SOLVED ISPconfig 3 Ubuntu postfix+dovecot+roundcube I decided to try a multiserver setup. The mail control panel server also as function of mail server. Followed 2 tutorials: http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-apache2-bind-dovecot-ispconfig-3-p7 and http://webmodelling.com/webbits/ubuntu/ubuntu-ispconfig3-multi-server-setup.aspx Also, I have 2 STARTSSL certificates: 1 for the control panel port 8080 https://cp.mydomain.com:8080 1 for the webmail https://mail.mydomain.com (the last one was tricky since I'm not using a wildcard SSL, but successfully manage to change the roundcube.conf to respond using the correct mail SSL certificate and to respond to the domain instead of domain/webmail. For this is used the how-to http://www.howtoforge.com/securing-your-ispconfig-3-installation-with-a-free-class1-ssl-certificate-from-startssl-p2 the only difference from the above tutorial was postfix and dovecot, I changed them to reflect the mail SSL and not the ispconfig3 cp.mydomain SSL. So far so good, everything responded fine. The issue: I already created email accounts in ISPconfig3. When trying to login in roundcube https://mail.mydomain.com I'm getting login failed. Checking the /var/log/mail.err: Code: mail dovecot: lda(root): Error: user root: Initialization failed: Initializing mail storage from mail_location setting failed: stat(/root/Maildir) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root, dir owned by 0:0 mode=0700) checking mail.log: 3 warning lines with the 3 dovecot SSL entries, althought it's a warning it creates a lot of logging Code: mail dovecot: config: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:92: ssl_cert_file has been replaced by ssl_cert = <file and Code: mail dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=192.168.1.10, lip=192.168.1.10, TLS Help would be appreciated.
getting a few more errors in /var/mail.err Code: mail dovecot: lda(root): Error: chdir(/root/) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root, dir owned by 0:0 mode=0700) Code: Dec 28 06:33:52 mail dovecot: lda(root): Error: chdir(/root) failed: Permission denied Code: Dec 28 06:33:52 mail dovecot: lda(root): Error: user root: Initialization failed: Initializing mail storage from mail_location setting failed: stat(/root/Maildir) failed: Permission denied (euid=6$ Code: Dec 28 06:33:52 mail dovecot: lda(root): Fatal: Invalid user settings. Refer to server log for more information.
Hello Falko, For some reason my postfix installation had no SSL cert. Reading the how-to there's no mention to it. So I had to do a bunch of things, from the top of my head, bellow are some important steps. Made sure that postfix, dovecot and roundcube were using the same SSL "mail" and not the ISPConfig "cp" SSL. Although the "mail" SSL location files are different (just copies). That's something I'm going to implement next, because it will be easier to replace when they expire, postfix, dovecot and apache2 will pull the SSL "mail" from the same location. So, to start I added my mail.domain.com STARTSSL to postifix main.cf cd /etc/postfix ln -s /etc/ssl/roundcube/ssl.crt smtpd.cert ln -s /etc/ssl/roundcube/ssl.key smtpd.key main.cf smtp_use_tls = yes smtpd_tls_received_header = yes smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_tls_mandatory_ciphers = medium smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_CAfile = /etc/ssl/roundcube/sub.class1.server.ca.crt Also in the apache2 vhost roundcube.conf SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /etc/ssl/roundcube/ssl.crt SSLCertificateKeyFile /etc/ssl/roundcube/ssl.key SSLCertificateChainFile /etc/ssl/roundcube/sub.class1.server.ca.pem SSLCACertificateFile /etc/ssl/roundcube/ca.pem and to finish it, dovecot.conf ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key Restarted all services and did an ipsconfig php -q update.php to integrate all this. ********** I also "frankansteined" my 2 DNS servers to be integrated with ISPConfig. I always read that we should start with a clean ISPConfig installation ... no, that's 2 easy The reason was that my NS1 also had cacti and nagios3 running, and I wanted to keep all the hosts configuration and databases for them. went smooth... Right now I already have them beautifully integrated as master and slave NS's in ISPconfig keeping my cacti and nagios. Also added DNSSEC to both servers, you guys have no dnssec integration ÔÔ ********** Today or tomorrow will integrate the webserver + database server to the ISPConfig setup. Could have done this already, I already have "the" webserver running and it's my crown jewel. Apache2 and mysql are tweaked to perfection with 100ms response times, 2/3 seconds total page load times for heavy Joomla / Jomsocial websites... over WAN. This one will not be a clean ISPConfig install ********** Later this week will start testing openvz server integrated into ISPConfig3, very familiar with VM's like sphere and virtualbox but never used openvz before. The only thing I like about openvz is the fact that it is "open", and that's about it... the project seems stalled or dead and it's officially the slowest virtual machines in the world. Google says so. If I'm not happy with it, as a future project might pull a stunt and develop a module to integrate virtualbox into ISPConfig. Virtualbox is free and as good support and runs on all sorts of hosts, each vmachine as an individual identifier, good control over cores/ram/eth, etc. and it's fast. ********** Some people are happy if it runs, I'm only happy went it's fast and the error log shows 0 entries...
webserver and database Today was the big day to "Frankenstein" my beautiful webserver and integrate another server into ispconfig. This server as double function of webserver and database server. Well, it went fine, just took me a hour to figure out how ispconfig stores things like the vhosts and the www root directories. Needed to do some apache2.conf changes, my conf file was more restricted and each host had a directory line with root location and include sites-enabled. My mysql conf was kept pretty much the same with my tweaked settings, with exception for commenting out "only respond on the interface 127.0.0.1.". Yeah, did not understand at first in ispconfig add website what settings to use for php... but a quick look in this excellent forum gave me the answer for Joomla websites, SUexe and phpfcgi. Not mod-php. Webserver Databases went without issues with phpmyadmin, did have to change the control panel ispconfig to when pressing the database button to open the webserver phpmyadmin and not the control panel phpmyadmin that I previously looked with .htaccess to my lan. The webserver phpmyadmin responds over WAN. Testing the websites performance with apache2 benchmark and webpagetest, gave me a few nano seconds more, not happy but those nano's will save hours of website work. So, it's an OK compromise. msqltunner benchmark reported no changes in mysql... as expected since my.cnf is the same. Tomorrow will test FTP and add 1 godady SSL and 2 STARTSSL certificates to 3 of the websites, responding on the same WAN IP but using different ports (got to love the facebook applications, must have ssl). More fun. p.s. after deletion, ISPConfig seems to leave some settings behind in the database. Haven't investigate this yet, but user groups from deleted users still show up and after deleting a website ispconfig did not regenerate the website folder: /web10/ /web11/ deleted website /web12/ it should be 11, so there's a gap between 10 and 12.
Plenty of tutorials for bind9 and dnssec. Maybe you should ask ispconfig3 developers what files / master templates need to be hacked in order to maintain intact your dnssec txt records.
