How to Install Hosting Control Panel - VHCS2
============================================
1. install Debian Lenny (Debian 5.0)
1.1) sudo nano /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.x
netmask 255.255.255.0
gateway 192.168.1.1
network 192.168.1.0
broadcast 192.168.1.255
sudo /etc/init.d/networking restart
1.2) install ssh
apt-get install ssh openssh-server
1.3) via ssh
a) ssh setting
===========
protocol ssh2
hostname 192.168.1.101
port 22
username XXX
authentication password
password XXXXXXserver01
1.4) nano /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.101 server01.99webhosting.com server01
/etc/init.d/hostname.sh start
test: hostname
hostname –f
1.5) nano /etc/resolv.conf
domain 99webhosting.com
search 99webhosting.com
nameserver 192.168.1.101
nameserver 192.168.1.102
nameserver 207.69.188.185
nameserver 207.69.188.186
nameserver 207.69.188.187
1.6) change the default Shell:
rm -f /bin/sh
ln -s /bin/bash /bin/sh
1.7) update and install
aptitude update
aptitude upgrade
aptitude install tar bzip2 wget lsb-release
2. install some packages
2.1) cd tmp
2.2) nano debian5-packages.txt
apache2
apache2.2-common
apache2-mpm-prefork
bind9
bzip2
courier-authdaemon
courier-base
courier-imap
courier-maildrop
courier-pop
diff
dnsutils
gcc
gzip
iptables
libapache2-mod-php5
libberkeleydb-perl
libc6-dev
libcrypt-blowfish-perl
libcrypt-cbc-perl
libcrypt-passwdmd5-perl
libdate-calc-perl
libdate-manip-perl
libdbd-mysql-perl
libdbi-perl
libio-stringy-perl
libmail-sendmail-perl
libmailtools-perl
libmcrypt4
libmd5-perl
libmime-perl
libnet-dns-perl
libnet-netmask-perl
libnet-perl
libnet-smtp-server-perl
libperl5.10
libsasl2-2
libsasl2-modules
libsnmp-session-perl
libterm-readkey-perl
libterm-readpassword-perl
libtimedate-perl
make
mysql-client
mysql-common
mysql-server
original-awk
patch
perl
perl-base
perl-modules
php5
php5-gd
php5-mcrypt
php5-mysql
php-pear
postfix
postfix-tls
procmail
proftpd
sasl2-bin
ssh
tar
wget
2.3) aptitude install $(cat ./debian5-packages.txt)
2.3) answer questions, and edit /etc/default/saslauthd
1) New Password for MYSQL "root" user:
2) General type of mail configuration: --> Internet Site
3) System mail name:
4) ProFTPd configuration: standalone
3. Shutdown unwanted services from inetd
update-inetd --remove daytime
update-inetd --remove telnet
update-inetd --remove time
update-inetd --remove finger
update-inetd --remove talk
update-inetd --remove ntalk
update-inetd --remove ftp
update-inetd --remove discard
4. some config and test
4.1) sasl
nano /etc/default/saslauthd
START=yes
4.2) postfix
a) nano /etc/postfix/main.cf
myhostname = mail.99webhosting.com
mydestination = 99webhosting.com, server01.99webhosting.com, localhost.99webhosting.com, localhost
b) nano /etc/mailname
99webhosting.com
c) test: 1) telnet localhost 25
ehlo localhost
2) send mail: date | mail -s “testing” rXXX7777777@gmail.com //note: apt-get install mailutils
3) monitoring: tail -f /var/log/mail.log
4.3) Courier-IMAP / POP3
test: telnet localhost imap / pop3
4.4) Anti-Spam / virus
4.4.1) installation
sudo apt-get install amavisd-new spamassassin clamav-daemon
sudo apt-get install dkim-filter python-policyd-spf
sudo apt-get install pyzor razor
sudo apt-get install arj cabextract cpio nomarch pax unzip zip zoo
or:
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop pax
4.4.2) configuration
a) ClamAV
add clamav user to the amavis group in order for
Amavisd-new to have the appropriate access to scan files
(sudo nano /etc/clamav)
sudo adduser clamav amavis
b) Spamassassin
sudo nano /etc/default/spamassassin
ENABLED=1 #activate the Spamassassin daemon
then start it: sudo /etc/init.d/spamassassin start
c) Amavisd-new
1) activate spam and antivirus detection in Amavisd-new
sudo nano /etc/amavis/conf.d/15-content_filter_mode
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
2*) Bouncing spam is the default, you may discard it as bellow
sudo nano /etc/amavis/conf.d/20-debian_defaults
$final_spam_destiny = D_DISCARD;
3) nano /etc/amavis/conf.d/05-node_id
$myhostname = "mail.99webhosting.com";
4) nano /etc/amavis/conf.d/50-user
$pax='pax';
5) /etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart
d) DKIM Whitelist
(once a domain has been added to the Whitelist, the message will not
receive any anti-virus or spam filtering.)
nano /etc/amavis/conf.d/40-policy_banks
(Now restart Postfix: sudo /etc/init.d/postfix restart)
4.4.3) test
a) Amavisd-new SMTP is listening (directly in Ubuntu system)
telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
^]
4.5) apache2
http://192.168.1.101
4.6) sql
4.6.1) create database and user
# mysql -u root -p
create database 99webhosting;
use 99webhosting
grant all privileges on *.* to 'XXX'@'localhost' identified by 'XXXXXXmysql' with grant option;
\q
4.6.2) install
apt-get install mysql-server mysql-client libmysqlclient15-dev
apt-get install phpmyadmin
4.6.3) test: http://192.168.1.101/phpmyadmin/
4.7) BIND9
test:
1) /etc/init.d/bind9 restart
2) to add the ip of the DNS server (the localhost) to your /etc/resolv.conf to use it:
nano /etc/resolv.conf
nameserver 127.0.0.1
3) ping www.google.com
4.8) FTP
test: /etc/init.d/proftpd restart
telnet localhost ftp
5. mount the external disk
5.1) to make hard disk ready
1) check partition
fdisk -l
2) make partition type (Linux), for ext2 and ext3:
fdisk /dev/sdb
3) make file system (format)
mke2fs /dev/sdb1
(Ext3 requires one more step:)
tune2fs -j /dev/sdb1 (creates the ext3 journal)
4) change the frequency of forced file system checking (wouldn't do this routine checking)
tune2fs -c 0 /dev/sdb1
tune2fs -i 0 /dev/sdb1
5.2) mkdir /media/disk500GB
chmod -R 777 /media/disk500GB
5.3) mount -t ext3 /dev/sdb1 /media/disk500GB
or:
1) nano /etc/fstab
/dev/sdb1 /media/disk500GB ext3 defaults 0 0
2) reboot or mount -a
5.4) check: mount
5.5) fix
1) nano /usr/share/initramfs-tools/init
maybe_break mount
sleep 10
log_begin_msg "Mounting root file system..."
2) /usr/sbin/update-initramfs -uk all
6. install Journaled Quota
6.1) aptitude install quota
6.2) nano /etc/fstab
(add "usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0" to the partition
where you want to use quota, mine the / partition):
/dev/mapper/server01-root / ext4 errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 1
6.3) To enable quota, run these commands:
touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
(ignore the warning msg, which occurs only first run)
how to turning Off Quotas:
--------------------------
quotaoff -v /
-----------
7. install Webalizer
7.1) apt-get install webalizer
7.2) Synchronize the System Clock
apt-get install ntp ntpdate
7.3) configure
nano /etc/webalizer/webalizer.conf
LogFile /var/log/apache2/access.log
7.4) restart:
/etc/init.d/apache2 restart
7.5) Running Webalizer manually first time
/usr/bin/webalizer
7.6) test:
http://192.168.1.101/webalizer
8. install VHCS2
=============
8.1) download
cd tmp
wget http://downloads.sourceforge.net/project/vhcs/VHCS%202.4/VHCS%202.4.8/vhcs-2.4.8.tar.bz2?use_mirror=iweb
tar xjvf vhcs-2.4.8.tar.bz2
cd vhcs-2.4.8
8.2)* Configuration File
1) nano /tmp/vhcs-2.4.8/configs/vhcs2.conf
DEFAULT_ADMIN_ADDRES = admin@99webhosting.com
SERVER_HOSTNAME = server01
BASE_SERVER_IP = 192.168.1.101
DATABASE_TYPE = mysql
DATABASE_HOST = localhost
DATABASE_NAME = 99webhosting
DATABASE_PASSWORD = XXXXXXmysql
DATABASE_USER = XXX
DATE_FORMAT = m.d.Y
8.3) make install
8.4) cp -R /tmp/vhcs-2.4.8/* /
8.5) to run the setup for vhcs:
/var/www/vhcs2/engine/setup/vhcs2-setup
Please to enter system hostname (for Enter defaults) [debian]: server01
Please to enter system network address (for Enter defaults) [10.0.0.69 ]: 192.168.1. 101
Please to enter SQL server host (for Enter defaults) [localhost]:
Please to enter system SQL database (for Enter defaults) [vhcs2]: 99webhosting
Please to enter system SQL to user (for Enter defaults) [root]: XXX
Please to enter system SQL password (for Enter defaults) [none]: XXXXXXmysql
Please repeat system SQL password: password
Please to enter VHCS FTP SQL to user (for Enter defaults) [vftp]: ftp_XXX
Please to enter VHCS FTP SQL to user password (for Enter defaults) [none]: XXXXXXftp
Please repeat VHCS FTP SQL to user password: XXXXXXxxx
Please to enter administrator login name (for Enter defaults) [admin]:XXX
Please to enter administrator password: XXXXXXhost
Administrator Please repeat password: XXXXXXhost
Please to enter administrator email address: admin@99webhosting.com
8.6) test: http://192.168.1.101/vhcs2
8.7) fix
1) FTP issue
=========
a) nano /etc/proftpd/proftpd.conf
include /etc/proftpd/modules.conf
DisplayfirstChdir -> DisplayChdir
(in addition:)
ServerIdent on "FTP Server Ready"
UseIPv6 off
b) nano /etc/proftpd/modules.conf
LoadModule mod_sql.c
LoadModule mod_sql_mysql.c
c) /etc/init.d/proftpd restart
d) test: telnet localhost ftp
2) smart host
==========
a) nano /etc/postfix/main.cf
#
# enable smart host
#
relayhost = [smtpauth.earthlink.net]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options =
b) Create the password maps file
nano /etc/postfix/sasl_password
smtpauth.earthlink.net shaojunXXX@earthlink.net:password
c) Set proper permissions for the password maps file
chown root:root /etc/postfix/sasl_password
chmod 600 /etc/postfix/sasl_password
d) Create hash from maps file
sudo postmap hash:/etc/postfix/sasl_password
(in addition:)
content_filter = amavis:[127.0.0.1]:10024
e) /etc/init.d/postfix restart
f) test:
1) saslfinger -c
2) telnet localhost 25
ehlo localhost
(If you see the lines 250-STARTTLS and 250-AUTH everything is fine.)
3) send mail:
apt-get install mailutils
date | mail -s “testing” rXXX7777777@gmail.com
4) monitoring: tail -f /var/log/mail.log
3) error (Notice: Undefined index: /dev/shm in /var/www/vhcs2/gui/include/phpsysinfo/class.Linux.inc.php on line 525)
=====
nano /var/www/vhcs2/gui/include/phpsysinfo/class.Linux.inc.php
replace the fuction filesystem () with below:
http://www.icc-computer.com/HowTo/WebHostingHowTo/function%20filesystems.txt
4) language
========
5) error ()
apt-get install PHP5 (http://www.debianhelp.co.uk/php5.htm)
apt-get install libapache2-mod-php5 libapache2-mod-perl2 php5 php5-cli php5-common php5-curl php5-dev php5-domxml php5-gd php5-imap php5-ldap php5-mcal php5-mhash php5-mysql php5-odbc php5-pear php5-xslt
apt-get install php5-imap
6) email sent from localhost bounced
a) nano /etc/postfix/main.cf
myorigin = /etc/mailname
myhostname = mail.99webhosting.com
b) nano /etc/hosts
127.0.0.1 99webhosting.com localhost.localdomain localhost
192.168.1.101 server01.99webhosting.com server01
9. additional installation
9.1)
///////////////////////////////////////////////////////////////////////////////////////////////////////
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
////////////////////////////////////////////////////////////////////////////////////////////////////////
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
how to install VHCS2
====================
1. install Ubuntu / Debian
select the options (LAMP, DNS,MySQL,...) except mail
1.1) sudo nano /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.x
netmask 255.255.255.0
gateway 192.168.1.1
network 192.168.1.0
broadcast 192.168.1.255
sudo /etc/init.d/networking restart
1.2) ssh
apt-get install ssh openssh-server
1.3) nano /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.101 server01.99webhosting.com server01
/etc/init.d/hostname.sh start
test:
hostname
hostname –f
1.4) sudo nano /etc/resolv.conf
domain 99webhosting.com
search 99webhosting.com
nameserver 192.168.1.101
nameserver 192.168.1.102
nameserver 207.69.188.185
nameserver 207.69.188.186
nameserver 207.69.188.187
1.5) update and install
aptitude update
aptitude upgrade
aptitude install tar bzip2 wget lsb-release
2*. change the default Shell:
rm -f /bin/sh
ln -s /bin/bash /bin/sh
3. install some packages
3.1) cd tmp
3.2) nano debian5-packages.txt
apache2
apache2.2-common
apache2-mpm-prefork
bind9
bzip2
courier-authdaemon
courier-base
courier-imap
courier-maildrop
courier-pop
diff
dnsutils
gcc
gzip
iptables
libapache2-mod-php5
libberkeleydb-perl
libc6-dev
libcrypt-blowfish-perl
libcrypt-cbc-perl
libcrypt-passwdmd5-perl
libdate-calc-perl
libdate-manip-perl
libdbd-mysql-perl
libdbi-perl
libio-stringy-perl
libmail-sendmail-perl
libmailtools-perl
libmcrypt4
libmd5-perl
libmime-perl
libnet-dns-perl
libnet-netmask-perl
libnet-perl
libnet-smtp-server-perl
libperl5.10
libsasl2-2
libsasl2-modules
libsnmp-session-perl
libterm-readkey-perl
libterm-readpassword-perl
libtimedate-perl
make
mysql-client
mysql-common
mysql-server
original-awk
patch
perl
perl-base
perl-modules
php5
php5-gd
php5-mcrypt
php5-mysql
php-pear
postfix
postfix-tls
procmail
proftpd
sasl2-bin
ssh
tar
wget
3.3) aptitude install $(cat ./debian5-packages.txt)
4*. install proftpd
4.1) apt-get install proftpd
(answer: standalone)
4.2) For security reasons you can add the following lines to /etc/proftpd.conf
nano /etc/proftpd/proftpd.conf
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
4.4) /etc/init.d/proftpd restart
4.3) test: telnet localhost ftp
5*. now run:
apt-get update
apt-get upgrade
6*. install some more packages (you might not need all of these but I found the server ran better for me with the following installed:)
apt-get install binutils cpp cpp-4.0 fetchmail flex gcc gcc-4.0 libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev libnet-dns-perl libdb-file-lock-perl libhtml-parser-perl linux-kernel-headers lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev automake1.9 libtool bison g++ wget bzip2 libgd1 gawk libterm-readpassword-Perl patch libmcrypt4 iptables gzip diff bind9 libtimedate-Perl libterm-readkey-Perl libsnmp-session-Perl libperl5.8 libnet-smtp-server-Perl libnet-Perl libnet-netmask-Perl libmime-Perl libmd5-Perl libmailtools-Perl libmail-sendmail-Perl libio-stringy-perl libdbi-Perl libdbd-mysql-Perl libdate-manip-Perl libdate-calc-Perl libcrypt-passwdmd5-Perl libcrypt-cbc-Perl libcrypt-blowfish-Perl libberkeleydb-perl courier-maildrop proftpd-mysql
or:
apt-get install binutils fetchmail flex libarchive-zip-perl libc6-dev libcompress-zlib-perl libpopt-dev libnet-dns-perl libdb-file-lock-perl lynx m4 ncftp nmap unzip zip zlib1g-dev automake1.9 libtool bison g++ gawk libterm-readpassword-Perl libmcrypt4 bind9 libtimedate-Perl libsnmp-session-Perl libnet-smtp-server-Perl libnet-Perl libnet-netmask-Perl libmime-Perl libmd5-Perl libmail-sendmail-Perl libio-stringy-perl libdbi-Perl libdbd-mysql-Perl libdate-manip-Perl libdate-calc-Perl libcrypt-passwdmd5-Perl libcrypt-cbc-Perl libcrypt-blowfish-Perl libberkeleydb-perl courier-maildrop
(These should be the default answer, change if you feel it is needed:
1. No
2. system mail name: 99webhosting.com
)
-------------
7. mount the external disk
7.0) to make hard disk ready
1) check partition
fdisk -l
2) make partition type (Linux), for ext2 and ext3:
fdisk /dev/sdb
3) make file system (format)
mke2fs /dev/sdb1
(Ext3 requires one more step:)
tune2fs -j /dev/sdb1 (creates the ext3 journal)
4) change the frequency of forced file system checking (wouldn't do this routine checking)
tune2fs -c 0 /dev/sdb1
tune2fs -i 0 /dev/sdb1
7.1) mkdir /media/disk500GB
chmod -R 777 /media/disk500GB
7.2) mount -t ext3 /dev/sdb1 /media/disk500GB
or:
1) nano /etc/fstab
/dev/sdb1 /media/disk500GB ext3 defaults 0 0
2) reboot or mount -a
7.4) check: mount
-------------
8. install Journaled Quota
8.1) aptitude install quota
8.2) nano /etc/fstab
(add "usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0" to the partition
where you want to use quota, mine the / partition):
/dev/mapper/server01-root / ext4 errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 1
8.3) To enable quota, run these commands:
touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
(ignore the warning msg, which occurs only first run)
how to turning Off Quotas:
--------------------------
quotaoff -v /
-----------
9. Postfix With SMTP-AUTH, TLS AND smart host
9.1) apt-get install postfix sasl2-bin procmail
9.2) configure
dpkg-reconfigure postfix
(These should be the default answer, change if you feel it is needed:
1. Internet site
2. system mail name: 99webhosting.com
3. XXX@99webhosting.com
4. 99webhosting.com, server01.99webhosting.com, mail.99webhosting.com, localhost.99webhosting.com, localhost
5. No
6. 127.0.0.0/8
7. Yes
8. 0
9. +
10. all
)
9.3) enable sasl (/etc/postfix/main.cf)
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
9.4) enable TLS (/etc/postfix/main.cf)
a) create the certificates for TLS:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
b) configure Postfix for TLS:
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = mail.99webhosting.com'
9.5) enable smart host
a) sudo nano /etc/postfix/main.cf
relayhost = [smtpauth.earthlink.net]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options =
b) Create the password maps file
sudo nano /etc/postfix/sasl_password
smtpauth.earthlink.net shaojunXXX@earthlink.net:password
c) Set proper permissions for the password maps file
sudo chown root:root /etc/postfix/sasl_password
sudo chmod 600 /etc/postfix/sasl_password
d) Create hash from maps file
sudo postmap hash:/etc/postfix/sasl_password
9.6) sudo /etc/init.d/postfix restart
9.7) test
a) saslfinger -c
b) telnet localhost 25
ehlo localhost
(If you see the lines 250-STARTTLS and 250-AUTH everything is fine.)
c) send mail:
apt-get install mailutils
date | mail -s “testing” rXXX7777777@gmail.com
d) monitoring: tail -f /var/log/mail.log
9.8) trouble-shooting "fatal: no SASL authentication mechanisms"
apt-get install libsasl2-modules
10. Courier-IMAP/Courier-POP3
10.1) install Courier-IMAP/Courier-IMAP-SSL (for IMAPs on port 993) and Courier-POP3/Courier-POP3-SSL (for POP3s on port 995):
apt-get install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0
(questions:
SSL certificate required <-- OK
)
10.2) configure Postfix to deliver emails to a user's Maildir:
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
10.3) /etc/init.d/postfix restart
10.4) test
telnet localhost imap / pop3 / IMAPs / pop3s
11. Anti-Spam / virus
11.1) installation
sudo apt-get install amavisd-new spamassassin clamav-daemon
sudo apt-get install dkim-filter python-policyd-spf
sudo apt-get install pyzor razor
sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip zoo
or:
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop pax
11.2) configuration
a) ClamAV
add clamav user to the amavis group in order for
Amavisd-new to have the appropriate access to scan files
(sudo nano /etc/clamav)
sudo adduser clamav amavis
b) Spamassassin
sudo nano /etc/default/spamassassin
ENABLED=1 #activate the Spamassassin daemon
then start it: sudo /etc/init.d/spamassassin start
c) Amavisd-new
1) activate spam and antivirus detection in Amavisd-new
sudo nano /etc/amavis/conf.d/15-content_filter_mode
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
2) Bouncing spam is the default, you may discard it as bellow
sudo nano /etc/amavis/conf.d/20-debian_defaults
$final_spam_destiny = D_DISCARD;
3) If host name is different from the domain's MX record you may need to
manually set the $myhostname option.
Also, if the server receives mail for multiple domains
the @local_domains_acl option will need to be customized.
sudo nano /etc/amavis/conf.d/50-user
$myhostname = 'mail.99webhosting.com';
@local_domains_acl = ( "example.com", "example.org" );
or:
nano /etc/amavis/conf.d/50-user
$pax='pax';
4) sudo /etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart
d) DKIM Whitelist
(once a domain has been added to the Whitelist, the message will not
receive any anti-virus or spam filtering.)
nano /etc/amavis/conf.d/40-policy_banks
e) For Postfix integration
1) sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'
or:
postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
postconf -e 'receive_override_options = no_address_mappings'
2) sudo nano /etc/postfix/master.cf
(Note: add the following at the end. Don't leave space before the line
"smtp-amavis" and "127.0.0.1:10025")
smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
(Note: Also add the following two lines immediately below the "pickup" transport service: )
-o content_filter=
-o receive_override_options=no_header_body_checks
(Now restart Postfix: sudo /etc/init.d/postfix restart)
11.3) test
a) Amavisd-new SMTP is listening (directly in Ubuntu system)
telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
^]
b) In the Header of messages you should see:
X-Spam-Level:
X-Virus-Scanned: Debian amavisd-new at example.com
X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, BAYES_00
X-Spam-Level:
In addtion:
1) to get the stuck message:
postfix reload
requeue the stuck messages:
postsuper -r ALL
wait for the messages to requeue (about a minute and a half should be good)
postfix reload
2) to display the config of /etc/postfix/main.cf)
postconf -n
12. Apache/PHP5
11.0) nano /etc/apache2/apache2.conf
(Look for “DirectoryIndex” and make it look like the following:)
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml default.htm default.html
11.1) to enable some Apache modules (SSL, rewrite, suexec, and include)
a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include
11.2) /etc/init.d/apache2 force-reload
11.3) test: http://192.168.1.101
http://192.168.1.101/test.php
(
nano /var/www/test.php
)
(Default document root: /var/www, to change it by /etc/apache2/sites-available/default
The main configuration file located at /etc/apache2/apche2.conf.)
13. Webalizer
12.1) apt-get install webalizer
12.2) Synchronize the System Clock
apt-get install ntp ntpdate
12.3) configure
nano /etc/webalizer/webalizer.conf
LogFile /var/log/apache2/access.log
12.4) restart:
/etc/init.d/apache2 restart
12.5) Running Webalizer manually first time
/usr/bin/webalizer
12.6) test:
http://192.168.1.101/webalizer
14. BIND9
test:
1) /etc/init.d/bind9 restart
2) to add the ip of the DNS server (the localhost) to your /etc/resolv.conf to use it:
(nano /etc/resolv.conf)
echo "search 99webhosting.com" > /etc/resolv.conf
echo "nameserver 127.0.0.1" >> /etc/resolv.conf
3) ping www.google.com
trouble-shooting:
nano /etc/bind/named.conf
nano /etc/bind/named.conf.options
nano /etc/bind/named.conf.local
nano /etc/bind/named.conf.default-zones
nano /var/cache/bind/weqiao.org.db
named-checkconf
nano /var/log/daemon.log then: /etc/init.d/bind9 start
15. mysql (to change passwd)
1) apt-get install mysql-server mysql-client libmysqlclient15-dev
(set a password for mysql root: mysqladmin -u root password YOURROOTSQLPASSWORD)
# mysql -u root -p
create database 99webhosting;
use 99webhosting
grant all privileges on *.* to 'XXX'@'localhost' identified by 'XXXXXXmysql' with grant option;
\q
test: http://192.168.1.101/phpmyadmin/
16. Remove unwanted packages
apt-get remove ppp pppconfig pppoeconf
17. Shutdown unwanted services from inetd
update-inetd --remove daytime
update-inetd --remove telnet
update-inetd --remove time
update-inetd --remove finger
update-inetd --remove talk
update-inetd --remove ntalk
update-inetd --remove ftp
update-inetd --remove discard
install VHCS
============
1. download
cd tmp
wget http://downloads.sourceforge.net/project/vhcs/VHCS%202.4/VHCS%202.4.8/vhcs-2.4.8.tar.bz2?use_mirror=iweb
tar xjvf vhcs-2.4.8.tar.bz2
cd vhcs-2.4.8
2. Configuration File
/tmp/vhcs-2.4.8/configs/vhcs2.conf
/etc/proftpd/proftpd.conf
/etc/bind/named.conf
/etc/postfix/main.cf
/etc/postfix/master.cf
1) nano configs/vhcs2.conf
DEFAULT_ADMIN_ADDRES = admin@99webhosting.com
SERVER_HOSTNAME = server01
BASE_SERVER_IP = 192.168.1.101
DATABASE_TYPE = mysql
DATABASE_HOST = localhost
DATABASE_NAME = 99webhosting
DATABASE_PASSWORD = XXXXXXmysql
DATABASE_USER = XXX
DATE_FORMAT = m.d.Y
(
DATABASE_DIR = /media/disk500GB/CUSTOMER/mysql
SECONDARY_DNS = 192.168.1.102
APACHE_WWW_DIR = /media/disk500GB/CUSTOMER/www
APACHE_LOG_DIR = /media/disk500GB/log/apache2
APACHE_USERS_LOG_DIR = /media/disk500GB/log/apache2/users
APACHE_BACKUP_LOG_DIR = /media/disk500GB/log/apache2/backup
LOG_DIR = /media/disk500GB/log/vhcs2
TRAFF_LOG_DIR = /media/disk500GB/log
MTA_VIRTUAL_MAIL_DIR = /media/disk500GB/CUSTOMER/Email
DFtpDir = /media/disk500GB/CUSTOMER/www/
FTP_HOMEDIR = /media/disk500GB/CUSTOMER/www
BACKUP_FILE_DIR = /media/disk500GB/backup_by_VHCS2
)
3. make install
4. cp -R /tmp/vhcs-2.4.8/* /
5. to run the setup for vhcs:
/var/www/vhcs2/engine/setup/vhcs2-setup
Please to enter system hostname (for Enter defaults) [debian]: server01
Please to enter system network address (for Enter defaults) [10.0.0.69 ]: 192.168.1. 101
Please to enter SQL server host (for Enter defaults) [localhost]:
Please to enter system SQL database (for Enter defaults) [vhcs2]: 99webhosting
Please to enter system SQL to user (for Enter defaults) [root]: XXX
Please to enter system SQL password (for Enter defaults) [none]: XXXXXXmysql
Please repeat system SQL password: password
Please to enter VHCS FTP SQL to user (for Enter defaults) [vftp]: ftp_XXX
Please to enter VHCS FTP SQL to user password (for Enter defaults) [none]: XXXXXXftp
Please repeat VHCS FTP SQL to user password: XXXXXXxxx
Please to enter administrator login name (for Enter defaults) [admin]:XXX
Please to enter administrator password: XXXXXXhost
Administrator Please repeat password: XXXXXXhost
Please to enter administrator email address: admin@99webhosting.com
6. access to VHCS2: http://192.168.1.101/vhcs2
fix proftpd
===========
cp /etc/proftpd.conf /etc/proftpd/proftpd.conf
1. nano /etc/proftpd/proftpd.conf
include /etc/proftpd/modules.conf
DisplayfirstChdir -> DisplayChdir
in addition:
------------
ServerIdent on "FTP Server Ready"
UseIPv6 off
2. nano /etc/proftpd/modules.conf
LoadModule mod_sql.c
LoadModule mod_sql_mysql.c
3. /etc/init.d/proftpd restart
4. create a new user (ftp_XXX)
mysql -u root -p
CREATE USER 'ftp_XXX'@'localhost' IDENTIFIED BY 'XXXXXXftp';
GRANT SELECT ON `99webhosting`.`domain` TO 'ftp_XXX'@'localhost';
GRANT SELECT ON `99webhosting`.`ftp_users` TO 'ftp_XXX'@'localhost';
FLUSH PRIVILEGES;
\q
5. test: telnet localhost ftp
///
chinese
-------
security
--------
There also seems to be a very serious security flaw in the admin section.
Your vhcs installation can easily be hacked by hackers. To prevent this,
add a ip filter on the admin section. This does require advance knowledge
of apache.
fix it
======
Notice: Undefined index: /dev/shm in /var/www/vhcs2/gui/include/phpsysinfo/class.Linux.inc.php on line 525
Syntax error on line 4 of /etc/apache2/mods-enabled/fastcgi.conf:
FastCgiWrapper: "/usr/lib/apache2/suexec" execute access for server (uid 33, gid 33) failed: stat(/usr/lib/apache2/suexec) failed: No such file or directory
...fail!
apt-get install apache2-suexec2
apt-get remove apache2-suexec
@ Henrik: The notices depends on if you have safe_mode on or off.
Sarge: FastCgiWrapper /usr/lib/apache2/suexec2
Etch: FastCgiWrapper /usr/lib/apache2/suexec
/etc/apache2/mods-available/fastcgi.conf
AddHandler fastcgi-script .fcgi
#FastCgiWrapper /usr/lib/apache2/suexec
FastCgiIpcDir /var/lib/apache2/fastcgi
///////
FastCgiWrapper /usr/lib/apache2/suexec2
FastCgiIpcDir /var/lib/apache2/fastcgi
FastCgiConfig -minProcesses 1 -maxProcesses 10 -singleThreshold 100 -killInterval 300 -autoUpdate -idle-timeout 240 -pass-header HTTP_AUTHORIZATION
FastCgiServer /var/www/fcgi/master/php4-fcgi-starter -user vu2000 -group vu2000
Action php4-fcgi-starter /php4/php4-fcgi-starter
Action php5-fcgi-starter /php5/php5-fcgi-starter
# For PHP4 support
Options +ExecCGI
SetHandler php4-fcgi-starter
AddType application/x-httpd-php4 .php .php3 .php4
Action /php4/php4.ini
# For PHP5 support
Options +ExecCGI
SetHandler php5-fcgi-starter
AddType application/x-httpd-php5 .php5
Action /php5/php5.ini
AddHandler php4-fastcgi .php .php4 .php3
AddHandler php5-fastcgi .php5
7. trouble-shooting:
Modules [Crypt::CBC, Crypt::Blowfish, Crypt::PasswdMD5] WAS NOT FOUND
apt-get install libmime-perl
configure CPAN
cpan
(mostly the defaults will work)
upgrade cpan (optional ; and kind of a drawn out process):
install Bundle::CPAN
reload cpan
install Crypt::Blowfish
install Crypt::CBC
install Carp::Clan
install Bit::Vector
install Date::Calc
install ExtUtils::MakeMaker
install HTML::Tagset
install HTML::Parser
install IO::Stringy
install Mail::Field
install Mail::Header
install Mail::Internet
install MIME::Base64
install MIME::Tools
install MIME::Entity
install MIME::Parser
install DBD::mysql
install Term::ReadPassword
install Crypt::PasswdMD5
@ Henrik: The notices depends on if you have safe_mode on or off.
Sarge: FastCgiWrapper /usr/lib/apache2/suexec2
Etch: FastCgiWrapper /usr/lib/apache2/suexec
how to switch proftpd to PURE-FTPD for VHCS2
============================================
0. Backing up old files (optional)
cp /etc/vhcs2/vhcs2.conf /etc/vhcs2/vhcs2.conf.bak
cp /var/www/vhcs2/engine/quota/vhcs2-dsk-quota /var/www/vhcs2/engine/quota/vhcs2-dsk-quota.bak
1. remove proftpd (and or pure-ftpd)
apt-get remove --purge proftpd
rm -rf /etc/proftpd && rm /etc/proftpd.conf
2. Installing the necessary packages
apt-get install pure-ftpd-mysql pure-ftpd-common
3. configure pure-ftpd
1) Stop PureFTPD before modifying configuration files
/etc/init.d/pure-ftpd-mysql stop
or:
sudo fuser -n tcp 21
sudo kill [pid]
2) configure (the configuration files are placed in the etc/pure-ftpd/conf directory, We need to create the different configuration files that are going to be used :)
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
echo "yes" > /etc/pure-ftpd/conf/BrokenClientsCompatibility
echo "100" > /etc/pure-ftpd/conf/MaxClientsNumber
echo "yes" > /etc/pure-ftpd/conf/Daemonize
echo "4" > /etc/pure-ftpd/conf/MaxClientsPerIP
echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles
echo "no" > /etc/pure-ftpd/conf/AnonymousOnly
echo "yes" > /etc/pure-ftpd/conf/NoAnonymous
echo "ftp" > /etc/pure-ftpd/conf/SyslogFacility
echo "yes" > /etc/pure-ftpd/conf/DontResolve
echo "5" > /etc/pure-ftpd/conf/MaxIdleTime
echo "no" > /etc/pure-ftpd/conf/PAMAuthentication
echo "no" > /etc/pure-ftpd/conf/UnixAuthentication
echo "10000 3" > /etc/pure-ftpd/conf/LimitRecursion
echo "no" > /etc/pure-ftpd/conf/AnonymousCanCreateDirs
echo "4" > /etc/pure-ftpd/conf/MaxLoad
echo "yes" > /etc/pure-ftpd/conf/AntiWarez
echo "133 022" > /etc/pure-ftpd/conf/Umask
echo "2000" > /etc/pure-ftpd/conf/MinUID
echo "yes" > /etc/pure-ftpd/conf/AllowUserFXP
echo "no" > /etc/pure-ftpd/conf/AllowAnonymousFXP
echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite
echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesRead
echo "no" > /etc/pure-ftpd/conf/AutoRename
echo "yes" > /etc/pure-ftpd/conf/AnonymousCantUpload
echo "clf:/var/log/pureftpd/transfers.log" > /etc/pure-ftpd/conf/AltLog
echo "no" > /etc/pure-ftpd/conf/NoChmod
echo "no" > /etc/pure-ftpd/conf/CreateHomeDir
echo "95" > /etc/pure-ftpd/conf/MaxDiskUsage
echo "yes" > /etc/pure-ftpd/conf/CustomerProof
4. create a new user (vhcs2_ftp)
mysql -u root -p
CREATE USER 'vhcs2_ftp'@'localhost' IDENTIFIED BY 'password';
GRANT SELECT ON `vhcs2`.`domain` TO 'vhcs2_ftp'@'localhost';
GRANT SELECT ON `vhcs2`.`ftp_users` TO 'vhcs2_ftp'@'localhost';
FLUSH PRIVILEGES;
5. sudo nano /etc/pure-ftpd/db/mysql.conf
##############################################
# #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations. #
# #
##############################################
# Optional : MySQL server name or IP. Don't define this for unix sockets.
# MYSQLServer 127.0.0.1
# Optional : MySQL port. Don't define this if a local unix socket is used.
# MYSQLPort 3306
# Optional : define the location of mysql.sock if the server runs on this host.
MYSQLSocket /var/run/mysqld/mysqld.sock
# Mandatory : user to bind the server as.
MYSQLUser vhcs2_ftp
# Optional : MySQL port. Don't define this if a local unix socket is used.
# MYSQLPort 3306
# Optional : define the location of mysql.sock if the server runs on this host.
MYSQLSocket /var/run/mysqld/mysqld.sock
# Mandatory : user to bind the server as.
MYSQLUser vhcs2_ftp
# Optional : MySQL port. Don't define this if a local unix socket is used.
# MYSQLPort 3306
# Optional : define the location of mysql.sock if the server runs on this host.
MYSQLSocket /var/run/mysqld/mysqld.sock
# Mandatory : user to bind the server as.
MYSQLUser vhcs2_ftp
# Mandatory : user password. You must have a password.
MYSQLPassword password
# Mandatory : database to open.
MYSQLDatabase vhcs2
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"
MYSQLCrypt any
# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.
# Query to execute in order to fetch the password
MYSQLGetPW SELECT passwd FROM ftp_users WHERE userid="\L"
MYSQLGetUID SELECT uid FROM ftp_users WHERE userid="\L"
# Optional : default UID - if set this overrides MYSQLGetUID
#MYSQLDefaultUID 1000
# Query to execute in order to fetch the system user group or gid
MYSQLGetGID SELECT gid FROM ftp_users WHERE userid="\L"
# Optional : default GID - if set this overrides MYSQLGetGID
#MYSQLDefaultGID 1000
# Query to execute in order to fetch the home directory
MYSQLGetDir SELECT homedir FROM ftp_users WHERE userid="\L"
# Optional : query to get the maximal number of files
# MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\L"
# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.
MySQLGetQTASZ SELECT domain.domain_disk_limit FROM domain,ftp_users WHERE ftp_users.userid="\L" and ftp_users.uid=do$
# Optional : ratios. The server has to be compiled with ratio support.
GNU nano 2.0.9 File: /etc/pure-ftpd/db/mysql.conf
# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"
# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .
# MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
# MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"
# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 2) Real and virtual users match.
# MySQLForceTildeExpansion 1
# If you upgraded your tables to transactionnal tables (Gemini,
# BerkeleyDB, Innobase...), you can enable SQL transactions to
# avoid races. Leave this commented if you are using the
# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.
# MySQLTransactions On
6. Starting Pure-FTPD
/etc/init.d/pure-ftpd-mysql start
sudo fuser -n tcp 21