to HTTPS in apache webserver
Http connections can be redirected to https with the apache mod_rewrite module, which should be available in every apache installation. Create a file with the name .htaccess in the website root directory which contains the following lines:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
If you use ISPConfig 2 or 3, you can add these lines also in the apache directives field of the website settings form instead of adding them to a .htaccess file. But the approach with the .htaccess file will work on ISPConfig as well.
Is there a recommended Linux distribution for ISPConfig 3?
ISPconfig 3 is developed on Debian Linux, this means that Debian is the most tested Linux distribution for ISPConfig. Additionally, Debian has almost all required software packages for ISPConfig in its main repositories without the need to compile them manually and Debian has proven to be very stable in Server enviroments.
This leads to my personal recommendation to use Debian Linux for ISPConfig.
Install postfix with MySQL support on CentOS 5.3 (64Bit)
The following article explains the steps to compile postfix MTA with MySQL support on CentOS 5.3 as e.g. needed for ISPConfig 3.
Remove the postfix package from CentOS which does not has MySQL support:
/etc/init.d/postfix stop
rpm -e –nodeps postfix
Download the postfix source RPM and install it:
cd /tmp
wget http://mirror.rackspace.com/CentOS/5.3/os/SRPMS/postfix-2.3.3-2.1.el5_2.src.rpm
rpm -i postfix-2.3.3-2.1.el5_2.src.rpm
Edit the spec file to enable MySQL support.
vi /usr/src/redhat/SPECS/postfix.spec
and change the line:
%define MYSQL 0
to:
%define MYSQL 1
Install a few prerequisites before we build the new postfix RPM package
yum install pcre-devel mysql-devel
Build the postfix RPM with MySQL support:
rpmbuild -ba /usr/src/redhat/SPECS/postfix.spec
and install it.
cd /usr/src/redhat/RPMS/x86_64
rpm -i postfix-2.3.3-2.1.x86_64.rpm
Start postfix and configure it to be started at boot time:
/etc/init.d/postfix start
chkconfig –levels 235 postfix on
Change the language of webalizer statistics on Debian and Ubuntu Linux
The language of the generated webslizer statistics is statically compiled into the webalizer binary. To change the language, webalizer has to be recompiled. In the following example, I will recompile webalizer to change the language to german.
Uninstall webalizer and install the GD library:
apt-get remove webalizer
apt-get install libgd2-xpm-dev
Download the latest webalizer sources and uncompress the tar archive:
cd /tmp
wget http://archive.mgm51.com/mirrors/webalizer-files/webalizer-2.01-10-src.tgz
tar xzf webalizer-2.01-10-src.tgz
cd webalizer-2.01-10
Reconfigure and compile webalizer
./configure –with-language=german
make
make install
Create a symlink so that other applications find the webalizer binary in the common place
ln -s /usr/local/bin/webalizer /usr/bin/webalizer
Cleanup
rm -f /tmp/webalizer-2.01-10-src.tgz
rm -rf /tmp/webalizer-2.01-10
Thanks to planet_fox for this FAQ.
pure-ftpd does not show more then 2000 files on Debian and Ubuntu
The pure-ftp daemon by default has a recursion limit of 2000 files, this prevents the server from showing more then 2000 files when you browse a directory with a FTP client. To expand this Limit to e.g 5000 files, create or edit the file /etc/pure-ftpd/conf/LimitRecursion and add a line “5000 500″:
echo “5000 500″ > /etc/pure-ftpd/conf/LimitRecursion
and then restart pureftpd:
/etc/init.d/pure-ftpd-mysql restart
How to enable DKIM email signatures in amavisd-new and ISPConfig 3
DKIM is a system to verify the sender and integrity of emails. ISPConfig 3 uses amavisd-new as content filter for spam and virus scanning and amavisd-new is also able to sign messages with DKIM. The next steps explain how to configure amavisd-new to sign messages for a domain named “example.com” with DKIM. The steps below should work with any amavisd-new setup even if you do not use ISPConfig.
1) Create the domain key:
mkdir /var/db/dkim/
amavisd genrsa /var/db/dkim/example-foo.key.pem
2) Configure amavisd to use this key for the domain example.com. Edit the amavisd configuration file
vi /etc/amavisd/amavisd.conf
and add the following lines:
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key(‘example.com’, ‘foo’, ‘/var/db/dkim/example-foo.key.pem’);
@dkim_signature_options_bysender_maps = (
{ ‘.’ => { ttl => 21*24*3600, c => ‘relaxed/simple’ } } );
@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
192.168.0.0/16); # list your internal networks
3) Run the command:
amavisd showkeys
to get the public key that has to be added as TXT record in the DNS server of the example.com DNS server.
4) Thest the setup with the command:
amavisd testkeys
and if it works properly, restart amavisd:
/etc/init.d/amavis restart
Here is a more detailed description in the amavisd-new manual on how to setup DKIM in amavisd-new:
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
Blocking .exe attachments with postfix or amavisd-new and ISPConfig 3
If you use postfix and / or amavisd-new on the mail server, you can use the following recipes to block emails with executable (exe, bat, scr) attachments.
Block the attachments with a postfix header filter
In ISPConfig, click on “Email in the upper menu, then on “Content filter” in the left menu and click on the “Add new content filter” button. Enter the following details:
Filter:
MIME-Header Filter
Regexp. Pattern:
/^Content-(Disposition|Type).*name\s*=\s*”?(.*\.(bat|exe|scr))(\?=)?”?\s*(;|$)/x
Data:
File extension is blacklisted on this server
Action:
DISCARD
Use amavisd-new to block the emails with executable attachments.
Edit the amavisd configuration file (/etc/amavisd.conf or /etc/amavisd/amavisd.conf)
vi /etc/amavisd/amavisd.conf
and add the following lines:
$banned_filename_re = new_RE(
qr’.\.(bat|exe|scr)$’i,
qr’^\.(exe|zip|lha|tnef)$’i,
);
then restart amavisd-new:
/etc/init.d/amavis restart
How to access a namebased website without a DNS record
If you want to access a namebased website that you created e.g. in ISPConfig before the DNS records are setup, edit the hosts file on your workstation computer and add a line like this:
192.168.0.100 www.mydomain.com
Replace the IP address with the IP of your server and www.mydomain.com with the domain name of the website.
The hosts file on linux and MAC systems is /etc/hosts, on Windows systems the hosts file is C:\Windows\system32\drivers\etc\hosts
The above trick also works if you want to run a website in your internal network (intranet) without having a DNS server availalble for local dns resolving.
ISPConfig 3: How to send copys of incoming emails to other mailboxes
A copy of a incoming email can be sent to a second email address by adding a cc command to the “Custom Rules” field of the mailbox in ISPConfig.
ISPConfig supports sieve as well as maildrop filter rules. The rule language depends on the LDA / POP3 / IMAP-Daemon that you use on your server. If you use courier, then the filter language is maildrop. When dovecot is installed, then the filter language is ieve.
Example in maildrop syntax:
To send a copy to the email address info@example.tld, add the following code at the beginning of the custom rules field.
cc '!info@example.tld'
Example in sieve syntax:
redirect 'info@example.tld';
keep;