Serwer VPS z ISPconfig czyli idealne środowisko na prywatny Hosting cz.3

1) PureFTPd oraz Quota

Zainstaluj paczki:

1
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool

Wybieramy wersję Standalone. Edytujemy konfigurację /etc/default/pure-ftpd-common upewniamy się czy ma konfigurację:

1
2
STANDALONE_OR_INETD=standalone
VIRTUALCHROOT=true

Jeżeli chcesz aby połączenie były szyfrowane FTP and TLS sessie, wykonaj polecenie:

1
echo 1 > /etc/pure-ftpd/conf/TLS

Stwórz certyfikat:

1
2
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

A nastepnie odpowiedz na pytania:

Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, YOUR name) []:Email Address []:

A dalej:

1
2
chmod 600 /etc/ssl/private/pure-ftpd.pem
/etc/init.d/pure-ftpd-mysql restart

 

Teraz konfiguracji Quota, edytuj plik /etc/fstab
Zdarzyły się trwałe błędy na montowaniu tablicy. Dam znać w aktualizacji.

 

2) BIND DNS Server

1
apt-get install bind9 dnsutils

 

3) Opcjonalnie pełne statystyki: Vlogger, Webalizer, And AWstats

1
apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

Plik /etc/cron.d/awstats zmień i wykomentuj linie:

1
2
3
4
5
6
#MAILTO=root
 
#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh
 
# Generate static reports:
#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh

 

4) Zainstaluj Jailkit oraz fail2ban

1
2
3
4
5
6
7
8
9
apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz
tar xvfz jailkit-2.15.tar.gz
cd jailkit-2.15
./debian/rules binary
cd ..
dpkg -i jailkit_2.15-1_*.deb
rm -rf jailkit-2.15*

Teraz pora na:

1
apt-get install fail2ban

Stwórz plik /etc/fail2ban/jail.local i uzuepłnij go:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[pureftpd]
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3
 
[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5
 
[sasl]
enabled  = true
port     = smtp
filter   = sasl
logpath  = /var/log/mail.log
maxretry = 3

 

następnie stwórz filtr w pliku: /etc/fail2ban/filter.d/pureftpd.conf

1
2
3
[Definition]
failregex = .*pure-ftpd: (.*@) [WARNING] Authentication failed for user.*
ignoreregex =

oraz /etc/fail2ban/filter.d/dovecot-pop3imap.conf

1
2
3
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login (auth failed|Aborted login (tried to use disabled|Disconnected (auth failed|Aborted login (d+ authentication attempts).*rip=(?PS*),.*
ignoreregex =

 

Zostaje restart usługi:

1
/etc/init.d/fail2ban restart

 

5) Instalacja SquirrelMail

1
2
apt-get install squirrelmail
squirrelmail-configure

Otworzy nam się konfigurator i opowiadamy następująco:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages
 
D.  Set pre-defined settings for specific IMAP servers
 
C   Turn color on
S   Save data
Q   Quit
 
Command >> <-- D

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others.  If you select your IMAP server, this option will
set some pre-defined settings for that server.
 
Please note that you will still need to go through and make sure
everything is correct.  This does not change everything.  There are
only a few settings that this will change.
 
Please select your IMAP server:
    bincimap    = Binc IMAP server
    courier     = Courier IMAP server
    cyrus       = Cyrus IMAP server
    dovecot     = Dovecot Secure IMAP server
    exchange    = Microsoft Exchange IMAP server
    hmailserver = hMailServer
    macosx      = Mac OS X Mailserver
    mercury32   = Mercury/32
    uw          = University of Washington's IMAP server
    gmail       = IMAP access to Google mail (Gmail) accounts
 
    quit        = Do not change anything
Command >> <-- dovecot
 

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages
 
D.  Set pre-defined settings for specific IMAP servers
 
C   Turn color on
S   Save data
Q   Quit
 
Command >> <-- S

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages
 
D.  Set pre-defined settings for specific IMAP servers
 
C   Turn color on
S   Save data
Q   Quit
 
Command >> <-- Q

 

Teraz stwórzmy Vhost do obsługi skrzynki:

1
2
3
cd /etc/apache2/conf.d/
ln -s ../../squirrelmail/apache.conf squirrelmail.conf
/etc/init.d/apache2 reload

Nastepnie edytujemy: /etc/apache2/conf.d/squirrelmail.conf między umieszczamy (dodajemy linie):

1
2
3
4
5
6
7
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname

Końcowy efekt:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Alias /squirrelmail /usr/share/squirrelmail
 

  Options FollowSymLinks

    AddType application/x-httpd-php .php
    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_admin_flag allow_url_fopen Off
    php_value include_path .
    php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
    php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname
    php_flag register_globals off


    DirectoryIndex index.php

 
  # access to configtest is limited by default to prevent information leak

    order deny,allow
    deny from all
    allow from 127.0.0.1

Końcowo utwórz folder z uprawnieniami:

1
2
mkdir /var/lib/squirrelmail/tmp
chown www-data /var/lib/squirrelmail/tmp

I restarujemy Apache. Od tej pory mamy dostęp do poczty:

http://192.168.0.100/squirrelmail
http://www.example.com/squirrelmail

Aby zmienić Aliasy wystarczy edytować plik: /etc/apache2/conf.d/squirrelmail.conf