Home » Linux » Debian 9 and ISPConfig

Debian 9 and ISPConfig

15 Feb
February 15, 2019 Matthew

Install:

apt-get install openssh-server

(enable ssh)

apt-get install open-vm-tools htop vnstat net-tools ntp locate

If this is a virtual machine disable SMBus:

echo blacklist i2c_piix4 >> /etc/modprobe.d/blacklist.conf
update-initramfs -u -k all
nano /etc/hosts
127.0.0.1       localhost.localdomain   localhost
nano /etc/apt/sources.list
deb http://ftp.us.debian.org/debian/ stretch main contrib non-free
deb-src http://ftp.us.debian.org/debian/ stretch main contrib non-free

deb http://security.debian.org/debian-security stretch/updates main contrib non-free
deb-src http://security.debian.org/debian-security stretch/updates main contrib non-free

(just add: “contrib non-free” to the end of existing entries)

apt-get update
dpkg-reconfigure dash

Select no

reboot
apt-get install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo
mysql_secure_installation
nano /etc/postfix/master.cf

remove comments on

submission inet n
smtps inet n – y – – smtpd

service postfix restart
nano /etc/mysql/mariadb.conf.d/50-server.cnf

add comment on:
#bind-address

check other steps???

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl libdbd-mysql-perl postgrey
service spamassassin stop
systemctl disable spamassassin
apt-get -y install apache2 apache2-doc apache2-utils libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap phpmyadmin php7.0-cli php7.0-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear php7.0-mcrypt mcrypt  imagemagick libruby libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring memcached libapache2-mod-passenger php7.0-soap
a2enmod suexec rewrite ssl actions include dav_fs dav auth_digest cgi headers
nano /etc/apache2/conf-available/httpoxy.conf
<IfModule mod_headers.c>
    RequestHeader unset Proxy early
</IfModule>
a2enconf httpoxy
service apache2 restart
cd /usr/local/bin
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto --install-only
apt-get -y install php7.0-fpm
a2enmod actions proxy_fcgi alias
service apache2 restart
apt-get -y install php7.0-opcache php-apcu
service apache2 restart
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
nano /etc/default/pure-ftpd-common

VIRTUALCHROOT=true

echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/

(this creates a self signed)

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem
nano /etc/fstab

rrors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1

mount -o remount /
quotacheck -avugm
quotaon -avug
apt-get install bind9 dnsutils haveged webalizer awstats geoip-database libclass-dbi-mysql-perl libtimedate-perl
nano /etc/cron.d/awstats

comment out all

apt-get install build-essential autoconf automake libtool flex bison debhelper binutils
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.20.tar.gz
tar xvfz jailkit-2.20.tar.gz
cd jailkit-2.20
echo 5 > debian/compat
./debian/rules binary
cd ..
dpkg -i jailkit_2.20-1_*.deb
rm -rf jailkit-2.20*
apt-get install fail2ban
nano /etc/fail2ban/jail.local
[pure-ftpd]
enabled = true
port = ftp
filter = pure-ftpd
logpath = /var/log/syslog
maxretry = 3

[dovecot]
enabled = true
filter = dovecot
logpath = /var/log/mail.log
maxretry = 5

[postfix-sasl]
enabled = true
port = smtp
filter = postfix-sasl
logpath = /var/log/mail.log
maxretry = 3
service fail2ban restart
apt-get install ufw roundcube roundcube-core roundcube-mysql roundcube-plugins
nano /etc/roundcube/config.inc.php
$config['default_host'] = 'localhost';
$config['smtp_server'] = 'localhost';
nano /etc/apache2/conf-enabled/roundcube.conf
Alias /webmail /var/lib/roundcube
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
php -q install.php

creates smtpd.key
‘localhost.key? followup

mysql -u root -p
CREATE USER 'admin'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'%' WITH GRANT OPTION;
quit;

email spf check:

apt-get install postfix-policyd-spf-python
nano /etc/postfix/main.cf

add the end of smtpd_recipient_restrictions

check_policy_service unix:private/policy-spf

add at end of file

policy-spf_time_limit = 3600s
nano /etc/postfix/master.cf

add at end:

policy-spf  unix  -       n       n       -       -       spawn
user=nobody argv=/usr/bin/policyd-spf
/etc/init.d/postfix reload

enable spamassign update:

nano /etc/cron.daily/spamassassin

Replace SSL (self-signed) with signed certificate:

PureFTP:

nano /etc/ssl/private/pure-ftpd.pem

Mail Services:

nano /etc/postfix/smtpd.cert
nano /etc/postfix/smtpd.key

ISP Config CP:

nano /usr/local/ispconfig/interface/ssl/ispserver.crt
nano /usr/local/ispconfig/interface/ssl/ispserver.csr
nano /usr/local/ispconfig/interface/ssl/ispserver.key

You may also like:

10 thoughts on “Debian 9 and ISPConfig

  4. This is really interesting, You’re a very skilled blogger. I’ve joined your feed and look forward to seeking more of your magnificent post. Also, I’ve shared your site in my social networks!

  7. You’re so awesome! I don’t believe I have read a single thing like that before. So great to find someone with some original thoughts on this topic. Really.. thank you for starting this up. This website is something that is needed on the internet, someone with a little originality!

Leave a Reply

Your email address will not be published.