Gentoo
This Guide will help you to install ispCP on Gentoo freshly updated ~x86 box. It is not a full howto or guide but more like a reference, if you use gentoo you should beable to figure it out with what i have here.
so yeah. here we go.
edit your /etc/make.conf and set up your use line and what not
.. heres some examples
USE="-kde -gnome -X sasl ssl authdaemond imap courier postfix reiserfs bzip2 zlib apache2 php mysql ncurses crypt maildir mmx offensive perl python ruby sockets sse sse2 syslog tcl threads unicode tcpd pcre acl spl pam async ads automount winbind szip zip urandom gd png simplexml libwww curl xml xml2 softquota ftp" ACCEPT_KEYWORDS="~x86" LINGUAS="en" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex dav dav_fs dav_lock dbd deflate dir env expires ext_filter filter headers ident imagemap include info log_config logio mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker"
then emerge the packages you need. this will probably take some time depending on your server.
emerge -uDNva vixie-cron syslog-ng iptables proftpd apache php mysql gdbm db courier-imap courier-authlib cyrus-sasl bind bind-tools logrotate zip spamassassin amavisd-new libidn mod_cband policyd policyd-weight clamav postgrey Term-ReadPassword Crypt-Blowfish Crypt-PasswdMD5 crypt-cbc MIME-tools DateManip IO-Tty Parse-Yapp XML-DOM XML-Parser rkhunter chkrootkit
note 1: you might need to emerge –unmerge ssmtp first
note 2: if you get an error with authlib, try to emerge gdbm first if it doesn't do it first. and if that fails, unmerge db and emerge it again, you might have two versions installed.
for some reason postfix wants to install ssmtp. probably something with my use line but whatever. after courier has been installed its fine so unmerge ssmtp if it isnt already and then emerge postfix.
emerge --unmerge ssmtp emerge -uDNva postfix
install perl-net-libidn.. isnt in portage anymore no idea why
wget http://search.cpan.org/CPAN/authors/id/T/TH/THOR/Net-LibIDN-0.10.tar.gz tar xzf Net-LibIDN-0.10.tar.gz cd Net-LibIDN-0.10 perl Makefile.PL make make install
edit /etc/conf.d/apache2 you need to add these to the APACHE2_OPTS line
-D PROXY -D CBAND
edit /etc/apache2/modules.d/10_mod_cband.conf and add allow from etc.. so no one can reset your clients stats
<Location /cband-status>
SetHandler cband-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
set your mysql password, make sure its running first.
/etc/init.d/mysql restart mysqladmin -u root password YOUR_PASSWORD
now, wget and extract ispcp-omega.
wget http://downloads.sourceforge.net/ispcp/ispcp-omega-1.0.0-rc3.tar.bz2 tar -xjvf ispcp-omega-1.0.0-rc3.tar.bz2
now install it. duh.
cd ./ispcp-* cd ./tools/daemon make clean cd ../../ make -f Makefile.gentoo install cp -Rv /tmp/ispcp-1.0.0/* /
before we run the setup lets fix a few things so we dont get any errors.
mkdir /etc/ispcp/cron.d/backup touch /etc/ispcp/cron.d/backup/ispcp mkdir /etc/ispcp/cron.d/working touch /etc/ispcp/cron.d/working/ispcp mkdir /var/log/proftpd touch /var/log/proftpd/ftp_traff.log mkdir /var/run/courier touch /var/log/mail.log
now setup should run flawless.
cd /var/www/ispcp/engine/setup perl ./ispcp-setup
after its installed and no errors, edit /etc/ispcp/ispcp.conf and add these so you can login
CMD_BZCAT = /bin/bzcat CMD_GZCAT = /bin/zcat CMD_GZIP = /bin/gzip ZIP = gzip
and change line 201 and 203 or you will have problems adding domains, some of the gid's are taken.
APACHE_SUEXEC_MIN_GID = 2501 APACHE_SUEXEC_MIN_UID = 2501
edit /etc/init.d/ispcp_network on line 55 change
if [ START -eq 0 ]; then to if [ $START -eq 0 ]; then
to disable the annoying admin email notices, edit /var/www/ispcp/gui/include/ispcp-lib.php on line 134 change
$cfg['LOG_LEVEL'] = E_USER_NOTICE; to $cfg['LOG_LEVEL'] = E_USER_ERROR;
fix some permissions
chmod 770 /var/www/ispcp/gui/phptmp chmod 770 /var/www/ispcp/gui/tools/webmail/data
fix alot of other little bugs, edit /etc/apache2/vhosts.d/00_master.conf line 83. 77 if you use php4. i changed it to this. no one really has access to the gui root dir so why so much restriction?
php_admin_value open_basedir "/var:/etc:/proc/:/tmp:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
make the ssl certs. the postfix already had some made in /etc/ssl/postfix so i just used them. see in my main.cf down lower.
/usr/sbin/mkpop3dcert /usr/sbin/mkimapdcert cd /etc/proftpd/ openssl genrsa -des3 -out ssl.key 5120 openssl rsa -noout -text -in ssl.key openssl req -new -x509 -days 365 -key ssl.key -out ssl.crt openssl x509 -noout -text -in ssl.crt cp ssl.key ssl.key.orig openssl rsa -in ssl.key.orig -out ssl.key
edit /etc/proftpd/proftpd.conf comment out line 68. and uncomment everything after and including line 118 and also change 119 to ON
# HideNoAccess on TLSEngine on
your probably going to need to mess with /etc/postfix/main.cf alittle mine looks like this. im not using spamd or amavis or anything because i
#
# Postfix MTA Manager Main Configuration File;
#
# Please do NOT edit this file manually;
#
#
# Postfix directory settings; These are critical for normal Postfix MTA functionallity;
#
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
#
# Some common configuration parameters;
#
inet_interfaces = all
mynetworks_style = host
myhostname = box.domain.com
mydomain = box.domain.com.local
myorigin = $myhostname
smtpd_banner = $myhostname ispCP 1.0 Priamos Managed ESMTP 1.0.0 RC3 OMEGA
setgid_group = postdrop
#
# Receiving messages parameters;
#
mydestination = $myhostname, $mydomain
append_dot_mydomain = no
append_at_myorigin = yes
local_transport = local
virtual_transport = virtual
transport_maps = hash:/etc/postfix/ispcp/transport
#
# Delivering local messages parameters;
#
mail_spool_directory = /var/mail
# Mailboxquota
# => 0 for unlimited
# => 104857600 for 100 MB
mailbox_size_limit = 536870912
mailbox_command = procmail -a "$EXTENSION"
biff = no
alias_database = hash:/etc/mail/aliases
local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database
#
# ISPCP Autoresponder parameters;
#
ispcp-arpl_destination_recipient_limit = 1
#
# Delivering virtual messages parameters;
#
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_limit = 0
virtual_mailbox_domains = hash:/etc/postfix/ispcp/domains
virtual_mailbox_maps = hash:/etc/postfix/ispcp/mailboxes
virtual_alias_maps = hash:/etc/postfix/ispcp/aliases
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:12
#
# SASL paramters;
#
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated
smtpd_sender_restrictions = reject_non_fqdn_sender,
permit_mynetworks,
reject_unknown_sender_domain,
permit_sasl_authenticated
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_data_restrictions = reject_unauth_pipelining
#
# TLS parameters; activate, if avaible/used
#
smtpd_tls_loglevel = 2
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_key_file = /etc/ssl/postfix/server.pem
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_received_header = yes
#
# AMaViS parameters; activate, if available/used
#
#content_filter = amavis:[127.0.0.1]:10024
#
# Quota support; activate, if available/used
#
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = "The user you're trying to reach is over mailbox quota."
#virtual_overquota_bounce = yes
now make everything start with the system and start them… allll of them. unless you dont want/need some of them. but you might have to do more configuring if you dont.
rc-update add vixie-cron default rc-update add syslog-ng default rc-update add apache2 default rc-update add mysql default rc-update add named default rc-update add postfix default rc-update add proftpd default rc-update add courier-authlib default rc-update add courier-imapd default rc-update add courier-pop3d default rc-update add courier-imapd-ssl default rc-update add courier-pop3d-ssl default rc-update add amavisd default rc-update add clamd default rc-update add policyd default rc-update add policyd-weight default rc-update add saslauthd default rc-update add spamd default rc-update add postgrey default rc-update add ispcp_daemon default rc-update add ispcp_network default /etc/init.d/vixie-cron restart /etc/init.d/syslog-ng restart /etc/init.d/apache2 restart /etc/init.d/mysql restart /etc/init.d/named restart /etc/init.d/postfix restart /etc/init.d/proftpd restart /etc/init.d/courier-authlib restart /etc/init.d/courier-imapd restart /etc/init.d/courier-pop3d restart /etc/init.d/courier-imapd-ssl restart /etc/init.d/courier-pop3d-ssl restart /etc/init.d/amavisd restart /etc/init.d/clamd restart /etc/init.d/policyd restart /etc/init.d/policyd-weight restart /etc/init.d/saslauthd restart /etc/init.d/spamd restart /etc/init.d/postgrey restart /etc/init.d/ispcp_daemon restart /etc/init.d/ispcp_network restart
hope this helps… i will add more if i can.
