Mandriva 2006 Install questions

Discussion in 'Installation/Configuration' started by bersi, Nov 27, 2005.

  1. bersi

    bersi New Member

    Hi guys,
    Installed ispconfig following the perfect setup.... Things went right and than diddn't and now its scrued up. No worry i want to reinstall the system anyhow. But getting deeper into all the infos in the process of my experiments i wonder about couple of things and i hope someone could clear things up befor i endeavour the next reinstall:
    1) i would like to install in the paranoid security state (chrooted) or at least hightest. Does that give problems with ispconifig, and exactly what does?
    2) i would rather use the standard Mandriva imap services (updates later on), does that give problems with ispc?
    3) i would rather use the standard shorewall firewall and disable the firewall in ispc, does that...
    4) i would rather use the sasl2 authentification thane the depriciated saslauthd, does that give problems?

    Lots of questions but let mee say, it seems that ISPC is right on the spot! Looked long for a good opensource config panel and think i found it :)
  2. falko

    falko Super Moderator Howtoforge Staff

    I'm almost sure that this will cause problems... These settings are so paranoid that almost nothing is allowed on the system! So don't do it, rather do as suggested by the tutorial.

    In the tutorial I use the standard Mandriva imap package... :confused:

    Not if you configure it properly...:D This means that also port 81 must be accessible otherwise you can't access ISPConfig.

    saslauthd is for sasl2, there's no such package for sasl1, so I don't think it's deprecated. Anyway, use it, otherwise you'll have problems with authentication...

    The best way to follow the tutorial is to use an SSH client (like PuTTY on Windows) and copy and paste the commands from the tutorial.:)
  3. bersi

    bersi New Member

    Thanks Falco

    Thanks for your reply,
    The thing is i followed the tutorial but was a little concerned about security having had soem problems with that in the past. I already run 3 servers under mandrake but use the Higher setting, and than allow ssh by hand. Anything known if that causes trouble with ispc?

    When i install the standard imap i dont see anything aubout the "cyrus..." you state in the tutorial, ut maybe thats concealed buy the mardrake installer, so that what confused me.

    Mail authentification
    Ok, i followed some other thread on that. Since i am not an expert on this i guess ill follow your arumentation on that:) .

    Configuring the new ports in shorewall isnt really that big a problem (you have to to that for mysql anyhow, so thats answered for!

    So what im really left with is the sec settings.. paranoid won't do, but what about higher? i woulndt mind setting some services back on again but i'll guess, since i am not an expert on this the overall system would be more secure than the standard install?! And what about the chrooted daemons everybody is talking about (bind, proftp) could i set that up together with ispc?
  4. falko

    falko Super Moderator Howtoforge Staff

    I think the standard install is already very secure because ISPconfig has its own firewall that blocks requests on all ports that you don't use. I've never tried the "Higher" setting together with ISPConfig so it's up to you to find out if this works. :)
  5. bersi

    bersi New Member

    Ok Falko,

    I will do that and report back here, but still arent there exploits wich use just the opened ports? There are as far as i know many descriptions on how to secure lets say bind. So there has to be more on that issue?! Wouldn't you agree? Or for that matter would you consider a whole different distro, lets say the debian based Unbutu or fedora or suse?
    Last edited: Nov 29, 2005
  6. falko

    falko Super Moderator Howtoforge Staff

    If you ask me I'll always recommend Debian (see also ), but in the end it's a matter of which distribution you like most. :)
  7. bersi

    bersi New Member

    Got it working

    Hi Falko,
    So i got it working after all. The problrm with security settings under mandrake boils down to the "msec" checks. They alter the standard filesystem chmods and render ISPconfig not working. What wored for me was installing the system as described in the perfect setup guides and than switch on the security functions, all but msec checks. Maybe a seperate site should be set up to cover only the securing van linus under ispconfig...

    Now than, of course :D i still hav some questions for you.
    First of all the pop system. When connecting there is a strange lag between connecting and actual reading of the mail. Using thunderbird, or outlook express for that matter a connection is made right away but than everything stops for 15-20 secs before the password is asked and the mail begins to roll. Once mail is coming in everything goes fast and smooth. Trieed a telnet connection and there the popserver answered right away. so i am puzzled.

    from one of the sites specified (not all) the mail gets doubled to the Postfix account?? The settings for this mailaccount specifie a forward to [email protected] wich actually is a mailadress handled by the same system (as far as my knowledge reaches a forward to a mailrecipient on the same system should be done directly to the underlying pop account not to the email adress, but i am not shure if that is the problem.. So why or when would an email be send to the postfix account??

    Hope iam not boring you too much and keep up the good work!!

  8. falko

    falko Super Moderator Howtoforge Staff

    Can you see anything related to this in the mail log?
    Might also be a firewall problem or related to your security settings...

    Can you explain a little more in detail?
  9. bersi

    bersi New Member

    Respond 1 the forwarding probllem

    here info about the forwaarding system, ill do some more checks on the popserver delay:

    2 domeins are registered within ispconfig on the same server x and y, both with each one user info@x and info@y (mail).
    When i open the user definition for domain x an there put in a mailforward to info@y (the mailuser from y) and i swich on the keep local copy option, the mail send to info@x ends up in his box (as expected) but also in the postfix box on the system. This is anoying since this box is not emptied automatically and therefore could be flooded.

    Another niew problem:
    The mailscanner sends an mail with the folowing return adress:
    Van: [email protected]
    [mailto:[email protected]]

    How can i get this into an real message? ie: [email protected] or [email protected]

  10. falko

    falko Super Moderator Howtoforge Staff

    Are info@x and info@y in /etc/postfix/virtusertable? What's in /etc/aliases?

    Don't do it! :eek: Have a look here:
  11. bersi

    bersi New Member


    Yes both are listed in virtusertable:
    [email protected] account x
    [email protected] account y

    I dont hav etc/aliases id do have an:
    etc/postfix/aliases with the following:

    # Default aliases file for postfix
    # this file should be in /etc or in /etc/postfix but if you want it in
    # /etc/postfix you'll have to adjust your /etc/postfix/ file accordingly
    # Aliases in this file will NOT be expanded in the header from
    # mail, but WILL be visible over networks or from /bin/mail.
    # Following alias is required by the mail protocol, RFC 822 (and by RFC2142)
    # Set it to the address of a HUMAN who deals with this system's mail problems.
    # For various security reasons, postfix WILL NOT deliver mail as root, so
    # ensure that the root alias is aliased to a HUMAN user, as otherwise
    # mail may get delivered to the $default_privs user (nobody).
    postmaster: root

    # Many mailers use this address to represent the empty SMTP return
    # path
    MAILER-DAEMON: postmaster

    # Common aliases for system accounts.
    bin: root
    daemon: root
    games: root
    ingres: root
    nobody: root
    system: root
    toor: root
    foo: root
    falken: root

    # Well-known aliases.
    admin: root
    manager: root
    dumper: root
    operator: root

    # traps to catch security attacks
    decode: root
    moof: root
    moog: root

    # The following aliases are required by RFC 2142
    info: staff
    marketing: staff
    sales: staff
    support: staff

    # Standard aliases also defined by RFC 2142
    abuse: postmaster
    # reports of network infrastructure difficulties
    noc: root
    # address to report secuirty problems
    security: root
    # DNS administrator (DNS soa records should use this)
    hostmaster: root
    # Usenet news service administrator
    news: usenet
    usenet: root
    # http/web service administrator
    www: webmaster
    webmaster: root
    # UUCP service administrator
    uucp: root
    # FTP administrator (especially anonymouse FTP)
    ftp: root

    # Commonly used group aliases:
    staff: postmaster
    office: postmaster
    all: postmaster
    tech: postmaster
    ops: postmaster

    # Person who should get root's mail. This alias
    # must exist.
    # CHANGE THIS LINE to an account of a HUMAN
    root: [email protected]

    Hope That helps?
    By teh way, the virtusertable is soley created by ispconfig..
  12. bersi

    bersi New Member

    Concerning the [email protected]

    Ok, I should not fiddle with that but what is than the point of mails going out to people asking them to mail to [email protected] for further questions? If the do, the mail wouldnt arrive anywhere?!

  13. falko

    falko Super Moderator Howtoforge Staff

    You can set another server administrator address under Management -> Server -> Settings.

    Can you post /etc/postfix/virtusertable (with the real usernames and email addresses - please mark the users you're talking about here) here?

    Can you also post the .procmailrc file of user x?
  14. bersi

    bersi New Member

    Thanks Falko, should have known that, stupid me
  15. bersi

    bersi New Member

    concerning mail adressing

    Hi Falko back again with a bit mor serious problem. Again mail for one user is routed to another, in this case there are 2 domains and

    now mail for is routed to the homeport mailbox, even though no forward rules are visible in ispconfig. Furtermore it seemde to have worekd once but doesnt anymore. I looked in the virtusertable for postfix and indeed there are entrys wich lead mail for to the user (web14...) of instead to the user of (web15_...), but why that is, no idea.
    borthe procmailrc are empty (only the first standard line is in place).

    here the concerning part of the virtuser table:
    Any idea??

    Ther is some striking difference between homeport en homeportnoord though: under the codomain tab has an entry with empty hostname (as all other domains have) but homeportnoord does not, and when i wat to set is it results in an error that "" already existst.


    by the way how do i trigger the makedb? i.e. make postfix virtuser db?

    Last edited: Feb 13, 2006
  16. falko

    falko Super Moderator Howtoforge Staff

    Please check the Co-Domain tab of if (without hostname) is listed there. If so, remove it.

    On Postfix it's
    postmap /etc/postfix/virtusertable
    But this is done by ISPConfig automatically.
  17. bersi

    bersi New Member

    No it isn't. just without hostname is listed. On homeportnoord nothing is listed en without hostname is not accepted (domain already exists)

    Fixed it: What was the case: existed in trash bin and was originally made under But Now we have a bug, because the domain was deleted and than there shouldn't be anymore mailrules built on this shouldn't there? even though the thing still sits in the trash bin?

    Well i've emptied the trash bin, put the back in place under codomains of and now everything is working fine. But i still think the above needs some thinking over!

    Last edited: Feb 14, 2006
  18. falko

    falko Super Moderator Howtoforge Staff

    I've never seen something like this before...
    Anyway, we've changed something in the code that handles Co-Domains, and it will be available in the next release. I think it might help to avoid problems like this one.
  19. bersi

    bersi New Member

    Sounds good! :)
  20. bersi

    bersi New Member

    Quotas and error logs

    Using the system for quite a while now and its of great value. But using ISP config of course raised further questions. Here is one of them:
    I have installed the quota system for users and that is working good. But what concernes me are the error logs:
    1) the errorlog is part of the users (websites) quota which can be annoying, but 2) the error log does rotate! it just keeps growing. and i havent figured out how delete is.
    This leaves me with 2 things : when the error log keeps growing setting site quotas does not make much sense (in this cas that is, otherwise it can of course make sense since it warns the admin of problems at site level) and how do i get rid of an error log wich is actually above 1 GB?

Share This Page