webcp.hostinghacks.net/slackware | webmail
PREREQUISITES: source packages
INSTALLS: Dovecot + Squirrelmail + Apache ; Squirrelmail web interface is run over SSL for secure collection of mail.
The installation commands can be run from a Putty window in a "cut-and-paste" style layout or copied to a script. Notes on Putty best practices can be found here.
create system users:
groupadd dovecot useradd -c "dovecot" -s /sbin/nologin -g dovecot -d /usr/libexec/dovecot dovecot groupadd webmail useradd -s /sbin/nologin -d /home/webmail -g webmail -c "webmail user" webmail
install dovecot:
cd /usr/src wget http://www.dovecot.org/releases/dovecot-0.99.14.tar.gz # wget http://hostinghacks.net/dist/dovecot-0.99.14.tar.gz tar -zxf dovecot-0.99.14.tar.gz cd /usr/src/dovecot-0.99.14 ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --localstatedir=/var \ --with-passwd \ --with-shadow \ --without-pop3d \ --with-pam \ --with-storages=mbox \ --without-vpopmail \ --enable-static \ --disable-ipv6 make && make install
create dovecot & imap user directories:
mkdir -p /var/run/dovecot mkdir -p /var/run/dovecot-login chmod 700 /var/run/dovecot chmod 750 /var/run/dovecot-login chown root.users /var/run/dovecot-login mkdir -p /var/imap chmod 755 /var/imap chown webmail.webmail /var/imap
dovecot.conf:
cat > /etc/dovecot.conf << "EOF" # Directory where authentication process places authentication UNIX sockets # which login needs to be able to connect to. The sockets are created when # running as root, so you don't have to worry about permissions. login_dir = /var/run/dovecot-login protocols = imap ssl_disable = yes login = imap mbox_locks = fcntl # this setting is compatible with the hosting control panel: default_mail_env = mbox:/var/imap/%u/:INBOX=/var/mail/%u # Auth types assume /etc/shadow in use: auth = default auth_mechanisms = plain auth_userdb = passwd auth_passdb = shadow auth_user = root # auth_verbose = no auth_verbose = yes disable_plaintext_auth = no log_path = /var/log/dovecot info_log_path = /var/log/dovecot # Prefix for each line written to log file. % codes are in strftime(3) # format. #log_timestamp = "%b %d %H:%M:%S " # chroot login process to the login_dir. Only reason not to do this is if you # wish to run the whole Dovecot without roots. #login_chroot = yes EOF chmod 644 /etc/dovecot.conf touch /var/log/dovecot chmod 777 /var/log/dovecot
get dovecot + hosting control panel compatible code that allows creation of /var/imap/$USER directories:
cd /usr/src wget http://phpanel.net/dist/phpanel-current.tar.gz tar -zxf phpanel-current.tar.gz cp /usr/src/phpanel/webcp-patches/webmail/uw-imap.wcp.phps /home/webcp/server/lib/uw-imap.wcp.phps -f chown webcp.webcp /home/webcp/server/lib/uw-imap.wcp.phps chmod 750 /home/webcp/server/lib/uw-imap.wcp.phps
set the following lines in /home/webcp/config.php:
$cfg['uwimap'] = true; $cfg['uwimapdir'] = '/var/imap'; $cfg['sqdatadir'] = '/var/webmail/data';
init script:
cat > /etc/rc.d/rc.dovecot << "EOF"
#!/bin/bash
# Init file for Dovecot IMAP daemon
[ -x /usr/sbin/dovecot ] || exit 1
[ -r /etc/dovecot.conf ] || exit 1
case "$1" in
start)
echo "Starting dovecot..."
/usr/sbin/dovecot -c /etc/dovecot.conf
;;
stop)
echo "Stopping dovecot..."
killall dovecot
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;
esac
exit $RETVAL
EOF
chmod +x /etc/rc.d/rc.dovecot
echo "/etc/rc.d/rc.dovecot start" >> /etc/rc.d/rc.local
/etc/rc.d/rc.dovecot start
webmail service:
cd /usr/src wget 'http://apache.mirrors.redwire.net/httpd/apache_1.3.33.tar.gz' # wget http://hostinghacks.net/dist/apache_1.3.33.tar.gz tar -zxpf apache_1.3.33.tar.gz cd /usr/src wget 'http://www.modssl.org/source/mod_ssl-2.8.22-1.3.33.tar.gz' # wget http://hostinghacks.net/dist/mod_ssl-2.8.22-1.3.33.tar.gz tar -zxpf mod_ssl-2.8.22-1.3.33.tar.gz cd /usr/src rm -f -R php-4.3.11 wget 'http://us2.php.net/get/php-4.3.11.tar.gz/from/this/mirror' # wget http://hostinghacks.net/dist/php-4.3.11.tar.gz tar -zxpf php-4.3.11.tar.gz
apply ssl:
cd /usr/src/mod_ssl-2.8.22-1.3.33 ./configure --with-apache=/usr/src/apache_1.3.33
build apache:
cd /usr/src/apache_1.3.33 SSL_BASE=SYSTEM \ ./configure \ --prefix=/usr/local/apache3 \ --enable-module=log_referer \ --enable-module=log_config \ --enable-module=log_agent \ --enable-module=mime \ --enable-shared=info \ --enable-module=so \ --enable-shared=ssl \ --enable-module=ssl make && make install chown webmail.webmail /usr/local/apache3 -R
make the php_mod:
cd /usr/src/php-4.3.11
./configure \
--prefix=/usr/local/apache3 \
--with-apxs=/usr/local/apache3/bin/apxs \
--with-config-file-path=/usr/local/apache3/conf \
--with-mysql \
--with-zlib=yes \
--with-zlib-dir=/usr \
--enable-ftp \
--disable-cli \
--disable-pear \
--enable-cgi \
--enable-track-vars \
--enable-force-cgi-redirect \
--with-gettext
make &&
make install
# make test
make clean
rm -f config.cache
create certs:
cd /usr/local/apache3/conf/ cat > csr_info.txt << "EOF" US CA SF Fat Penguin Hosting Virtual Hosting Division webmail.fatpenguinhosting.com servadmin@hosting~hacks.usa . . EOF openssl genrsa -rand /var/log/messages -out server.key 1024 openssl req -new -key server.key -out server.csr < csr_info.txt openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt chmod 600 server.key chmod 600 server.crt
create the webmail httpd.conf file:
cat > /usr/local/apache3/conf/httpd.conf << "EOF"
# --- HOSTINGHACKS.NET/HTTPD_WEBMAIL.CONF ---
# APACHE 1.3 CONFIG
ServerType standalone
ServerName serv1.fatpenguinhosting.com
ServerAdmin servadmin@localhost.usa
ServerRoot "/usr/local/apache3"
LockFile /var/lock/subsys/webmail
PidFile /var/run/webmail/webmail.pid
MinSpareServers 1
MaxSpareServers 5
StartServers 2
MaxClients 25
Listen 1081
User webmail
Group webmail
DocumentRoot "/home/webmail/web"
LoadModule php4_module libexec/libphp4.so
LoadModule ssl_module libexec/libssl.so
DirectoryIndex index.php
UseCanonicalName Off
## TypesConfig /etc/mime.types
DefaultType text/plain
HostnameLookups Off
LogLevel warn
ErrorLog /var/log/webmail/errors
CustomLog /var/log/webmail/access combined
# TURN ON .htaccess files
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
DirectoryIndex index.html index.htm index.php
AddType application/x-httpd-php .php
AccessFileName .htaccess
<Files ~ "^\.ht">
Order deny,allow
Deny from all
</Files>
#squirrel mail
<Directory "/home/webmail/web">
allow from all
Order allow,deny
</Directory>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ServerSignature Off
AddType application/x-httpd-php .php
SSLEngine On
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/webmail/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/webmail/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/webmail/ssl_engine_log
SSLLogLevel info
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache3/conf/server.crt
SSLCertificateKeyFile /usr/local/apache3/conf/server.key
SSLOptions +StdEnvVars
CustomLog /var/log/webmail/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
EOF
mkdir -p /home/webmail/web
chown webmail.webmail /home/webmail/web
mkdir -p /var/run/webmail
chown webmail.webmail /var/run/webmail
# chmod?
mkdir -p /var/log/webmail
chown webmail.webmail /var/log/webmail
ln -s /usr/local/apache3/conf/httpd.conf /etc/httpd_webmail.conf -f
php.ini for the webmail module:
cat > /usr/local/apache3/conf/php.ini << "EOF" engine = On short_open_tag = On asp_tags = Off precision = 12 y2k_compliance = Off output_buffering = Off output_handler = unserialize_callback_func= zlib.output_compression = Off implicit_flush = Off allow_call_time_pass_reference = On safe_mode = Off safe_mode_gid = Off safe_mode_include_dir = safe_mode_exec_dir = safe_mode_allowed_env_vars = PHP_ safe_mode_protected_env_vars = LD_LIBRARY_PATH disable_functions = expose_php = On max_execution_time = 30 memory_limit = 8M error_reporting = E_ALL & ~E_NOTICE display_errors = On display_startup_errors = Off log_errors = Off track_errors = Off variables_order = "EGPCS" register_globals = On register_argc_argv = On post_max_size = 8M gpc_order = "GPC" magic_quotes_gpc = On magic_quotes_runtime = Off magic_quotes_sybase = Off auto_prepend_file = auto_append_file = default_mimetype = "text/html" doc_root = user_dir = extension_dir = ./ enable_dl = On file_uploads = On upload_max_filesize = 32M include_path = /home/webmail/web allow_url_fopen = On define_syslog_variables = Off [mail function] SMTP = localhost sendmail_from = me@localhost.com [SQL] sql.safe_mode = Off [MySQL] mysql.allow_persistent = On mysql.max_persistent = -1 mysql.max_links = -1 mysql.default_port = 3306 mysql.default_socket = /var/run/mysql/mysql.sock mysql.default_host = localhost mysql.default_user = mysql.default_password = [Session] session.save_handler = files session.save_path = /tmp session.use_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.serialize_handler = php session.gc_probability = 1 session.gc_maxlifetime = 1440 session.referer_check = session.entropy_length = 0 session.entropy_file = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" EOF ln -s /usr/local/apache3/conf/php.ini /etc/php_apache1.ini >/dev/null 2>&1
Webmail init script:
cat > /etc/rc.d/rc.webmail << "EOF"
#!/bin/bash
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
# chkconfig: - 85 15
# description: Starts and stops the webmail httpd daemons.
# processname: webmail
# pidfile: /var/run/webmail/webmail.pid
# config: /usr/local/apache3/conf/httpd.conf
case "$1" in
start)
echo "Starting webmail..."
/usr/local/apache3/bin/apachectl start
;;
stop)
echo "Stopping webmail..."
/usr/local/apache3/bin/apachectl stop
;;
restart)
$0 stop
sleep 1
$0 start
;;
status)
statusproc /usr/local/apache3/bin/apachectl status
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
;;
esac
EOF
chmod 755 /etc/rc.d/rc.webmail
echo "/etc/rc.d/rc.webmail start" >> /etc/rc.d/rc.local
edit apachectl:
cd /usr/local/apache3/bin sed -e 's/\/usr\/local\/apache3\/logs\/httpd.pid/\/var\/run\/webmail\/webmail.pid/g' \ apachectl > apachectl_tmp mv apachectl_tmp apachectl -f chmod 755 apachectl /etc/rc.d/rc.webmail start
# directory tree web for the squirrelmail program mkdir -p /home/webmail # dir for user data (outside of directory tree) mkdir -p /var/webmail/data chown -R webmail.webmail /var/webmail/data # dir for attachments mkdir -p /var/webmail/attach chown -R webmail.webmail /var/webmail/attach chmod 733 /var/webmail/attach cd /usr/src # wget http://hostinghacks.net/dist/squirrelmail-1.4.4.tar.gz wget http://easynews.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.4.tar.gz tar -zxf squirrelmail-1.4.4.tar.gz cp /usr/src/squirrelmail-1.4.4 /home/webmail -R cd /home/webmail cp squirrelmail-1.4.4 web -R cd /home/webmail/web/config cat > /home/webmail/web/config/config_local.php << "EOF" <? $squirrelmail_default_language = 'en_US'; $default_charset = 'iso-8859-1'; $provider_uri = 'http://www.fatpenguinhosting.com'; $provider_name = 'Fat Penguin Hosting'; $domain = 'fatpenguinhosting.com'; $imapServerAddress = 'localhost'; $imapPort = 143; $useSendmail = true; $sendmail_path = '/usr/sbin/sendmail'; $data_dir = '/var/webmail/data/'; $attachment_dir = '/var/webmail/attach/'; ?> EOF chmod 644 /home/webmail/web/config/config_local.php
You can edit settings in /home/webmail/web/config/config.php by running ./conf.pl but settings from config_local.php should override config.php. Any options not set above will default from /home/webmail/web/config/config_default.php After configuration is complete, test your configuration by browsing to https://serv1.fatpenguinhosting.com:1081/src/configtest.php ; then browse to https://serv1.fatpenguinhosting.com:1081 to log in.
The following codepatch to web-cp will allow the URL: 'www.domain.usa/webmail' to be redirected to 'https://serv1.fatpenguinhosting.com:1081' :
cp /usr/src/phpanel/webcp-patches/webmail/apache.wcp.phps /home/webcp/server/lib/apache.wcp.phps -f chown webcp.webcp /home/webcp/server/lib/apache.wcp.phps chmod 750 /home/webcp/server/lib/apache.wcp.phps
Configure logrotate:
cat > /etc/logrotate.d/dovecot << "EOF"
/var/log/dovecot {
missingok
create 0644
postrotate
/etc/rc.d/rc.dovecot restart 2> /dev/null || true
endscript
}
EOF
chmod 644 /etc/logrotate.d/dovecot
watch dovecot log files:
cat > /etc/cron.daily/watch.dovecot << "EOF" #! /bin/sh tail -100 /var/log/dovecot | mail -s "serv1 dovecot log" servadmin@localhost EOF chmod +x /etc/cron.daily/watch.dovecot /etc/cron.daily/watch.dovecot
apache/webmail logs
cat > /etc/logrotate.d/webmail << "EOF"
/var/log/webmail/* {
missingok
create 0644
postrotate
/etc/rc.d/rc.webmail restart 2> /dev/null || true
endscript
}
EOF
chmod 644 /etc/logrotate.d/webmail
watch log files:
cat > /etc/cron.weekly/watch.webmail << "EOF" #! /bin/sh tail -100 /var/log/webmail/access | mail -s "webmail.access" servadmin@localhost tail -100 /var/log/webmail/errors | mail -s "webmail.errors" servadmin@localhost tail -100 /var/log/webmail/ssl_engine_log | mail -s "webmail.ssl_engine" servadmin@localhost tail -100 /var/log/webmail/ssl_request_log | mail -s "webmail.ssl_request" servadmin@localhost EOF chmod +x /etc/cron.weekly/watch.webmail /etc/cron.weekly/watch.webmail
punching a hole in an existing iptables firewall to port 1081 or 143:
iptables -I INPUT 25 -p tcp --dport 143 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -I INPUT 25 -p tcp --dport 1081 -m state --state NEW,ESTABLISHED -j ACCEPT
troubleshooting IMAP service with telnet:
telnet localhost 143 1 LOGIN "subzero" "passwd" 3 LIST "" "" 4 LIST "" "INBOX" 5 LSUB "" "*" 7 SELECT "INBOX"
you will want the following config options to be active in your PHP installation. --enable-track-vars --enable-force-cgi-redirect --with-gettext --with-mysql Make sure you have PHP uploads turned ON.