ISPConfig3 on Rocky Linux 9?

following the PerfectServer 8 instructions to install Rocky 9.1, found this issue:
section 16:

Code:

Error: Unable to find a match: perl-DateTime-Format-HTTP

it would appear that it's not yet available for Rocky 9.1:

Code:

https://dl.rockylinux.org/pub/rocky/9.1/CRB/x86_64/os/Packages/p/
(same with https://dl.rockylinux.org/pub/rocky/9/CRB/x86_64/os/Packages/p/)

perl-DateTime-1.54-4.el9.x86_64.rpm                16-May-2022 12:26              131064
perl-DateTime-Format-Builder-0.8300-5.el9.noarc..> 16-May-2022 12:30               87443
perl-DateTime-Format-ISO8601-0.16-3.el9.noarch.rpm 11-May-2022 11:08               34889
perl-DateTime-Format-Strptime-1.79-2.el9.noarch..> 11-May-2022 11:13               43194
perl-DateTime-Locale-1.31-4.el9.noarch.rpm         16-May-2022 12:28             2970569
perl-DateTime-TimeZone-2.47-3.el9.noarch.rpm       11-May-2022 11:14              370822
perl-DateTime-TimeZone-SystemV-0.010-14.el9.noa..> 11-May-2022 11:13               23932
perl-DateTime-TimeZone-Tzfile-0.011-14.el9.noar..> 11-May-2022 11:12               20774

 

following the PerfectServer 8 instructions to install Rocky 9.1, found this issue:
section 20:
ooohhh, looks like Mailman is not going to be a thing moving forward with RHEL/Rocky 9. I found nothing good about trying to get it to work/build on Rocky 9 because of the python requirements. Thoughts?

 

following the PerfectServer 8 instructions to install Rocky 9.1, found this issue:
section 21:
The entire roundcube installation needs to be addresses - there's a newer version of RC and it's Pear dependencies, which need to be installed before RC can be installed. Too detailed to get into, but Auth_SASL has been superceded by Auth_SASL2, along with other changes to how it all gets installed.

i was able to get the following to work:

Code:

pear channel-update pear.php.net
pear install Auth_SASL
pear install Net_SMTP
pear install Mail_mime
composer require guzzlehttp/guzzle (let it install composer as well)

however, guzzlehttp\client is not getting installed, nor can I figure out how to install it, so configuring roundcube stops here
ADDITIONAL INFORMATION and resolution
followup, i did get roundcubemail working - just had to download the latest and COMPLETE versions (at the time of this post) from this location:
https://github.com/roundcube/roundc...oad/1.6.1/roundcubemail-1.6.1-complete.tar.gz
all the other instructions for the section then work as expected, and without errors.
TLDR;
use this link
https://github.com/roundcube/roundc...oad/1.6.1/roundcubemail-1.6.1-complete.tar.gz
for the download instead of one in the instructions, and all dependencies are taken care of

 

As far as I remember Mailman does not work on recent distributions due to the absence of python 2 (EOL).
There is Mailman 3 available - not in EL9 yet - but ISPConfig is not compatible with Mailman 3 and if no maintainer is found for Mailman 3 integration then support for it will - afaik - most likely be dropped.

tl;dr
Just continue the installation without mailman.

P.S. That perl package dependency is unnecessary and a copy/paste relic of days gone by.

 

In the end, I have a new test server that appears to deliver the basics - postfix, httpd, dns, spam filtering, and control panel functionality. clearly I haven't fully tested it, but it's all i was really looking for at this point - needed to create an imapsync backup repository, and it's delivering on that side of things. it's not a live server, won't be serving email or websites either, but all those items configured without issues, so it's a start. The issues I mentioned above are not deal breakers for me at this point - most of them aren't used or can be gotten around if needed, in my case. and none of my observations were meant to be complaints, just pointing out sticking points to give others an idea of what needs to be addressed or avoided if looking at Rocky Linux 9.1 and ISPConfig 3.2.9p1

 

a followup.
it would appear I missed an error, or it didn't occur till later
Section 11 - amavisd specifically:
amavisd will not start says the following when trying to start

Code:

[root@sync bin]# systemctl start amavisd.service
Job for amavisd.service failed because the control process exited with error code.
See "systemctl status amavisd.service" and "journalctl -xeu amavisd.service" for details.
[\code]
the output from the recommended systemctl status amavisd:
[code]
[root@sync bin]# systemctl status amavisd
× amavisd.service - Amavis mail content checker
     Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Sat 2023-03-04 00:31:14 EST; 4min 30s ago
       Docs: http://www.ijs.si/software/amavisd/#doc
    Process: 5815 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=1/FAILURE)
        CPU: 475ms

Mar 04 00:31:14 sync.mydomain.com systemd[1]: amavisd.service: Scheduled restart job, restart counter is at 5.
Mar 04 00:31:14 sync.mydomain.com systemd[1]: Stopped Amavis mail content checker.
Mar 04 00:31:14 sync.mydomain.com systemd[1]: amavisd.service: Start request repeated too quickly.
Mar 04 00:31:14 sync.mydomain.com systemd[1]: amavisd.service: Failed with result 'exit-code'.
Mar 04 00:31:14 sync.mydomain.com systemd[1]: Failed to start Amavis mail content checker.

somewhere else online I saw a reference to testing the DKIM keys with this commend:

Code:

amavisd testkeys

and it outputs:

Code:

Config file "/etc/amavisd.conf" does not exist, at /usr/share/perl5/vendor_perl/Amavis/Conf.pm line 1982.

I tried created a link from the /etc amavisd file to the /etc /amavisd/amavisd.con" folder, but that still did not work.
this issue leaves no traces in the /var/log/maillog logfile as well.
any thoughts on why amavisd is not starting up as expected. Thanks.

 

I figured it out, I built some RPMs for RHEL9 that install all dependencies and run smoothly with the install script.
I documented this in my blog. I will put the link when the system allows it (new account).

 

Nice to hear it works with version 9. I guess if more users from RHEL, CentOS, Rocky and Alma Linux contributed, the better they will be supported.

 

I'm installing another Rocky Linux server, 9.4 this time, and I found something I think I missed or didn't mention last time.
I create a separate /var partition, and turn quotas on for that. following the Perfect Server guide, modifying the fstab is fine, and the quotaon seems to work, but the quotacheck command yields

Code:

Cannot find filesystem to check or filesystem not mounted with quota option.

both before and after a reboot
I found that the

Code:

mount | grep quota

command does report that /var has ",usrquota,grpquota" assigned to it, and the shows that the other partitions show ",noquota"
so it looks like the quotaon command works, and maybe the quotacheck reference should be adjusted.

 

I also did not realize this before, but there is a new version of JailKit - 2.23 - new link:

Code:

wget http://olivier.sessink.nl/jailkit/jailkit-2.23.tar.gz

instructions for installation worked otherwise (assuming all 2.21 references were changed to 2.23)

 

also found that perl-DateTime-Format-HTTP is now available for v9, so awstats installs per the instructions now

 

for Rocky Linux 9.4, the stopping/masking/disabling of firewalld.service yields errors indicating it's not meant to be dealt with by systemctl.

 

for Rocky Linux 9.4, there's another new version of roundcubeemail, so the instructions for that section should be

Code:

cd /tmp
wget https://github.com/roundcube/roundcubemail/releases/download/1.6.7/roundcubemail-1.6.7-complete.tar.gz
tar xfz roundcubemail-1.6.7-complete.tar.gz
mkdir /usr/share/roundcubemail
mv /tmp/roundcubemail-1.6.7/* /usr/share/roundcubemail/
chown -R root:root /usr/share/roundcubemail
chown apache /usr/share/roundcubemail/temp
chown apache /usr/share/roundcubemail/logs

just make sure you grab the "-complete" package -the listed package on their website doesn't include all the pear modules, and those don't install easily separately

 

@jnewman67 I ran into this issue as well and after about a day of beating my head aginst the wall I went to documentation and found that there was a change in 9.3 to the way grub rebuilds and by default, it will not write changes to GRUP_CMLINE_LINUX.
Assuming that you added the usrquota,grpquota changes when you actually issue the command to update group you need to do it as follows:

Code:

 grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline 

You need the "--update-bls-cmdline" flag for it to write the changes and enable the userquota and grpquota settings.

 

There is also the ispconfig3_roundcube plugins that enable users to change their passwords and update filters from inside roundcube.
You can find it here: ipsconfig3_roundcube plugin

 

@jnewman67 I asked this on the other thread, but I wanted to bring it here too to see if you were able to verify that fail2ban was actually working on sshd, email, and the web logins for ispconfig3.

 

Just letting anyone know that in OracleLinux 9.4 powertools is enabled using the following:

Code:

sudo dnf config-manager --enable ol8_codeready_builder

 

this is what I posted on the other thread about it (yes, is the apparent answer)
it installed without an issue (no errors) but as it's not live yet, i can't say it's "working"

Code:

rpm -qa | grep fail2ban
fail2ban-selinux-1.0.2-12.el9.noarch
fail2ban-server-1.0.2-12.el9.noarch
fail2ban-firewalld-1.0.2-12.el9.noarch
fail2ban-sendmail-1.0.2-12.el9.noarch
fail2ban-1.0.2-12.el9.noarch
fail2ban-systemd-1.0.2-12.el9.noarch

and i don't think I actually turned on iptables, so I just did that (i'll have to go look at my notes)

Code:

systemctl enable iptables
systemctl start iptables

same thing with fail2ban

Code:

systemctl enable fail2ban
systemctl start fail2ban

Code:

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Code:

systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: disabled)
     Active: active (running) since Tue 2024-07-16 15:43:41 EDT; 3 days ago
       Docs: man:fail2ban(1)
   Main PID: 12283 (fail2ban-server)
      Tasks: 11 (limit: 100112)
     Memory: 19.7M
        CPU: 7min 34.106s
     CGroup: /system.slice/fail2ban.service
             └─12283 /usr/bin/python3 -s /usr/bin/fail2ban-server -xf start

so it doesn't look like there are any issues, but maybe someone else will see something I missed.