ISPConfig 3 Manual

[ISPConfig 3 Manual ]
ISPConfig 3 Manual
Version 1.0 for ISPConfig 3.0.3
Author: Falko Timme <ft@falkotimme.com>
Last edited 09/30/2010
Uploaded by SiByte | http://www.SiByte.si/
1
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
ISPConfig 3 is an open source hosting control panel for Linux and is capable of managing
multiple servers from one control panel. ISPConfig 3 is licensed under BSD license.
Managed Services and Features
• Manage one or more servers from one control panel (multiserver management)
• Different permission levels (administrators, resellers and clients) + email user level provided by a
roundcube plugin for ISPConfig
• Httpd (virtual hosts, domain- and IP-based)
• FTP, SFTP, SCP
• WebDAV
• DNS (A, AAAA, ALIAS, CNAME, HINFO, MX, NS, PTR, RP, SRV, TXT records)
• POP3, IMAP
• Email autoresponder
• Server-based mail filtering
• Advanced email spamfilter and antivirus filter
• MySQL client-databases
• Webalizer and/or AWStats statistics
• Harddisk quota
• Mail quota
• Traffic limits and statistics
• IP addresses
2
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• SSL
• SSI
• PHP (available PHP modes: mod_php, FCGI, CGI and suPHP)
• Shell access
• Jailed shell access
• Firewall
• Server monitoring module
• MySQL client-database access trough phpMyAdmin
• Cron jobs (full cron jobs, jailed cron jobs, web cron jobs)
If you have comments or annotations or would like to contribute to this manual, please contact the
author:
Falko Timme <ft@falkotimme.com
>
Table Of Contents
1 Conventions Used In This Manual
1.1 Commands
1.2 Contents Of Files
1.3 File Names, Protocol Names, System Specifications, Technical Specifications, User
Names, Etc.
1.4 Highlighting
2 ISPConfig Users - Admin, Resellers, And Clients
2.1 Summary
2.1.1 admin
2.1.2 Resellers
2.1.3 Clients
3 Installation & Updating
3.1 Single Server Setup
3.2 Multiserver Setup
3.2.1 Installing A Multiserver Setup With Dedicated Web, Email, DNS And MySQL Database
Servers On Debian 5.0 With ISPConfig 3
3.2.1.1 Installing The Five Debian Base Systems
3.2.1.2 Installing The Web Server
3.2.1.3 Installing The Mail Server
3.2.1.4 Installing The MySQL Database Server
3
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
3.2.1.5 Installing The Primary DNS Server
3.2.1.6 Installing The Secondary DNS Server
3.2.1.7 Adjust The Server Settings In ISPConfig
3.3 Mirror Setup
3.3.1 Installing A Web, Email And MySQL Database Cluster On Debian 5.0 With ISPConfig
3
3.3.1.1 Setting Up The Two Base Systems
3.3.1.2 Installing The Two Servers
3.3.1.3 Installing ISPConfig On The First (Master) Server
3.3.1.4 Installing ISPConfig 3 On The Second Server
3.3.1.5 Configure Replication In ISPConfig
3.3.1.6 Additional Notes
3.4 Updating
3.4.1 Creating A Backup
3.4.2 Command Line Update
4 Reference
4.1 Tabs
4.2 Login
4.3 Home
4.4 Tools
4.4.1 User Settings
4.4.1.1 Password and Language
4.5 Client
4.5.1 Clients
4.5.1.1 Add Client
4.5.1.2 Edit Client
4.5.1.3 Edit Client-Templates
4.5.2 Resellers
4.5.2.1 Add Reseller
4.5.2.2 Edit Reseller
4.6 Sites
4.6.1 Websites
4.6.1.1 Website
4.6.1.2 Subdomain for website
4.6.1.3 Aliasdomain for website
4.6.2 FTP
4.6.2.1 FTP-User
4.6.3 Shell
4.6.3.1 Shell-User
4.6.4 WebDAV
4.6.4.1 WebDAV User
4.6.5 Database
4
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.6.5.1 Database
4.6.6 Cron
4.6.6.1 Cron Jobs
4.6.7 Statistics
4.6.7.1 Web traffic
4.6.7.2 Website quota (Harddisk)
4.7 Email
4.7.1 Email Accounts
4.7.1.1 Domain
4.7.1.2 Domain Alias
4.7.1.3 Email Mailbox
4.7.1.4 Email Alias
4.7.1.5 Email Forward
4.7.1.6 Email Catchall
4.7.1.7 Email Routing
4.7.2 Spamfilter
4.7.2.1 Whitelist
4.7.2.2 Blacklist
4.7.2.3 User / Domain
4.7.2.4 Policy
4.7.3 Fetchmail
4.7.3.1 Fetchmail
4.7.4 Statistics
4.7.4.1 Mailbox traffic
4.7.5 Global Filters
4.7.5.1 Postfix Whitelist
4.7.5.2 Postfix Blacklist
4.7.5.3 Content Filter
4.7.5.4 Relay Recipients
4.8 DNS
4.8.1 DNS Wizard
4.8.1.1 Add DNS Zone
4.8.1.2 Templates
4.8.2 DNS
4.8.2.1 Zones
4.8.3 Secondary DNS
4.8.3.1 Secondary Zones
4.9 System
4.9.1 CP Users
4.9.1.1 Add user
4.9.1.2 Edit user
4.9.2 System
4.9.2.1 Server Services
4.9.2.2 Server Config
5
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.9.2.3 Server IP addresses
4.9.2.4 Interface Config
4.9.3 Firewall
4.9.3.1 Firewall
4.9.4 Software
4.9.4.1 Repositories
4.9.4.2 Packages
4.9.4.3 Updates
4.9.5 Language Editor
4.9.5.1 Languages
4.9.5.2 New Language
4.9.5.3 Merge
4.9.5.4 Export
4.9.5.5 Import
4.9.6 Remote Users
4.9.6.1 Add user
4.9.6.2 Edit user
4.9.7 Remote Actions
4.9.7.1 Do OS-Update
4.9.7.2 Do ISPConfig-Update
4.10 Monitor
4.10.1 System State (All Servers)
4.10.1.1 Show Overview
4.10.1.2 Show System-Log
4.10.1.3 Show Jobqueue
4.10.2 Server to Monitor
4.10.3 Hardware Information
4.10.3.1 Show CPU Info
4.10.4 Server State
4.10.4.1 Show Overview
4.10.4.2 Show Update State
4.10.4.3 Show RAID State
4.10.4.4 Show Server Load
4.10.4.5 Show Disk Usage
4.10.4.6 Show Memory Usage
4.10.4.7 Show Services
4.10.4.8 Show OpenVz VE BeanCounter
4.10.5 Logfiles
4.10.5.1 Show Mail Queue
4.10.5.2 Show Mail Log
4.10.5.3 Show Mail Warn-Log
4.10.5.4 Show Mail Error-Log
4.10.5.5 Show System-Log
4.10.5.6 Show ISPC Cron-Log
4.10.5.7 Show Freshclam-Log
4.10.5.8 Show Clamav-Log
6
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.10.5.9 Show RKHunter-Log
4.10.5.10 Show fail2ban-Log
4.11 Help
4.11.1 Support
4.11.1.1 Send message
4.11.1.2 View messages
4.11.2 About ISPConfig
4.11.2.1 Version
4.12 Domains
4.12.1 Domains
4.12.1.1 Domains
5 Howtos
5.1 How Do I Create A Reseller?
5.2 How Do I Create A Client?
5.3 How Do I Create A Web Site?
5.4 How Do I Create An SSL Web Site?
5.5 How Do I Redirect My Web Site To Another Web Site Or To A Specific Directory On The
Server?
5.6 How Do I Create An FTP Account So That I Can Upload Files To My Web Site?
5.7 How Can I Use Perl/CGI Scripts With My Web Site?
5.8 How Do I Create An Email Account?
5.9 How Do I Activate The Spamfilter/Virus Scanner For An Email Account?
5.10 How Do I Blacklist/Whitelist Email Addresses In The Spamfilter?
5.11 How Do I Fetch Emails From A Remote Server With ISPConfig And Put The Emails In A
Local Email Account?
5.12 How Do I Create A DNS Zone?
5.13 How Do I Create A Secondary DNS Zone?
5.14 How Do I Create A Mirror?
5.15 How Do I Split Up Services Between Multiple Servers?
5.16 How Do I Unblock An IP Address That Got Blocked By fail2ban?
5.17 How Do I Create A Subdomain And Redirect It To A Different Folder/Web Site?
5.18 How Do I Manually Configure New IP Addresses On My System?
5.19 How To Build A PureFTPd Debian Package For OpenVZ Virtual Machines (Without
Capabilities Enabled)
5.20 How To Display Hidden Files With PureFTPd On Debian And Ubuntu Linux
5.21 PureFTPd Does Not Show More Than 2,000 Files On Debian And Ubuntu
5.22 How To Speed Up Logins In PureFTPd On Debian Or Ubuntu Linux By Disabling Name
Resolving
5.23 How To Enable Verbose Logging In PureFTPd On Debian And Ubuntu Linux
5.24 How To Enable FTPS For PureFTPd On Debian And Ubuntu Linux
6 Security Considerations
6.1 How Do I Disable Certain PHP Functions?
6.2 Enabling SSL For The ISPConfig Web Interface
7
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
6.3 Using SuExec For The ISPConfig Web Interface
6.4 What Are Secure Settings For Web Sites Created Through ISPConfig?
6.5 How Do I Make fail2ban Monitor Additional Services?
6.5.1 PureFTPd
6.5.2 SASL
6.5.3 Courier
6.5.4 Dovecot
7 Troubleshooting
7.1 How Do I Find Out What Is Wrong If ISPConfig Does Not Work?
Copyright Information
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced,
adapted, translated, or made available to a third party in any form by any process (electronic or
otherwise) without the written specific consent of projektfarm GmbH. You may keep backup
copies of the manual in digital or printed form for your personal use. All rights reserved.
1 Conventions Used In This Manual
1.1 Commands
Commands to be executed on the command line are formatted as follows in this document:
php -q install.php
1.2 Contents Of Files
Contents of files are displayed as follows in this document:
127.0.0.1 localhost.localdomain localhost
# Auto-generated hostname. Please do not remove this comment.
78.46.230.214 server1.example.com server1
1.3 File Names, Protocol Names, System Specifications,
Technical Specifications, User Names, Etc.
8
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
File names, protocol names, system specifications, technical specifications, user names,
names of form fields, etc. are displayed as follows:
http://<hostname>:8080/
/var/vmail
/etc/fstab
admin
Email > Spamfilter > Blacklist
1.4 Highlighting
Very important details are highlighted as follows:
Please note that this automatic network configuration works only on Debian/Ubuntu and only if you have one
network card which must be eth0.
2 ISPConfig Users - Admin, Resellers, And Clients
ISPConfig offers three levels of users which are all fully customizable - admin, resellers, and
clients. The default user and at the same time the user with the highest permissions is admin .
The admin account is created automatically when you install ISPConfig; all other users have to
be created within ISPConfig (see chapters 4.5.1.1 for clients, 4.5.2.1 for resellers, and 4.9.1.1
for further admin users). admin has full control over the ISPConfig control panel and all its
functions.
Please don't mix up admin with the root account - root is a system user whereas admin is an
ISPConfig user; ISPConfig users can just log into the ISPConfig control panel, nothing more,
i.e., they don't have shell access, for example.
can create further administrators that have the same or similar rights (see chapter
4.9.1.1), for example you could create an administrator account with the rights to create web
sites for clients, and you could create another administrator account that has full access to the DNS
module only (for example if you have one web site specialist and another DNS specialist in your
company).
admin
can also create clients and resellers (resellers can then create clients themselves, but
clients cannot create other clients - clients are the ISPConfig users with the lowest
permissions). Resellers are companies or individuals that sell services (web hosting, email
hosting, DNS hosting, etc.) to their clients without having to worry about the infrastructure
behind it - this is all managed by admin . admin can impose limits on resellers so that they don't
use up all of the server's resources. Reseller limits probably depend on what resellers are
willing to pay for the service , but that is totally up to admin what limits he chooses.
admin
9
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Clients can be created by admin or resellers. They can have multiple web sites, email
accounts, etc., but this depends on the client limits that admin and the reseller can set. You can
have a client with 5GB of web space, 5 web sites and 10 email accounts, and you can have a
client with 100GB of web space, 20 web sites, 100 email accounts and access to the DNS
module.
All ISPConfig users (regardless of their role) can access ISPConfig 3 under
http://<hostname>:8080/
or http://<ip_address>:8080/
2.1 Summary
2.1.1 admin
• admin manages and has full control over the system.
• admin can add other control panel users (users with administrator functions, resellers and
clients).
• admin can have his own clients independent of resellers.
2.1.2 Resellers
• Resellers can have access to almost all modules (except the system configuration) or only to a
limited set of modules, depending on the permissions given by admin .
• Resellers can create clients.
• Depending on the limits set by admin , resellers can see a limited set of resources to their
clients (web space, email accounts, etc.).
2.1.3 Clients
• Clients can create web sites, email accounts, etc., but that depends on the resources given to them
by their reseller or admin .
3 Installation & Updating
10
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
In this chapter I will explain how you can install ISPConfig 3 on your server(s). As ISPConfig 3 is
multiserver-capable, we have to differentiate between three scenarios:
• The most common setup is to have one web, email, DNS, MySQL database server, i.e. a
single server that hosts all services, and install ISPConfig 3 on it (single server setup ).
• The second scenario is to control multiple servers from just one ISPConfig 3 installation,
where each server can host all services (web, email, DNS, MySQL), but it is also possible to split
up services (e.g. dedicated web servers, dedicated email servers, dedicated DNS
servers, dedicated MySQL database servers) (multiserver setup ).
• The third scenario is to have slave servers or mirrors of the ISPConfig 3 server. In this case you
cannot create any items on the mirror (this server cannot be selected when you create a new item
in ISPConfig 3), but instead the configuration (web site configuration, email
configuration, etc.) will be copied from the master to the mirror (just the configuration, not any
web site contents, etc. - if you want this, you can achieve this by using rsync or using a
cluster filesystem like GlusterFS or some kind of network-attached storage, and you'd have
to use one of these techniques on the directories /var/www for the web sites' contents and
/var/vmail
for the emails - for MySQL databases, you'd have to use MySQL master-master
replication ). If you select a master server in the Is mirror of Server
field (see chapter
4.9.2.1), the server for which you select the master will act as a mirror, not as a full-fledged
server. If you have a failover-IP address that you can switch between the master and the
mirror (e.g. automatically with heartbeat /keepalived /etc. or manually, e.g. from your hoster's
control panel), you can achieve high-availability because if the master fails, the mirror can
take over (mirror setup ). Of course, this can be mixed with a multiserver setup (i.e., you can
have a cluster with full-fledged servers like in the second scenario and with mirrors).
ISPConfig 3 has two installation modes called standard and expert . expert is needed only for
multiserver and mirror setups (see chapters 3.2 and 3.3) - in most cases you should use
standard mode. In expert mode the installer asks if the server should join an existing
ISPConfig multiserver setup, and if you answer with yes (y ), the installer asks further questions
about the master server (like database details).
3.1 Single Server Setup
You can find setup instructions for various versions of Debian, Ubuntu, CentOS, Fedora, and
OpenSUSE on http://www.ispconfig.org/ispconfig-3/documentation/ . It is strongly
recommended to follow these to set up your Linux server before you install ISPConfig 3.
After you've set up the base system, you can install ISPConfig 3 as follows:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
11
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
The next step is to run
php -q install.php
This will start the ISPConfig 3 installer. The installer will configure all services like postfix, sasl,
courier, etc. for you.
root@server1:/tmp/ispconfig3_install/install# php -q install.php
_____ ___________
_____
__ _
|_ _/ ___| ___ / __
/ _(_)
| | `--.| |_/ / | / / ___ _ __ | |_ _ __ _
| | `--. __/ | | / _ | '_ | _| |/ _` |
_| |_/__/ / |
| __/ (_) | | | | | | | (_| |
___/____/_|
____/___/|_| |_|_| |_|__, |
__/ |
|___/
>> Initial configuration
Operating System: Debian Squeeze/Sid or compatible
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.
Select language (en,de) [en]:
<-- ENTER
Installation mode (standard,expert) [standard]:
<-- ENTER
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.exampl
e.com]: <-- ENTER
MySQL server hostname [localhost]:
<-- ENTER
12
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
MySQL root username [root]:
MySQL root password []:
<-- ENTER
<-- yourrootsqlpassword
MySQL database to create [dbispconfig]:
MySQL charset [utf8]:
<-- ENTER
<-- ENTER
Generating a 2048 bit RSA private key
...+++
.+++
writing new private key to 'smtpd.key'
----You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----Country Name (2 letter code) [AU]:
<-- ENTER
State or Province Name (full name) [Some-State]:
<-- ENTER
Locality Name (eg, city) []:
<-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
<-- ENTER
Common Name (eg, YOUR name) []:
<-- ENTER
Email Address []:
<-- ENTER
Configuring Jailkit
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring vlogger
Configuring Apps vhost
Configuring Firewall
Installing ISPConfig
ISPConfig Port [8080]:
<-- ENTER
<-- ENTER
Configuring DBServer
Installing Crontab
no crontab for root
13
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
no crontab for getmail
Restarting services ...
Rather than invoking init scripts through /etc/init.d, use the service(8)
utility, e.g. service mysql restart
Since the script you are attempting to invoke has been converted to an
Upstart job, you may also use the restart(8) utility, e.g. restart mysql
mysql start/running, process 24840
* Stopping Postfix Mail Transport Agent postfix
...done.
* Starting Postfix Mail Transport Agent postfix
...done.
* Stopping SASL Authentication Daemon saslauthd
...done.
* Starting SASL Authentication Daemon saslauthd
...done.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
* Stopping ClamAV daemon clamd
...done.
* Starting ClamAV daemon clamd
...done.
* Stopping Courier authentication services authdaemond
...done.
* Starting Courier authentication services authdaemond
...done.
* Stopping Courier IMAP server...
...done.
* Starting Courier IMAP server...
...done.
* Stopping Courier IMAP-SSL server...
...done.
* Starting Courier IMAP-SSL server...
...done.
* Stopping Courier POP3 server...
...done.
* Starting Courier POP3 server...
...done.
* Stopping Courier POP3-SSL server...
...done.
* Starting Courier POP3-SSL server...
...done.
* Restarting web server apache2
... waiting .. ...done.
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/et
c/pure-ftpd/db/mysql.conf -l pam -H -E -b -O clf:/var/log/pure-ftpd/transfer.log -8
14
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
UTF-8 -u 1000 -A -B
Installation completed.
root@server1:/tmp/ispconfig3_install/install#
The installer automatically configures all underlying services, so no manual configuration is
needed.
Afterwards you can access ISPConfig 3 under http://<hostname>:8080/
or
http://<ip_address>:8080/
. Log in with the username admin and the password admin (you
should change the default password after your first login):
15
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
The system is now ready to be used.
3.2 Multiserver Setup
The best way to describe a multiserver setup is to do this through an example. Here is a
tutorial about a Debian Lenny multiserver setup with dedicated web, email, DNS and MySQL
database servers with ISPConfig 3 (i.e., the services are split up between the servers - of
course, it is also possible to let all servers host all services instead of just one service).
3.2.1 Installing A Multiserver Setup With Dedicated Web, Email,
DNS And MySQL Database Servers On Debian 5.0 With ISPConfig
3
This tutorial describes the installation of an ISPConfig 3 multiserver setup with dedicated web,
email, database and two DNS servers all managed trough a single ISPConfig 3 control panel.
The setup described below uses five servers and can be extended easily to a higher number of
servers by just adding more servers. E.g. if you want to have two mailservers, do the setup
steps from chapter 3.2.1.3 on both of these servers. If you want to set up more web servers,
16
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
then install ISPConfig on all other web servers in expert mode except of the first one.
3.2.1.1 Installing The Five Debian Base Systems
In this setup there will be one master server (which runs the web server and ISPConfig control
panel interface) and four slave servers for database, email, primary and secondary DNS.
To install the clustered setup, we need five servers (or virtual servers) with a Debian 5.0
minimal install. The base setup is described in the following tutorial in the steps 1 - 6:
http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3
Install only steps 1 - 6 of the perfect server tutorial and not the other steps as they differ for a clustered setup!
In my example I use the following hostnames and IP addresses for the five servers:
Web Server
Hostname: web.example.tld
IP address: 192.168.0.105
Mail Server
Hostname: mail.example.tld
IP address: 192.168.0.106
DB Server
Hostname: db.example.tld
IP address: 192.168.0.107
DNS Server (primary)
Hostname: ns1.example.tld
IP address: 192.168.0.108
DNS Server (secondary)
Hostname: ns2.example.tld
IP address: 192.168.0.109
Whereever these hostnames or IP addresses occur in the next installation steps you will have to
change them to match the IP's and hostnames of your servers.
17
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
3.2.1.2 Installing The Web Server
Edit the hosts file and add the IP addresses and hostnames for all servers. The hostnames and
IP addresses have to be adjusted to match your setup.
vi /etc/hosts
127.0.0.1
localhost
192.168.0.105
web.example.tld
192.168.0.106
mail.example.tld
192.168.0.107
db.example.tld
192.168.0.108
ns1.example.tld
192.168.0.109 ns2.example.tld
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Set the hostname of the server:
echo web.example.tld > /etc/hostname
/etc/init.d/hostname.sh start
Edit the sources.list
file...
vi /etc/apt/sources.list
... and ensure that it contains the following line to enable the volatile repository.
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
Run...
apt-get update
... to update the apt package database; then run...
18
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
apt-get upgrade
... to install the latest updates (if there are any).
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over
the Internet. Simply run...
apt-get -y install ntp ntpdate
... and your system time will always be in sync.
Install the MySQL server. A MySQL server instance is necessary on every server as ISPConfig
uses it to sync the configuration between the servers.
apt-get -y install mysql-client mysql-server
Enter the new password for MySQL when requested by the installer.
We want MySQL to listen on all interfaces on the master server, not just localhost, therefore
we edit /etc/mysql/my.cnf
and comment out the line bind-address = 127.0.0.1
:
vi /etc/mysql/my.cnf
[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address
= 127.0.0.1
[...]
Then restart MySQL:
/etc/init.d/mysql restart
Now install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt as follows:
apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils
libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap
phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth
php5-mcrypt
mcrypt
php5-imagick
imagemagick
libapache2-mod-suphp
libopenssl-ruby
19
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
libapache2-mod-ruby sudo
You will see the following question:
Web server to reconfigure automatically:
<-- apache2
Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and
include:
a2enmod suexec rewrite ssl actions include ruby dav_fs dav auth_digest
PureFTPd and quota can be installed with the following command:
apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool
Edit /etc/fstab
. Mine looks like this (I added ,usrquota,grpquota
mount point / ):
to the partition with the
vi /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options>
proc
proc
defaults
/dev/sda1
/
ext3
errors=remount-ro,usrquota,grpquota 0
/dev/sda5
none
swap
sw
/media/cdrom0 udf,iso9660 user,noauto
/dev/fd0
/media/floppy0 auto
0
<dump> <pass>
/proc
0
0
0
1
0 /dev/hda
0
rw,user,noauto 0
0
To enable quota, run these commands:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
20
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Install vlogger, webalizer, and awstats:
apt-get -y install vlogger webalizer awstats
Install Jailkit: Jailkit is needed only if you want to chroot SSH users and cron jobs. It can be
installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed
afterwards!):
apt-get -y install build-essential autoconf automake1.9 libtool flex bison
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.12.tar.gz
tar xvfz jailkit-2.12.tar.gz
cd jailkit-2.12
./configure
make
make install
cd ..
rm -rf jailkit-2.12*
Install fail2ban: This is optional but recommended, because the ISPConfig monitor tries to
show the log:
apt-get install fail2ban
Next we will install ISPConfig 3. To get the download URL of the latest ISPConfig 3 stable
release, please visit the ISPConfig website: http://www.ispconfig.org/ispconfig-3/download/
This server is the master server in our setup which runs the ISPConfig control panel interface. To
allow the other MySQL instances to connect to the MySQL database on this node during
installation, we have to add MySQL root user records in the master database for every slave server
hostname and IP address. The easiest way to do this is to use the web based
phpmyadmin administration tool that we installed already. Open the URL
http://192.168.0.105/phpmyadmin
in a web browser, log in as MySQL root user and execute
these MySQL queries:
CREATE USER 'root'@'192.168.0.106' IDENTIFIED BY 'myrootpassword';
21
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
GRANT ALL PRIVILEGES ON * . * TO 'root'@'192.168.0.106' IDENTIFIED BY 'myrootpassword' WITH
GRANT OPTION MAX_QUERIES_PER_HOUR
0 MAX_CONNECTIONS_PER_HOUR
0 MAX_UPDATES_PER_HOUR
0
MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'192.168.0.107' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'192.168.0.107' IDENTIFIED BY 'myrootpassword' WITH
GRANT OPTION MAX_QUERIES_PER_HOUR
0 MAX_CONNECTIONS_PER_HOUR
0 MAX_UPDATES_PER_HOUR
0
MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'192.168.0.108' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'192.168.0.108' IDENTIFIED BY 'myrootpassword' WITH
GRANT OPTION MAX_QUERIES_PER_HOUR
0 MAX_CONNECTIONS_PER_HOUR
0 MAX_UPDATES_PER_HOUR
0
MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'192.168.0.109' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'192.168.0.109' IDENTIFIED BY 'myrootpassword' WITH
GRANT OPTION MAX_QUERIES_PER_HOUR
0 MAX_CONNECTIONS_PER_HOUR
0 MAX_UPDATES_PER_HOUR
0
MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'mail.example.tld' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'mail.example.tld' IDENTIFIED BY 'myrootpassword'
WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0
MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'db.example.tld' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'db.example.tld' IDENTIFIED BY 'myrootpassword' WITH
GRANT OPTION MAX_QUERIES_PER_HOUR
0 MAX_CONNECTIONS_PER_HOUR
0 MAX_UPDATES_PER_HOUR
0
MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'ns1.example.tld' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'ns1.example.tld' IDENTIFIED BY 'myrootpassword' WITH
GRANT OPTION MAX_QUERIES_PER_HOUR
0 MAX_CONNECTIONS_PER_HOUR
0 MAX_UPDATES_PER_HOUR
0
MAX_USER_CONNECTIONS 0 ;
22
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
CREATE USER 'root'@'ns2.example.tld' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'ns2.example.tld' IDENTIFIED BY 'myrootpassword' WITH
GRANT OPTION MAX_QUERIES_PER_HOUR
0 MAX_CONNECTIONS_PER_HOUR
0 MAX_UPDATES_PER_HOUR
0
MAX_USER_CONNECTIONS 0 ;
In the above sql commands, replace the IP adresses (192.168.0.106
- 192.168.0.109
IP addresses of your servers and replace mail.example.tld
, db.example.tld
,
ns1.example.tld
and ns2.example.tld
with the hostnames of your servers and
myrootpassword with the desired root password.
) with the
Click on the reload permissions button or restart MySQL. Then close phpmyadmin.
Go back to the shell of server1.example.tld
release:
and download the latest ISPConfig 3 stable
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
Then start the install script:
php -q install.php
Select language (en,de) [en]:
<-- en
Installation mode (standard,expert) [standard]:
<-- expert
Full qualified hostname (FQDN) of the server, eg server2.domain.tld
[web.example.tld]:
<-- web.example.tld
MySQL server hostname [localhost]:
<-- localhost
MySQL root username [root]:
<-- root
MySQL root password []:
<-- Enter your MySQL root password here
MySQL database to create [dbispconfig]:
<-- dbispconfig
MySQL charset [utf8]:
<-- utf8
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]:
Configure Mail (y,n) [y]:
<-- n
Configure Jailkit (y,n) [y]:
<-- y
Configure FTP Server (y,n) [y]:
<-- y
Configure DNS Server (y,n) [y]:
<-- n
Configure Apache Server (y,n) [y]:
<-- y
Configure Firewall Server (y,n) [y]:
<--y
<-- n
23
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Install ISPConfig Web-Interface (y,n) [y]:
ISPConfig Port [8080]:
<-- 8080
<--y
Clean up the install directories:
rm -rf /tmp/ispconfig3_install/install
rm -f /tmp/ISPConfig-3-stable.tar.gz
3.2.1.3 Installing The Mail Server
Edit the hosts file and add the IP addresses and hostnames for all servers. The hostnames and
IP addresses have to be adjusted to match your setup.
vi /etc/hosts
127.0.0.1
localhost
192.168.0.105
web.example.tld
192.168.0.106
mail.example.tld
192.168.0.107
db.example.tld
192.168.0.108
ns1.example.tld
192.168.0.109 ns2.example.tld
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Set the hostname of the server:
echo mail.example.tld > /etc/hostname
echo mail.example.tld > /etc/mailname
/etc/init.d/hostname.sh start
Edit the sources.list
file...
24
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
vi /etc/apt/sources.list
... and ensure that it contains the following line to enable the volatile repository.
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
Run...
apt-get update
... to update the apt package database; then run...
apt-get upgrade
... to install the latest updates (if there are any).
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over
the Internet. Simply run...
apt-get -y install ntp ntpdate
... and your system time will always be in sync.
Install postfix, dovecot and MySQL with one single command:
apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl
getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d
Enter the new password for mysql when requested by the installer and answer the next
questions as decsribed below:
Create directories for web-based administration ?
General type of configuration?
<-- Internet site
Mail name?
<-- mail.mydomain.tld
SSL certificate required
<-- Ok
<-- No
To install amavisd-new, SpamAssassin, and ClamAV, we run:
apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop
cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon
libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
25
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Then install install the commandline version of PHP to be able to run PHP-based shell scripts for
ISPConfig:
apt-get -y install php5-cli php5-mysql php5-mcrypt mcrypt
Install fail2ban: This is optional but recommended, because the ISPConfig monitor tries to
show the log:
apt-get install fail2ban
Now I will install ISPConfig 3 on this server. To get the download URL of the latest ISPConfig 3
stable release, please visit the ISPConfig website:
http://www.ispconfig.org/ispconfig-3/download/
Download the latest ISPConfig 3 stable release:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
Then s tart the install script:
php -q install.php
Select language (en,de) [en]:
<-- en
Installation mode (standard,expert) [standard]:
<-- expert
Full qualified hostname (FQDN) of the server, eg server1.domain.tld
[mail.example.tld]:
<-- mail.example.tld
MySQL server hostname [localhost]:
<-- localhost
MySQL root username [root]:
<-- root
MySQL root password []:
<-- Enter your MySQL root password here
MySQL database to create [dbispconfig]:
<-- dbispconfig
MySQL charset [utf8]:
<-- utf8
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]:
<-- y
MySQL master server hostname []:
<-- web.example.tld
MySQL master server root username [root]:
<-- root
MySQL master server root password []:
<-- Enter the root password of the master server here
MySQL master server database name [dbispconfig]:
<-- dbispconfig
Configure Mail (y,n) [y]:
<-- y
26
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Country Name (2 letter code) [AU]:
<-- DE (Enter the ISO country code where you live here)
State or Province Name (full name) [Some-State]:
<-- Niedersachsen (Enter the state where
you live here)
Locality Name (eg, city) []:
<-- Lueneburg (Enter the city here)
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
<-- ENTER
Organizational Unit Name (eg, section) []:
<-- ENTER
Common Name (eg, YOUR name) []:
<-- ENTER
Email Address []:
<-- ENTER
Configure Jailkit (y,n) [y]:
<-- n
Configure FTP Server (y,n) [y]:
Configure DNS Server (y,n) [y]:
Configure Apache Server (y,n) [y]:
Configure Firewall Server (y,n) [y]:
Install ISPConfig Web-Interface (y,n) [y]:
<-- n
<-- n
<-- n
<--y
<--n
Run...
rm -f /var/www/ispconfig
... to remove the ISPConfig interface link in the /var/www directory.
Clean up the install directories:
rm -rf /tmp/ispconfig3_install/install
rm -f /tmp/ISPConfig-3-stable.tar.gz
3.2.1.4 Installing The MySQL Database Server
Edit the hosts file and add the IP addresses and hostnames for all servers. The hostnames and
IP addresses have to be adjusted to match your setup.
vi /etc/hosts
127.0.0.1
localhost
192.168.0.105
web.example.tld
192.168.0.106
mail.example.tld
192.168.0.107
db.example.tld
192.168.0.108
ns1.example.tld
192.168.0.109 ns2.example.tld
27
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Set the hostname of the server:
echo db.example.tld > /etc/hostname
/etc/init.d/hostname.sh start
Edit the sources.list
file...
vi /etc/apt/sources.list
... and ensure that it contains the following line to enable the volatile repository.
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
Run...
apt-get update
... to update the apt package database; then run...
apt-get upgrade
... to install the latest updates (if there are any).
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over
the Internet. Simply run...
apt-get -y install ntp ntpdate
... and your system time will always be in sync.
Install MySQL client and server:
28
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
apt-get -y install mysql-client mysql-server
Enter the new password for MySQL when requested by the installer.
We want MySQL to listen on all interfaces, not just localhost, therefore we edit
/etc/mysql/my.cnf
and comment out the line bind-address = 127.0.0.1
:
vi /etc/mysql/my.cnf
[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address
= 127.0.0.1
[...]
Then restart MySQL:
/etc/init.d/mysql restart
Then install install the commandline version of PHP to be able to run PHP-based shell scripts for
ISPConfig:
apt-get -y install php5-cli php5-mysql php5-mcrypt mcrypt
Install fail2ban: This is optional but recommended, because the ISPConfig monitor tries to
show the log:
apt-get install fail2ban
Next install ISPConfig 3 on this server. To get the download URL of the latest ISPConfig 3
stable release, please visit the ISPConfig website:
http://www.ispconfig.org/ispconfig-3/download/
Download the latest ISPConfig 3 stable release:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
29
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
Then start the install script:
php -q install.php
Select language (en,de) [en]:
<-- en
Installation mode (standard,expert) [standard]:
<-- expert
Full qualified hostname (FQDN) of the server, eg server1.domain.tld
[db.example.tld]:
<-- db.example.tld
MySQL server hostname [localhost]:
<-- localhost
MySQL root username [root]:
<-- root
MySQL root password []:
<-- Enter your MySQL root password here
MySQL database to create [dbispconfig]:
<-- dbispconfig
MySQL charset [utf8]:
<-- utf8
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]:
<-- y
MySQL master server hostname []:
<-- web.example.tld
MySQL master server root username [root]:
<-- root
MySQL master server root password []:
<-- Enter the root password of the master server here
MySQL master server database name [dbispconfig]:
<-- dbispconfig
Configure Mail (y,n) [y]:
<-- n
Configure Jailkit (y,n) [y]:
<-- n
Configure FTP Server (y,n) [y]:
<-- n
Configure DNS Server (y,n) [y]:
<-- n
Configure Apache Server (y,n) [y]:
<-- n
Configure Firewall Server (y,n) [y]:
<--y
Install ISPConfig Web-Interface (y,n) [y]:
<--n
Run...
rm -f /var/www/ispconfig
... to remove the ISPConfig interface link in the /var/www directory.
Clean up the install directories:
rm -rf /tmp/ispconfig3_install/install
rm -f /tmp/ISPConfig-3-stable.tar.gz
30
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
3.2.1.5 Installing The Primary DNS Server
Edit the hosts file and add the IP addresses and hostnames for all servers. The hostnames and
IP addresses have to be adjusted to match your setup.
vi /etc/hosts
127.0.0.1
localhost
192.168.0.105
web.example.tld
192.168.0.106
mail.example.tld
192.168.0.107
db.example.tld
192.168.0.108
ns1.example.tld
192.168.0.109 ns2.example.tld
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Set the hostname of the server:
echo ns1.example.tld > /etc/hostname
/etc/init.d/hostname.sh start
Edit the sources.list
file...
vi /etc/apt/sources.list
... and ensure that it contains the following line to enable the volatile repository.
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
Run...
apt-get update
... to update the apt package database; then run...
31
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
apt-get upgrade
... to install the latest updates (if there are any).
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over
the Internet. Simply run...
apt-get -y install ntp ntpdate
... and your system time will always be in sync.
Install MySQL client and server:
apt-get -y install mysql-client mysql-server
Enter the new password for MySQL when requested by the installer.
Then install install the commandline version of PHP to be able to run PHP-based shell scripts for
ISPConfig:
apt-get -y install php5-cli php5-mysql php5-mcrypt mcrypt
Install BIND DNS Server:
apt-get -y install bind9 dnsutils
Next install ISPConfig 3 on the dns server. To get the download URL of the latest ISPConfig 3
stable release, please visit the ISPConfig website:
http://www.ispconfig.org/ispconfig-3/download/
Download the latest ISPConfig 3 stable release:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
Then start the install script:
32
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
php -q install.php
Select language (en,de) [en]:
<-- en
Installation mode (standard,expert) [standard]:
<-- expert
Full qualified hostname (FQDN) of the server, eg server2.domain.tld
[ns1.example.tld]:
<-- ns1.example.tld
MySQL server hostname [localhost]:
<-- localhost
MySQL root username [root]:
<-- root
MySQL root password []:
<-- Enter your MySQL root password here
MySQL database to create [dbispconfig]:
<-- dbispconfig
MySQL charset [utf8]:
<-- utf8
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]:
<-- y
MySQL master server hostname []:
<-- web.example.tld
MySQL master server root username [root]:
<-- root
MySQL master server root password []:
<-- Enter the root password of the master server here
MySQL master server database name [dbispconfig]:
<-- dbispconfig
Configure Mail (y,n) [y]:
<-- n
Configure Jailkit (y,n) [y]:
<-- n
Configure FTP Server (y,n) [y]:
<-- n
Configure DNS Server (y,n) [y]:
<-- y
Configure Apache Server (y,n) [y]:
<-- n
Configure Firewall Server (y,n) [y]:
<--y
Install ISPConfig Web-Interface (y,n) [y]:
<--n
Run...
rm -f /var/www/ispconfig
... to remove the ISPConfig interface link in the /var/www directory.
Clean up the install directories:
rm -rf /tmp/ispconfig3_install/install
rm -f /tmp/ISPConfig-3-stable.tar.gz
3.2.1.6 Installing The Secondary DNS Server
Edit the hosts file and add the IP addresses and hostnames for all servers. The hostnames and
IP addresses have to be adjusted to match your setup.
vi /etc/hosts
33
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
127.0.0.1
localhost
192.168.0.105
web.example.tld
192.168.0.106
mail.example.tld
192.168.0.107
db.example.tld
192.168.0.108
ns1.example.tld
192.168.0.109 ns2.example.tld
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Set the hostname of the server:
echo ns2.example.tld > /etc/hostname
/etc/init.d/hostname.sh start
Edit the sources.list
file...
vi /etc/apt/sources.list
... and ensure that it contains the following line to enable the volatile repository.
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
Run...
apt-get update
... to update the apt package database; then run...
apt-get upgrade
... to install the latest updates (if there are any).
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over
the Internet. Simply run...
34
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
apt-get -y install ntp ntpdate
... and your system time will always be in sync.
Install MySQL client and server:
apt-get -y install mysql-client mysql-server
Enter the new password for MySQL when requested by the installer.
Then install install the commandline version of PHP to be able to run PHP-based shell scripts for
ISPConfig:
apt-get -y install php5-cli php5-mysql php5-mcrypt mcrypt
Install BIND DNS Server:
apt-get -y install bind9 dnsutils
Next install ISPConfig 3 on the dns server. To get the download URL of the latest ISPConfig 3
stable release, please visit the ISPConfig website:
http://www.ispconfig.org/ispconfig-3/download/
Download the latest ISPConfig 3 stable release:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
Then start the install script:
php -q install.php
Select language (en,de) [en]:
<-- en
Installation mode (standard,expert) [standard]:
<-- expert
Full qualified hostname (FQDN) of the server, eg server2.domain.tld
[ns2.example.tld]:
<-- ns2.example.tld
35
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
MySQL server hostname [localhost]:
<-- localhost
MySQL root username [root]:
<-- root
MySQL root password []:
<-- Enter your MySQL root password here
MySQL database to create [dbispconfig]:
<-- dbispconfig
MySQL charset [utf8]:
<-- utf8
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]:
<-- y
MySQL master server hostname []:
<-- web.example.tld
MySQL master server root username [root]:
<-- root
MySQL master server root password []:
<-- Enter the root password of the master server here
MySQL master server database name [dbispconfig]:
<-- dbispconfig
Configure Mail (y,n) [y]:
<-- n
Configure Jailkit (y,n) [y]:
<-- n
Configure FTP Server (y,n) [y]:
<-- n
Configure DNS Server (y,n) [y]:
<-- y
Configure Apache Server (y,n) [y]:
<-- n
Configure Firewall Server (y,n) [y]:
<--y
Install ISPConfig Web-Interface (y,n) [y]:
<--n
Run...
rm -f /var/www/ispconfig
... to remove the ISPConfig interface link in the /var/www directory.
Clean up the install directories:
rm -rf /tmp/ispconfig3_install/install
rm -f /tmp/ISPConfig-3-stable.tar.gz
3.2.1.7 Adjust The Server Settings In ISPConfig
Log into ISPConfig on the master server with a web browser:
http://192.168.0.105:8080
Click on System > Server services > web.example.tld
and disable all checkboxes except of
the Webserver and Fileserver
checkbox and click on Save .
36
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Click on System > Server services > mail.example.tld
the Mailserver
checkbox and click on Save .
Click on System > Server services > db.example.tld
the DB-Server checkbox and click on Save .
and disable all checkboxes except of
and disable all checkboxes except of
37
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Click on System > Server services > ns1.example.tld
the DNS-Server checkbox and click on Save .
and disable all checkboxes except of
Click on System > Server services > ns2.example.tld
and disable all checkboxes except of
the DNS-Server checkbox and select ns1.example.com in the Is mirror of Server
selectbox
and click on Save .
38
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
3.3 Mirror Setup
In a mirror setup, ISPConfig will copy just the configuration (web site configuration, email
configuration, etc.) from the master to the mirror (i.e., not any web site contents, etc.). If you
want to copy contents from the master to the mirror as well, there are several techniques that
you can use, and you are free to set this up the way you like and that suits your needs best.
For example, you can achieve this by using rsync or using a cluster filesystem like GlusterFS
or some kind of network-attached storage, and you'd have to use one of these techniques on
the directories /var/www for the web sites' contents and /var/vmail for the emails - for MySQL
databases, you'd have to use MySQL master-master replication
. If you have a failover-IP
address that you can switch between the master and the mirror (e.g. automatically with
heartbeat /keepalived /etc. or manually, e.g. from your hoster's control panel), you can achieve
high-availability because if the master fails, the mirror can take over.
Again, it is best to demonstrate such a setup through an example. In the following tutorial,
GlusterFS is used to share contents between the master and the slave server.
3.3.1 Installing A Web, Email And MySQL Database Cluster On
Debian 5.0 With ISPConfig 3
This tutorial describes the installation of a clustered Web, Email, Database and DNS server to be
used for redundancy, high availability and load balancing on Debian 5 with the ISPConfig 3 control
panel. GlusterFS will be used to mirror the data between the servers and ISPConfig for mirroring
the configuration files. I will use a setup of two servers here for demonstration
purposes but the setup can scale to a higher number of servers with only minor modifications in the
GlusterFS configuration files.
39
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
There is currently one limitation in the MySQL cluster setup. The MySQL daemon has locking
problems during the initial innodb check when the second server gets started. The current
workaround that I use here is to start MySQL with myisam only. I've found several reports of
successfully running MySQL servers with innodb on GlusterFS, so it must be possible with
some finetuning of the GlusterFS and / or MySQL configuration file to use innodb as well. I will try to
find a solution for the locking issues and update this tutorial. If someone knows a solution for innodb
on GlusterFS, please contact me. If you want to use the second server only as hot standby system,
then you should be able to use innodb as long as you start MySQL on the
second server only when the first server is disconnected.
This is currently a proof of concept setup, so there is no experience how this setup scales in
production systems yet. The only part that might cause problems is the shared MySQL data
directory. Another solution for accessing MySQL databases from several servers
simultaneously is to use a MySQL-cluster setup (
http://www.mysql.com/products/database/cluster/
) or MySQL master / master replication (
http://www.howtoforge.com/mysql_master_master_replication
).
3.3.1.1 Setting Up The Two Base Systems
In this setup there will be one master server (which runs the ISPConfig control panel interface) and
one slave server which mirrors the web (apache), email (postfix and dovecot) and
database (MySQL) services of the master server.
To install the clustered setup, we need two servers with a Debian 5.0 minimal install. The base
setup is described in the following tutorial in the steps 1 - 6:
http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3
Install only steps 1 - 6 of the perfect server tutorial and not the other steps as they differ for a clustered setup!
In my example I use the following hostnames and IP addresses for the two servers:
Master Server
Hostname: server1.example.tld
IP address: 192.168.0.105
Slave server
Hostname: server2.example.tld
IP address: 192.168.0.106
Whereever these hostnames or IP addresses occur in the next installation steps you will have to
change them to match the IPs and hostnames of your servers.
40
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
3.3.1.2 Installing The Two Servers
The following steps have to be executed on the master and on the slave server. If a specific step
is only for the master or slave, then I've added a note in the description in red.
vi /etc/hosts
127.0.0.1
localhost
192.168.0.105 server1.example.tld
192.168.0.106 server2.example.tld
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Set the hostname of the server:
echo server1.example.tld > /etc/hostname
/etc/init.d/hostname.sh start
User server1.example.tld on the first server and server2.example.tld on the second server.
Edit the sources.list
file...
vi /etc/apt/sources.list
... and ensure that it contains the following two lines. The first one is for the debian volatile
repository to get updated pacakges for the ClamAV antivirus software and SpamAssassin and
the second one is for the backports repository which contains current GlusterFS packages.
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
deb http://www.backports.org/debian/ lenny-backports main contrib non-free
Run...
41
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
apt-get install debian-backports-keyring
apt-get update
... to install the backports repository key and update the apt package database; then run ...
apt-get upgrade
... to install the latest updates (if there are any).
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over
the Internet. Simply run...
apt-get -y install ntp ntpdate
... and your system time will always be in sync.
Install postfix, dovecot and mysql with one single command:
apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl
getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d sudo
Enter the new password for mysql when requested by the installer and answer the next
questions as decsribed below:
Create directories for web-based administration ?
General type of configuration?
<-- Internet site
Mail name?
<-- server1.mydomain.tld
SSL certificate required
<-- Ok
<-- No
We want MySQL to listen on all interfaces, not just localhost, therefore we edit
/etc/mysql/my.cnf
and comment out the line bind-address = 127.0.0.1
:
vi /etc/mysql/my.cnf
[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address
= 127.0.0.1
[...]
42
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Then restart MySQL:
/etc/init.d/mysql restart
To install amavisd-new, SpamAssassin, and ClamAV, we run:
apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop
cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon
libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
Then install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt as follows:
apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils
libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap
phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth
php5-mcrypt
mcrypt
php5-imagick
imagemagick
libapache2-mod-suphp
libopenssl-ruby
libapache2-mod-ruby sudo
You will see the following question:
Web server to reconfigure automatically:
<-- apache2
Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and
include:
a2enmod suexec rewrite ssl actions include ruby dav_fs dav auth_digest
PureFTPd and quota can be installed with the following command:
apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool
Edit /etc/fstab
. Mine looks like this (I added ,usrquota,grpquota
mount point / ):
to the partition with the
vi /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options>
proc
/dev/sda1
0
<dump> <pass>
/proc
proc
defaults
0
/
ext3
errors=remount-ro,usrquota,grpquota 0
1
43
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
/dev/sda5
none
swap
sw
/media/cdrom0 udf,iso9660 user,noauto
/dev/fd0
/media/floppy0 auto
0
0
0 /dev/hda
0
rw,user,noauto 0
0
To enable quota, run these commands:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
Install BIND DNS Server:
apt-get -y install bind9 dnsutils
Install vlogger and webalizer and awstats:
apt-get -y install vlogger webalizer awstats
Install Jailkit: Jailkit is needed only if you want to chroot SSH users and cron jobs. It can be
installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed
afterwards!):
apt-get -y install build-essential autoconf automake1.9 libtool flex bison
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.12.tar.gz
tar xvfz jailkit-2.12.tar.gz
cd jailkit-2.12
./configure
make
make install
44
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
cd ..
rm -rf jailkit-2.12*
Install fail2ban: This is optional but recommended, because the ISPConfig monitor tries to
show the log:
apt-get install fail2ban
Install GlusterFS and Fuse:
apt-get -y --force-yes -t lenny-backports install fuse-utils
apt-get -y --force-yes install glusterfs-server glusterfs-client
Remove the GlusterFS example configuration files:
rm -f /etc/glusterfs/*.vol
Create the data directories for the GlusterFS volumes:
mkdir /data/
mkdir /data/export-mysql
mkdir /data/export-mysql-ns
mkdir /data/export-vmail
mkdir /data/export-vmail-ns
mkdir /data/export-www
mkdir /data/export-www-ns
Create the GlusterFS server configuration file:
vi /etc/glusterfs/glusterfsd.vol
# Configuration for the mysql server volume
45
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
volume posix-mysql
type storage/posix
option directory /data/export-mysql
option background-unlink yes
end-volume
volume locks-mysql
type features/locks
option mandatory-locks on
subvolumes posix-mysql
end-volume
volume brick-mysql
type performance/io-threads
option thread-count 8
subvolumes locks-mysql
end-volume
# Configuration for the vmail server volume
volume posix-vmail
type storage/posix
option directory /data/export-vmail
end-volume
volume locks-vmail
type features/locks
subvolumes posix-vmail
end-volume
volume brick-vmail
type performance/io-threads
option thread-count 8
subvolumes locks-vmail
end-volume
# Configuration for the www server volume
volume posix-www
type storage/posix
option directory /data/export-www
end-volume
volume locks-www
type features/locks
subvolumes posix-www
end-volume
volume brick-www
46
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
type performance/io-threads
option thread-count 8
subvolumes locks-www
end-volume
# export all volumes
volume server
type protocol/server
option transport-type tcp
subvolumes brick-mysql brick-vmail brick-www
# authentication options for the mysql volume
option auth.addr.brick-mysql.allow 192.168.0.105,192.168.0.106
option auth.login.brick-mysql.allow user-mysql
option auth.login.user-mysql.password 7wQav7ExkFg6eW
# Authentification options for the vmail volume
option auth.addr.brick-vmail.allow 192.168.0.105,192.168.0.106
option auth.login.brick-vmail.allow user-vmail
option auth.login.user-vmail.password 7wQav7ExkFg6eW
# authentification options for www
option auth.addr.brick-www.allow 192.168.0.105,192.168.0.106
option auth.login.brick-www.allow user-www
option auth.login.user-www.password 7wQav7ExkFg6eW
end-volume
Replace the IP addresses with the IPs from your servers and replace the password
7wQav7ExkFg6eW with a password of your choice.
Start the GlusterFS server:
/etc/init.d/glusterfs-server start
Now we create the three client volume files that we need to mount the GlusterFS filesystems.
vi /etc/glusterfs/glusterfs-mysql.vol
volume remote1-mysql
type protocol/client
option transport-type tcp
option remote-host 192.168.0.105
option remote-subvolume brick-mysql
47
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
option username user-mysql
option password 7wQav7ExkFg6eW
end-volume
volume remote2-mysql
type protocol/client
option transport-type tcp
option remote-host 192.168.0.106
option remote-subvolume brick-mysql
option username user-mysql
option password 7wQav7ExkFg6eW
end-volume
volume replicate-mysql
type cluster/replicate
subvolumes remote1-mysql remote2-mysql
end-volume
volume cache-mysql
type performance/io-cache
option cache-size 25MB
subvolumes replicate-mysql
end-volume
vi /etc/glusterfs/glusterfs-vmail.vol
volume remote1-vmail
type protocol/client
option transport-type tcp
option remote-host 192.168.0.105
option remote-subvolume brick-vmail
option username user-vmail
option password 7wQav7ExkFg6eW
end-volume
volume remote2-vmail
type protocol/client
option transport-type tcp
option remote-host 192.168.0.106
option remote-subvolume brick-vmail
option username user-vmail
option password 7wQav7ExkFg6eW
end-volume
volume replicate-vmail
48
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
type cluster/replicate
subvolumes remote1-vmail remote2-vmail
end-volume
volume writebehind-vmail
type performance/write-behind
option window-size 1MB
subvolumes replicate-vmail
end-volume
volume cache-vmail
type performance/io-cache
option cache-size 256MB
subvolumes writebehind-vmail
end-volume
vi /etc/glusterfs/glusterfs-www.vol
volume remote1-www
type protocol/client
option transport-type tcp
option remote-host 192.168.0.105
option remote-subvolume brick-www
option username user-www
option password 7wQav7ExkFg6eW
end-volume
volume remote2-www
type protocol/client
option transport-type tcp
option remote-host 192.168.0.106
option remote-subvolume brick-www
option username user-www
option password 7wQav7ExkFg6eW
end-volume
volume replicate-www
type cluster/replicate
subvolumes remote1-www remote2-www
end-volume
volume writebehind-www
type performance/write-behind
option window-size 1MB
subvolumes replicate-www
49
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
end-volume
volume cache-www
type performance/io-cache
option cache-size 256MB
subvolumes writebehind-www
end-volume
Before we mount our volumes to the directories, we will have to stop some services and back up
current data:
/etc/init.d/mysql stop
/etc/init.d/apache2 stop
/etc/init.d/postfix stop
/etc/init.d/dovecot stop
mv /var/lib/mysql /var/lib/mysql_bak
mv /var/www /var/www_bak
mkdir /var/lib/mysql
mkdir /var/www
mkdir /var/vmail
vi /etc/fstab
Add the lines:
/etc/glusterfs/glusterfs-mysql.vol /var/lib/mysql glusterfs defaults 0 0
/etc/glusterfs/glusterfs-vmail.vol /var/vmail glusterfs defaults 0 0
/etc/glusterfs/glusterfs-www.vol /var/www glusterfs defaults 0 0
Now mount the drives by running:
mount -a
50
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Chown the mysql directory to user and group mysql :
chown mysql:mysql /var/lib/mysql
Copy the mysql and www data back.
cp -prf /var/lib/mysql_bak/* /var/lib/mysql/
cp -prf /var/www_bak/* /var/www/
Copy back the data (only on the master server! Skip this step on the slave!).
Switch off innodb as it causes locking problems when MySQL starts.
vi /etc/mysql/my.cnf
Change the line:
#skip-innodb
to:
skip-innodb
and add the line
innodb_file_per_table
in the [mysqld] section of the my.cnf file.
When you set up the slave server, copy the file /etc/mysql/debian.cnf
file from the master server to
the slave server before you start MySQL again!
Now start the services again:
/etc/init.d/mysql start
/etc/init.d/apache2 start
/etc/init.d/postfix start
51
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
/etc/init.d/dovecot start
Change the GlusterFS boot order to ensure that the GlusterFS server gets always started
before MySQL.
mv /etc/rc2.d/S20glusterfs-server /etc/rc2.d/S19glusterfs-server
mv /etc/rc3.d/S20glusterfs-server /etc/rc3.d/S16glusterfs-server
mv /etc/rc4.d/S20glusterfs-server /etc/rc4.d/S16glusterfs-server
mv /etc/rc5.d/S20glusterfs-server /etc/rc5.d/S16glusterfs-server
3.3.1.3 Installing ISPConfig On The First (Master) Server
In this step we will install ISPConfig on the master server. To get the download URL of the
latest ISPConfig 3 stable release, please visit the ISPConfig website:
http://www.ispconfig.org/ispconfig-3/download/
Now we have to add two new MySQL root user records in the master database to allow root
access from the slave server hostname and IP address. The easiest way to do this is to use
the webbased phpmyadmin administration tool that we installed already. Open the URL
http://192.168.0.105/phpmyadmin
in a webbrowser, log in as MySQL root user and execute
these MySQL queries:
CREATE USER 'root'@'192.168.0.106' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'192.168.0.106' IDENTIFIED BY 'myrootpassword' WITH
GRANT OPTION MAX_QUERIES_PER_HOUR
0 MAX_CONNECTIONS_PER_HOUR
0 MAX_UPDATES_PER_HOUR
0
MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'server2.example.tld' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'server2.example.tld' IDENTIFIED BY 'myrootpassword'
WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0
MAX_USER_CONNECTIONS 0 ;
In the above sql commands, replace 192.168.0.106
with the IP address of the second server,
replace server2.example.tld
with the hostname of the second server and myrootpassword
with the desired root password.
52
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Click on the reload permissions button or restart MySQL. Then close phpmyadmin.
Go back to the shell of server1.example.tld
release:
and download the latest ISPConfig 3 stable
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
Start the install script:
php -q install.php
Select language (en,de) [en]:
<-- en
Installation mode (standard,expert) [standard]:
<-- standard
Full qualified hostname (FQDN) of the server, eg server1.domain.tld
[server1.example.tld]:
<-- server1.example.tld
MySQL server hostname [localhost]:
<-- localhost
MySQL root username [root]:
<-- root
MySQL root password []:
<-- Enter your mysql root password here
<-- dbispconfig1 (the local ISPConfig database name
of the master and slave must be different, as both servers share the same data directory)
MySQL database to create [dbispconfig]:
MySQL charset [utf8]:
<-- utf8
Country Name (2 letter code) [AU]:
<-- DE
State or Province Name (full name) [Some-State]:
(Enter the ISO country code where you live here)
<-- Niedersachsen (Enter the state where
you live here)
Locality Name (eg, city) []:
<-- Lueneburg (Enter the city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
<- ENTER
Common Name (eg, YOUR name) []:
<- ENTER
Email Address []:
<- ENTER
ISPConfig Port [8080]:
here)
<- ENTER
<-- 8080
Clean up the install directories:
rm -rf /tmp/ispconfig3_install/install
rm -f /tmp/ISPConfig-3-stable.tar.gz
53
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
3.3.1.4 Installing ISPConfig 3 On The Second Server
In this step we will install ISPConfig on the slave server (server2.example.tld
). This time we
use the expert mode of the ISPConfig installer to add this node to the master ISPConfig server
and database. To get the download URL of the latest ISPConfig 3 stable release, please visit
the ISPConfig website: http://www.ispconfig.org/ispconfig-3/download/
Download the latest ISPConfig 3 stable release:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
Start the install script:
php -q install.php
Select language (en,de) [en]:
<-- en
Installation mode (standard,expert) [standard]:
<-- expert
Full qualified hostname (FQDN) of the server, eg server2.domain.tld
[server2.example.tld]:
<-- server2.example.tld
MySQL server hostname [localhost]:
<-- localhost
MySQL root username [root]:
<-- root
MySQL root password []:
<-- Enter your mysql root password here
<-- dbispconfig2 (the local ISPConfig database name
of the master and slave must be different, as both servers share the same data directory)
MySQL database to create [dbispconfig]:
MySQL charset [utf8]:
<-- utf8
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]:
MySQL master server hostname []:
<-- server1.example.tld
MySQL master server root username [root]:
<-- root
MySQL master server root password []:
<-- Enter the root password of the master
server here
MySQL master server database name [dbispconfig]:
<-- dbispconfig1
Configure Mail (y,n) [y]:
<-- y
Country Name (2 letter code) [AU]:
<-- DE
State or Province Name (full name) [Some-State]:
<-- y
(Enter the ISO country code where you live here)
<-- Niedersachsen (Enter the state where
you live here)
Locality Name (eg, city) []:
<-- Lueneburg
(Enter the city here)
54
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
<- ENTER
Common Name (eg, YOUR name) []:
<- ENTER
Email Address []:
<- ENTER
Configure Jailkit (y,n) [y]:
<-- y
Configure FTP Server (y,n) [y]:
<-- y
Configure DNS Server (y,n) [y]:
<-- y
Configure Apache Server (y,n) [y]:
<-- y
Configure Firewall Server (y,n) [y]:
<--y
Install ISPConfig Web-Interface (y,n) [y]:
<- ENTER
<--n
Run:
rm -f /var/www/ispconfig
to remove the ISPConfig interface link in the /var/www directory.
Clean up the install directories:
rm -rf /tmp/ispconfig3_install/install
rm -f /tmp/ISPConfig-3-stable.tar.gz
3.3.1.5 Configure Replication In ISPConfig
Log in to ISPConfig on the master server with a web browser:
http://192.168.0.105:8080
Click on System > Server services > server2.example.tld
:
55
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Selecte server1.example.tld
in the Is mirror of Server
field and click on Save .
3.3.1.6 Additional Notes
When you want to activate a firewall on the master or slave server, ensure that you open port 6996
for GlusterFS on both servers.
3.4 Updating
Whenever there is a new ISPConfig 3 release, you can either update ISPConfig from within
ISPConfig itself (see chapter 4.9.7.2) or from the command line which is stronlgy
recommended right now. The procedure described in chapter 4.9.7.2 is considered
experimental and should not be used on production systems.
Please note that with the command line update, you can update only the server on which you run
the update, not the whole cluster (in case you run a multiserver/mirror setup). This is
different from the procedure described in chapter 4.9.7.2 where you can update the whole
cluster at once.
If you use the command line update to update multiple servers, it is strongly recommended to run
the update on the slaves first and afterwards on the master!
56
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
3.4.1 Creating A Backup
Also, as a measure of precaution, you should make a backup of your ISPConfig installation
before you do the update. The following items should be backed up:
• /usr/local/ispconfig
directory
• /etc directory (contains configuration files of all services managed through ISPConfig)
• the ISPConfig MySQL database
You can back up these items as follows:
cd /usr/local
tar -pczf ispconfig.tar.gz ispconfig/
This creates the backup ispconfig.tar.gz
restore the backup, do the following:
in the /usr/local
directory. In case you need to
cd /usr/local
rm -fr ispconfig/
tar xvfz ispconfig.tar.gz
To create a backup of the /etc directory, do the following:
cd /
tar -pczf etc.tar.gz etc/
This creates the backup etc.tar.gz
do the following:
in the / directory. In case you need to restore the backup,
cd /
rm -fr etc/
tar xvfz etc.tar.gz
To create a backup of your ISPConfig database in the /usr/local
directory, do the following
57
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
(assuming that your ISPConfig database is called dbispconfig
):
cd /usr/local
mysqldump -h localhost -u root -p[database password] -c --add-drop-table --add-locks --all
--quick --lock-tables dbispconfig > dbispconfig.sql
Please note: there's no space between -p and the password! To
restore the database from the SQL dump, run:
cd /usr/local
mysql -h localhost -u root -p[database password] dbispconfig < dbispconfig.sql
Please note: there's no space between -p and the password!
3.4.2 Command Line Update
To update ISPConfig from the command line, just run the command
ispconfig_update.sh
as root.
You can update to the last stable version or to the last version from svn. For production
systems select stable . The update from svn is only for development systems and may break
your current setup (if you want to use the svn update, please make sure that Subversion is
installed on the system - on Debian/Ubuntu, you can install it as follows:
aptitude install subversion
).
It is also strongly recommended to let the update script reconfigure all services controlled by
ISPConfig and also the crontab to make sure your system can make use of new ISPConfig
features that come with the update.
Here is a sample output from the ispconfig_update.sh
script (by pressing ENTER you accept
the default value which is displayed in square brackets [] ):
58
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
server1:~# ispconfig_update.sh
_____ ___________
_____
__ _
|_ _/ ___| ___ / __
/ _(_)
| | `--.| |_/ / | / / ___ _ __ | |_ _ __ _
| | `--. __/ | | / _ | '_ | _| |/ _` |
_| |_/__/ / |
| __/ (_) | | | | | | | (_| |
___/____/_|
____/___/|_| |_|_| |_|__, |
__/ |
|___/
>> Update
Please choose the update method. For production systems select 'stable'.
The update from svn is only for development systems and may break your current setup
Select update method (stable,svn) [stable]:
<-- ENTER
[...]
# The update script downloads the new ISPConfig release here.
[...]
_____ ___________
_____
__ _
|_ _/ ___| ___ / __
/ _(_)
| | `--.| |_/ / | / / ___ _ __ | |_ _ __ _
| | `--. __/ | | / _ | '_ | _| |/ _` |
_| |_/__/ / |
| __/ (_) | | | | | | | (_| |
___/____/_|
____/___/|_| |_|_| |_|__, |
__/ |
|___/
>> Update
Operating System: Debian Lenny or compatible
This application will update ISPConfig 3 on your server.
MySQL root password []:
<-- yourrootsqlpassword
Reconfigure Services? (yes,no) [yes]:
<-- ENTER
59
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Configuring
Configuring
Configuring
Configuring
Configuring
Postfix
Jailkit
SASL
PAM
Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring vlogger
Configuring Apps vhost
Configuring Database
Configuring Firewall
Updating ISPConfig
ISPConfig Port [8080]:
<-- ENTER
Reconfigure Crontab? (yes,no) [yes]:
<-- ENTER
Updating Crontab
Restarting services ...
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Stopping SASL Authentication Daemon: saslauthd.
Starting SASL Authentication Daemon: saslauthd.
Stopping amavisd: (not running).
Starting amavisd: amavisd-new.
Stopping ClamAV daemon: clamd.
Starting ClamAV daemon: clamd .
Stopping Courier authentication services: authdaemond.
Starting Courier authentication services: authdaemond.
Stopping Courier IMAP server: imapd.
Starting Courier IMAP server: imapd.
Stopping Courier IMAP-SSL server: imapd-ssl.
Starting Courier IMAP-SSL server: imapd-ssl.
Stopping Courier POP3 server: pop3d.
Starting Courier POP3 server: pop3d.
Stopping Courier POP3-SSL server: pop3d-ssl.
Starting Courier POP3-SSL server: pop3d-ssl.
Restarting web server: apache2 ... waiting .
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/et
c/pure-ftpd/db/mysql.conf -l pam -O clf:/var/log/pure-ftpd/transfer.log -E -H -b -A
-u 1000 -B
60
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Update finished.
server1:~#
4 Reference
In the reference I explain all modules, functions, and forms in the ISPConfig control panel, i.e., I
describe all input fields and give examples of what to fill in.
4.1 Tabs
ISPConfig 3 has the following tabs, depending on the modules that are enabled for the account that
you used to log in:
• Login (only visible before login)
• Home
• Sites
• Email
• Monitor
• System
• DNS
• Help
• Domains (usually not enabled by default)
• Client
• Tools
The order might differ for you. In the following the tabs and their submenus will be described in
functional order, i.e., in the order that allows you to create client accounts, email accounts, web
sites, etc.
4.2 Login
The ISPConfig 3 web interface can be accessed on port 8080 . Go to
http://server1.example.com:8080
and log in with the default username and password:
61
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Username: admin
• Password: admin
This is how the ISPConfig 3 control panel looks after your first login:
62
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
After your first login, you should immediately change the password - to do this, go to Tools >
User Settings > Password and Language
4.3 Home
Under the Home tab, you can find the ISPConfig 3 dashboard with links to all available modules, an
overview of your account limits, and the latest news about ISPConfig (new ISPConfig
releases, new tutorials, etc.). If a new ISPConfig 3 version is available, this will also be shown on the
dashboard so that you can upgrade your ISPConfig installation if you like.
63
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.4 Tools
4.4.1 User Settings
4.4.1.1 Password and Language
Here you can change the password and the language of the currently logged in ISPConfig
user. If you log in for the first time, it is strongly recommended to immediately change the
default password.
• Password : Type in the new password.
• Password strength
: This field shows how strong the new password is (a strong password
should include numbers, symbols, upper and lowercase letters; password length should be 8
characters or more; avoid any password based on repetition, dictionary words, letter or
number sequences, usernames, relative or pet names, or biographical information).
• Password : Type in the new password again to make sure you made no typo.
• Language : Select the desired interface language of the ISPConfig control panel. If you change the
language, you must log out and log back in for the changes to take effect.
64
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.5 Client
4.5.1 Clients
A client is a company or individual that buys web hosting services from either you (i.e., the
company or individual that runs the ISPConfig server) or from a reseller (see chapter 4.5.2).
You should create at least one client before you go on and create web sites, email accounts,
etc. because all these hosting services must have a client that they can be assigned to.
4.5.1.1 Add Client
You can create clients using this form. Clients can log into ISPConfig and manage their own web
hosting services, like web sites, email accounts, etc. a client can belong either to a
reseller or directly to the company/individual that runs the ISPConfig server.
The Add Client
form is split up into two tabs, Address and Limits
:
65
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Address
This is where you type in the name, address, and login details of the client. The form has the
following fields:
• Company name (optional): Fill in the name of the company.
• Contact name : Fill in the name of the person that is responsible for this ISPConfig account.
• Username : Fill in the desired ISPConfig username for the client. This is the username that is used
to log into ISPConfig.
• Password : Type in a password for the user.
• Password strength
: This field shows how strong the new password is (a strong password
should include numbers, symbols, upper and lowercase letters; password length should be 8
characters or more; avoid any password based on repetition, dictionary words, letter or
number sequences, usernames, relative or pet names, or biographical information).
• Language : Select the desired interface language of the ISPConfig control panel.
• Theme: Here you can select the theme of the ISPConfig control panel.
• Street
(optional): Specify the street of the client.
• ZIP (optional): Fill in the client's postcode.
• City (optional): Fill in the client's city.
• State (optional): Specify the client's state, e.g. California, Bavaria, etc.
• Country : Select the client's country from the drop-down menu.
• Telephone (optional): Specify the client's landline number.
• Mobile (optional): Specify the client's mobile number.
• Fax (optional): Specify the client's fax number.
• Email (optional): Fill in the client's email address.
• Internet
https://
(optional): Fill in the URL of the client's web site (beginning with http://
).
or
• ICQ (optional): Specify the client's ICQ number.
• Notes (optional): Here you can add notes and comments.
66
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Limits
This is where the resources are defined that the client can use. If you select a master or addon
template, click on Save , and the values in the rest of the form will be adjusted according to the
templates. To select or de-select an addon template, it is not enough to click on Save - you must click on the Add
additional template or Delete additional template button before. If you select the Custom template in the
Master template field, you have to enter your limits manually.
There are two kinds of templates, main templates and additional templates. In a main template
you can define a basic set of limits. An additional template differs from a main template in that
the values of the addtitional template are added to the value of the main template. For
example, if you define in a main template with a max. number of two web domains and an
additional template with a max. number of five web domains, and you select that main template and
additional template for the client/reseller, the client/reseller can have the sum of both, i.e.,
seven web domains.
• Master template
: If you have defined a template for client limits that you want to apply to this
client (so that you don't have to define all the client limits manually in the following fields), you
can select that template here. Select Custom if you want to define the client limits manually.
• Addon template
: If you have defined an additional template that you want to add to the main
67
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
template, select that template here. To select or de-select an addon template, it is not enough to click on Save
- you must click on the Add additional template or Delete additional template button before.
• Default Mailserver
: Select the default mailserver for the client. The default mailserver will be
pre-selected for this client when email items (email accounts, etc.) are created for the client, but
this selection can be changed in the appropriate form.
• Max. number of email domains
: Specify the max. amount of email domains that this client
can create. -1 means unlimited.
• Max. number of mailboxes
-1 means unlimited.
: Specify the max. amount of mailboxes that this client can create.
• Max. number of email aliases
create. -1 means unlimited.
: Specify the max. amount of email aliases that this client can
• Max. number of domain aliases
can create. -1 means unlimited.
: Specify the max. amount of domain aliases that this client
• Max. number of email forwarders
: Specify the max. amount of email forwarders that this
client can create. -1 means unlimited.
• Max. number of email catchall accounts
: Specify the max. amount of email catchall
accounts that this client can create. -1 means unlimited.
• Max. number of email routes
create. -1 means unlimited.
: Specify the max. amount of email routes that this client can
• Max. number of email filters
create. -1 means unlimited.
: Specify the max. amount of email filters that this client can
• Max. number of fetchmail accounts
: Specify the max. amount of fetchmail accounts that
this client can create. -1 means unlimited.
• Mailbox quota : Specify the max. hard drive space (in MB) that this client's email accounts
can use. -1 means unlimited.
• Max. number of spamfilter white / blacklist filters
: Specify the max. amount of
whitelist and blacklist filters for the spamfilter that this client can create. -1 means unlimited.
• Max. number of spamfilter users
: Specify the max. amount of spamfilter users that this
client can create. -1 means unlimited.
• Max. number of spamfilter policies
: Specify the max. amount of spamfilter policies that
this client can create. -1 means unlimited.
• Default Webserver
: Select the default webserver for the client. The default webserver will be
pre-selected for this client when web items (web sites, etc.) are created for the client, but this
selection can be changed in the appropriate form.
• Max. number of web domains
create. -1 means unlimited.
: Specify the max. amount of web domains that this client can
• Web Quota : Specify the max. hard drive space (in MB) that this client's web sites can use. -1
68
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
means unlimited.
• PHP Options : Specify which PHP modes should be available for the client when he
creates/modifies a web site. The following four modes are available: Fast-CGI, CGI,
Mod-PHP, SuPHP.
• Fast-CGI:
Advantages:
• Scripts will be executed with user privileges of the web site;
• More than one PHP version can be run as FastCGI;
• Might be better in speed compared to CGI and suPHP.
Disadvantages:
• php.ini values cannot be changed via PHP scripts, vhost files, .htaccess files. But it
is possible to use the Custom php.ini settings
field on the Options tab of a web
site in ISPConfig to specify custom php.ini settings (see chapter 4.6.1.1).
• CGI:
Advantages:
• Scripts will be executed with user privileges of the web site;
• More than one PHP version can be run as CGI.
Disadvantages:
• CGI might use a little more memory (RAM) - therefore, it's not recommended to run
PHP as CGI on slow virtual servers;
• php.ini values cannot be changed via PHP scripts, vhost files, .htaccess files. But it
is possible to use the Custom php.ini settings
field on the Options tab of a web
site in ISPConfig to specify custom php.ini settings (see chapter 4.6.1.1).
• Mod-PHP:
Advantages:
• Speed;
• Needs less memory (RAM) than CGI;
• php.ini values can be changed via PHP scripts, vhost files, .htaccess files.
Disadvantages:
• Scripts are being executed with Apache privileges, which might lead to some
69
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
security related problems;
• Only one version of PHP can be installed as Apache module;
• You cannot use the Custom php.ini settings
field on the Options tab of a web
site in ISPConfig to specify custom php.ini settings (see chapter 4.6.1.1).
• SuPHP:
Advantages:
• Scripts will be executed with user privileges of the web site;
• Each vhost can have its own php.ini file;
• Needs less memory (RAM) than CGI;
• More than one PHP version can be run as suPHP.
Disadvantages:
• php.ini values cannot be changed via PHP scripts, vhost files, .htaccess files. But it
is possible to use the Custom php.ini settings
field on the Options tab of a web
site in ISPConfig to specify custom php.ini settings (see chapter 4.6.1.1);
• SuPHP might be a little slower than mod_php.
• Recommendations:
• High-Traffic Web Sites: Fast-CGI + suExec
• Low-Traffic Web Sites: CGI + suExec or SuPHP
• Max. number of web aliasdomains
: Specify the max. amount of web aliasdomains that this
client can create. -1 means unlimited.
• Max. number of web subdomains
can create. -1 means unlimited.
• Max. number of FTP users
-1 means unlimited.
• Max. number of Shell users
create. -1 means unlimited.
: Specify the max. amount of web subdomains that this client
: Specify the max. amount of FTP users that this client can create.
: Specify the max. amount of shell users that this client can
• SSH-Chroot Options
: Specify which SSH modes should be available for the client when he
creates/modifies a shell account. The None mode means that the shell user can browse the
whole file system and is limited only by file/directory permissions - this can be a security risk.
70
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
The Jailkit
mode means that the shell user will be limited to his home directory (chrooted)
and can only browse directories inside his home directory.
• Max. number of Webdav users
: Specify the max. amount of WebDAV users that this client
can create. -1 means unlimited.
• Default DNS Server
: Select the default DNS server for the client. The default DNS server will
be pre-selected for this client when DNS items (zones, etc.) are created for the client, but this
selection can be changed in the appropriate form (if you are logged in as admin).
• Max. number of DNS zones
: Specify the max. amount of DNS zones that this client can
create. -1 means unlimited.
• Max. number of secondary DNS zones
: Specify the max. amount of secondary DNS zones
that this client can create. -1 means unlimited.
• Max. number DNS records
: Specify the max. amount of DNS records that this client can
create. -1 means unlimited.
• Default Database Server
: Select the default database server for the client. The default
database server will be pre-selected for this client when a database is created for the client,
but this selection can be changed in the appropriate form (if you are logged in as admin).
• Max. number of Databases
-1 means unlimited.
: Specify the max. amount of databases that this client can create.
• Max. number of cron jobs
-1 means unlimited.
: Specify the max. amount of cron jobs that this client can create.
• Max. type of cron jobs (chrooted and full implies url)
: Specify which kind of cron jobs
should be available for the client when he creates/modifies a cron job.
• Full Cron : Full Cron means that you can use any command for the cron job, and it will
not run in a chroot environment.
• Chrooted Cron : If Chrooted Cron is selected in the limits of the client that owns the cron
job, the cron jobs are chrooted (using Jailkit).
• URL Cron : This means that the client can only create wget cron jobs, i.e., he specifies a URL
in the cron job command line, and that URL will be accesses via wget.
• Min. delay between executions
: This specifies the minimal delay (in minutes) how often a
cron job can be executed. If you specify 5 here, for example, a cron job cannot be run every
minute, but only every five minutes.
• Traffic Quota
unlimited.
: Specify the max. monthly traffic (in MB) that this client can use. -1 means
71
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.5.1.2 Edit Client
Under Edit Client
you can find a list of existing clients:
72
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
By clicking any of them, you will get to the Address and Limits tabs of that client (that you
already know from chapter 4.5.1.1) where you can modify the settings of that client.
Above the list you can find filters that allow you to search for specific parameters in all clients. The
following filters are available:
• ID
• Company name
• Contact name
• City
• Country
Click the
button to start a search.
From the client list, it is also possible to directly log in as a client - just click the
button next to the client.
73
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
To delete a client, click the
button. A confirmation message will pop up, asking you if you really want to delete the record.
4.5.1.3 Edit Client-Templates
You can edit and create client templates here. A template is a pre-defined set of limits that can be
assigned to a client. Let's assume you sell five different hosting plans to your clients instead of defining limits manually whenever you create a new client, you could create five
templates (one for each hosting plan) and use such a template when you create a new client. That
way, creating clients is less error-prone and time-consuming.
There are two kinds of templates, main templates and additional templates. In a main template
you can define a basic set of limits. An additional template differs from a main template in that
the values of the addtitional template are added to the value of the main template. For
example, if you define in a main template with a max. number of two web domains and an
additional template with a max. number of five web domains, and you select that main template and
additional template for the client/reseller, the client/reseller can have the sum of both, i.e.,
seven web domains.
Creating A Template
Click the Add new record button in the Tools section. You will get to the Client-Templates form
that consists out of two tabs, Template and Limits
Template
Here you can enter a name for the template and select if it's a Main Template
Template .
or an Additional
74
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Limits
You can define the following limits for your template:
• Max. number of email domains
unlimited.
• Max. number of mailboxes
• Max. number of email aliases
unlimited.
: Specify the max. amount of email domains. -1 means
: Specify the max. amount of mailboxes. -1 means unlimited.
: Specify the max. amount of email aliases. -1 means
• Max. number of domain aliases
unlimited.
: Specify the max. amount of domain aliases. -1 means
• Max. number of email forwarders
unlimited.
: Specify the max. amount of email forwarders. -1 means
• Max. number of email catchall accounts
accounts. -1 means unlimited.
• Max. number of email routes
• Max. number of email filters
: Specify the max. amount of email catchall
: Specify the max. amount of email routes. -1 means unlimited.
: Specify the max. amount of email filters. -1 means unlimited.
75
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Max. number of fetchmail accounts
means unlimited.
• Mailbox quota
: Specify the max. amount of fetchmail accounts. -1
: Specify the max. hard drive space (in MB). -1 means unlimited.
• Max. number of spamfilter white / blacklist filters
: Specify the max. amount of
whitelist and blacklist filters for the spamfilter. -1 means unlimited.
• Max. number of spamfilter users
unlimited.
: Specify the max. amount of spamfilter users. -1 means
• Max. number of spamfilter policies
means unlimited.
• Max. number of web domains
create. -1 means unlimited.
: Specify the max. amount of spamfilter policies. -1
: Specify the max. amount of web domains that this client can
• Web Quota : Specify the max. hard drive space (in MB). -1 means unlimited.
• Max. number of web aliasdomains
unlimited.
: Specify the max. amount of web aliasdomains. -1 means
• Max. number of web subdomains
unlimited.
• Max. number of FTP users
: Specify the max. amount of FTP users. -1 means unlimited.
• Max. number of Shell users
: Specify the max. amount of shell users. -1 means unlimited.
• Max. number of Webdav users
unlimited.
• Max. number of DNS zones
: Specify the max. amount of web subdomains. -1 means
: Specify the max. amount of WebDAV users. -1 means
: Specify the max. amount of DNS zones. -1 means unlimited.
• Max. number of secondary DNS zones
-1 means unlimited.
: Specify the max. amount of secondary DNS zones.
• Max. number DNS records
: Specify the max. amount of DNS records. -1 means unlimited.
• Max. number of Databases
: Specify the max. amount of databases. -1 means unlimited.
• Max. number of cron jobs
: Specify the max. amount of cron jobs. -1 means unlimited.
• Max. type of cron jobs (chrooted and full implies url)
: Specify which kind of cron jobs
should be available for the client when he creates/modifies a cron job.
• Full Cron : Full Cron means that you can use any command for the cron job, and it will
not run in a chroot environment.
• Chrooted Cron : If Chrooted Cron is selected in the limits of the client that owns the cron
job, the cron jobs are chrooted (using Jailkit).
• URL Cron : This means that the client can only create wget cron jobs, i.e., he specifies a URL
in the cron job command line, and that URL will be accessed via wget.
76
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Min. delay between executions
: This specifies the minimal delay (in minutes) how often a
cron job can be executed. If you specify 5 here, for example, a cron job cannot be run every
minute, but only every five minutes.
• Traffic Quota
: Specify the max. monthly traffic (in MB). -1 means unlimited.
Editing A Template
In the Client Templates
section you can find a list of existing templates:
77
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
By clicking any of them, you will get to the Template and Limits tabs of that template (that you
already know from the "Creating A Template" chapter) where you can modify the settings of
that template.
Above the list you can find filters that allow you to search for specific parameters in all
templates. The following filters are available:
• Type
• Template name
Click the
button to start a search.
To delete a template, click the
button. A confirmation message will pop up, asking you if you really want to delete the record.
78
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.5.2 Resellers
ISPConfig allows you to create resellers. A reseller is a company or individualthat purchases bulk
hosting from a supplier (i.e., from the company or the individual that runs the ISPConfig server)
with the intention of reselling it to a number of consumers (clients) at a profit.
4.5.2.1 Add Reseller
Here you can add resellers (e.g. hosting companies) that can have clients and sell hosting
services to these clients. These resellers can log into ISPConfig 3 and manage clients, clients' web
sites, email accounts etc.
The Add Reseller
form is split up into two tabs, Address and Limits
:
Address
This is where you type in the name, address, and login details of the reseller:
• Company name (optional): Fill in the name of the company.
• Contact name : Fill in the name of the person that is responsible for this ISPConfig account.
• Username : Fill in the desired ISPConfig username for the reseller. This is the username that is used
to log into ISPConfig.
• Password : Type in a password for the user.
• Password strength
: This field shows how strong the new password is (a strong password
should include numbers, symbols, upper and lowercase letters; password length should be 8
characters or more; avoid any password based on repetition, dictionary words, letter or
number sequences, usernames, relative or pet names, or biographical information).
• Language : Select the desired interface language of the ISPConfig control panel.
• Theme: Here you can select the theme of the ISPConfig control panel.
• Street
(optional): Specify the street of the reseller.
• ZIP (optional): Fill in the reseller's postcode.
• City (optional): Fill in the reseller's city.
• State (optional): Specify the reseller's state, e.g. California, Bavaria, etc.
• Country : Select the reseller's country from the drop-down menu.
• Telephone (optional): Specify the reseller's landline number.
79
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Mobile (optional): Specify the reseller's mobile number.
• Fax (optional): Specify the reseller's fax number.
• Email (optional): Fill in the reseller's email address.
• Internet
https://
(optional): Fill in the URL of the reseller's web site (beginning with http://
).
or
• ICQ (optional): Specify the reseller's ICQ number.
• Notes (optional): Here you can add notes and comments.
Limits
This is where the resources are defined that the reseller can pass on to his clients. These limits
define the total amount of resources available to the reseller - the reseller must split these
resources up between his clients. If you select a master or addon template, click on Save , and
the values in the rest of the form will be adjusted according to the templates. To select or de-select
an addon template, it is not enough to click on Save - you must click on the Add additional template or Delete
80
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
If you select the Custom template in the Master template
have to enter your limits manually.
additional template button before.
field, you
There are two kinds of templates, main templates and additional templates. In a main template
you can define a basic set of limits. An additional template differs from a main template in that
the values of the addtitional template are added to the value of the main template. For
example, if you define in a main template with a max. number of two web domains and an
additional template with a max. number of five web domains, and you select that main template and
additional template for the client/reseller, the client/reseller can have the sum of both, i.e.,
seven web domains.
• Master template
: If you have defined a template for reseller limits that you want to apply to
this reseller (so that you don't have to define all the reseller limits manually in the following
fields), you can select that template here. Select Custom if you want to define the reseller limits
manually.
• Addon template : If you have defined an additional template that you want to add to the main
template, select that template here. To select or de-select an addon template, it is not enough to click on
Save - you must click on the Add additional template or Delete additional template button before.
• Default Mailserver
: Select the default mailserver for the reseller. The default mailserver will
be pre-selected for this reseller when email items (email accounts, etc.) are created for the
reseller, but this selection can be changed in the appropriate form.
• Max. number of email domains
: Specify the max. amount of email domains that this reseller
can create. -1 means unlimited.
• Max. number of mailboxes
: Specify the max. amount of mailboxes that this reseller can
create. -1 means unlimited.
• Max. number of email aliases
: Specify the max. amount of email aliases that this reseller
can create. -1 means unlimited.
• Max. number of domain aliases
: Specify the max. amount of domain aliases that this
reseller can create. -1 means unlimited.
• Max. number of email forwarders
: Specify the max. amount of email forwarders that this
reseller can create. -1 means unlimited.
• Max. number of email catchall accounts
: Specify the max. amount of email catchall
accounts that this reseller can create. -1 means unlimited.
• Max. number of email routes
create. -1 means unlimited.
: Specify the max. amount of email routes that this reseller can
• Max. number of email filters
create. -1 means unlimited.
: Specify the max. amount of email filters that this reseller can
• Max. number of fetchmail accounts
: Specify the max. amount of fetchmail accounts that
this reseller can create. -1 means unlimited.
• Mailbox quota
: Specify the max. hard drive space (in MB) that this reseller's email accounts
81
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
can use. -1 means unlimited.
• Max. number of spamfilter white / blacklist filters
: Specify the max. amount of
whitelist and blacklist filters for the spamfilter that this reseller can create. -1 means unlimited.
• Max. number of spamfilter users
: Specify the max. amount of spamfilter users that this
reseller can create. -1 means unlimited.
• Max. number of spamfilter policies
: Specify the max. amount of spamfilter policies that
this reseller can create. -1 means unlimited.
• Default Webserver
: Select the default webserver for the reseller. The default webserver will
be pre-selected for this reseller when web items (web sites, etc.) are created for the reseller, but
this selection can be changed in the appropriate form.
• Max. number of web domains
create. -1 means unlimited.
: Specify the max. amount of web domains that this reseller can
• Web Quota : Specify the max. hard drive space (in MB) that this reseller's web sites can use. -1
means unlimited.
• PHP Options : Specify which PHP modes should be available for the reseller when he
creates/modifies a web site. The following four modes are available: Fast-CGI, CGI,
Mod-PHP, SuPHP.
• Fast-CGI:
Advantages:
• Scripts will be executed with user privileges of the web site;
• More than one PHP version can be run as FastCGI;
• Might be better in speed compared to CGI and suPHP.
Disadvantages:
• php.ini values cannot be changed via PHP scripts, vhost files, .htaccess files. But it
is possible to use the Custom php.ini settings
field on the Options tab of a web
site in ISPConfig to specify custom php.ini settings (see chapter 4.6.1.1).
• CGI:
Advantages:
• Scripts will be executed with user privileges of the web site;
• More than one PHP version can be run as CGI.
Disadvantages:
• CGI might use a little more memory (RAM) - therefore, it's not recommended to run
PHP as CGI on slow virtual servers;
82
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• php.ini values cannot be changed via PHP scripts, vhost files, .htaccess files. But it
is possible to use the Custom php.ini settings
field on the Options tab of a web
site in ISPConfig to specify custom php.ini settings (see chapter 4.6.1.1).
• Mod-PHP:
Advantages:
• Speed;
• Needs less memory (RAM) than CGI;
• php.ini values can be changed via PHP scripts, vhost files, .htaccess files.
Disadvantages:
• Scripts are being executed with Apache privileges, which might lead to some
security related problems;
• Only one version of PHP can be installed as Apache module;
• You cannot use the Custom php.ini settings
field on the Options tab of a web
site in ISPConfig to specify custom php.ini settings (see chapter 4.6.1.1).
• SuPHP:
Advantages:
• Scripts will be executed with user privileges of the web site;
• Each vhost can have its own php.ini file;
• Needs less memory (RAM) than CGI;
• More than one PHP version can be run as suPHP.
Disadvantages:
• php.ini values cannot be changed via PHP scripts, vhost files, .htaccess files. But it
is possible to use the Custom php.ini settings
field on the Options tab of a web
site in ISPConfig to specify custom php.ini settings (see chapter 4.6.1.1);
• SuPHP might be a little slower than mod_php.
• Recommendations:
• High-Traffic Web Sites: Fast-CGI + suExec
• Low-Traffic Web Sites: CGI + suExec or SuPHP
83
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Max. number of web aliasdomains
: Specify the max. amount of web aliasdomains that this
reseller can create. -1 means unlimited.
• Max. number of web subdomains
: Specify the max. amount of web subdomains that this
reseller can create. -1 means unlimited.
• Max. number of FTP users
: Specify the max. amount of FTP users that this reseller can
create. -1 means unlimited.
• Max. number of Shell users
create. -1 means unlimited.
: Specify the max. amount of shell users that this reseller can
• SSH-Chroot Options
: Specify which SSH modes should be available for the reseller when he
creates/modifies a shell account. The None mode means that the shell user can browse the whole
file system and is limited only by file/directory permissions - this can be a security risk. The Jailkit
mode means that the shell user will be limited to his home directory (chrooted) and can only
browse directories inside his home directory.
• Max. number of Webdav users
: Specify the max. amount of WebDAV users that this reseller
can create. -1 means unlimited.
• Default DNS Server
: Select the default DNS server for the reseller. The default DNS server
will be pre-selected for this reseller when DNS items (zones, etc.) are created for the reseller,
but this selection can be changed in the appropriate form.
• Max. number of DNS zones
: Specify the max. amount of DNS zones that this reseller can
create. -1 means unlimited.
• Max. number of secondary DNS zones
: Specify the max. amount of secondary DNS zones
that this reseller can create. -1 means unlimited.
• Max. number DNS records
: Specify the max. amount of DNS records that this reseller can
create. -1 means unlimited.
• Max. number of Clients
means unlimited.
: Specify the max. amount of clients that this reseller can create. -1
• Default Database Server
: Select the default database server for the reseller. The default
database server will be pre-selected for this reseller when a database is created for the
reseller, but this selection can be changed in the appropriate form.
• Max. number of Databases
: Specify the max. amount of databases that this reseller can
create. -1 means unlimited.
• Max. number of cron jobs
: Specify the max. amount of cron jobs that this reseller can
create. -1 means unlimited.
• Max. type of cron jobs (chrooted and full implies url)
: Specify which kind of cron jobs
should be available for the reseller when he creates/modifies a cron job.
84
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Full Cron : Full Cron means that you can use any command for the cron job, and it will
not run in a chroot environment.
• Chrooted Cron : If Chrooted Cron is selected in the limits of the reseller that owns the
cron job, the cron jobs are chrooted (using Jailkit).
• URL Cron : This means that the reseller can only create wget cron jobs, i.e., he specifies a
URL in the cron job command line, and that URL will be accessed via wget.
• Min. delay between executions
: This specifies the minimal delay (in minutes) how often a
cron job can be executed. If you specify 5 here, for example, a cron job cannot be run every
minute, but only every five minutes.
• Traffic Quota
unlimited.
: Specify the max. monthly traffic (in MB) that this reseller can use. -1 means
4.5.2.2 Edit Reseller
85
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Under Edit Reseller
you can find a list of existing resellers:
By clicking any of them, you will get to the Address and Limits tabs of that reseller (that you
already know from chapter 4.5.2.1) where you can modify the settings of that reseller.
Above the list you can find filters that allow you to search for specific parameters in all
resellers. The following filters are available:
• ID
• Company name
• Contact name
• City
• Country
Click the
button to start a search.
86
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
From the reseller list, it is also possible to directly log in as a reseller - just click the
button next to the reseller.
To delete a reseller, click the
button. A confirmation message will pop up, asking you if you really want to delete the record.
4.6 Sites
On this tab we can create web sites, subdomains, FTP accounts, shell users, MySQL
databases, and cron jobs, and take a look at traffic statistics.
4.6.1 Websites
4.6.1.1 Website
This is where we can create new and edit/delete existing web sites.
To create a new web site, click the Add new website button. This will lead you to the Web
Domain form with the tabs Domain , Redirect , SSL, Statistics
, and Options
Web Domain
Domain
This is where the web site is actually created. Here you specify the web site domain, the client who
owns the web site, the IP address, quota, the features (like PHP, CGI, SSL, etc.) that the web site
will have, etc. The form has the following fields:
• Server : If more than one server is available, you can select the server on which the web site
will be created.
• Client : Here you select the client that owns the new web site.
• IP-Address : Select the IP address on which the web site will respond. * means all available
IP addresses. Please note that you still might have to create the appropriate DNS records for
your domains so that they point to the correct IP address.
• Domain : This is the main domain of your web site, e.g. example.com
www).
(without subdomain like
87
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Harddisk Quota : This is the max. amount of web space (in MB) that is available for the web
site. -1 means unlimited.
• Traffic Quota
: This is the max. amount of traffic per month (in MB) that is available for the
web site. -1 means unlimited.
• CGI: Allows the web server to execute cgi scripts in a certain directory (cgi-bin
).
• SSI : Activates Server Side Includes (SSI) (file extension .shtml).
• SuEXEC: This makes that CGI scripts (including PHP scripts that are executed as Fast-CGI or CGI)
are executed as the user and group of the current web site. You should check this
checkbox for security reasons. This does not apply to PHP scripts that are executed under
Mod-PHP and SuPHP.
• Own Error-Documents
ones.
: Allows to define your own error pages instead of using the standard
• Auto-Subdomain : Here you can define whether you want no automatic subdomain for the web
site (in this case you can access the site only by using the domain, e.g. http://example.com
),
an automatic www subdomain (you can then access the site using http://example.com
and
http://www.example.com
), or a wildcard subdomain (*. ) which means you can access the
site with any subdomain that does not point to another web site.
• SSL: With this checkbox you can enable SSL for this web site. Please note that you can have
88
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
only one SSL web site per IP address, and it is not possible to use a wildcard (* ) in the
IP-Address field.
• PHP: You can disable/enable PHP for this web site here. If you want to enable PHP, the
following four modes are available: Fast-CGI, CGI, Mod-PHP, SuPHP.
• Fast-CGI:
Advantages:
• Scripts will be executed with user privileges of the web site;
• More than one PHP version can be run as FastCGI;
• Might be better in speed compared to CGI and suPHP.
Disadvantages:
• php.ini values cannot be changed via PHP scripts, vhost files, .htaccess files. But it
is possible to use the Custom php.ini settings
field on the Options tab of a web
site in ISPConfig to specify custom php.ini settings (see chapter 4.6.1.1).
• CGI:
Advantages:
• Scripts will be executed with user privileges of the web site;
• More than one PHP version can be run as CGI.
Disadvantages:
• CGI might use a little more memory (RAM) - therefore, it's not recommended to run
PHP as CGI on slow virtual servers;
• php.ini values cannot be changed via PHP scripts, vhost files, .htaccess files. But it
is possible to use the Custom php.ini settings
field on the Options tab of a web
site in ISPConfig to specify custom php.ini settings (see chapter 4.6.1.1).
• Mod-PHP:
Advantages:
• Speed;
• Needs less memory (RAM) than CGI;
• php.ini values can be changed via PHP scripts, vhost files, .htaccess files.
Disadvantages:
• Scripts are being executed with Apache privileges, which might lead to some
89
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
security related problems;
• Only one version of PHP can be installed as Apache module;
• You cannot use the Custom php.ini settings
field on the Options tab of a web
site in ISPConfig to specify custom php.ini settings (see chapter 4.6.1.1).
• SuPHP:
Advantages:
• Scripts will be executed with user privileges of the web site;
• Each vhost can have its own php.ini file;
• Needs less memory (RAM) than CGI;
• More than one PHP version can be run as suPHP.
Disadvantages:
• php.ini values cannot be changed via PHP scripts, vhost files, .htaccess files. But it
is possible to use the Custom php.ini settings
field on the Options tab of a web
site in ISPConfig to specify custom php.ini settings (see chapter 4.6.1.1);
• SuPHP might be a little slower than mod_php.
• Recommendations:
• High-Traffic Web Sites: Fast-CGI + suExec
• Low-Traffic Web Sites: CGI + suExec or SuPHP
• Active : Defines whether this web site is active or not.
90
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Redirect
This form allows you to redirect the web site to another web site or to a specific directory on the
server. This is done by using Apache rewrite rules.
• Redirect Type : Here you can specify if you want to disable/enable a redirect, and if decide to
use a redirect, which flag to use.
Flags:
• No flag: Don't use any flags.
• R: Use of the [R] flag causes a HTTP redirect to be issued to the browser. If a
fully-qualified URL is specified (that is, including http://servername/ ) then a redirect will be
issued to that location. Otherwise, the current servername will be used to generate the URL
sent with the redirect.
• L: The [L] flag causes mod_rewrite to stop processing the rule set. In most contexts, this
means that if the rule matches, no further rules will be processed.
• R,L: You will almost always want to use [R] in conjunction with [L] (that is, use [R,L])
because on its own, the [R] flag prepends http://thishost[:thisport] to the URI, but then
passes this on to the next rule in the ruleset, which can often result in 'Invalid URI in
91
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
request' warnings.
More details about flags can be found here:
http://httpd.apache.org/docs/2.2/rewrite/rewrite_flags.html
• Redirect Path
: This is the target, i.e., the path (full path or path relative to the document root)
or URL where the redirect should point to.
If you want to do a URL redirect, you should use the R,L flags, while for a directory redirect it is recommended to just
use the L flag.
If you want to do a URL redirect, please specify the redirect target URL in the Redirect Path
field (e.g. http://www.someotherwebsite.com/subdir/
or http://www.someotherwebsite.com/
Please note that the URL should have a trailing slash:
).
If you want to do a redirect to a subdirectory of your web site, please specify the subdirectory or
the path to the subdirectory (relative to the document root of your web site) in the Redirect Path
field. Please note that the path must begin and end with a slash (e.g.
/subdirectory/anothersubdirectory/
):
92
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
SSL
On the SSL tab you can create a self-signed SSL certificate together with a certificate signing
request (CSR) that you can use to apply for an SSL certificate that is signed by a trusted
certificate authority (CA) such as Verisign, Comodo, Thawte, etc. It's not necessary to buy
such a trusted SSL certificate, but you should note that if you use a self-signed SSL certificate,
browsers will display a warning to your visitors.
Please note that you can have just one SSL web site per IP address.
To create a self-signed certificate, please fill out the fields State , Locality , Organisation ,
Organisation Unit
, Country , and SSL Domain , and then select Create Certificate
from the
SSL Action drop-down menu, and click on Save . Leave the fields SSL Request , SSL
Certificate
, and SSL Bundle empty - the fields SSL Request and SSL Certificate
will be filled
out by the system.
93
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
94
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
After the self- signed certificate was created, you will find data in the SSL Request and SSL
Certificate fields (it can take one or two minutes until the data appears in the fields):
If you want to buy an SSL certificate from a trusted CA, you have to copy the data from the
SSL Request field - this is the certificate signing request (CSR). With this CSR, you can apply
for a trusted SSL certificate at your CA - the CA will create an SSL certificate from this CSR,
and you can paste the trusted SSL certificate into the SSL Certificate field. Sometimes your
CA will also give you an SSL bundle - paste this into the SSL Bundle field. Select Save
Certificate
from the SSL Action drop-down menu and click on the Save button. You have just
replaced your self-signed certificate with a trusted SSL certificate.
To delete a certificate, select Delete Certificate
click on the Save button.
from the SSL Action drop-down menu and
Here's the meaning of the other fields on the SSL tab:
• State : The state or province where your organization is located. Can not be abbreviated.
Examples: Florida, Bavaria, Noord-Holland, etc.
• Locality : The city where your organization is located. Examples: London, Paris, Seattle,
Hamburg, etc.
• Organisation
: The exact legal name of your organization. Do not abbreviate your
95
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
organization name. Examples: Internet Widgets Pty Ltd, My Company GmbH, etc.
• Organisation Unit
: This entry is for the name of the unit in your organization. Examples:
Marketing, Sales, Development, etc.
• Country : The two-letter ISO abbreviation for your country. Examples: AU for Australia, DE for
Germany, US for the United States, NL for The Netherlands, etc.
• SSL Domain : A fully qualified domain name that resolves to the SSL web site. For example, if
you intend to secure the URL https://ssl.example.com
, then the SSL Domain must be
ssl.example.com
. This must be an exact match.
Statistics
ISPConfig 3 creates web statistics for your web sites automatically - these will be generated
once a day (at 0.30h) and are available in the /stats folder of your web site (e.g.
http://www.example.com/stats
). You can password-protect that directory by specifying a
password in the Webstatistics password
field (the Webstatistics username is defined by
ISPConfig, it's admin ).
In the Webstatistics program
drop-down menu, you can select the software that will create
the statistics for you - you have the choice between Webalizer and AWStats .
Backup
(This tab is visible only for the ISPConfing admin user.)
On the Backup tab you can specify whether you want to create backups of the current web site.
If the document root of the web site is /var/clients/client1/web1/web
, the contents of the
/var/clients/client1/web1
directory (including the web folder, but excluding the log folder)
will be zipped (extension .zip ) and stored in the backup directory that is specified under
System > Server Config > Backup directory
(the default directory is /var/backup
). For web1
ISPConfig would create the subdirectory /var/backup/web1
and store the backups in that
directory. That directory would be symlinked to /var/clients/client1/web1
/backup (the
backup doesn't include /var/clients/client1/web1
/backup either to avoid a circular backup)
so that the backups can be downloaded by FTP.
• Backup interval
: Select whether you want ISPConfig to create backups for this web site, and
if so, how often (daily/weekly/monthly).
• Number of backup copies
: Specify how many backups should be kept on the system. For
example, if you select to have a daily backup and pick 10 in the Number of backup copies
field, the sytem will keep backups of the last ten days; backups that are older will
96
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
automatically be deleted.
To restore a backup, download it from the backup folder via FTP, unpack it on your client PC, and
upload the contents via FTP again.
Options
(This tab is visible only for the ISPConfing admin user.)
• Linux User : This shows the Linux user under which this web site is run. If you have chosen
PHP Fast-CGI + SuEXEC, PHP CGI + SuEXEC or SuPHP, this is the user under which your
PHP scripts will be executed. This setting cannot be changed.
• Linux Group : This shows the Linux group under which this web site is run. If you have chosen
PHP Fast-CGI + SuEXEC, PHP CGI + SuEXEC or SuPHP, this is the group under which
your PHP scripts will be executed. This setting cannot be changed.
• Apache AllowOverride
: Specifies what directives are allowed in .htaccess files. Possible
values: All|None|AuthConfig|FileInfo|Indexes|Limit|Options[= Option ,...]
See
http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
for more details.
• PHP open_basedir : The open_basedir directive in php.ini limits PHP file accesses (such as
file opening, writing and deleting) within a designated directory so that it doesn't endanger the rest
of the system in any way. With proper Apache permissions and PHP installed as an
Apache module, PHP inherits whatever privileges Apache has. You can specify multiple
directories here, seperated by a colon (: ).
• Custom php.ini settings
: If this web site needs special PHP settings that differ from what's
in the system's global php.ini, you can override the global PHP settings here. You can use
normal php.ini syntax here. Please specify one directive per line. Please note that you can
use this field only with Fast-CGI, CGI, or SuPHP - you cannot use it if you have enabled
Mod-PHP for this web site. Also note that if you use this field and change your global php.ini
afterwards, the changes in the global php.ini will not be available to this web site immediately only after you modify settings of this web site in ISPConfig so that this web site's
configuration gets rewritten.
Examples:
memory_limit = 32M
magic_quotes_gpc = Off
file_uploads = Off
• Apache directives
: This field offers you the opportunity to write additional Apache directives
into the site's virtual host container manually, one directive per line (Directive Quick
Reference ).
Examples:
<Location '/wiki/images'>
php_admin_flag engine off
97
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
AddType text/plain .html .htm .shtml .php
</Location>
php_flag register_globals off
Options -Indexes
Options +FollowSymLinks
ErrorDocument 404 /index.php
(As you can see, you can change PHP settings here as well using php_admin_flag and
php_flag , but this works only if you use Mod-PHP. You can find more details about this here:
http://php.net/manual/en/configuration.changes.php
)
4.6.1.2 Subdomain for website
This is where we can create new and edit/delete existing subdomains. With this feature, you
can add subdomains to an existing web site so that the subdomain shows the same content as
the web site's main domain. It is also possible to point the subdomain to a subdirectory of the
web site - this is done using Apache rewrite rules. Please note that you should not use such a
rewrite rule if you plan to install a CMS such as Wordpress, Joomla, Drupal, etc. in that
subdirectory because most modern CMS systems also use rewrite rules that will most likely
collide with the rewrite rules that redirect the subdomain to the subdirectory. If you want to
install a CMS in a directory of its own and use a subdomain for that directory, you should
create a whole new web site for that subdomain and install the CMS in that web site. But if you
plan to place static HTML files in the subdirectory or other stuff that doesn't come with any
rewrite rules, you can create a subdomain and redirect it to that subdirectory without any
problem.
The difference between a subdomain and an aliasdomain is that the subdomain uses the same
domain name as the main domain of the web site, whereas an aliasdomain uses a different domain
name. For example, if the web site's main domain is example.com , and you want to
point the hostname sub.example.com to the same web site, you'd use a subdomain, whereas if you
have a totally different domain such as yourseconddomain.com that you want to point to the
example.com web site, you'd use an aliasdomain.
To create a new subdomain, click the Add new subdomain button. This will lead you to the
Subdomain for website
form with the tab Domain .
Subdomain for website
Domain
Here you can create/edit the subdomain. The form has the following fields:
• Host : This is where you enter the hostname, i.e., the subdomain without the main domain
98
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
name. For example, if you want to create the subdomain sub.example.com
this field.
, you enter sub in
• Domain : Here you select the main domain. If you want to create the subdomain
sub.example.com , this would be example.com .
• Redirect Type : Here you can specify if you want to disable/enable a redirect, and if decide to
use a redirect, which flag to use. (Redirects work exactly as shown for web sites in chapter
4.6.1.1.)
Flags:
• No flag: Don't use any flags.
• R: Use of the [R] flag causes a HTTP redirect to be issued to the browser. If a
fully-qualified URL is specified (that is, including http://servername/ ) then a redirect will be
issued to that location. Otherwise, the current servername will be used to generate the URL
sent with the redirect.
• L: The [L] flag causes mod_rewrite to stop processing the rule set. In most contexts, this
means that if the rule matches, no further rules will be processed.
• R,L: You will almost always want to use [R] in conjunction with [L] (that is, use [R,L])
because on its own, the [R] flag prepends http://thishost[:thisport] to the URI, but then
passes this on to the next rule in the ruleset, which can often result in 'Invalid URI in
request' warnings.
More details about flags can be found here:
http://httpd.apache.org/docs/2.2/rewrite/rewrite_flags.html
• Redirect Path
: This is the target, i.e., the path (full path or path relative to the document root)
or URL where the redirect should point to.
• Active : This defines if the subdomain is active or not.
99
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.6.1.3 Aliasdomain for website
This is where we can create new and edit/delete existing aliasdomains. With this feature, you
can add aliasdomains to an existing web site so that the aliasdomain shows the same content
as the web site's main domain. It is also possible to point the aliasdomain to a subdirectory of
the web site - this is done using Apache rewrite rules. Please note that you should not use
such a rewrite rule if you plan to install a CMS such as Wordpress, Joomla, Drupal, etc. in that
subdirectory because most modern CMS systems also use rewrite rules that will most likely
collide with the rewrite rules that redirect the aliasdomain to the subdirectory. If you want to
install a CMS in a directory of its own and use an aliasdomain for that directory, you should
create a whole new web site for that aliasdomain and install the CMS in that web site. But if
you plan to place static HTML files in the subdirectory or other stuff that doesn't come with any
rewrite rules, you can create an aliasdomain and redirect it to that subdirectory without any
problem.
The difference between a subdomain and an aliasdomain is that the subdomain uses the same
domain name as the main domain of the web site, whereas an aliasdomain uses a different domain
name. For example, if the web site's main domain is example.com , and you want to
point the hostname sub.example.com to the same web site, you'd use a subdomain, whereas if you
have a totally different domain such as yourseconddomain.com that you want to point to the
example.com web site, you'd use an aliasdomain.
100
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
To create a new aliasdomain, click the Add new aliasdomain
Web Aliasdomain form with the tab Domain .
button. This will lead you to the
Web Aliasdomain
Domain
Here you can create/edit the aliasdomain. The form has the following fields:
• Domain : This is where you enter the aliasdomain, e.g. yourseconddomain.com
possible to specify a subdomain, e.g. sub.yourseconddomain.com
. It is also
• Parent Website : Here you select the parent web site, i.e.. the web site that the aliasdomain
should point to.
• Redirect Type : Here you can specify if you want to disable/enable a redirect, and if decide to
use a redirect, which flag to use. (Redirects work exactly as shown for web sites in chapter
4.6.1.1.)
Flags:
• R: Use of the [R] flag causes a HTTP redirect to be issued to the browser. If a
fully-qualified URL is specified (that is, including http://servername/ ) then a redirect will be
issued to that location. Otherwise, the current servername will be used to generate the URL
sent with the redirect.
• L: The [L] flag causes mod_rewrite to stop processing the rule set. In most contexts, this
means that if the rule matches, no further rules will be processed.
• R,L: You will almost always want to use [R] in conjunction with [L] (that is, use [R,L])
because on its own, the [R] flag prepends http://thishost[:thisport] to the URI, but then
passes this on to the next rule in the ruleset, which can often result in 'Invalid URI in
request' warnings.
More details about flags can be found here:
http://httpd.apache.org/docs/2.2/rewrite/rewrite_flags.html
• Redirect Path
: This is the target, i.e., the path (full path or path relative to the document root)
or URL where the redirect should point to.
• Auto-Subdomain : Here you can define whether you want no automatic subdomain for the
aliasdomain (in this case you can access the site only by using the domain, e.g.
http://yourseconddomain.com
), an automatic www subdomain (you can then access the site
using http://yourseconddomain.com
and http://www.yourseconddomain.com
), or a wildcard
subdomain (*. ) which means you can access the site with any subdomain that does not point to
another web site.
• Active : This defines if the aliasdomain is active or not.
101
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.6.2 FTP
4.6.2.1 FTP-User
This is where we create new FTP users or modify/delete existing FTP users. FTP users can
upload/download/delete files for a website with an FTP client such as FileZilla .
To create a new FTP user, click the Add new FTP-User button. This will lead you to the FTP User
form with the tabs FTP User and Options
FTP User
FTP User
The form to create/modify an FTP user has the following fields:
• Website : This is the web site for which you define the FTP user.
• Username : This is the username of the FTP user. The string in square brackets before the
102
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
username will be replaced appropriately, for example [CLIENT] will be replaced with client1
,
client2 , etc. So if the current client is client1
, and you type in johndoe in the Username field,
the actual FTP username will be client1johndoe
. The FTP user prefix can be defined under
System > Interface Config
, however it is not recommended to change the default value.
• Password : Type in a password for the FTP user. The Password strength
field will show how
weak or strong your password is. A strong password should include numbers, symbols, upper and
lowercase letters; password length should be 8 characters or more; avoid any password based on
repetition, dictionary words, letter or number sequences, usernames, relative or pet names, or
biographical information.
• Harddisk-Quota
user.
: This is the max. amount of disk space (in MB) that is available for the FTP
• Active : This defines if this FTP user account is active or not.
Options
On the Options tab you can fine-tune the FTP account. The form has the following fields:
103
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• UID : The FTP account is a virtual account, i.e., it is no system user, but a user that is stored in
a MySQL database. The UID field specifies under which system user account the FTP user
does uploads and downloads. Normally this should be the same user that is shown in the
Linux User field on the Options tab of the web site.
• GID: This is the system group that the (virtual) FTP users uses to do uploads and downloads.
Normally this should be the same group that is shown in the Linux Group field on the
Options tab of the web site.
• Directory : This is the home directory of the FTP user, i.e., the FTP user can do uploads and
downloads in this directory and all subdirectories thereof.
• Filequota : This is the amount of files that the FTP user is allowed to upload. -1 means
unlimited.
• Uploadratio
• Downloadratio
: This defines the upload ratio in MB. -1 means unlimited.
: This defines the download ratio in MB. -1 means unlimited.
• Uploadbandwidth : This defines the bandwidth with which the FTP user can upload files (in
kb/s). -1 means unlimited.
• Downloadbandwidth : This defines the bandwidth with which the FTP user can download files
(in kb/s). -1 means unlimited.
104
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.6.3 Shell
4.6.3.1 Shell-User
This is where we create new shell users (i.e., system users) or modify/delete existing shell
users. Shell users can log into the system via SSH (e.g. by using an SSH client such as
PuTTY) and do secure uploads/downloads by using an SCP client (such as WinSCP ).
To create a new shell user, click the Add new Shell-User
User form with the tabs Shell User and Options
button. This will lead you to the Shell
Shell User
Shell User
The form to create/modify a shell user has the following fields:
• Site : This is the web site for which you define the shell user.
• Username : This is the username of the shell user. The string in square brackets before the
username will be replaced appropriately, for example [CLIENT] will be replaced with client1
,
client2 , etc. So if the current client is client1
, and you type in johndoe in the Username field,
the actual shell username will be client1johndoe
. The shell user prefix can be defined under
System > Interface Config
, however it is not recommended to change the default value.
• Password : Type in a password for the shell user. The Password strength
field will show how
weak or strong your password is. A strong password should include numbers, symbols, upper and
lowercase letters; password length should be 8 characters or more; avoid any password based on
repetition, dictionary words, letter or number sequences, usernames, relative or pet names, or
biographical information.
• Chroot Shell
: This defines if this shell user is chrooted or not. If you select None, the shell
user can browse the whole file system and is limited only by file/directory permissions - this
can be a security risk. If you select to chroot the shell user (by selecting Jalikit from the
drop-down menu), the shell user will be limited to his home directory and can only browse
directories inside his home directory.
• Quota : This is the max. amount of disk space (in MB) that is available for the shell user.
• Active : This defines if this shell user account is active or not.
105
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Options
On the Options tab you can fine-tune the shell user account. The form has the following fields:
• UID : The shell user account is a "virtual" account. The UID field specifies to which system user this
virtual account is mapped. Normally this should be the same user that is shown in the Linux User field
on the Options tab of the web site.
• GID: This is the system group that the (virtual) shell user is mapped to. Normally this should
be the same group that is shown in the Linux Group
field on the Options tab of the web site.
• Shell : This is the shell that the user uses to log in. Possible values are, for example:
/bin/bash
or /bin/sh . It's also possible to give a shell user a shell that doesn't allow him to
log in, sich as /bin/false
or /usr/sbin/nologin
• Dir : This is the home directory of the shell user. If you have chrooted the shell user, he
cannot break out of this directory.
106
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.6.4 WebDAV
4.6.4.1 WebDAV User
WebDAV stands for Web-based Distributed Authoring and Versioning
and is a set of
extensions to the HTTP protocol that allow users to directly edit files on the Apache server so that
they do not need to be downloaded/uploaded via FTP. Of course, WebDAV can also be used to
upload and download files.
To create a new WebDAV user, click the Add new WebDAV-User button. This will lead you to the
WebDAV User form with the tab WebDAV User .
WebDAV User
WebDAV User
The form to create/modify a WebDAV user has the following fields:
• Website : This is the web site for which you define the WebDAV user.
107
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Username : This is the username of the WebDAV user. The string in square brackets before
the username will be replaced appropriately, for example [CLIENT] will be replaced with
client1 , client2 , etc. So if the current client is client1
, and you type in johndoe in the
Username field, the actual WebDAV username will be client1johndoe
. The WebDAV user
prefix can be defined under System > Interface Config
, however it is not recommended to
change the default value.
• Password : Type in a password for the WebDAV user. The Password strength
field will show
how weak or strong your password is. A strong password should include numbers, symbols,
upper and lowercase letters; password length should be 8 characters or more; avoid any
password based on repetition, dictionary words, letter or number sequences, usernames,
relative or pet names, or biographical information.
• Active : This defines if this WebDAV user account is active or not.
• Directory : This defines the subdirectory of your document root that you want to access with
WebDAV. If you leave it empty, you can access the whole document root and its
subdirectories with the WebDAV URL http://example.com:80/webdav . If you type in a
subdirectory, e.g. images , you can access the images subdirectory as follows:
http://example.com:80/webdav/images
This link explains how you can access a WebDAV share from a Windows PC: Configure A
Windows XP Client To Connect To The WebDAV Share
This link shows how you can access a WebDAV share from a Linux desktop (GNOME):
Configure A Linux Client (GNOME) To Connect To The WebDAV Share
4.6.5 Database
4.6.5.1 Database
This is where you can create databases for your web sites. Currently, only MySQL databases are
supported.
To create a new database, click on the Add new Database
Database form with the tab Database .
button. This will lead you to the
Database
Database
The form to create/modify a database has the following fields:
108
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Server : If more than one server is available, you can select the server on which the database
will be created.
• Client : Here you select the client that owns the database.
• Type : Select the database type. Currently only MySQL is supported.
• Database name : This is the name of the database. The string in square brackets before the
database name will be replaced appropriately, for example [CLIENTID] will be replaced with
the ID of the client, i.e., 1, 2, 3, etc. So if the current client is client1 , and you type in
wordpress in the Database name field, the actual database name will be c1wordpress
. The
database name prefix can be defined under System > Interface Config
, however it is not
recommended to change the default value. Please note that database names must not be
longer than 16 characters - MySQL doesn't support longer database names!
• Database user : This is the name of the database user. The string in square brackets before
the database username will be replaced appropriately, for example [CLIENTID] will be
replaced with the ID of the client, i.e., 1, 2, 3, etc. So if the current client is client1 , and you
type in johndoe in the Database user
field, the actual database username will be c1johndoe
The database user prefix can be defined under System > Interface Config
, however it is not
recommended to change the default value. Please do not use underscores (_)in the
username.
• Database password : Type in a password for the database user. The Password strength
field
will show how weak or strong your password is. A strong password should include numbers,
symbols, upper and lowercase letters; password length should be 8 characters or more; avoid any
password based on repetition, dictionary words, letter or number sequences, usernames, relative
or pet names, or biographical information.
• Database charset
: Select the character set of the database. MySQL includes character set
support that enables you to store data using a variety of character sets and perform
comparisons according to a variety of collations. You can learn more about MySQL's
character set support here
• Remote Access : This specifies if the MySQL should allow only local access to the database, or
if connections from remote places should be allowed as well (which can be a security risk
because intruders don't need access to the local system to connect to the database; all they need is
the database username and password).
• Remote Access IPs : If you've enable remote access and want to allow just a few remote hosts
to connect to this database, you can enter the IPs of the remote hosts here. Multiple IPs must
be seperated with a comma (, ). To allow connections from all remote hosts, leave this field
empty.
• Active : This defines if this database is active or not.
109
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.6.6 Cron
4.6.6.1 Cron Jobs
A cron job is a scheduled task that is executed by the system at a specified time/date.
To create a new cron job, click on the Add new Cron job
Job form with the tab Cron Job
button. This will lead you to the Cron
Cron Job
Cron Job
The form to create/modify a cron job has the following fields:
• Parent website
: This is the web site for which you define the cron job.
• Minutes : The minute to run the cron job. Allowed values: 0-59 . * means every minute.
• Hours : The hour to run the cron job. Allowed values: 0-23 . * means every hour.
110
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Days of month : The day of the month to run the cron job. Allowed values: 1-31 . * means
every day of the month.
• Months : The month to run the cron job. Allowed values: 1-12
every month.
(or names, see below). * means
• Days of week : The day of the week to run the cron job. Allowed values: 0-7 (0 or 7 is Sun
, or use names). * means every day of the week.
• Command to run : This is the command to execute. Shell scripts will be run by /bin/sh
will be executed by wget .
, URLs
• Active : This defines if the cron job is active or not.
When specifying day of week, both day 0 and day 7 will be considered Sunday. A
field may be an asterisk (* ), which always stands for first-last.
Names can also be used for the "month" and "day of week" fields. Use the first three letters of
the particular day or month (case doesn't matter), e.g. sun or SUN for Sunday or mar /MAR for
March..
Let's take a look at two sample cron jobs:
* * /usr/local/ispconfig/server/server.sh > /dev/null 2>>
/var/log/ispconfig/cron.log
This means: execute /usr/local/ispconfig/server/server.sh > /dev/null 2>>
/var/log/ispconfig/cron.log
once per minute.
30 00 * * * /usr/local/ispconfig/server/cron_daily.sh > /dev/null 2>>
/var/log/ispconfig/cron.log
This means: execute /usr/local/ispconfig/server/cron_daily.sh > /dev/null 2>>
/var/log/ispconfig/cron.log
once per day at 00:30h.
The day of a command's execution can be specified by two fields: day of month, and day of
week. If both fields are restricted (i.e., aren't * ), the command will be run when either field
matches the current time. For example, 30 4 1,15 * 5 would cause a command to be run at
4:30h on the 1st and 15th of each month, plus every Friday.
You can use ranges to define cron jobs:
Examples:
1,2,5,9
- means every first, second, fifth, and ninth (minute, hour, month, ...).
111
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
0-4,8-12
*/5
- means all (minutes, hours, months,...) from 0 to 4 and from 8 to 12.
- means every fifth (minute, hour, month, ...).
1-9/2
is the same as 1,3,5,7,9
Ranges or lists of names are not allowed (if you are using names instead of numbers for
months and days - e.g., Mon-Wed is not valid).
1,7,25,47 */2 * * * command
means: run command every second hour in the first, seventh, 25th, and 47th minute.
Instead of the first five fields, one of eight special strings may appear:
string
@reboot
@yearly
@annually
@monthly
@weekly
@daily
@midnight
@hourly
meaning
Run once, at startup.
Run once a year, "0 0 1 1 *".
(same as @yearly)
Run once a month, "0 0 1 * *".
Run once a week, "0 0 * * 0".
Run once a day, "0 0 * * *".
(same as @daily)
Run once an hour, "0 * * * *".
You can learn more about cron jobs here: A Short Introduction To Cron Jobs
112
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.6.7 Statistics
The Statistics
section is a bit special in that there's nothing that you can configure here. This
section just displays statistics for your web sites.
4.6.7.1 Web traffic
Under Web traffic
you can see traffic statistics (in MB) for your web sites for the current
month, the month before, the current year, and the year before.
These statistics are realtime (updated once per minute).
4.6.7.2 Website quota (Harddisk)
Under Website quota (Harddisk)
you can see the hard disk usage (Used Space , in MB) for
your web sites, as well as the current quota soft limits and hard limits.
113
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Soft limit indicates the maximum amount of disk usage a quota user has on a partition. When
combined with "grace period", it acts as the border line, which a quota user is issued warnings
about his impending quota violation when passed. Hard limit works only when "grace period" is
set. It specifies the absolute limit on the disk usage, which a quota user can't go beyond his
"hard limit".
These statistics are near realtime (updated every five minutes).
4.7 Email
On this tab we can create email accounts, define email forwards and spamfilter settings,
configure the system to fetch mail from remote POP3 and/or IMAP servers, set up content
filters and black- and whitelists, etc.
4.7.1 Email Accounts
4.7.1.1 Domain
Here we can define the domains for which we want to set up email accounts later on.
To create a new email domain, click on the Add new Domain
Mail Domain
form with the tab Domain .
button. This will lead you to the
Mail Domain
Domain
This form contains the following fields:
• Server : If more than one server is available, you can select the server on which the email
domain will be located. It is possible that the email domain is located on another server than
the web site domain.
• Client : Here you select the client that owns the email domain.
• Domain : Type in the email domain, e.g. example.com (this would lead to email addresses such
as user@example.com ). It is also possible to fill in subdomains, e.g. sub.example.com
, which
would result in email addresses such as user@sub.example.com
• Spamfilter : Here you can specify if you want to enable the spamfilter for this domain, and if
so, what spamfilter level to use: Non-Paying , Uncensored , Wants all spam
, Wants viruses ,
Normal , Trigger happy
, Permissive . The settings for each of these levels are defined under
114
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Email > Spamfilter > Policy
• Active : This defines whether this email domain is active or not.
4.7.1.2 Domain Alias
With domain aliases, you can map one email domain to another one. Let's assume you have
created the email domains example.com and yourseconddomain.com , and have also created the
email accounts user1@example.com and user2@example.com . Now you want to use the exact
same mail boxes for yourseconddomain.com as well, i.e., user1@example.com and
user1@yourseconddomain.com as well as user2@example.com and user2@yourseconddomain.com
should be identical mail boxes. This can be achieved by mapping yourseconddomain.com to
example.com - it can be imagined as a kind of symlink from yourseconddomain.com to
example.com .
To create a new domain alias, click on the Add new Domain alias
the Domain Alias
form with the tab Domain Alias
button. This will lead you to
115
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Domain Alias
Domain Alias
This form has the following fields:
• Source : This is the domain that you want to map to another email domain. In our above
example, this would be yourseconddomain.com
• Destination : This is the email domain that the source domain should be mapped to. In our
above example, this would be example.com .
• Active : This defines whether this domain alias is active or not.
4.7.1.3 Email Mailbox
This is where we create/modify/delete email accounts.
To create a new email account, click on the Add new Mailbox
button. This will lead you to the
116
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Mailbox
form with the tabs Mailbox
, Autoresponder
, Mail Filter
, and Custom Rules
Mailbox
Mailbox
This form has the following fields:
• Realname : Type in the real name of the email user, e.g. John Doe . This field is optional.
• Email : This specification is split up in two fields, Alias and Domain . Alias contains the part in
front of the @ sign (the "local part"), and in the Domain drop-down menu, you select the email
domain. For example, if you want to create the email account john.doe@example.com , you'd
fill in john.doe in the Alias field and select example.com from the Domain drop-down menu. The
email address is also the SMTP/POP3/IMAP username for the email account.
The local-part of an e-mail address may be up to 64 characters long and the domain name
may have a maximum of 255 characters. However, the maximum length of a forward or
reverse path length of 256 characters restricts the entire e-mail address to be no more than 254
characters. Some mail protocols, such as X.400, may require larger objects, however.
The SMTP specification recommends that software implementations impose no limits for the
lengths of such objects.
The local-part of the e-mail address may use any of these ASCII characters:
* Uppercase and lowercase English letters (a&ndash;z , A&ndash;Z ) *
Digits 0 to 9
* Characters ! # $ % & ' * + - / = ? ^ _ ` { | } ~
* Character . (dot, period, full stop) provided that it is not the first or last character, and
provided also that it does not appear two or more times consecutively (e.g.
John..Doe@example.com ).
Additionally, quoted-strings (e.g. "John Doe"@example.com
) are permitted, thus allowing
characters that would otherwise be prohibited, however they do not appear in common
practice. RFC 5321 also warns that "a host that expects to receive mail SHOULD avoid
defining mailboxes where the Local-part requires (or uses) the Quoted-string form".
The local-part is case sensitive, so "jsmith@example.com"
and "JSmith@example.com" may be
delivered to different people. This practice is discouraged by RFC 5321. However, only the
authoritative mail servers for a domain may make that decision (if you have set up your
server according to one of the "Perfect Server" tutorials from HowtoForge.com, then the local
part is not case sensitive ). The only exception is for a local-part value of "postmaster" which
is case insensitive, and should be forwarded to the server's administrator.
Within the rules set out in the RFCs, organisations are free to restrict the forms their own
e-mail addresses take however they wish, e.g. many organizations do not use certain
117
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
characters, e.g. space, ?, and ^ , and most organizations treat uppercase and lowercase letters
as equivalent. Hotmail, for example, only allows creation of e-mail addresses using
alphanumerics, dot (. ), underscore (_) and hyphen (- ).
Systems that send mail, of course, must be capable of handling outgoing mail for all
addresses. Contrary to the relevant standards, some defective systems treat certain
legitimate addresses as invalid and fail to handle mail to these addresses. Hotmail, for
example, incorrectly refuses to send mail to any address containing any of the following
legitimate characters: ! # $ % * / ? ^ ` { | } ~
• Password : Type in a password for the email account. The Password strength
field will show
how weak or strong your password is. A strong password should include numbers, symbols,
upper and lowercase letters; password length should be 8 characters or more; avoid any
password based on repetition, dictionary words, letter or number sequences, usernames,
relative or pet names, or biographical information.
• Quota : This is the max. amount of disk space (in MB) that is available for this email account.
• Send copy to : Here you can specify an email address that should receive a copy of all
incoming mails for this email account. This field is optional.
• Spamfilter : Here you can specify if you want to enable the spamfilter for this email account,
and if so, what spamfilter level to use: Non-Paying , Uncensored , Wants all spam
, Wants
viruses , Normal , Trigger happy
, Permissive . The settings for each of these levels are
defined under Email > Spamfilter > Policy
. Please note that this setting overrides the
spamfilter setting of the mail domain (no matter what spamfilter level you chose for the mail
domain; this is true even if you disabled the spamfilter for the mail domain), with one
exception: If you choose to not enable the spamfilter for this email account, but the spamfilter is
enabled for the mail domain, then the spamfilter setting of the mail domain is used for this email
account. Use Uncensored to disable the spamfilter.
• Enable Receiving
: If you don't check this box, then incoming emails for this mail account will
be rejected. This makes sense if you want to use this account only for sending mail, but not for
receiving.
• Disable IMAP
: If you check this box, you cannot use IMAP to access the mails of this mailbox.
• Disable POP3 : If you check this box, you cannot use POP3 to access the mails of this
mailbox.
118
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Autoresponder
With the autoresponder you have the possibility to automatically send replies to incoming
mails (e.g. if you are on holidays).
The form has the following fields:
• Text : Enter your autoresponder message in this field.
• Active : This defines whether this autoresponder is currently active or not.
• Start on : Here you can define when the autoresponder should start (day - month - year hour - minute). If you don't specify a start date, the autoresponder becomes active
immediately. If you click on now, ISPConfig will fill in the current start date, and the end date will be
the end of the next day.
• End by : Here you can define when the autoresponder should stop (day - month - year - hour minute). If you don't specify an end date, the autoresponder will be active forever.
119
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Mail Filter
On this tab you can define filters for incoming emails. One common filter has already been
defined for you:
• Move Spam Emails to Junk directory
: If you check this, emails that are tagged as spam by
the spamfilter will automatically be moved to the junk folder. Please note that you can access the
junk folder only if you use IMAP. This filter is active only if the spamfilter is active for this email
account (i.e., a spamfilter level other than Uncensored must be selected, either for the whole mail
domain or specifically for this email account).
To create custom email filters, click on the Add new Filter
Email filter
form with the tab Filter
button. This will lead you to the
Email filter
Filter
120
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
The form to create a custom email filter has the following fields:
• Name: Specify a name for this filter rule. Examples: Spam, Work, Private
Newsletter , Xen Mailinglist
, etc.
, HowtoForge
• Source : This defines the criteria based on which emails will be filtered. Select the field from
the email header that should be examined (Subject , From, To), then select when this filter
should be used (if the field Contains , Is , Begins with , Ends with the string that you specify),
and finally specify a search string. If you select From or To in the first field and we assume that
the email address is specified as John Doe <john.doe@example.com>
, you can specify an
email address here (john.doe@example.com
) or a name (John Doe ) - in both cases you should
select Contains instead of Is .
• Action : Specify what to do with the emails if the filter applies. If you select Move to , you must
also specify a folder name in the field right of the drop-down menu. If this folder doesn't exist,
it will automatically be created. Please note that you can access this folder only if you use
IMAP. If you select Delete , the emails will be deleted, and there's no need to specify a folder.
• Active : This defines whether this filter rule is currently active or not.
121
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Custom Rules
(This tab is visible only for the ISPConfing admin user.)
• Custom mail filter recipe
: Depending on if you use Courier + Maildrop or Dovecot +
Sieve, you can fill in custom directives either in Maildrop syntax or in Sieve syntax , one
directive per line. If you have created a mail filter on the Mail Filter
tab, you will notice that
there are already directives in the text area - that is your mail filter translated into Maildrop or
Sieve syntax. You can add further directives, if you like.
4.7.1.4 Email Alias
An email alias is the same as a domain alias, except that it is used to map an email address to
another email address instead of mapping a whole email domain to another email domain.
To create a new email alias, click on the Add new Email alias
Email Alias
form with the tab Email Alias
button. This will lead you to the
122
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Email Alias
Email Alias
This form has the following fields:
• Email : This specification is split up in two fields, Alias and Domain . Alias contains the part in
front of the @ sign (the "local part") - it should be an alias that doesn't already exist for this
domain -, and in the Domain drop-down menu, you select the email domain. For example, if
you want to create the email alias info@example.com
, you'd fill in info in the Alias field and
select example.com from the Domain drop-down menu.
The local-part of an e-mail address may be up to 64 characters long and the domain name
may have a maximum of 255 characters. However, the maximum length of a forward or
reverse path length of 256 characters restricts the entire e-mail address to be no more than 254
characters. Some mail protocols, such as X.400, may require larger objects, however.
The SMTP specification recommends that software implementations impose no limits for the
lengths of such objects.
The local-part of the e-mail address may use any of these ASCII characters:
* Uppercase and lowercase English letters (a&ndash;z , A&ndash;Z ) *
Digits 0 to 9
* Characters ! # $ % & ' * + - / = ? ^ _ ` { | } ~
* Character . (dot, period, full stop) provided that it is not the first or last character, and
provided also that it does not appear two or more times consecutively (e.g.
John..Doe@example.com ).
Additionally, quoted-strings (e.g. "John Doe"@example.com
) are permitted, thus allowing
characters that would otherwise be prohibited, however they do not appear in common
practice. RFC 5321 also warns that "a host that expects to receive mail SHOULD avoid
defining mailboxes where the Local-part requires (or uses) the Quoted-string form".
The local-part is case sensitive, so "jsmith@example.com"
and "JSmith@example.com" may be
delivered to different people. This practice is discouraged by RFC 5321. However, only the
authoritative mail servers for a domain may make that decision (if you have set up your
server according to one of the "Perfect Server" tutorials from HowtoForge.com, then the local
part is not case sensitive ). The only exception is for a local-part value of "postmaster" which
is case insensitive, and should be forwarded to the server's administrator.
Within the rules set out in the RFCs, organisations are free to restrict the forms their own
e-mail addresses take however they wish, e.g. many organizations do not use certain
characters, e.g. space, ?, and ^ , and most organizations treat uppercase and lowercase
letters as equivalent. Hotmail, for example, only allows creation of e-mail addresses using
alphanumerics, dot (. ), underscore (_) and hyphen (- ).
123
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Systems that send mail, of course, must be capable of handling outgoing mail for all
addresses. Contrary to the relevant standards, some defective systems treat certain
legitimate addresses as invalid and fail to handle mail to these addresses. Hotmail, for
example, incorrectly refuses to send mail to any address containing any of the following
legitimate characters: ! # $ % * / ? ^ ` { | } ~
• Destination : Select the email account that you want to map this email alias to. If you want to
map info@example.com to john.doe@example.com , you'd select john.doe@example.com here.
The destination email address is also the SMTP/POP3/IMAP username for the email account.
• Active : This defines whether this email alias is active or not.
4.7.1.5 Email Forward
With this feature you can make the mail system automatically forward emails for an email
address to one or more other email accounts. For example, you can use this function to define
an email address for a group of people, e.g. danceclass@mydancestudio.com
, and forward
emails to that address to all members of the dance class, like dancer1@firstdomain.com
,
124
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
dancer2@someotherdomain.com
, dancer3@yetanotherdomain.com
To create a new email forward, click on the Add new Email forward
to the Email Forward
form with the tab Email Forward
, etc.
button. This will lead you
Email Forward
Email Forward
The form has the following fields:
• Email : This specification is split up in two fields, Alias and Domain . Alias contains the part in
front of the @ sign (the "local part") - it should be an alias that doesn't already exist for this
domain -, and in the Domain drop-down menu, you select the email domain. For example, if
you want to create an email forward for the email address danceclass@mydancestudio.com
,
you'd fill in danceclass in the Alias field and select mydancestudio.com from the Domain
drop-down menu.
The local-part of an e-mail address may be up to 64 characters long and the domain name
may have a maximum of 255 characters. However, the maximum length of a forward or
reverse path length of 256 characters restricts the entire e-mail address to be no more than 254
characters. Some mail protocols, such as X.400, may require larger objects, however.
The SMTP specification recommends that software implementations impose no limits for the
lengths of such objects.
The local-part of the e-mail address may use any of these ASCII characters:
* Uppercase and lowercase English letters (a&ndash;z , A&ndash;Z ) *
Digits 0 to 9
* Characters ! # $ % & ' * + - / = ? ^ _ ` { | } ~
* Character . (dot, period, full stop) provided that it is not the first or last character, and
provided also that it does not appear two or more times consecutively (e.g.
John..Doe@example.com ).
Additionally, quoted-strings (e.g. "John Doe"@example.com
) are permitted, thus allowing
characters that would otherwise be prohibited, however they do not appear in common
practice. RFC 5321 also warns that "a host that expects to receive mail SHOULD avoid
defining mailboxes where the Local-part requires (or uses) the Quoted-string form".
The local-part is case sensitive, so "jsmith@example.com"
and "JSmith@example.com" may be
delivered to different people. This practice is discouraged by RFC 5321. However, only the
authoritative mail servers for a domain may make that decision (if you have set up your
server according to one of the "Perfect Server" tutorials from HowtoForge.com, then the local
part is not case sensitive ). The only exception is for a local-part value of "postmaster" which
is case insensitive, and should be forwarded to the server's administrator.
125
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Within the rules set out in the RFCs, organisations are free to restrict the forms their own
e-mail addresses take however they wish, e.g. many organizations do not use certain
characters, e.g. space, ?, and ^ , and most organizations treat uppercase and lowercase
letters as equivalent. Hotmail, for example, only allows creation of e-mail addresses using
alphanumerics, dot (. ), underscore (_) and hyphen (- ).
Systems that send mail, of course, must be capable of handling outgoing mail for all
addresses. Contrary to the relevant standards, some defective systems treat certain
legitimate addresses as invalid and fail to handle mail to these addresses. Hotmail, for
example, incorrectly refuses to send mail to any address containing any of the following
legitimate characters: ! # $ % * / ? ^ ` { | } ~
• Destination Email
: Fill in one or more email addresses (one email address per line) that the
email should be forwarded to.
• Active : This defines whether this email forward is active or not.
4.7.1.6 Email Catchall
126
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
If you want all emails that are addressed to non-existing mail boxes of a domain to arrive in an
existing email box of this domain, you can create a catchAll for this email account. Example: You
have configured the email address info@example.com . Someone sends an email to
abc@example.com which does not exist. If info@example.com is a catchAll email address the
email arrives here. If there is no catchAll email address for this domain the sender of the mail to
abc@example.com gets back an error message ("error: no such user here"). Please note: Per
domain there can be only one catchAll email address.
To create a new email catchAll, click on the Add new Catchall
Email Catchall
form with the tab Email Catchall
button. This will lead you to the
Email Catchall
Email Catchall
The form has the following fields:
• Domain : Select the domain for which you want to create a catchAll.
• Destination : Select the catchAll email account - i.e., the email account that should receive all
emails to non-existing email addresses of this domain.
• Active : This defines whether this email catchAll is active or not.
127
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.7.1.7 Email Routing
With the email routing feature, you can define what server mail for a given domain will be
forwarded to and by what transport. (This feature is based on Postfix' transport_maps
.) This
makes it possible to route emails for one domain to a totally different server.
(Email > Global Filters > Relay
Recipients ) for each route that you create so that the system knows it should accept the
emails before routing them to another server.
Please note that you have create one or more Relay Recipients
To create a new email route, click on the Add new transport
Email Routing
form with the tab Email transport
button. This will lead you to the
Email Routing
Email transport
This form has the following fields:
128
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Server : If more than one server is available, you can select the server on which the email
transport will be located. You should select the server that handles emails for the domain that
you want to route to another server (i.e., the server that the domain's MX record points to).
• Domain : Type in the email domain or email address that you want to route to another server. You
can also use an asterisk (* ) as a wildcard. You can have just one routing rule per domain (ISPConfig
will show you an error message if you try to add a second rule with the exact
same domain), however if you use an asterisk there can be more than just one routing rule that
applies to a domain.
• Type : Select the transport type (in almost all cases you should use smtp ). Refers to an entry
from /etc/postfix/master.cf
, so make sure that what you select here exists in
/etc/postfix/master.cf
• smtp : The Internet standard for transferring email. It uses TCP/IP port 25 and allows for file
attachments. You can use the Destination field to specify the destination host.
When no Destination is specified, the domain name from the Domain field is used
instead.
• uucp : A UNIX protocol and set of programs most often used to copy files across serial
connections and telephone lines. UUCP was often used to transfer email and Usenet
news over phone lines when direct Internet connectivity was scarce in small and
medium-sized companies. You can use the Destination field to specify the UUCP
destination host. When no Destination
is specified, the domain name from the Domain
field is used instead.
• slow : This transport has to be defined in your /etc/postfix/master.cf
before you can
select it. Depending on how your slow transport looks, you might or might not have to
specify a Destination
• error : The special error transport causes all mail to be rejected. You can use the
Destination
field to specify an error message such as mail for *.example.com is not
deliverable
(optional).
• custom : If you specify a custom transport in /etc/postfix/master.cf
, you can use it for
your email routing. Depending on how your custom transport looks, you might or might
not have to specify a Destination
• null : If you select this transport type, all emails will be deleted. You can leave the
Destination
field empty.
• No MX lookup : This defines whether Postfix will perform an MX lookup for the destination host
or not (see the explanation of the next field, Destination
).
• Destination : The destination host for delivery of messages. The host is used only with inet
transports such as SMTP and LMTP. Postfix treats the hostname like any destination domain.
It performs an MX lookup to determine where to deliver messages. If there are no MX
records, Postfix delivers to the A record IP address. If you know that Postfix should deliver
directly to the IP in the A record for the specified host, you can have Postfix skip the check for
129
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
MX records by checking the No MX lookup checkbox. If you use an IP address, it is required
that you check the No MX lookup checkbox. When no Destination is specified, the domain
name from the Domain field is used instead. IF you use the error transport, you can specify an
error message such as mail for *.example.com is not deliverable
here (optional).
• Sort by : Postfix will process all routing rules from top to bottom and use the first one that
applies and will stop then. If you have multiple routing rules that might match a certain
situation, you can define the order with this field. A higher number means a higher priority,
i.e., if you have two rules that apply, and the first has a priority of 8 and the second a priority of 5,
then the first rule will be used by Postfix.
• Active : This defines whether this email transport is active or not.
(Email > Global Filters > Relay
Recipients ) for each route that you create so that the system knows it should accept the
emails before routing them to another server.
Please note that you have create one or more Relay Recipients
130
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.7.2 Spamfilter
4.7.2.1 Whitelist
The whitelist allows you to "whitelist" email sender addresses, i.e., emails from such addresses will
never be tagged as spam.
To create a new whitelist, click on the Add Whitelist record
Spamfilter Whitelist
form with the tab Whitelist
button. This will lead you to the
Spamfilter Whitelist
Whitelist
The form has the following fields:
• User : Here you can select the recipient email account or even the whole recipient domain for which
this whitelist record will be valid - this whitelist record will not be used for other recipient email
accounts or domains.
131
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Email : Specify the email address whose emails should be whitelisted. You can even whitelist a
whole domain by leaving out the local part of the email address - i.e., if you want to whitelist emails
from the domain example.com , type @example.com in this field.
• Priority : If multiple whitelist/blacklist records apply, this field specifies which rule to use first
(10 = highest priority, 1 = lowest priority). For example, if you blacklist @example.com with a
priority of 5, you could whitelist user@example.com with a priority of 6 so that
user@example.com 's mails get through while @example.com is blacklisted.
• Active : This defines whether this whitelist record is active or not.
4.7.2.2 Blacklist
The blacklist allows you to "blacklist" email sender addresses, i.e., emails from such addresses will
always be tagged as spam.
To create a new blacklist, click on the Add Blacklist record
Spamfilter blacklist
form with the tab Blacklist
button. This will lead you to the
132
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Spamfilter blacklist
Blacklist
The form has the following fields:
• User : Here you can select the recipient email account or even the whole recipient domain for which
this blacklist record will be valid - this blacklist record will not be used for other recipient email
accounts or domains.
• Email : Specify the email address whose emails should be blacklisted. You can even blacklist a
whole domain by leaving out the local part of the email address - i.e., if you want to blacklist emails
from the domain example.com , type @example.com in this field.
• Priority : If multiple whitelist/blacklist records apply, this field specifies which rule to use first
(10 = highest priority, 1 = lowest priority). For example, if you blacklist @example.com with a
priority of 5, you could whitelist user@example.com with a priority of 6 so that
user@example.com 's mails get through while @example.com is blacklisted.
• Active : This defines whether this blacklist record is active or not.
133
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.7.2.3 User / Domain
The records that you find here are created automatically by ISPConfig when you create a new
email domain or email account (not, when you create a domain alias or an email alias), i.e., for
all items that have a Spamfilter drop-down menu. These settings tell amavisd when it should
scan emails for spam. You can modify these settings here, however, this is usually not
necessary. You can also create new records which makes sense for email transports (see
"Email Routing") , domain aliases, and email aliases.
If you create a record for an email transport, this allows the system to scan emails even if
those emails will be forwarded to another server. Normally, such mails would not be scanned.
For domain aliases, there's no automatic record here, and because the record for the target
domain doesn't apply to the domain alias, you should create a record if you want emails
targetted at the domain alias to be scanned for spam as well.
For email aliases, there's no automatic record here either, and the record for the target email
account doesn't apply to the email alias. If there's a record here for the domain of the email alias,
then this record applies for the email alias - if there's no record for the domain either,
then there's no spam scanning for the email alias at all. If you want spam-scanning settings for the
email alias that differ from the domain record or if there's no domain record at all, you can create a
record for the email alias here.
What I wrote about the domain aliases and email aliases is true because spam scanning takes
place before addresses are rewritten. So if you have the email account user@example.com with
spam scanning enabled and the email alias for this mailbox alias@example.com , spam
scanning would take place before alias@example.com is rewritten to user@example.com , and
because there's no record for alias@example.com , no spam scanning takes place for
alias@example.com , while mails for user@example.com are scanned. You can change this
behaviour by commenting out or removing the line
receive_override_options = no_address_mappings
from /etc/postfix/main.cf
(don't forget to restart Postfix) - in this case address rewriting
takes place before spam scanning, which means you don't need extra rules for aliases
because the records for the main domain/main email account apply.
To create a new record, click on the Add Spamfilter User
Spamfilter users
form with the tab Users .
button. This will lead you to the
Spamfilter users
Users
134
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
This form has the following fields:
• Server : If more than one server is available, you can select the server on which the record
will be located.
• Priority : If multiple records apply, this field specifies which rule to use first (10 = highest
priority, 1 = lowest priority). For example, if you have a record for a whole domain with the
priority 5 and a record for a specific email account (from the same domain) with the priority 10
, Then the record with priority 10 will override the record with priority 5.
• Policy : Here you can specify the spamfilter level to use: Non-Paying , Uncensored , Wants all
spam, Wants viruses
, Normal , Trigger happy
, Permissive . The settings for each of these
levels are defined under Email > Spamfilter > Policy
• Email (Pattern)
: Fill in the email address (e.g. user@example.com
in front, e.g. @example.com ), to which the rule should apply.
) or the domain (with the @
• Name: Specify a name for the rule. You can use the email address or domain, but you can as
well fill in something else, such as Rule1 etc. This is just for you so that you can distinguish
the rules.
• Local : This specifies if this record is active (Yes ) or not (No).
135
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.7.2.4 Policy
Here you can modify existing spam levels (Non-Paying , Uncensored , Wants all spam
viruses , Normal , Trigger happy
, Permissive ) and create new levels, if needed.
, Wants
To create a new policy, click on the Add Policy record
button. This will lead you to the
Spamfilter policy
form with the tabs Policy , Quarantine , Tag-Level , Other .
Spamfilter policy
Policy
On this tab you find the following fields:
• Policy Name : Specify the name of the rule.
• Virus lover
: Select if viruses should be allowed through this filter (Yes ) or not (No). Emails
will still be scanned for viruses, but results of virus checks are ignored.
• SPAM lover : Select if spam should be allowed through this filter (Yes ) or not (No). Emails will
136
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
still be scanned for spam, but results of spam checks are ignored.
• Banned files lover
: Select if banned files (like, for example, .exe ) should be allowed
through this filter (Yes ) or not (No). Emails will still be scanned for banned files, but results of
banned files checks are ignored. Please note that this setting applies only if banned names
and types checks are enabled in your amavisd configuration (see
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#checks
).
• Bad header lover
: Select if mails with bad headers should be allowed through this filter (Yes )
or not (No). Emails will still be scanned for bad headers, but results of bad header checks are
ignored.
• Bypass virus checks
: Similar in concept to Virus lover
decoding, unpacking and virus checking.
, this is used to skip entirely the
• Bypass banned checks
: Similar in concept to Banned files lover
the decoding, unpacking and banned files checking.
• Bypass header checks
: Similar in concept to Bad header lover
the decoding, unpacking and bad header checking.
, this is used to skip entirely
, this is used to skip entirely
137
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Quarantine
Here you can define quarantine settings for emails containing viruses, spam, banned files, and bad
headers.
The form contains the following fields:
• Forward virus to email
: If you want to quarantine virus emails, specify an email address
here to which the virus mails will be forwarded.
• Forward spam to email
: If you want to quarantine spam emails, specify an email address
here to which the spam mails will be forwarded.
• Forward banned to email
: If you want to quarantine emails that contain banned files, specify
an email address here to which these mails will be forwarded.
• Forward bad header to email
: If you want to quarantine emails with bad headers, specify an
email address here to which these mails will be forwarded.
138
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Tag-Level
On this tab you can define spam scores and how spam mails will be tagged in the subject line. The
form has the following fields:
• SPAM tag level : The system will add spam info headers to the email if at, or above that level.
Should be a value > 0; for ISPConfig's Normal spam level, the score is 3. Decimal numbers
such as 2.4 are allowed.
• SPAM tag2 level : The system will add 'spam detected' headers at that level. The value
should be > SPAM tag level
. For ISPConfig's Normal spam level, the score is 6.9. Decimal
numbers are allowed.
• SPAM kill level
: The system will trigger spam evasive actions (e.g. blocks mail) at that level.
The value should be >= SPAM tag2 level
. For ISPConfig's Normal spam level, the score is
6.9. Decimal numbers are allowed. Important: if SPAM kill level
= SPAM tag2 level , spam
will be blocked and not delivered to the user's mailbox, so it doesn't make sense to specify a
SPAM subject tag2
(see below).
• SPAM dsn cutoff level
: This is the spam score beyond which a DSN (Delivery Status
Notification) is not sent. Given the fact that almost all spam emails have a fake sender
address, it is arguable if you should send a DSN at all. To not send a DSN, specify a low
score such as 0.
• SPAM quarantine cutoff level
: This is the spam score beyond which quarantine is off. Use
a low score (e.g. 0) if you don't want quarantine.
• SPAM modifies subject
: Select if you want the system to tag the email's subject line with a
spam tag if it is categorized as spam. The spam tag can be set in the two below fields, SPAM
subject tag
and SPAM subject tag2
• SPAM subject tag
: This applies only if the spam score is >= SPAM tag level
, i.e., if spam info
headers are added to the mail, but it is not sure if it is really spam. Normally you leave this
field empty. If you don't want to leave this empty, a suitable tag could be [POSSIBLY SPAM] . It
is also possible to include the spam score in the spam tag by using _SCORE_, e.g. [POSSIBLY
SPAM (_SCORE_)] . In the end it would result in something like [POSSIBLY SPAM (Score: 3.1)]
• SPAM subject tag2
: This is the field you usually use to tag spam in the subject field. This
setting applies if the spam score is >= SPAM tag2 level
, i.e. if this mail is almost certainly
spam. Usual strings are [SPAM] or ***SPAM*** . The string will be prepended to the email's
subject, for example the subject Buy Cialis
would become [SPAM] Buy Cialis
. You can use
this spam tag to filter emails in your email client. It is also possible to include the spam score
in the spam tag by using _SCORE_, e.g. ***SPAM (_SCORE_)*** . In the end it would result in
something like ***SPAM (Score: 7.5)***
. Important: if SPAM kill level
= SPAM tag2 level ,
spam will be blocked and not delivered to the user's mailbox, so it doesn't make sense to
specify a SPAM subject tag2
139
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Other
On this tab you can configure various other settings, e.g. "plus addressing".
From the amavisd-new documentation :
Amavisd-new can tag passed malware by appending an address extension to a recipient
address. An address extension is usually a short string (such as 'spam') appended to
the local part of the recipient address, delimited from it by a single character delimiter,
often a '+' (or sometimes a '-'). This is why address extensions are also known as "plus
addressing". Examples of such mail addresses belonging to user jim@example.com
are: jim+spam@example.com , jim+cooking@example.com , jim+health@example.com ,
jim+postfix@example.com .
Most mailers (MTA), including Postfix and sendmail, have some provision to put
address extensions to good use. Similarly, local delivery agents (LDA) such as Cyrus or
LDAs that come with MTA, can be configured to recognize and make use of address
extensions.
The most common application for address extensions is to provide additional
information to LDA to store mail into a separate mail folder. Users may for example
140
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
choose to use this feature to let LDA automatically file messages from mailing lists to a
dedicated subfolder, or to file spam to a spam folder, just by letting LDA simply and quickly
examine the envelope recipient address, without having to parse mail header or having to
configure and run filters such as procmail or Sieve.
Mailers (MTA and LDA) usually attempt first to examine (to check for validity, to lookup in
virtual or aliases maps) a full unmodified recipient address. If the attempt is
unsuccessful, they strip away the extension part, and try again. This way a presence of
some unknown address extension is simply ignored. For example, a delivery for
jim+health@example.com would deliver the mail to the main Jim's inbox if he hasn't
provided a subfolder health in his mailbox.
For this fallback to work (to ignore unknown extensions), it is important that all
components that need to deal with address extensions (MTA, LDA, content filters) have the
same notion of the delimiter in use on the system. For Postfix the configuration
option is recipient_delimiter=+ (see also propagate_unmatched_extensions), for
amavisd-new the option is $recipient_delimiter='+'.
The form contains the following fields:
• Addr. extension virus
: Specify an address extension for virus mails. For example, if you
specify virus (without + at the beginning), the email address would be rewritten to
user+virus@example.com
, and viruses would be delivered to the virus folder of the
user@example.com mailbox. It is possible to access that folder via IMAP. Please note that
viruses are delivered only if you've set Virus lover
or Bypass virus checks
to Yes on the
Policy tab.
• Addr. extension SPAM
: Specify an address extension for spam mails. For example, if you
specify spam (without + at the beginning), the email address would be rewritten to
user+spam@example.com , and spam would be delivered to the spam folder of the
user@example.com mailbox. It is possible to access that folder via IMAP. Please note that
spam is delivered only if you've set Spam lover to Yes on the Policy tab, or if the spam score
is > SPAM tag2 level and < SPAM kill level
(see the Tag-Level tab).
• Addr. extension banned
: Specify an address extension for mails containing banned files. For
example, if you specify banned (without + at the beginning), the email address would be
rewritten to user+banned@example.com , and mails containing banned files would be delivered
to the banned folder of the user@example.com mailbox. It is possible to access that folder via
IMAP. Please note that mails containing banned files are delivered only if you've set Banned
files lover
or Bypass banned checks
to Yes on the Policy tab.
• Addr extension bad header
: Specify an address extension for mails containing bad headers.
For example, if you specify badh (without + at the beginning), the email address would be
rewritten to user+badh@example.com , and mails containing bad headers would be delivered to
the badh folder of the user@example.com mailbox. It is possible to access that folder via IMAP.
Please note that mails containing bad headers are delivered only if you've set Bad header
lover or Bypass header checks
to Yes on the Policy tab.
• Warn virus recip.
: Set this to Yes if you want the system to send a warning email to the
141
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
recipient whenever a virus email is sent.
• Warn banned recip.
: Set this to Yes if you want the system to send a warning email to the
recipient whenever an email containing banned files is sent.
• Warn bad header recip.
: Set this to Yes if you want the system to send a warning email to
the recipient whenever an email containing bad headers is sent.
• Newvirus admin : Here you can specify an email address to which notifications of newly
encountered viruses since amavisd startup are sent.
• Virus admin : Here you can specify an email address to which notifications of detected
viruses are sent.
• Banned admin : Here you can specify an email address to which notifications of banned
content are sent.
• Bad header admin : Here you can specify an email address to which notifications of bad
headers are sent.
• SPAM admin : Here you can specify an email address to which notifications of received spam are
sent.
• Message size limit
: This is the maximum size of an email (in bytes) beyond which
amavisd-new performs no checks (to save system resources). 0 means that amavisd-new
does not care about the mail size.
• Banned rulenames : In this field you can specify SpamAssassin rules that should not be used
to find out if an email is spam or not. Multiple names can be specified comma-separated (or
whitespace-separated), e.g. HTML_MESSAGE, MIME_QP_LONG_LINE.
142
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.7.3 Fetchmail
4.7.3.1 Fetchmail
This feature can be used to retrieve emails from a remote POP3 or IMAP account and put
them into a local mailbox. Although this feature is called "Fetchmail" here, ISPConfig uses
getmail instead of fetchmail under the hood.
To create a new Fetchmail account, click on the Add new Account
the Get Email
form with the tab Get Email
button. This will lead you to
Get Email
Get Email
This form has the following fields:
• Type : Select the protocol to use to retrieve emails from the remote account (POP3, IMAP,
POP3SSL, IMAPSSL).
143
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Pop3/Imap Server
: Specify the hostname of the remote mail server, e.g. mail.example.com
• Username : Specify the username of the remote email account.
• Password : Specify the user's password.
• Delete emails after retrieval
: Select if you want emails to be automatically deleted on the
remote host after they have been retrieved.
• Destination
: Select the destination mailbox for the retrieved emails.
• Active : This defines whether this Fetchmail account is active or not.
4.7.4 Statistics
The Statistics
section is a bit special in that there's nothing that you can configure here. This
section just displays statistics for your email accounts.
144
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.7.4.1 Mailbox traffic
Under Mailbox traffic
you can see traffic statistics (in MB) for your email accounts for the
current month, the month before, the current year, and the year before. Please note that this
traffic covers only incoming traffic, not outgoing emails. Traffic statistics are available only if you
use Courier; traffic cannot be counted if you use Dovecot.
These statistics are updated once per night.
4.7.5 Global Filters
(This tab is visible only for the ISPConfing admin user.)
In this section you can define Postfix whitelists, blacklists, content filters (header/body, etc.), and
relay recipients.
4.7.5.1 Postfix Whitelist
The whitelist feature must be seen in conjunction with the blacklist feature. If you use the
blacklist to block whole domains, for example, you can use the whitelist to allow certain email
addresses (for example) from that domain.
To create a new whitelist record, click on the Add new Whitelist record
you to the Email Whitelist
form with the tab Whitelist
button. This will lead
Email Whitelist
Whitelist
The form has the following fields:
• Server : If more than one server is available, you can select the server on which the whitelist
record will be located.
• Whitelist Address
: Specify an email address, domain, parent domains, or localpart@.
Exmaples: user@somedomain.com , somedomain.com , mail.freemailer.tld
, 1.2.3.4 , sales@ .
• Type : Select between Recipient
smtpd_recipient_restrictions
(refers to smtpd_client_restrictions
• smtpd_recipient_restrictions
(refers to the Postfix directive
) , Sender (refers to smtpd_sender_restrictions
).
), and Client
: SMTPD recipient restrictions will put restrictions on
145
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
what messages will be accepted into your server based on the recipient email address
(RCPT TO:). Postfix will check whether the message sender (email address, domain,
mail server) is included in the whitelist table. If the sender is listed, the mail is delivered.
If the sender is not listed in the whitelist, the message is rejected with an error code of
554, Recipient address rejected: Access denied (in reply to RCPT TO command)
To whitelist the sending mail server, you can type in its hostname (e.g.
mail.freemailer.tld
) or IP address in the Whitelist Address
field. You can find more
details here: How To Whitelist Hosts/IP Addresses In Postfix
• smtpd_sender_restrictions
: SMTPD sender restrictions will put restrictions on what
addresses will be able to send mail through your server based on the sender email
address (MAIL FROM:). You can use sender email addresses, domains, and localpart@
in the Whitelist Address
field.
• smtpd_client_restrictions
: SMTPD client restrictions will put restrictions on what
systems will be able to send mail through your server based on the client IP and host
information (name). For example, if you have a user whose client PC has the IP address
1.2.3.4 , you can put 1.2.3.4
in the Whitelist Address
field.
• Active : This defines whether this whitelist record is active or not.
146
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.7.5.2 Postfix Blacklist
The blacklist feature can be used to blacklist email addresses, domains, parent domains, or
localpart@.
To create a new blacklist record, click on the Add new Blacklist record
you to the Email Blacklist
form with the tab Blacklist
button. This will lead
Email Blacklist
Blacklist
The form has the following fields:
• Server : If more than one server is available, you can select the server on which the blacklist
record will be located.
• Blacklist Address
: Specify an email address, domain, parent domains, or localpart@.
Exmaples: user@somedomain.com , somedomain.com , mail.freemailer.tld
, 1.2.3.4 , sales@ .
147
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Type : Select between Recipient
(refers to the Postfix directive
smtpd_recipient_restrictions
) , Sender (refers to smtpd_sender_restrictions
(refers to smtpd_client_restrictions
).
), and Client
• smtpd_recipient_restrictions
: SMTPD recipient restrictions will put restrictions on
what messages will be rejected based on the recipient email address (RCPT TO:).
Postfix will check whether the message sender (email address, domain, mail server) is
included in the blacklist table. If the sender is listed, the mail is rejected with an error
code of 554, Recipient address rejected: Access denied (in reply to RCPT TO
command) . To blacklist the sending mail server, you can type in its hostname (e.g.
mail.freemailer.tld
) or IP address in the Blacklist Address
field. You can find more
details here: How To Whitelist Hosts/IP Addresses In Postfix
• smtpd_sender_restrictions
: SMTPD sender restrictions will put restrictions on what
addresses will be able to send mail through your server based on the sender email
address (MAIL FROM:). You can use sender email addresses, domains, and localpart@
in the Blacklist Address
field.
• smtpd_client_restrictions
: SMTPD client restrictions will put restrictions on what
systems will be able to send mail through your server based on the client IP and host
information (name). For example, if you have a user that sends out viruses (intended or
unintended) and you know his client PC has the IP address 1.2.3.4
, you can put
1.2.3.4
in the Blacklist Address
field.
• Active : This defines whether this blacklist record is active or not.
4.7.5.3 Content Filter
The content filter allows you to block emails based on their content, e.g. you can block emails that
contain a certain string in the subject or in the body. Postfix supports a built-in filter
mechanism that examines message header and message body content, one line at a time, before
it is stored in the Postfix queue.
To create a new content filter, click on the Add new Content Filter
to the Mail Content Filter
form with the tab Filter
button. This will lead you
Mail Content Filter
Filter
The form contains the following fields:
148
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Server : If more than one server is available, you can select the server on which the content
filter will be located.
• Filter
: Select what part of the email message you want to inspect:
• Header Filter
: These are applied to initial message headers (except for the headers
that are processed with MIME-Header Filter
).
• MIME-Header Filter
: These are applied to MIME related message headers only.
• Nested-Header Filter
: These are applied to message headers of attached email
messages (except for the headers that are processed with MIME-Header Filter
).
• Body Filter
: These are applied to all other content, including multi-part message
boundaries.
Note: message headers are examined one logical header at a time, even when a message
header spans multiple lines. Body lines are always examined one line at a time.
• Regexp. Pattern
: Fill in the search pattern. Usually the best performance is obtained with
pcre (Perl Compatible Regular Expression), but the slower regexp
(POSIX regular
expressions) support is more widely available. Use the command postconf -m to find out
what lookup table types your Postfix system supports - usually it will be regexp . Here are a
few examples:
Regexp. Pattern:
Filter Type:
Explanation:
/^Subject: .*Make Money Fast!/
Header Filter Searches for the string Make Money
Fast! in the Subject line.
/name=[^>]*.(bat|com|exe|dll)/
MIME-Header Filter
This will match all messages that
have attachments whose files end in .bat , .com , .exe or .dll
/^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
Body Filter
Body pattern to stop a
specific HTML browser vulnerability exploit.
/^From: joe@example.com/
Header Filter
Matches all messages sent by
joe@example.com
/^From: .*@example.com/
Header Filter
Matches all messages sent from the
domain.
/Real Bad Words/
Body Filter
This matches "real bad words" in any case (upper, lower,
or mixed).
/^Date: .* 200[0-2]/
Header Filter
This matches all emails sent in the years 2000 2002.
/^Date: .* 19[0-9][0-9]/
Header Filter
This matches all emails sent between 1900 and
1999.
/^To: postmaster@yourdom.ain/
Header Filter
Matches all messages sent to
example.com
postmaster@yourdom.ain
• Data : You can specify an action for each filter (see below). Some actions allow or require you
to specify an additional text or destination. The Data field is where you place this information.
• Action : Here you can select what should happen to an email if a filter applies:
149
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• DISCARD (optional text can be specified in the Data field): Claim successful delivery and
silently discard the message. Log the optional text if specified, otherwise log a generic
message.
• DUNNO: Pretend that the input line did not match any pattern, and inspect the next input line.
This action can be used to shorten the table search.
• FILTER (required
transport:destination
must be specified in the Data field): After
the message is queued, send the entire message through the specified external content
filter. The transport name specifies the first field of a mail delivery agent definition in
master.cf; the syntax of the next-hop destination is described in the manual page of
the corresponding delivery agent. More information about external content filters is in
the Postfix FILTER_README file.
• HOLD (optional text can be specified in the Data field): Arrange for the message to be
placed on the hold queue, and inspect the next input line. The message remains on
hold until someone either deletes it or releases it for delivery. Log the optional text if
specified, otherwise log a generic message.
• IGNORE: Delete the current line from the input, and inspect the next input line.
• PREPEND(required text must be specified in the Data field): Prepend one line with the
specified text, and inspect the next input line.
• REDIRECT (required user@domain must be specified in the Data field): Write a
message redirection request to the queue file, and inspect the next input line. After the
message is queued, it will be sent to the specified address instead of the intended
recipient(s). Note: this action overrides the FILTER action, and affects all recipients of the
message. If multiple REDIRECT actions fire, only the last one is executed.
• REPLACE(required text must be specified in the Data field): Replace the current line with the
specified text, and inspect the next input line.
• REJECT (optional text can be specified in the Data field): Reject the entire message.
Reply with optional text... when the optional text is specified, otherwise reply with a
generic error message.
• WARN(optional text can be specified in the Data field): Log a warning with the optional
text... (or log a generic message), and inspect the next input line. This action is useful for
debugging and for testing a pattern before applying more drastic actions.
• Active : This defines whether this content filter is active or not.
150
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
151
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.7.5.4 Relay Recipients
If you have created email transports under Email > Email Accounts > Email Routing
, you
must also create Relay Recipients
so that the server knows that it should accept those emails
before routing them to another server. If you have created a route for a single email address,
you must create a relay recipient for that email address. If you have create a route for a whole
domain, and you know all existing email accounts of that domain, it is recommended to create
relay recipients for all these email addresses; if you don't know all the email addresses of a
domain, or there are simply too many, you can create a relay recipient for the whole domain,
but you should keep in mind that the destination server can become a source of backscatter
in this case because if a mail is sent to a non-existing address of the domain, the forwarding server
will route it to its destination server, and because the destination server doesn't know that email
address, it might send a bounce.
To create a new relay recipient, click on the Add new relay recipient
you to the Email relay recipient
form with the tab Relay recipient
button. This will lead
Email relay recipient
Relay recipient
The form has the following fields:
• Server : If more than one server is available, you can select the server on which the relay
recipient will be located.
• Relay recipient
example.com
: Fill in the email address or email domain, e.g. user@example.com or
.
• Active : This defines whether this relay recipient is active or not.
152
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.8 DNS
On this tab you can create zones and DNS records for your domains. You can either do this by
using the DNS Wizard (DNS > DNS Wizard > Add DNS Zone ) which will automatically create a
set of common DNS records for your domain (like www, mail , ns records, etc.), or you create the zones
and records manually under DNS > DNS > Zones - you will also have to go there if you
want to create further DNS records that are not created by the DNS Wizard.
4.8.1 DNS Wizard
4.8.1.1 Add DNS Zone
This is the wizard to create a new DNS zone. The form has the following fields:
• Template : This refers to the templates that exist under DNS > DNS Wizard > Templates
. These
templates define what records will be created by default if you use the DNS Wizard. Let's
assume we create a zone for the domain example.com - the Default template will create A
records for example.com , www.example.com , and mail.example.com
, two NS (nameserver)
records, plus an MX (mail exchanger) record for example.com that points to mail.example.com
153
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Server : If more than one server is available, you can select the server on which the DNS
zone will be located.
• Client : Here you select the client that owns the new DNS zone.
• Domain : Fill in the domain for which you want to create the zone, e.g. example.com - please
note that you don't need a dot at the end, i.e., example.com. would work as well, but
example.com (without the trailing dot) is sufficient.
• IP Address
: Fill in the IP address that example.com should point to - please note that
www.example.com and mail.example.com will also point to that IP address (you can change
that later on under DNS > DNS > Zones ).
• NS 1 : Specify the hostname of the primary nameserver for the domain, e.g.
ns1.somedomain.com . Again, no trailing dot is needed. ns1.somedomain.com must point to the
server that you selected in the Server field.
• NS 2 : Specify the hostname of the secondary nameserver for the domain, e.g.
ns2.somedomain.com . Again, no trailing dot is needed.
• Email : Specify the email address of the zone administrator, e.g. zonemaster@somedomain.com
154
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.8.1.2 Templates
Here you can create templates for the DNS Wizard. A template defines what records will be
created by default if a new zone is created with the DNS Wizard.
To create a new template, click on the Add new record
Wizard template
form with the tab DNS Template .
button. This will lead you to the DNS
DNS Wizard template
DNS Template
The form contains the following fields:
• Name: Specify a name for the template.
• Fields : Here you can select what fields will be visible in the DNS Wizard form (Domain , IP
Address , NS 1 , NS 2 , Email ). For example, if you decide to hard-code the nameservers and
the zonemaster email address into the template, it doesn't make sense to show those fields in the
DNS Wizard.
• Template : Fill in your template. As an example, here is the Default template:
[ZONE]
origin={DOMAIN}.
ns={NS1}.
mbox={EMAIL}.
refresh=28800
retry=7200
expire=604800
minimum=86400
ttl=86400
[DNS_RECORDS]
A|{DOMAIN}.|{IP}|0|86400
A|www|{IP}|0|86400
A|mail|{IP}|0|86400
NS|{DOMAIN}.|{NS1}.|0|86400
NS|{DOMAIN}.|{NS2}.|0|86400
MX|{DOMAIN}.|mail.{DOMAIN}.|10|86400
As you see, a template consists out of two
stanzas, [ZONE] and [DNS_RECORDS].
In the [ZONE] stanza, you secify values for origin
and ttl in the form name=value .
, ns1 , mbox, refresh , retry , expire , minimum ,
155
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• origin
: The name of this zone. Make sure you use a trailing dot, e.g. example.com . or
{DOMAIN} .
• ns: The name of the name server that is the original or primary source of data for this
zone. Make sure you use a trailing dot.
• mbox: A name which specifies the mailbox of the person responsible for this zone. If you don't
use the {EMAIL} placeholder, this should be specified in the
mailbox-as-domain-name format where the @ character is replaced with a dot, e.g.
zonemaster.example.com
. (for zonemaster@example.com ). Make sure you use a trailing
dot.
• refresh : The number of seconds after which slave nameservers should check to see if
this zone has been changed. If the zone's serial number has changed, the slave
nameserver initiates a zone transfer.
• retry : This specifies the number of seconds a slave nameserver should wait before
retrying if it attmepts to transfer this zone but fails.
• expire : If for expire seconds the primary server cannot be reached, all information
about the zone is invalidated on the secondary servers (i.e., they are no longer
authoritative for that zone).
• minimum : The minimum TTL field that should be exported with any record from this zone. If
any record has a lower TTL, this TTL is sent instead.
• ttl : The number of seconds that this zone may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the
zone should not be cached.
In the [DNS_RECORDS]stanza, you specify all records that should be created by default, one
record per line. A line has the following format:
type|name|data|aux|ttl
As you see, there are five fields, separated by a pipe character (| ). This is the meaning of the five
fields:
• type : The type of record (A, AAAA, ALIAS , CNAME, HINFO, MX, NS, PTR, RP, SRV, TXT).
• A: An IPv4 host address. The data column should contain the IP address (in
numbers-and-dots format) associated with the name.
Example: 192.168.1.88
• AAAA: An IPv6 host address. The data column should contain the IPv6 address
associated with the name.
156
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Example: 3ffe:b00:c18:3::a
• ALIAS : A server side alias. An alias is like a CNAME, only it is handled entirely by the
server. The data column should contain the hostname aliased by name. Aliases can
be used in place of A records. The client will only see A records and will not be able
to tell that aliases are involved. The hostname specified by data must exist in the
database. It can be useful to use aliases for everything. Use A records for the
canonical name of the machine and use aliases for any additional names. This is
especially useful when combined with automatic PTR records. If a single IP address
is only used for one A record, then there will never be any confusion over what the
PTR record should be.
Example: albuquerque.example.com
Example: albuquerque
(FQDN)
(hostname only)
.
• CNAME: The canonical name for an alias. The data column should contain the real
name of the machine specified by name. data may be a hostname or an FQDN.
Example: porcini.example.com
Example: porcini
. (FQDN)
(hostname only)
• HINFO: Host information. The data column should contain two strings which provide
information about the host specified by name. The first string specifies the CPU
type, and the second string describes the operating system type. The two strings
should be separated by a space. If either string needs to contain a space, enclose it in
quotation marks.
Example: "Pentium Pro" Linux
• MX: Mail exchanger. The data column should contain the hostname or FQDN of a
mail server which will accept mail for the host specified by name. The aux column
should contain a preference for this mail server. Mail transfer agents prefer MX
records with lower values in aux .
Example: mail.example.com
. (FQDN)
Example: mail (hostname only)
• NS: An authoritative nameserver. The data column should contain the hostname or
FQDN of a server which should be considered authoritative for the zone listed in
name.
Example: ns1.example.com . (FQDN)
Example: ns1 (hostname only)
• PTR: A domain name pointer. These records, used only with IN-ADDR.ARPA
zones, should contain the canonical hostname of the machine referred to by name in
data .
Example: webserver.example.com
157
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• RP: A responsible person. The data column should contain the DNS-encoded email
address of the person responsible for the name requested, then a space, then a
hostname that should return a TXT record containing additional information about
the responsible person. If there is no such TXT record, the second value should
contain a dot (. ).
Example: webmaster.example.com. contactinfo.example.com.
• SRV: Server location. Specifies the location of the server(s) for a specific protocol
and domain. The data column must contain three space-separated values. The
first value is a number specifying the weight for this entry. The second field is a
number specifying the port on the target host of this service. The last field is a name
specifying the target host. The aux column should contain the priority of this target
host. Targets with a lower priority are preferred.
For more information, read RFC 2782.
Example: 0 9 server.example.com
Example: 0 9 server
. (FQDN)
(hostname only)
• TXT: A text string. The data column contains a text string that is returned only when
a TXT query is issued for the host specified by name.TXT records can be used for
SPF records .
Example: This is a string.
Example: v=spf1 a mx ptr -all
(SPF record)
• name: The name that this record describes. Wildcard values such as * or *.sub are
supported, and this field can contain an FQDN or just a hostname. If you specify an
FQDN, the name must end with a dot; if you specify just a hostname, it must not end
with a dot. It may contain out-of-zone data if this is a glue record.
Examples:
• foo
• foo.example.com.
• {DOMAIN}.
• www
• data : The data associated with this record, e.g. an IP address for A records, a
hostname/FQDN for CNAME/MX/NS records, etc. Please note that an MX record must
always point to a hostname/FQDN that has an A record - CNAMErecords are not allowed.
• aux : An auxillary numeric value in addition to data . For MX records, this field specifies the
158
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
preference. For SRV records, this field specifies the priority. Specify 0 for all other
records.
• ttl : The time interval (in seconds) that this record may be cached before the source of
the information should again be consulted. Zero values are interpreted to mean that the
record can only be used for the transaction in progress, and should not be cached.
The following placeholders are available in a template and will be replaced with the value of the
corresponding field in the DNS Wizard: {DOMAIN} , {IP} , {NS1} , {NS2} , and {EMAIL} .
• Visible : This defines whether this template is visible (i.e., can be selected) in the DNS
Wizard or not.
4.8.2 DNS
4.8.2.1 Zones
Here you can create DNS zones manually (if you are experienced enough with DNS and don't
159
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
want to use the DNS Wizard) and modify existing DNS zones (that were created, for example, with
the DNS Wizard).
To create a new DNS zone, click on the Add new DNS Zone (SOA)
the DNS Zone form with the tabs DNS Zone and Records .
button. This will lead you to
DNS Zone
DNS Zone
On this tab you specify the SOA (start of authority) record. It contains authoritative information
about a DNS zone, including the primary name server, the email of the domain administrator, the
domain serial number, and several timers relating to refreshing the zone.
The form contains the following fields:
• Server : If more than one server is available, you can select the server on which the DNS
zone will be located.
• Client : Here you select the client that owns the new DNS zone.
• Zone (SOA) : Fill in the domain for which you want to create the zone, e.g. example.com . please note that other than in the DNS Wizard you need a dot at the end.
• NS: Specify the hostname of the primary nameserver for the domain, e.g. ns1.somedomain.com . again, a trailing dot is needed. ns1.somedomain.com must point to the server that you
selected in the Server field.
• Email : Specify the email address of the zone administrator. This should be specified in the
mailbox-as-domain-name format where the @ character is replaced with a dot, e.g.
zonemaster.somedomain.com . - again, you need a trailing dot.
• Refresh : The number of seconds after which slave nameservers should check to see if this
zone has been changed. If the zone's serial number has changed, the slave nameserver
initiates a zone transfer.
• Retry : This specifies the number of seconds a slave nameserver should wait before retrying if
it attmepts to transfer this zone but fails.
• Expire : If for expire seconds the primary server cannot be reached, all information about the
zone is invalidated on the secondary servers (i.e., they are no longer authoritative for that
zone).
• Minimum : The minimum TTL field that should be exported with any record from this zone. If any
record has a lower TTL, this TTL is sent instead.
• TTL: The number of seconds that this zone may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the zone
should not be cached.
160
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Allow zone transfers to these IPs (comma separated list)
: This field can contain one or
more IP addresses separated by commas. These IP addresses will be allowed to connect to the
server to transfer the zone. If no IP is specified, any server is allowed to connect. Usually, you
should list your slave DNS servers for this zone here.
• Also Notify
: This optional field should contain one or more IP addresses separated by
commas. These IP addresses will be used to send NOTIFY messages to additional name
servers. Notification is sent to all name servers that have NS records in the zone plus any
mentioned in this field.
• Update ACL : This is an optional specifying the ACL (access control list) controlling who can
update a zone. You can specify one or more IP addresses separated by commas. This field is
useful if the zone contains dynamic IP addresses and you want to allow dynamic DNS
updates from a client. If no IP is specified, then dynamic DNS updates are disabled.
• Active : This defines whether this DNS zone is active or not.
Records
161
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
On this tab you can create the following types of records:
•A
• AAAA
• ALIAS
• CNAME
• HINFO
• MX
• NS
• PTR
• RP
• SRV
• TXT
A Records
An A record is an IPv4 host address. The IP-Address field
numbers-and-dots format) associated with the Hostname .
should contain the IP address (in
Example: 192.168.1.88
The form contains the following fields:
• Hostname : The name that this record describes. Wildcard values such as * or *.sub are
supported, and this field can contain an FQDN or just a hostname. If you specify an FQDN,
the name must end with a dot; if you specify just a hostname, it must not end with a dot.
Examples:
• foo
• foo.example.com.
• www
• example.com.
• You can also leave the field empty which has the same meaning as if you'd fill in
example.com .
162
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• IP-Address
: Fill in the IPv4 IP address that the hostname should point to. Example:
192.168.1.88
• TTL: The time interval (in seconds) that this record may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the record can
only be used for the transaction in progress, and should not be cached.
• Active : This defines whether this A record is active or not.
163
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
AAAA Records
An AAAA record is an IPv6 host address. The IPv6-Address
address associated with the Hostname .
field should contain the IPv6
Example: 3ffe:b00:c18:3::a
The form contains the following fields:
• Hostname : The name that this record describes. Wildcard values such as * or *.sub are
supported, and this field can contain an FQDN or just a hostname. If you specify an FQDN,
the name must end with a dot; if you specify just a hostname, it must not end with a dot.
Examples:
• foo
• foo.example.com.
• www
• example.com.
164
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• You can also leave the field empty which has the same meaning as if you'd fill in
example.com .
• IPv6-Address
: Fill in the IPv6 IP address that the hostname should point to. Example:
3ffe:b00:c18:3::a
• TTL: The time interval (in seconds) that this record may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the record can
only be used for the transaction in progress, and should not be cached.
• Active : This defines whether this AAAA record is active or not.
ALIAS Records
(Please note the ALIAS records are supported by the MyDNS name server, but not by the
BIND name server. If you use BIND, ALIAS records are identical to CNAME records, i.e., if you
create an ALIAS record, actually a CNAME record will be created.)
165
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
An ALIAS record is a server side alias. An alias is like a CNAME, only it is handled entirely by the
server. The Target Hostname field should contain the hostname aliased by Hostname .
Aliases can be used in place of A records. The client will only see A records and will not be
able to tell that aliases are involved. The target hostname must exist in the database. It can be
useful to use aliases for everything. Use A records for the canonical name of the machine and use
aliases for any additional names. This is especially useful when combined with automatic PTR
records. If a single IP address is only used for one A record, then there will never be any confusion
over what the PTR record should be.
Example: albuquerque.example.com.
(FQDN)
Example: albuquerque (hostname only)
The field contains the following fields:
• Hostname : The name that this record describes. Wildcard values such as * or *.sub are
supported, and this field can contain an FQDN or just a hostname. If you specify an FQDN,
the name must end with a dot; if you specify just a hostname, it must not end with a dot.
Examples:
• foo
• foo.example.com.
• www
• example.com.
• You can also leave the field empty which has the same meaning as if you'd fill in
example.com .
• Target Hostname : The hostname that is aliased by the hostname in the Hostname field.
Wildcard values such as * or *.sub are supported, and this field can contain an FQDN or just a
hostname. If you specify an FQDN, the name must end with a dot; if you specify just a
hostname, it must not end with a dot.
Examples:
• albuquerque
• albuquerque.example.com.
• TTL: The time interval (in seconds) that this record may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the record can
only be used for the transaction in progress, and should not be cached.
• Active : This defines whether this ALIAS record is active or not.
166
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
CNAME Records
A CNAME record is the canonical name for an alias. The Target Hostname field should contain the
real name of the machine specified by Hostname . Target Hostname may be a hostname or
an FQDN.
Example: porcini.example.com
. (FQDN)
Example: porcini (hostname only)
The field contains the following fields:
• Hostname : The name that this record describes. Wildcard values such as * or *.sub are
supported, and this field can contain an FQDN or just a hostname. If you specify an FQDN,
the name must end with a dot; if you specify just a hostname, it must not end with a dot.
Examples:
• foo
• foo.example.com.
• www
167
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• example.com.
• You can also leave the field empty which has the same meaning as if you'd fill in
example.com .
• Target Hostname : The real name of the machine that the hostname in the Hostname field
points to. Wildcard values such as * or *.sub are supported, and this field can contain an
FQDN or just a hostname. If you specify an FQDN, the name must end with a dot; if you
specify just a hostname, it must not end with a dot.
Examples:
• porcini
• porcini.example.com.
• TTL: The time interval (in seconds) that this record may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the record can
only be used for the transaction in progress, and should not be cached.
• Active : This defines whether this CNAME record is active or not.
168
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
HINFO Records
A HINFO record contains host information. The Host Information
field should contain two
strings which provide information about the host specified by Hostname . The first string
specifies the CPU type, and the second string describes the operating system type. The two
strings should be separated by a space. If either string needs to contain a space, enclose it in
quotation marks.
Example: "Pentium Pro" Linux
The form contains the following fields:
• Hostname : The name that this record describes. Wildcard values such as * or *.sub are
supported, and this field can contain an FQDN or just a hostname. If you specify an FQDN,
the name must end with a dot; if you specify just a hostname, it must not end with a dot.
Examples:
• foo
• foo.example.com.
169
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• www
• example.com.
• You can also leave the field empty which has the same meaning as if you'd fill in
example.com .
• Host Information
: Specify two strings which provide information about the host specified by
Hostname . The first string specifies the CPU type, and the second string describes the
operating system type. The two strings should be separated by a space. If either string needs to
contain a space, enclose it in quotation marks.
Example: "Pentium Pro" Linux
• TTL: The time interval (in seconds) that this record may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the record can
only be used for the transaction in progress, and should not be cached.
• Active : This defines whether this HINFO record is active or not.
170
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
MX Records
An MX record describes the mail exchanger for a domain or hostname. The Mailserver
hostname field should contain the hostname or FQDN of a mail server which will accept mail for
the host specified by Hostname . The Priority
field should contain a preference for this mail
server. Mail transfer agents prefer MX records with lower values in Priority
Example: mail.example.com
. (FQDN)
Example: mail (hostname only)
The form contains the following fields:
• Hostname : The name that this record describes. Wildcard values such as * or *.sub are
supported, and this field can contain an FQDN or just a hostname. If you specify an FQDN,
the name must end with a dot; if you specify just a hostname, it must not end with a dot.If you want
email addresses of the form user@example.com , you must fill in example.com . in the
Hostname field (or leave it empty); if you want email addresses of the form
user@sub.example.com , you must fill in sub or sub.example.com
. in the Hostname field.
Examples:
• foo
• foo.example.com.
• www
• example.com.
• You can also leave the field empty which has the same meaning as if you'd fill in
example.com .
• Mailserver hostname
: The Mailserver hostname
field should contain the hostname or FQDN
of a mail server which will accept mail for the host specified by Hostname . Please note that this
Mailserver hostname
must always be an A record - CNAME records are not allowed.
Examples:
• mail.example.com
.
(FQDN)
• mail (hostname only)
• Priority : The Priority
field should contain a preference for this mail server, usually
between 0 and 100 . Mail transfer agents prefer MX records with lower values in Priority
• TTL: The time interval (in seconds) that this record may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the record
171
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
can only be used for the transaction in progress, and should not be cached.
• Active : This defines whether this MX record is active or not.
NS Records
An NS record describes an authoritative nameserver of a zone. A zone can have more than
one authoritative nameserver (usually it has at least two so that if one nameserver fails, the
zone can still be resolved from the other nameserver), so there can be multiple NS records.
The Nameserver Hostname field should contain the hostname or FQDN of a server which should be
considered authoritative for the zone listed in Zone .
Example: ns1.example.com . (FQDN)
Example: ns1 (hostname only)
The form contains the following fields:
• Zone : Fill in the name of the zone, i.e., the domain.
172
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Examples:
• example.com.
• You can also leave the field empty which has the same meaning as if you'd fill in
example.com .
• Nameserver Hostname : The Nameserver Hostname field should contain the hostname or FQDN
of a server which should be considered authoritative for the zone listed in Zone .
Examples:
• ns1.somedomain.com
• ns1.example.com
.
.
(FQDN)
(FQDN)
• ns1 (hostname only)
If the nameserver is in the same zone (i.e., if the zone is example.com . and you fill in
ns1.example.com . or just ns1 in the Nameserver Hostname field), you also need a glue record
which you can usually create at your domain registrar.
• TTL: The time interval (in seconds) that this record may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the record can
only be used for the transaction in progress, and should not be cached.
• Active : This defines whether this NS record is active or not.
173
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
PTR Records
A PTR record is a domain name pointer, i.e., it is used to point from an IP address to a domain
or hostname. This is used for reverse DNS lookups . These records, used only with
IN-ADDR.ARPA zones, should contain the canonical hostname of the machine referred to in the
Canonical Hostname field. Usually the administrator of an IP address/subnet (i.e., your ISP or
hoster) creates these for you (or gives you a web interface where you can configure this
yourself), so in most cases you can ignore this feature in ISPConfig (unless you're the
administrator of your own IP addresses).
Example: webserver.example.com.
Now let's assume you're the administrator of the IP subnet 1.2.3/255.255.255.0
and want to
create a PTR record for the IP address 1.2.3.4
that should point to www.example.com . First you
create the DNS zone 3.2.1.in-addr.arpa
(3.2.1 is our 1.2.3 subnet in reverse order) in
ISPConfig...
174
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
... and in this DNS zone you create a PTR record for the Name 4 (which is our IP address
1.2.3.4 ) which points to www.example.com .
The form contains the following fields:
• Name: Fill in the last part of your IP address. In our example of the 1.2.3.4
would be 4 (without any dots).
IP address, this
• Canonical Hostname : Fill in the domain or hostname that this PTR record should point to. You
must use fully qualified domain names here:
Examples:
• example.com . (FQDN)
• www.example.com . (FQDN)
• TTL: The time interval (in seconds) that this record may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the record can
only be used for the transaction in progress, and should not be cached.
• Active : This defines whether this NS record is active or not.
175
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
RP Records
An RP record describes a responsible person for a hostname. The Responsible Person
field
contains the DNS-encoded email address of the person responsible for the Hostname
requested, then a space, then a hostname that should return a TXT record containing
additional information about the responsible person. If there is no such TXT record, the second
value should contain a dot (. ).
Example: webmaster.example.com
. contactinfo.example.com
The form contains the following fields:
• Hostname : The name that this record describes. Wildcard values such as * or *.sub are
supported, and this field can contain an FQDN or just a hostname. If you specify an FQDN, the
name must end with a dot; if you specify just a hostname, it must not end with a dot. If you want
email addresses of the form user@example.com , you must fill in example.com . in the Hostname field
(or leave it empty); if you want email addresses of the form
user@sub.example.com , you must fill in sub or sub.example.com . in the Hostname field.
Examples:
176
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• foo
• foo.example.com.
• www
• example.com.
• You can also leave the field empty which has the same meaning as if you'd fill in
example.com .
• Responsible Person
: The Responsible Person
field contains the DNS-encoded email address
of the person responsible for the Hostname requested, then a space, then a hostname that
should return a TXT record containing additional information about the responsible person. If
there is no such TXT record, the second value should contain a dot (. ).
Examples:
• webmaster.example.com . contactinfo.example.com
(This means the responsible
person is webmaster@example.com , and there is a TXT record for the hostname
contactinfo.example.com
which contains additional information about
webmaster@example.com . If no TXT record for contactinfo.example.com
exists, create
one.)
• webmaster.example.com . . (If no such TXT record exists or you don't want to create one,
just fill in a dot for the hostname.)
• TTL: The time interval (in seconds) that this record may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the record can
only be used for the transaction in progress, and should not be cached.
• Active : This defines whether this RP record is active or not.
177
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
SRV Records
Server location. SRV records specify the location of the server(s) for a specific protocol and
domain. The Server Record field must contain three space-separated values. The first value is
a number specifying the weight for this entry. The second field is a number specifying the port
on the target host of this service. The last field is a name specifying the target host. The
Priority field should contain the priority of this target host. Targets with a lower priority are
preferred.
Some protocols such as SIP and XMPP require SRV records. SRV records have the form
_service._proto.name TTL class SRV priority weight port target
• service : The symbolic name of the desired service.
• proto : The transport protocol of the desired service; this is usually either TCP or UDP.
• name: The domain name for which this record is valid.
• TTL: The time interval (in seconds) that this record may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the record can
only be used for the transaction in progress, and should not be cached.
178
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• class : Standard DNS class field (this is always IN ).
• priority
: The priority of the target host, lower value means more preferred (similar to MX
records).
• weight : A relative weight for records with the same priority.
• port : The TCP or UDP port on which the service is to be found.
• target : The canonical hostname of the machine providing the service.
E.g.
_sip._tcp.example.com. 86400 IN SRV 0 5 5060 sipserver.example.com.
SRV records allow you to achieve a basic form of high-availability and load-balancing (basic
because information is static, i.e., current server loads are not taken into account). The priority field
is similar the the one of MX record - clients use the server with the lowest priority value first and use
other servers only if this server fails. This means oyu can have multiple SRV
records and define a fallback server that is used only if the primary server fails by giving the fallback
server a higher priority value than the primary server.
If there are multiple SRV records with the same priority, clients use the weight field to find out
which host to use. The weight value is relevant only in among records with the same priority.
Here's an example of basic high-availability and load-balancing with SRV records:
_sip._tcp.example.com. 86400 IN SRV 10 60 5060 server1.example.com.
_sip._tcp.example.com. 86400 IN SRV 10 40 5060 server2.example.com.
_sip._tcp.example.com. 86400 IN SRV 20 0 5060 server3.example.com.
In the above example, both server1.example.com
and server2.example.com
have a priority
value of 10 , so all requests will be shared by them, where server1.example.com
gets 60% of
the requests and server2.example.com
gets the remaining 40% of the requests (because
server1.example.com
has a weight value of 60 and server2.example.com
has a weight value of
40 ). If server1.example.com
fails, all requests will go to server2.example.com
. If both
server1.example.com
and server2.example.com
fail, all requests will go to
server3.example.com
which has a priority value of 20 .
For more information, read RFC 2782 and SRV Records on Wikipedia
The form has the following fields:
• Hostname : The name that this record describes. This field can contain an FQDN or just a
hostname. If you specify an FQDN, the name must end with a dot; if you specify just a
hostname, it must not end with a dot.
179
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Examples:
• _sip._tcp.example.com.
• _sip._tcp
• Server Record : The Server Record
field must contain three space-separated values. The first
value is a number specifying the weight for this entry. The second field is a number specifying
the port on the target host of this service. The last field is a name specifying the target host.
The target host can be an FQDN or just a hostname. If you specify an FQDN, the name must end
with a dot; if you specify just a hostname, it must not end with a dot.
Examples:
• 0 9 server.example.com
• 0 9 server
.
(FQDN)
(hostname only)
• Priority : The Priority
field should contain a preference for this SRV record, usually
between 0 and 100 . Records with lower values are preferred.
• TTL: The time interval (in seconds) that this record may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the record can
only be used for the transaction in progress, and should not be cached.
• Active : This defines whether this SRV record is active or not.
180
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
TXT Records
TXT records are used to give additional information about a hostname. The Text field contains
a text string that is returned only when a TXT query is issued for the host specified by Hostname
. TXT records can be used for SPF records .
The form contains the following fields:
• Hostname : The name that this record describes. This field can contain an FQDN or just a
hostname. If you specify an FQDN, the name must end with a dot; if you specify just a
hostname, it must not end with a dot.
Examples:
• server1.example.com.
• server1
• Text : The Text field contains a text string that is returned only when a TXT query is issued for
the host specified by Hostname . TXT records can be used for SPF records . it must not end
181
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
with a dot.
Examples:
• "This is a string."
• "v=spf1 a mx ptr -all"
(SPF record)
• TTL: The time interval (in seconds) that this record may be cached before the source of the
information should again be consulted. Zero values are interpreted to mean that the record can
only be used for the transaction in progress, and should not be cached.
• Active : This defines whether this TXT record is active or not.
4.8.3 Secondary DNS
4.8.3.1 Secondary Zones
182
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
(This feature is supported only if you use the BIND name server. If you use MyDNS, database
replication will be used to transfer data to the secondary DNS server.)
Here you can create secondary (slave) zones, i.e., zones for which another server is the
primary (master) nameserver. A slave zone will then automatically be transferred from the
master to the slave, so that both servers hold the same information about the zone. If the
master fails, the slave can still answer DNS requests.
To create a new slave zone, click on the Add new secondary DNS Zone
you to the Secondary DNS Zone form with the tab Secondary DNS Zone
button. This will lead
Secondary DNS Zone
Secondary DNS Zone
The form has the following fields:
• Server : If more than one server is available, you can select the server on which the
secondary DNS zone will be located.
• Client : Here you select the client that owns the new secondary DNS zone.
• DNS Zone : Fill in the domain for which you want to create the secondary zone, e.g.
example.com . - please note that you need a dot at the end.
• NS: Specify the IPv4 address of the primary nameserver for the domain, e.g. 1.2.3.4
• Allow zone transfers to these IPs (comma separated list)
: This field can contain one or
more IP addresses separated by commas. These IP addresses will be allowed to connect to the
server to transfer the zone. If no IP is specified, any server is allowed to connect. Usually, you can
leave this field empty because all slave DNS servers for this zone should contact the master DNS
server for the zone, not another slave server.
• Active : This defines whether this secondary DNS zone is active or not.
183
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.9 System
This is where you define the basic settings of the ISPConfig control panel (creating users,
configuring services, IP addresses, firewall records, updating the system, etc.).
4.9.1 CP Users
Here you can create and modify users of the ISPConfig control panel. Please note that you
should use these functions only to create or modify admin users. To create/edit normal
ISPConfig users, use the client- and reseller settings in the Client module instead because
modifying users or groups here may cause data loss. If you change modules or groups of
existing users, these users might not be able to access their web site settings, email settings, etc.
in ISPConfig anymore.
4.9.1.1 Add user
Here you can create new ISPConfig users. The Users form has the tabs Users and Groups .
184
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Users
Users
The form has the following fields:
• Username : Fill in the username of the new user.
• Password : Type in a password for the ISPConfig user. The Password strength
field will show
how weak or strong your password is. A strong password should include numbers, symbols,
upper and lowercase letters; password length should be 8 characters or more; avoid any
password based on repetition, dictionary words, letter or number sequences, usernames,
relative or pet names, or biographical information.
• Module : Select the modules that will be available for the user:
• sites : This enables the Sites module.
• mail : This activates the Email module.
• monitor : This refers to the Monitor module.
• admin : This is the System module (i.e., the module that we are currently in).
• dashboard : This refers to Home.
• dns : This is the DNS module.
• help : This activates the Help module.
• domain : This enables the Domain module. This makes sense only if you also check the
Use the domain-module to add new domains
checkbox on the Domains tab under
System > System > Interface Config
. If you use this module, your customers can only
select one of the domains the admin creates for them. They can not freely edit the
domain field.
• client
: This enables the Client module.
• tools : This is the Tools module.
You can select multiple modules for each user.
• Startmodule : Select the module that will automatically be loaded when the user logs into
ISPConfig.
• Design : Select the theme of the ISPConfig interface.
• Type : Please select if this is a normal user account or an admin account.
• Active : This defines whether this ISPConfig user account is active or not.
• Language : Select the language in which ISPConfig will be loaded for the user.
185
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Groups
The form has the following fields:
• Default Group : This defines the group to which items created by the user (web sites, email
accounts, etc.) will belong (unless a different group is selected when the item is created).
Selecting a default group does not necessarily mean that the user is also a member of the
group - you must check that group in the following form item, Groups , to make the user also a
member of the default group.
• Groups : Check all groups that the user account should be a member of. Make sure that you also
check the group that you selected under Default Group to make the user a member of that group.
186
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.9.1.2 Edit user
Here you can edit existing users. The form has the same tabs and fields as under Add user
4.9.2 System
4.9.2.1 Server Services
All servers that are listed here are added by the ISPConfig installer, i.e., you cannot add new
servers here yourself. ISPConfig allows you to control multiple servers from just one control
panel, and all servers that are listed here are controlled by ISPConfig. If you want to add another
server to ISPConfig, you have to run the ISPConfig installer in expert mode on the remote server
and tell the installer that the server will be a slave.
Although you cannot add servers here yourself, you can modify them from here by selecting a
server. This will bring you to the Server form with the tab Services
187
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Server
Services
The form has the following fields:
• Servername : Specify the hostname of the server. Example: server1.example.com
• Mailserver : This specifies if this server acts as a mail server (i.e., you can use the Email
module to create email accounts etc. on this server).
• Webserver : This specifies if this server acts as a web server (i.e., you can use the Sites
module to create web sites etc. on this server).
• DNS-Server : This specifies if this server acts as a DNS server (i.e., you can use the DNS
module to create DNS zones etc. on this server).
• Fileserver : If this server acts as a web server, you should also enable Fileserver
server so that FTP access is possible.
for this
• DB-Server : This specifies if it will be able to create databases (in the Sites module) on this
server.
• VServer-Server : If you check this, it will be possible to create OpenVZ virtual machines on
this server (this will be possible from version 3.0.4 of ISPConfig).
• Is mirror of Server
: If you have specified that this server is a slave of another server during
the ISPConfig installation, this server can have two roles: it can act as a full-fledged server,
i.e., you can create web sites, email accounts, etc. on this server just like on the main server, or it
can act as a mirror of another server - in this case you cannot create any items on that server (this
server cannot be selected when you create a new item), but instead the
configuration (web site configuration, email configuration, etc.) will be copied to the mirror
(just the configuration, not any web site contents, etc. - if you want this, you can achieve this
by using rsync or using a cluster filesystem like GlusterFS or some kind of network-attached
storage, and you'd have to use one of these techniques on the directories /var/www for the
web sites' contents and /var/vmail
for the emails - for MySQL databases, you'd have to use
MySQL master-master replication ). If you select a master server in the Is mirror of Server
field, the server for which you select the master will act as a mirror, not as a full-fledged
server. If you have a failover-IP address that you can switch between the master and the
mirror (e.g. automatically with heartbeat /keepalived /etc. or manually, e.g. from your hoster's
control panel), you can achieve high-availability because if the master fails, the mirror can
take over.
• Active : This defines whether this server is active or not.
188
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.9.2.2 Server Config
All servers that are listed here are added by the ISPConfig installer, i.e., you cannot add new
servers here yourself. ISPConfig allows you to control multiple servers from just one control
panel, and all servers that are listed here are controlled by ISPConfig. If you want to add another
server to ISPConfig, you have to run the ISPConfig installer in expert mode on the remote server
and tell the installer that the server will be a slave.
Although you cannot add servers here yourself, you can modify them from here by selecting a
server. This will bring you to the Server Config
form with the tabs Server , Mail , Getmail , Web,
DNS, FastCGI , Jailkit
, vlogger , and Cron .
Please note that you shouldn't modify these settings unless you know exactly what you're doing - changes in paths
etc. might stop the system from working!
Server Config
Server
189
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
On this tab you can configure some basic network settings for the server plus the loglevel for
the ISPConfig log (under Monitor > System State (All Servers) > Show System-Log
) plus
the backup directory for web site backups.
The form has the following fields:
• Network Configuration
: If you check this, ISPConfig will automatically configure your system
with the network settings from the IP Address , Netmask , Gateway , Hostname , and Nameservers
fields. It will also automatically configure all IP addresses that are defined under System >
System > Server IP addresses
. Please note that this automatic network configuration works only on
Debian/Ubuntu and only if you have one network card which must be eth0. It is recommended to not
check this checkbox and configure your network settings manually.
• IP Address
: Specify the IPv4 address of this server. Example: 1.2.3.4
• Netmask : Type in the server's netmask. Example: 255.255.255.0
• Gateway : Fill in the server's gateway.
• Hostname : Type in the server's fully-qualified hostname. Example: server1.example.com
• Nameservers : Fill in the IP addresses of nameservers that this server will use to do DNS
lookups. You can specify multiple nameservers by separating them with a comma. These
should be the nameservers from /etc/resolv.conf . Example: 145.253.2.75,8.8.8.8
• Loglevel
: Select the loglevel for the ISPConfig log (under Monitor > System State (All
Servers) > Show System-Log
).
• Debug: This loglevel will log all output from ISPConfig, including warnings and errors. As
the name says, this is usefull for debugging.
• Warnings : This loglevel will log ISPConfig warnings and errors.
• Errors : This loglevel will just log ISPConfig errors. Recommended for production
systems.
• Backup directory
: This is the directory where web site backups will be stored. The default
directory is /var/backup
190
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Mail
On this tab you can configure the general mail settings for the server. The
form has the following fields:
• Module : Select the mail module that the server should use. Currently only postfix_mysql
supported.
is
• Maildir Path
: This defines where users' mailboxes will be located. The default path is
/var/vmail/[domain]/[localpart]
. [domain] is a placeholder for the mail domain and
[localpart]
is a placeholder for the local part of an email address. Example: if your email
address is user@example.com , the Maildir path would be /var/vmail/example.com/user
Please note that Maildir Path
should be a subdirectory of Homedir Path
- otherwise the mail
system will probably stop to work.
• Homedir Path
/var/vmail
: This is the home directory of Mailuser Name . The default directory is
. If you use maildrop, this is the directory where the mailfilter file will be located.
• POP3/IMAP Daemon : Select your POP3/IMAP daemon. Supported POP3/IMAP daemons are
Courier and Dovecot.
• Mailfilter Syntax
: Select the mailfilter to use. If you use Courier, you must select Maildrop
;
191
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
if you use Dovecot, you must select Sieve . Depending on what you select, you must use
Maildrop or Sieve syntax if you define custom filter rules for an email mailbox (Email > Email
Mailbox > Custom Rules
). If you create mailfilters under Email > Email Mailbox > Mail
Filter , the system will automatically translate them into Maildrop or Sieve syntax depending
on your selection here.
• Mailuser UID
: This is the user ID of the system user defined under Mailuser Name
• Mailuser GID
: This is the group ID of the system group defined under Mailuser Group
• Mailuser Name : This is the system user name of the user under which the virtual mail setup
runs. Default value: vmail
• Mailuser Group : This is the system group name of the group under which the virtual mail
setup runs. Default value: vmail
• Relayhost : If you want to relay outgoing mails through another mailserver (for example,
because your server is on a dynamic IP and therefore blacklisted), you can use the Relayhost
, Relayhost User , and Relayhost Password
fields for this. Fill in the hostname or IP address
of the server through which you want to relay in the Relayhost field. If you use an IP address,
put it in square brackets ([] ) to prevent DNS lookups. Examples: mail.yourisp.com
,
[1.2.3.4]
. Leave the field empty if you don't want to relay.
• Relayhost User
: Fill in the username that can be used to log in on the relayhost .
• Relayhost Password
: Fill in the password of the relayhost user on the relayhost.
• Mailbox Size Limit
: This defines the max. size (in bytes) that a single mailbox can have on
this server. 0 means unlimited.
• Message Size Limit
: This defines the max. size (in bytes) that a single email can have on this
server. 0 means unlimited.
192
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Getmail
Here you can configure getmail. Getmail is the service that fetches emails from remote
servers; it is used if you define accounts under Email > Fetchmail > Fetchmail
The form has the following field:
• Getmail config dir
: This is the directory where getmail expects its configuration.
193
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Web
On this tab you can configure various settings for Apache, PHP, AWStats, etc. The
form has the following fields:
• Website basedir
: This is the directory where all web sites will be created (in subdirectories).
Usually this is the value of AP_DOC_ROOTfrom the output of suexec -V or suexec2 -V so that
suEXEC can be used in the web sites (/var/www on Debian/Ubuntu/Fedora/CentOS,
/srv/www on OpenSUSE). (The suEXEC feature provides Apache users the ability to run CGI and
SSI programs under user IDs different from the user ID of the calling web-server.)
• Website path : This is the actual path where new web sites will be created (this is not the
actual document root of the web site - this will be the subdirectory web in Website path
). This
should be a subdirectory of Website basedir
. You can use the placeholders [client_id]
and
[website_id]
which will be replaced by the IDs of the client and web site respectively.
• Website symlinks
: ISPConfig can create symlinks to Website path so that it is easier to
navigate to Website Path on the command line. You can use the placeholder
[website_domain]
which will be replaced by the domain of the web site (e.g. example.com ).
You can define multiple symlinks by separating them with a colon (: ) (don't use spaces).
194
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Vhost config dir
: This is the directory where ISPConfig will place the vhost configuration
files for each web site. This does not automatically enable the vhost because Apache doesn't
read that directory. To enable a vhost, it must be symlinked to another directory which is read
by Apache (see Vhost config enabled dir
).
• Vhost config enabled dir
: This is a directory that is read by Apache and to which vhost
configuration files must be symlinked to enable the vhost.
• Security level
directory.
: This defines how permissions and ownerships are set for the Website path
• Medium: The directory is owned by root and readable for all users.
• High : The directory is owned by the web site user and cannot be read by other users. It
is recommended to choose High .
• Apache user : This is the user under which the Apache web server runs.
• Apache group : This is the group under which the Apache web server runs.
• Apache php.ini path
mod_php.
• CGI php.ini path
suPHP.
: This is the full php.ini path for the php.ini file used by Apache's
: This is the full php.ini path for the php.ini used by FastCGI, CGI, and
• PHP open_basedir : This setting limits the files that can be opened by PHP to the specified
directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is
turned On or Off. You can use the placeholder [website_path] which will be replaced by the
path that is set in the Website path field. You can define multiple directories by separating them
with a colon (: ) (don't use spaces).
• .htaccess AllowOverride
: This setting specifies what types of directives are allowed in
.htaccess files. Possible values: All|None|AuthConfig|FileInfo|Indexes|Limit| Options[=
Option ,...]
See http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
for
more details.
• Apps-vhost port
: ISPConfig allows to install software packages ("apps" - applications) such
as phpMyAdmin or Roundcube via the ISPConfig Package Installer (System > Software >
Packages ). These apps will be installed in the /var/www/apps directory and can be accessed
over their own vhost. Specify the port that you want to use for this vhost (default is 8081 - the
vhost could then be accessed over http://example.com:8081
). Please do not use a port that
is already in use (such as 80 (http) or 443 (https)).
• Apps-vhost IP : Specify an IPv4 address that is configured on your server on which the vhost
will listen. It is also possible to use _default_
(meaning a request to an unspecified address
on the Apps-vhost port
is served from the apps vhost) or a wildcard (* - meaning requests on
all addresses on the port specified by Apps-vhost port
will be served by the apps vhost).
• Apps-vhost Domain
: Specify the domain that you want to use to access the apps vhost.
195
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Examples: example.com
(-> http://example.com:8081
), apps.example.com
(->
http://apps.example.com:8081
), www.example.com (-> http://www.example.com:8081
).
Leave this field empty to use any address (domain, hostname, IP address) that points to the
server.
• awstats conf folder
: This specifies the directory where the web site statistics package
AWStats expects its configuration files. This field is meaningless if you use Webalizer instead
of AWStats.
• awstats data folder
: This specifies the directory where AWStats creates its data files (from
which the reports will be created).
• awstats.pl script
: This specifies the location of the awstats.pl
script on the server.
• awstats_buildstaticpages.pl script
: This specifies the location of the
awstats_buildstaticpages.pl
script on the server. This script creates static HTML pages
with statistics - these will be generated once a day (at 0.30h) and are available in the /stats
folder of your web site (e.g. http://www.example.com/stats
).
196
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
DNS
If you use the BIND nameserver (instead of MyDNS), you can configure basic BIND settings on
this tab.
The form has the following fields:
• BIND User : This is the system user that BIND runs under.
• BIND Group : This is the system group that BIND runs under.
• BIND zonefiles directory
/etc/bind
).
: This is the directory where BIND will place its zone files (Debian:
• BIND named.conf path
: This is the location where BIND expects its configuration file
named.conf (Debian: /etc/bind/named.conf
).
• BIND named.conf.local path
: This is the location of the named.conf.local
in named.conf and which includes the zone files created by ISPConfig.
file that is included
197
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
FastCGI
On this tab you can configure basic FastCGI settings that are relevant if you use PHP via
FastCGI.
The form has the following fields:
• FastCGI starter path
: We will run PHP using suExec; suExec's document root is /var/www
(Debian/Ubuntu/Fedora/CentOS) or /srv/www (OpenSUSE). Therefore we cannot call the
PHP binary directly because it is located outside suExec's document root. As suExec does
not allow symlinks, the only way to solve the problem is to create a wrapper script for each
web site in a subdirectory of /var/www or /srv/www ; the wrapper script will then call the PHP
binary. In this field you can specify the directory (should be a subdirectory of /var/www or
/srv/www ) where the wrapper script will be located. You can use the placeholder
[system_user]
which will be replaced by the system user that owns the web site, e.g. web1.
• FastCGI starter script
: This is the name of the FastCGI wrapper script. Example:
.php-fcgi-starter
• FastCGI Alias
: (not in use right now; see
http://www.fastcgi.com/docs/faq.html#FastCGIExternalServer
for more details.) Since all
FastCGI directives are global (they are not configured in a server context), all FastCGI paths
198
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
map to the filesystem. In the case of external servers, this path does not have anything to do with
the file system; it is a virtual file system path. Since the connection between mod_fastcgi and the
FastCGI app is by a socket (unix or tcp), mod_fastcgi does not care where the
program is (it could be on a completely different machine). However, mod_fastcgi needs to know
when a hit is calling for an external app, so it uses this path as if it were a local
filesystem path. Apache translates a request URI to a filesystem path.
Example: FastCGIExternalServer /var/www/htdocs/extprog -host 127.0.0.1:9000
• FastCGI php.ini Path
: This is the full php.ini path for the php.ini used by FastCGI.
• FastCGI Children
: This defines the number of PHP children that will be launched. (This
variable is onyl useful for lighttpd or nginx as Apache mod_fcgi will control the number of
children itself and never use the additional processes.)
• FastCGI max. Requests
: This is the maximum number of requests before an fcgid process is
stopped and a new one is launched.
• FastCGI Bin
: This is the path to the FastCGI PHP binary.
199
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Jailkit
Here you can configure the basic Jailkit behaviour. Jailkit is a set of utilities to limit user
accounts to specific files using chroot() and or specific commands. You can make a shell user
use Jailkit by selecting it in the Chroot Shell drop-down menu of the shell user under Sites >
Shell > Shell-User
The form has the following fields:
• Jailkit chroot home
: This is the directory where jailkit users will be chrooted. The
placeholder [username] will be replaced with the actual system user name. Example:
/home/[username]
• Jailkit chroot app sections
: These are predefinded sets of applications/programs that
chrooted users can use. These sets are defined in /etc/jailkit/jk_init.ini
. Separate
multiple entries with a space. Example: basicshell editors extendedshell netutils ssh sftp
scp groups jk_lsh
• Jailkit chrooted applications
: In this field you can explicitly list single
applications/programs that chrooted users will be able to use (it is possible that these
applications/programs are already part of the predefined sets of applications that you've
enabled in the Jailkit chroot app sections
field). Separate multiple entries with a space.
Example: /usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe
/usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico
• Jailkit cron chrooted applications
: Under Sites > Cron > Cron Jobs
you can define
cron jobs. If Chrooted Cron is selected in the limits of the client that owns the cron job, the cron
jobs are chrooted (using Jailkit). In this field you can explicitly list single
applications/programs that chrooted cron jobs will be able to use. Separate multiple entries with
a space. Example: /usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php
200
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
vlogger
vlogger is a little tool that takes the burden of creating Apache virtual host logfiles off of
Apache so that Apache doesn't have to deal with open logfiles.
The form has the following field:
• Config directory
: This defines the directory where vlogger expects its configuration file.
201
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Cron
On this tab you can configure a few settings for cron. The
form has the following fields:
• Cron init script name
: This is the name of the cron init script that is located in the
/etc/init.d/
directory.
• Path for individual crontabs
: This is the directory where cron jobs will be created by
ISPConfig. This must be a directory where cron expects to find cron jobs, e.g. /etc/cron.d
• Path to wget program
: This is the path to the wget program, e.g. /usr/bin/wget
. If you
specify a URL in the Command to run field under Sites > Cron > Cron Jobs
, it will
automatically be executed via wget, that's why cron needs to know the exact path.
202
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.9.2.3 Server IP addresses
Here you can add additional IP addresses to your server. If you've enabled automatic network
configuration for your server (field Network Configuration on the Server tab under Server
Config ), these additional IP addresses will be configured automatically (please note that this
works only on Debian/Ubuntu servers and if you have one network card which is named eth0 ).
However, it is recommended to configure additional IP addresses manually (see chapter 5.18) and
then add them here so that ISPConfig knows that they exist.
To create a new IP address, click on the Add new IP Address
IP Addresses
form with the tab IP Address
button. This will lead you to the
IP Addresses
IP Address
The form has the following fields:
• Server : If more than one server is available, you can select the server on which the IP
203
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
address is/will be located.
• IP Address
: Type in the IPv4 address. Example: 1.2.3.4
• HTTP NameVirtualHost : If you check this field, you can select this IP address for a new web
sites in the Sites module; otherwise it cannot be used for Apache vhosts.
4.9.2.4 Interface Config
Under Interface Config
you can configure the behaviour of the ISPConfig control panel itself.
You can find the following tabs here: Sites
, Mail , Domains , Misc .
Sites
This tab allows you to configure a few settings for the Sites module.
204
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
The form has the following fields:
• Database name prefix
: This defines the prefix that will be used for databases that you create
under Sites > Database > Database
. You can use the placeholders [CLIENTID]
(which will
be replaced with the ID of the client, e.g. 1 or 58 ) and [CLIENTNAME] (which will be replaced
with the client's username). Please note that database names must not be longer than 16
characters - MySQL doesn't support longer database names! Therefore it is stronlgy
recommended to use [CLIENTID] here instead of [CLIENTNAME] . Examples: c[CLIENTID] ,
[CLIENTID] (MySQL database names can begin with a number).
• Database user prefix
: This defines the prefix that will be used for database users of
databases that you create under Sites > Database > Database
. You can use the
placeholders [CLIENTID] (which will be replaced with the ID of the client, e.g. 1 or 58 ) and
[CLIENTNAME] (which will be replaced with the client's username). You must not use
underscores (_)! Example: c[CLIENTID]
• FTP user prefix
: This defines the prefix that will be used for FTP users that you create under
Sites > FTP > FTP-User
. You can use the placeholders [CLIENTID]
(which will be replaced
with the ID of the client, e.g. 1 or 58 ) and [CLIENTNAME] (which will be replaced with the
client's username). Example: [CLIENTNAME]
• Shell user prefix
: This defines the prefix that will be used for shell users that you create
under Sites > Shell > Shell-User
. You can use the placeholders [CLIENTID]
(which will be
replaced with the ID of the client, e.g. 1 or 58 ) and [CLIENTNAME] (which will be replaced with
the client's username). Example: [CLIENTNAME]
• Webdav user prefix
: This defines the prefix that will be used for WebDAV users that you
create under Sites > Webdav> Webdav User
. You can use the placeholders [CLIENTID]
(which will be replaced with the ID of the client, e.g. 1 or 58 ) and [CLIENTNAME] (which will be
replaced with the client's username). Example: [CLIENTNAME]
• Link to phpmyadmin in DB list
: If you check this checkbox, an icon with a link to
phpMyAdmin will be added to each database in the database list under Sites > Database >
Database .
• PHPMyAdmin URL: If you have checked the Link to phpmyadmin in DB list
checkbox, specify
your phpMyAdmin URL here - otherwise an icon with a link to the default phpMyAdmin
location will be displayed. This also means phpMyAdmin must already be installed
somewhere on your server. Example: http://www.example.com/phpmyadmin
• WebFTP URL: If you specify your WebFTP URL here, a WebFTP icon with a link to your
WebFTP application will be displayed in the FTP user list. This also means that a WebFTP
application such as net2ftp must already be installed somewhere on your server. Example:
http://www.example.com/webftp
205
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Mail
This tab allows you to configure a few settings for the Email module. The
form has the following fields:
• Link to webmail in Mailbox list
: If you check this checkbox, an icon with a link to your
webmail application will be added to each mailbox in the mailbox list under Email > Email
Accounts > Email Mailbox
• Webmail URL : If you have checked the Link to webmail in Mailbox list
checkbox, specify
your webmail URL here - otherwise an icon with a link to the default webmail location will be
displayed. This also means a webmail application must already be installed somewhere on your
server. Example: http://www.example.com/webmail
206
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Domains
This tab is relevant only if you've enabled the domain module under System > CP Users
. If you
use this module, your customers can only select one of the domains the admin creates for
them. They can not freely edit the domain field.
The form has the following fields:
• Use the domain module to add new domains
: If you check this field (and the domain module
is enabled), your customers can only select one of the domains that you create for them. They
can not freely edit the domain field. You have to re-login after changing this value to make the
changes visible.
• HTML to create a new domain
: This text area can contain some HTML that will be shown to a
customer if the domain module is enabled for the customer and he tries to create a new
domain.
207
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Misc
You can configure some miscellaneous settings here.
The form has the following field:
• Dashboard atom feed URL
: If you want to display a certain news feed on the dashboard
(Home), you can specify the URL of the Atom feed here (RSS feeds are not supported). By
default, the latest ISPConfig news are displayed (http://www.ispconfig.org/atom ).
208
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.9.3 Firewall
4.9.3.1 Firewall
This is where we can enable the firewall for a server. For each server controlled by ISPConfig,
there can be just one firewall record. If there's no firewall record for a server, the firewall is not
active on that server.
To create a new firewall record, click on the Add Firewall record
the Firewall
form with the tab Firewall
button. This will lead you to
Firewall
Firewall
The form has the following fields:
• Server : Select the server on which you want to enable the firewall.
209
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Open TCP ports : Specify the TCP ports that should be open in the firewall. Separate multiple
ports by comma (no space), e.g. 20,21,22,25,53,80,110,143,443,3306,8080,8081,10000
Specify port ranges with a colon, e.g. 60:70 or 21,22,25,30:40,53,80 . TCP ports that you
don't list here will automatically be closed by the firewall. Common TCP ports are:
• 20 : FTP
• 21 : FTP
• 22 : SSH
• 25 : SMTP
• 53 : DNS
• 80 : HTTP
• 110 : POP3
• 143 : IMAP
• 443 : HTTPS
• 3306 : MySQL
• 8080 : ISPConfig, HTTP-Proxies
• 8081 : ISPConfig apps vhost
• 10000 : Webmin
• Open UDP ports : Specify the UDP ports that should be open in the firewall. Separate multiple
ports by comma (no space), e.g. 53,3306 . Specify port ranges with a colon, e.g. 60:70 or
21,22,25,30:40,53,80 . UDP ports that you don't list here will automatically be closed by the
firewall. Common UDP ports are:
• 53 : DNS
• 3306 : MySQL
• Active : This defines whether the firewall is active or not.
210
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.9.4 Software
Under Software you can define ISPConfig application repositories, install ISPConfig application
packages (such as phpMyAdmin) and install updates of such packages, if available.
4.9.4.1 Repositories
Here you can add ISPConfig application repositories to your system.
To create a new repository, click on the Add new record
Software Repository
form with the tab Repository
button. This will lead you to the
Software Repository
Repository
The form has the following fields:
211
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
• Repository
: Type in a name for the repository, e.g. ISPConfig Addons
• URL: Specify the URL of the repository. Example: http://repo.ispconfig.org/addons/
• User (optional)
: If the whole repository or single packages of the repository (e.g. packages
that need testing and should be available only to developers) are password-protected, type in the
repository username here. Leave the field empty if the repository isn't
password-protected.
• Password (optional)
: If the whole repository or single packages of the repository (e.g.
packages that need testing and should be available only to developers) are
password-protected, type in the repository password here. Leave the field empty if the
repository isn't password-protected.
• Active : This defines whether the repository is active or not.
4.9.4.2 Packages
Here you can find a list of available packages from the active repositories. For each server that
212
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
is controlled by ISPConfig, you can see if the package is already installed (it then reads
Installed version ...
) or if it can be installed (it reads Install now
). To install a package,
simply click on the Install now
link. Installation can take two or three minutes; reload the page
to see if it has been installed successfully (it should then read Installed version ...
).
4.9.4.3 Updates
Under Updates you can find a list of all installed packages for which updates are available
(select the server under Select server
first). You can install the updates from here by clicking
on the Install update
link.
4.9.5 Language Editor
The Language Editor
allows you to add new ISPConfig translations or modify existing ones.
For example, if the ISPConfig interface isn't available in your language, you can create a
translation here.
4.9.5.1 Languages
Here you can find the Language file editor
which allows you to modify all existing
translations. Select the translation that you want to modify in the Select language
drop-down
menu; this will bring up a list of all available language files (extension .lng ) for that language,
together with a note to which ISPConfig module the language file belongs and the last
modification date. Click on the file that you want to modify - this will bring you to a form with all
strings that can be translated. Make your modifications and click on the Save button afterwards.
Hint: You can change the text of the welcome email that is sent to new email accounts under
mail > en_mail_user.lng
(the fields are welcome_mail_subject
and welcome_mail_message ).
213
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.9.5.2 New Language
If you want to add a new translation (for example, because ISPConfig isn't available in your
language), you can do this here. The Add new language form has the following fields:
• Select language basis
: Select one of the existing translations here, e.g. en . Your new
language files will use this existing translation first so that you have a basis to start with, and
you can then use the Language file editor
under Languages to translate the strings to the
new language.
• New language : Type in the two characters ISO 639-1 language code (see
http://en.wikipedia.org/wiki/List_of_ISO_639-1_codes
) of your new translation.
After you have created the new language, you can use the Language file editor
Languages to translate the strings to the new language.
under
4.9.5.3 Merge
214
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
The Merge function adds missing strings and even missing language files from the English
master language files to the selected language. This is useful for the following two scenarios:
• You've created your own language in an old ISPConfig version, and now you update
ISPConfig, and the new ISPConfig version has a lot of new functions that are missing in your
language files. You can use the Merge function to merge the new/missing translations into
your language files, and then you can use the Language file editor
under Languages to
translate the strings to the new language.
• The second scenario is for the ISPConfig developers only. A lot of translations were
contributed by ISPConfig users, but of course the developers don't speak all these
languages. If the developers add new functions, they add the English translations and merge
these English translations into all the other supported languages (so that a native speaker and
ISPConfig contributor can translate them using the Language file editor ).
To merge new English strings into a translation, just select the language in the Select
language drop-down menu and click on the Merge files now button.
4.9.5.4 Export
Here you can export existing translations. Just select the language that you want to export and
click on the Export the selected language file set
button. This will display a link to the
exported file (e.g. Exported language file to: /temp/en.lng
); click on that link, and the
exported file will be displayed in a new browser window (from where you can save it on your
computer).
You must not use the Export function to manually edit exported translations in a text editor always use ISPConfig's Language file editor
for that! The Export funtion is useful if
• you've created a translation on one ISPConfig installation and want to use the same
translation on another ISPConfig installation (where you can use the Import function to import that
translation).
• you've created a translation and want to send it to the ISPConfig developers (
dev@ispconfig.org
).
4.9.5.5 Import
You can use the Import function to import translations that you've previously exported on
another ISPConfig server. Please not that you must not import language files that have been
manually modified in a text editor - always use ISPConfig's Language file editor to modify
215
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
translations!
The Import language file
form has the following fields:
• Select language file
: Select the language file to import from your local computer.
ISPConfig will automatically detect the language from the contents of the selected file.
• Overwrite file, if exists
: Check this if you want to overwrite any existing files of this
translation on the ISPConfig server.
• Skip ISPConfig version check
: Usually ISPConfig performs a version check to find out if the
translation that is to be imported matches the version number of the ISPConfig installation, and
displays an error mesage if the versions don't match (i.e., ISPConfig refuses to import the
translation). By checking this checkbox you can skip this version check.
4.9.6 Remote Users
This feature is for ISPConfig developers only. ISPConfig has an API that allows to access all
ISPConfig functions from other applications or remote places (the API documentation is not part of
this manual). For example, an ISP could build a web interface and allow his customers to create
web sites from this web interface.
Access to this API is password protected. To allow access to the API, you must create a user
and password here first and use these login credentials in the application that uses the API.
4.9.6.1 Add user
You can create an API user here. The Remote user form has the tab Remote User .
Remote user
Remote User
The form has the following fields:
• Username : Fill in the username of the new API user.
• Password : Type in a password for the API user. The Password Strength
weak or strong your password is.
field will show how
• Functions : Please check all functions that the API user will be allowed to use.
216
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.9.6.2 Edit user
Here you can edit existing API users. The form has the same tabs and fields as under Add
user .
4.9.7 Remote Actions
Here you can initiate operating system updates and ISPConfig updates on all servers
controlled by ISPConfig.
4.9.7.1 Do OS-Update
The Do OS-Update function allows you to start an operating system update on the selected
server, i.e., the latest updates will be installed. Please note that this function supports only
Debian and Ubuntu. It will perform
aptitude -y upgrade
on the selected server. This works also on remote servers that are controlled by this ISPConfig
installation. To update all servers controlled by ISPConfig, select All servers
As this is an unattended update and you don't see what packages are updated, you should use this
function at your own risk. At this point, it is strongly recommended to run your updates manually on the command
line!
4.9.7.2 Do ISPConfig-Update
The Do ISPConfig-Update
function allows you to update ISPConfig on the selected server. This
works also on remote servers that are controlled by this ISPConfig installation. To update all
servers controlled by ISPConfig, select All servers
This funtion is experimental! At this point, it is strongly recommended to run your updates manually on the
command line!
4.10 Monitor
217
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
The Monitor module allows you to take a look at the logs, CPU, memory, disk usage, etc. of all
servers controlled by ISPConfig. Under System State (All Servers)
you can find information
about all servers controlled by ISPConfig, whereas the details in the other menu items refer to just
one (the selected) server.
4.10.1 System State (All Servers)
Here you can find details about all servers that are controlled by this ISPconfig installation.
4.10.1.1 Show Overview
Here you can find an overview of all your servers that are controlled by ISPConfig. Details that
are displayed here are the general state of the server (if there have been warnings, errors,
etc.), the state of the hard drive space, mail queue, server load, if all services are online, and if
updates are available (some of these details will only be displayed if you click on the More
information...
link).
Under Refresh Sequence you can select if the information should be refreshed automatically
while you are on this page (by default it is not refreshed), and in which interval.
By clicking on the [More...]
link that is displayed next to each status, you can find out more
details about that item - the same details can be accessed under Server State
in the menu
(but then make sure you select the correct server under Server to Monitor
).
Each server's overview is displayed with one of the background colours green, orange, or red:
• Green: everything is ok - no warnings or errors, no updates are available, all services are
online, etc.
• Blue: there are warnings in your logs, or updates are available, but there's nothing
system-critical on the server.
• Red: this marks some kind of failure, e.g. errors in the logs, needed services aren't running, a
script failed to execute, etc. This is system-critical, and immediate action should be taken by your
side (e.g. log onto your server's shell and check the logs in the /var/log/ directory).
218
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.10.1.2 Show System-Log
Here you can take a look at the ISPConfig log - this log shows what ISPConfig does in the
background, and if there have been warnings or errors. This log is for all servers controlled by
ISPConfig (you can use the filter to display log entries from a specific server); what is getting
logged depends on the log level that you set for each server on the Server tab under System >
System > Server Config
(Debug, Warnings , or Errors ).
4.10.1.3 Show Jobqueue
Here you can find a list of background tasks that ISPConfig has to carry out on the nodes that are
controlled by ISPConfig. If the list is empty, ISPConfig has completed all tasks.
4.10.2 Server to Monitor
This refers to all following menu items, i.e., the following menu items will display information
about the server that you select here.
219
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.10.3 Hardware Information
4.10.3.1 Show CPU Info
You can find details about the CPU of the selected server here. This is the same as if you run
cat /proc/cpuinfo
on the server.
4.10.4 Server State
4.10.4.1 Show Overview
Here you can find the same details as under Monitor > System State (All Servers) > Show
Overview , except that the details here refer to just one server (the one you selected under
Monitor > Server to Monitor
).
220
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Under Refresh Sequence you can select if the information should be refreshed automatically
while you are on this page (by default it is not refreshed), and in which interval.
4.10.4.2 Show Update State
This page displays if update packages are available for the operating system and the installed
packages. If there are, you should bring your server up to date.
If you see the warning WARNING: Your ClamAV installation is OUTDATED!
- this sounds more
dramatic than it actually is, and it is usually not necessary to take any action. This just means that a
newer ClamAV version is available than the one that is installed - your current version is still ok. It
does not mean that the virus signature database is not up to date - it actually is, and protection is
still guaranteed. You can check if your distribution offers an updated ClamAV package - if it does,
you can install it, but if it doesn't, you should avoid installing ClamAV from the sources - wait until
your distribution provides an updated package.
221
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
It is recommended to do this manually with your distribution's package manager, e.g.
apt/aptitude on Debian/Ubuntu, yum on Fedora/CentOS, and yast/zypper on OpenSUSE.
Debian/Ubuntu:
aptitude update
aptitude safe-upgrade
Fedora/CentOS:
yum update
OpenSUSE:
222
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
zypper refresh
zypper update
If you are on Debian/Ubuntu, you could also go to System > Remote Actions > Do OS-Update
but this method is not recommended!
,
4.10.4.3 Show RAID State
If the selected server uses RAID, you can find details about the RAID arrays here. Basically,
these are the same details that the command
cat /proc/mdstat
would show.
4.10.4.4 Show Server Load
Here you can find details about the server load. Basically, these are the same details that the
command
uptime
would show.
223
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.10.4.5 Show Disk Usage
Here you can find details about the server's disk usage. Basically, these are the same details that
the command
df -h
would show.
224
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.10.4.6 Show Memory Usage
Here you can find details about the server's memory usage. Basically, these are the same
details that the command
cat /proc/meminfo
would show.
225
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.10.4.7 Show Services
Under this menu item you can find information if the following services are running or not:
• Web-Server
• FTP-Server
• SMTP-Server
• POP3-Server
• IMAP-Server
• myDNS-Server (this refers to your DNS server in general, no matter if you use MyDNS,
BIND, or PowerDNS)
• mySQL-Server
226
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.10.4.8 Show OpenVz VE BeanCounter
If the selected server is an OpenVZ container (virtual machine), you can find details about the
OpenVZ beancounter here (it displays details about the allocated resources and limits of the virtual
machine). Basically, these are the same details that the command
cat /proc/user_beancounters
would show.
227
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.10.5 Logfiles
4.10.5.1 Show Mail Queue
Here you can find details about the server's mail queue. Basically, these are the same details that
the command
postqueue -p
would show.
4.10.5.2 Show Mail Log
You can find the last 100 lines of the selected server's mail log (/var/log/mail.log
on
Debian/Ubuntu) here. Under Refresh Sequence you can select if the information should be
refreshed automatically while you are on this page (by default it is not refreshed), and in which
interval.
228
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.10.5.3 Show Mail Warn-Log
You can find the last 100 lines of the selected server's mail.warn log (/var/log/mail.warn
on
Debian/Ubuntu) here. Under Refresh Sequence you can select if the information should be
refreshed automatically while you are on this page (by default it is not refreshed), and in which
interval.
4.10.5.4 Show Mail Error-Log
You can find the last 100 lines of the selected server's mail.error log (/var/log/mail.err
on
Debian/Ubuntu) here. Under Refresh Sequence you can select if the information should be
refreshed automatically while you are on this page (by default it is not refreshed), and in which
interval.
4.10.5.5 Show System-Log
You can find the last 100 lines of the selected server's system log (/var/log/messages
on
229
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Debian/Ubuntu) here. Under Refresh Sequence you can select if the information should be
refreshed automatically while you are on this page (by default it is not refreshed), and in which
interval.
4.10.5.6 Show ISPC Cron-Log
You can find the last 100 lines of the selected server's ISPConfig cron log (
/var/log/ispconfig/cron.log
) here - the ISPConfig background tasks are run by cron, and
therefore this log contains information about what happened behind the scenes. Under Refresh
Sequence you can select if the information should be refreshed automatically while you are on this
page (by default it is not refreshed), and in which interval.
4.10.5.7 Show Freshclam-Log
You can find the last 100 lines of the selected server's freshclam log (
/var/log/clamav/freshclam.log
on Debian/Ubuntu) here - this log contains information
regarding the virus signature updates of the server's virus scanner, ClamAV. Under Refresh
Sequence you can select if the information should be refreshed automatically while you are on this
page (by default it is not refreshed), and in which interval.
230
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.10.5.8 Show Clamav-Log
You can find the last 100 lines of the selected server's clamav log (
/var/log/clamav/clamav.log
on Debian/Ubuntu) here - this log contains information regarding
the server's virus scanner, ClamAV. Under Refresh Sequence you can select if the information
should be refreshed automatically while you are on this page (by default it is not refreshed), and in
which interval.
4.10.5.9 Show RKHunter-Log
You can find the last 100 lines of the selected server's rkhunter log (/var/log/rkhunter.log
on
Debian/Ubuntu) here - rkhunter is run by cron (usually once per night) and scans the server for
malware/rootkits/trojans. The result of such a scan is logged in the rkhunter log file. Under
Refresh Sequence you can select if the information should be refreshed automatically while you are
on this page (by default it is not refreshed), and in which interval.
231
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.10.5.10 Show fail2ban-Log
Fail2ban is a tool that observes login attempts to various services, e.g. SSH, FTP, SMTP,
Apache, etc., and if it finds failed login attempts again and again from the same IP address or host,
fail2ban stops further login attempts from that IP address/host by blocking it with an
iptables firewall rule.
You can find the last 100 lines of the selected server's fail2ban log (/var/log/fail2ban.log
on
Debian/Ubuntu) here - it contains details about what services are monitored and what IP
addresses got blocked due to a tried break-in attempt. Under Refresh Sequence you can select if the
information should be refreshed automatically while you are on this page (by default it is not
refreshed), and in which interval.
If you want to unblock an IP address/host, take a look at chapter 5.16.
4.11 Help
By default, this module isn't enabled for normal users. You can enable it on the Users tab
under System > CP Users > Edit user
232
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.11.1 Support
This is a ticket system where users can send messages to their reseller or the server
administrator if they need help.
4.11.1.1 Send message
You can create a new ticket here. You will see the Support Message
form with the tab Message
Support Message
Message
The form has the following fields:
• Recipient ID
: Normal users cannot select a recipient here because ISPConfig determines
the recipient itself - it is the ISPConfig administrator. Only if you are logged in as the
ISPConfig administrator can you select the recipient (because the administrator is allowed to send
messages to all ISPConfig users).
• Subject : Fill in the subject of your request.
• Message : Fill in your message.
4.11.1.2 View messages
Here you can see a list of all tickets opened by you (answered or unanswered).
4.11.2 About ISPConfig
4.11.2.1 Version
Shows the currently installed ISPConfig 3 version:
233
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
4.12 Domains
If you use this module, your customers can only select one of the domains the admin creates for
them. They can not freely edit the domain field.
This module is active only if you also check the Use the domain-module to add new domains
checkbox on the Domains tab under System > System > Interface Config
4.12.1 Domains
4.12.1.1 Domains
Here you can add domains to your server that clients can later on select when they create a new
web site.
To add a new domain, click on the Add new Domain
with the tab Domain .
button. This will lead you to the Domain form
234
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Domain
Domain
The form has the following fields:
• Domain : Type in a domain name that you want to allocate to a client, e.g. example.com
any subdomain like www).
(without
• Client : Select the client to which you want to allocate the domain from the drop-down menu.
This client will then be able to select the domain from a drop-down menu when he creates a
web site.
5 Howtos
5.1 How Do I Create A Reseller?
Log in as admin and go to Client > Resellers > Add Reseller
the address of the reseller on the Address tab...
(see chapter 4.5.2.1). Fill in
235
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
... and then go to the Limits tab to specify limits for the reseller. An important field is the Max.
as it specifies how many clients the reseller can create.
number of Clients field
After you have created the reseller, you can find it in the list under Client > Resellers > Edit
Reseller :
236
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
If you want to modify the reseller, you can pick it from that list and change the reseller's
settings. From the list view, it is also possible to directly log in as the reseller (just click on the
button) and to delete the reseller (click on the
button) (see chapter 4.5.2.2).
5.2 How Do I Create A Client?
Now we have to differentiate between two scenarios: 1) the client belongs to the admin 2) the
client belongs to a reseller.
In the first case you must log in as admin and create the client from the admin account, in the
second case you must log in as the reseller and create the client from the reseller account.
Then go to Client > Clients > Add Client
client on the Address tab...
(see chapter 4.5.1.1). Fill in the address of the
237
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
... and then go to the Limits tab to specify limits for the client:
238
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
After you have created the client, you can find it in the list under Client > Clients > Edit
Client :
239
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
If you want to modify the client, you can pick it from that list and change the client's settings. From
the list view, it is also possible to directly log in as the client (just click on the
button) and to delete the client (click on the
button) (see chapter 4.5.1.2).
5.3 How Do I Create A Web Site?
It is important that you create a client first before you create a web site, so that you can assign the
web site to that client (a client can own multiple web sites).
Then log in as admin or as the reseller to which that client belongs and go to Sites > Websites > Website
(see chapter 4.6.1.1). To create a web site, you just need to fill out the Domain tab (the other tabs
contain special configurations that you usually don't need). Make sure that you select the correct
client in the Client drop-down menu (if you are logged in as admin, you can select all clients that
exist on the system; if you are logged in as a reseller, you can select only the clients that belong to
the reseller):
240
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Use the Auto-Subdomain field to define whether you want no automatic subdomain for the web site
(in this case you can access the site only by using the domain, e.g. http://example.com ),
an automatic www subdomain (recommended) (you can then access the site using
http://example.com
and http://www.example.com
), or a wildcard subdomain (*. ) which means
you can access the site with any subdomain that does not point to another web site:
241
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
After you have created the web site, you can find it in the list under Sites > Websites >
Website :
242
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
From the list view, it is possible to delete the web site (click on the
button).
If the DNS records for the new web site exist and point to the correct server, you can now go to
the new web site in a browser, and you should see the default ISPConfig 3 welcome page:
243
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Important: if a client creates a web site himself, he has the permissions to modify the web site settings in
ISPConfig. If the admin or a reseller creates a web site for a client, then the web site settings cannot be modified by the
client in ISPConfig, only by the admin or by the reseller that created the web site.
5.4 How Do I Create An SSL Web Site?
To make a web site SSL-capable, please make sure that the SSL checkbox is checked on the web
site's Domain tab (please note that you can have only one SSL web site per IP address). Important:
you must select a specific IP address from the IP-Address drop-down menu; you must not select
the wildcard (* )!
244
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Then go to the SSL tab (see chapter 4.6.1.1).
On the SSL tab you can create a self-signed SSL certificate together with a certificate signing
request (CSR) that you can use to apply for an SSL certificate that is signed by a trusted
certificate authority (CA) such as Verisign, Comodo, Thawte, etc. It's not necessary to buy
such a trusted SSL certificate, but you should note that if you use a self-signed SSL certificate,
browsers will display a warning to your visitors.
Please note that you can have just one SSL web site per IP address.
To create a self-signed certificate, please fill out the fields State , Locality , Organisation ,
Organisation Unit
, Country , and SSL Domain , and then select Create Certificate
from the
SSL Action drop-down menu, and click on Save . Leave the fields SSL Request , SSL
Certificate
, and SSL Bundle empty - the fields SSL Request and SSL Certificate
will be filled
out by the system.
245
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
246
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
After the self-signed certificate was created, you will find data in the SSL Request and SSL
Certificate fields (it can take one or two minutes until the data appears in the fields):
It is already possible to access the web site using https://
now with the self-signed certificate,
but your visitors will see a warning. For example, Firefox will complain about the self-signed
certificate, therefore you must tell Firefox to accept the certificate - to do this, click on the I
Understand the Risks
link:
247
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Click on Add Exception...
:
248
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
The Add Security Exception
window opens. In that window, click on the Get Certificate
button first and then on the Confirm Security Exception
button:
249
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Afterwards you should be able to see the https://
web site:
250
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
If you want to buy an SSL certificate from a trusted CA, you have to copy the data from the SSL
Request field - this is the certificate signing request (CSR). With this CSR, you can apply for a
trusted SSL certificate at your CA - the CA will create an SSL certificate from this CSR, and
you can paste the trusted SSL certificate into the SSL Certificate field. Sometimes your CA
will also give you an SSL bundle - paste this into the SSL Bundle field. Select Save
Certificate from the SSL Action drop-down menu and click on the Save button:
You have just replaced your self-signed certificate with a trusted SSL certificate.
To delete a certificate, select Delete Certificate
click on the Save button.
from the SSL Action drop-down menu and
251
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
5.5 How Do I Redirect My Web Site To Another Web Site Or To A
Specific Directory On The Server?
Go to the Redirect tab of your web site in ISPConfig (see chapter 4.6.1.1). In the Redirect Type
field, please select the flag that you want to use for the redirect:
Flags:
• R: Use of the [R] flag causes a HTTP redirect to be issued to the browser. If a fully-qualified URL
is specified (that is, including http://servername/ ) then a redirect will be issued to that
location. Otherwise, the current servername will be used to generate the URL sent with the
redirect.
• L: The [L] flag causes mod_rewrite to stop processing the rule set. In most contexts, this
means that if the rule matches, no further rules will be processed.
• R,L: You will almost always want to use [R] in conjunction with [L] (that is, use [R,L]) because
on its own, the [R] flag prepends http://thishost[:thisport]
to the URI, but then passes
this on to the next rule in the ruleset, which can often result in 'Invalid URI in request'
warnings.
More details about flags can be found here:
http://httpd.apache.org/docs/2.2/rewrite/rewrite_flags.html
If you want to do a URL redirect, you should use the R,L flags, while for a directory redirect it is recommended to just
use the L flag.
If you want to do a URL redirect, please specify the redirect target URL in the Redirect Path
field (e.g. http://www.someotherwebsite.com/subdir/
or http://www.someotherwebsite.com/
Please note that the URL should have a trailing slash:
).
252
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
If you want to do a redirect to a subdirectory of your web site, please specify the subdirectory or
the path to the subdirectory (relative to the document root of your web site) in the Redirect Path
field. Please note that the path must begin and end with a slash (e.g.
/subdirectory/anothersubdirectory/
):
253
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
5.6 How Do I Create An FTP Account So That I Can Upload Files
To My Web Site?
Go to Sites > FTP > FTP-User
4.6.2.1).
and click on the Add new FTP-User button (see chapter
Select the web site for which you want to create the FTP user, then define a username for the FTP
account ([CLIENTNAME] is a placeholder and will be replaced by ISPConfig; you can see the final
username in the FTP user list) and a password and specify a hard disk quota in MB ( -1 means
unlimited):
254
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Afterwards you can find the new FTP user in the list under Sites > FTP > FTP-User
(where
you can also see the final username of the FTP user, client1tomsmith
in this case which
means that [CLIENTNAME] was replaced with client1
):
255
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
From the list view, it is possible to delete the FTP user (click on the
button).
You can now use the new FTP account to log into your web site (using an FTP client such as
FileZilla ) - use your web site domain (without http:// or https:// ) in the Server or Hostname
field of your FTP client and then your FTP username and password to log in:
256
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
After you've logged in, you can now see the directory structure of your web site. You must
upload web site contents into the web/ directory (or subdirectories of it) as this is the document root
of your web site; Perl or CGI scripts must go into the cgi-bin/ directory:
257
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Please note that Perl or CGI scripts that you upload into the cgi-bin/
directory must be
executable; you can make them executable by changing the file attributes through your FTP
client:
258
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
5.7 How Can I Use Perl/CGI Scripts With My Web Site?
First you must check the CGI checkbox for your web site on the Domain tab in ISPConfig:
259
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Afterwards, you can upload your Perl and CGI scripts to the cgi-bin/ directory of your web site
(they will only work in that directory). Please note that you must make your Perl and CGI
scripts executable (e.g. through your FTP client, see chapter 5.6) because otherwise they will
not work. Also, if you have enabled suExec for your web site, the scripts must be owned by the
correct user and group (which is already the case if you uploaded them through FTP).
5.8 How Do I Create An Email Account?
The first thing we have to do is to add the domain of the email account to the system. To do
this, go to Email > Email Accounts > Domain
and click on the Add new Domain button. Fill in
the domain name, select the correct client and enable the spamfilter for the domain, if desired:
260
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Now we can create an email account for that domain. Go to Email > Email Accounts > Email
Mailbox and click on the Add new Mailbox button. Select the domain and fill in an alias (i.e., the local
part or the part before the @ sign). The Realname and Send copy to fields are optional. Fill in a
password for the account, set a quota in MB (-1 means unlimited) and select a
spamfilter level to use: Non-Paying , Uncensored , Wants all spam
, Wants viruses , Normal ,
Trigger happy
, Permissive . The settings for each of these levels are defined under Email >
Spamfilter > Policy
. Please note that this setting overrides the spamfilter setting of the mail
domain (no matter what spamfilter level you chose for the mail domain; this is true even if you
disabled the spamfilter for the mail domain), with one exception: If you choose to not enable the
spamfilter for this email account, but the spamfilter is enabled for the mail domain, then the
spamfilter setting of the mail domain is used for this email account. Use Uncensored to disable the
spam-/virusfilter (see chapter 4.7.1.3):
261
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
After you have created the email account, you can find it in the list under Email > Email
Accounts > Email Mailbox
:
262
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
From the list view, it is possible to access the email account using a webmail application (click on
the
button; please note that you must have installed a webmail application yourself and defined the
webmail URL in the system configuration, as described in chapter 4.9.2.4) or to delete the email
account (click on the
button).
Every new email account will automatically receive a welcome email from the ISPConfig 3
system:
263
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
5.9 How Do I Activate The Spamfilter/Virus Scanner For An
Email Account?
When you create or edit an email account, you can select a spamfilter level to use: Non-Paying ,
Uncensored , Wants all spam
, Wants viruses , Normal , Trigger happy
, Permissive . The settings
for each of these levels are defined under Email > Spamfilter > Policy
. Please note that this
setting overrides the spamfilter setting of the mail domain (no matter what spamfilter level you
chose for the mail domain; this is true even if you disabled the spamfilter for the mail domain),
with one exception: If you choose to not enable the spamfilter for this email account, but the
spamfilter is enabled for the mail domain, then the spamfilter setting of the mail domain is used
for this email account. Use Uncensored to disable the spamfilter (see chapter 4.7.1.3).
264
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
5.10 How Do I Blacklist/Whitelist Email Addresses In The
Spamfilter?
To blacklist an email address in the spamfilter (which means that emails originating from that
email address will always be considered spam), go to Email > Spamfilter > Blacklist
and
click on the Add Blacklist record
button (see chapter 4.7.2.2).
Select the user or the whole domain that will benefit from this blacklist record in the User
drop-down menu, and then fill in the email address that you want to blacklist in the Email field.
If multiple whitelist/blacklist records apply, the Priority
field specifies which rule to use first (10
= highest priority, 1 = lowest priority). For example, if you blacklist @nastyspamdomain.com with a
priority of 5, you could whitelist gooduser@nastyspamdomain.com with a priority of 6 so that
gooduser@nastyspamdomain.com 's mails get through while @nastyspamdomain.com is blacklisted. In
most cases you can disregard the Priority field.
Make sure that the Active checkbox is checked and click on Save .
265
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Afterwards you can find the new blacklist record in the list under Email > Spamfilter >
Blacklist
:
266
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
From the list view, it is possible to delete the blacklist record (click on the
button).
Creating whitelist records works the same as for blacklist records - just go to Email >
Spamfilter > Whitelist
(see chapter 4.7.2.1).
5.11 How Do I Fetch Emails From A Remote Server With
ISPConfig And Put The Emails In A Local Email Account?
You can use ISPConfig to retrieve emails from a remote POP3 or IMAP account and put them into
a local mailbox (see chapter 4.7.3.1). To create such a Fetchmail account, go to Email > Fetchmail >
Fetchmail and click on the Add new Account button.
Select the protocol that should be used to retrieve emails from the remote server (POP3, IMAP,
POP3SSL, IMAPSSL), then specify the hostname of the remote mail server, the username of the
mailbox on the remote server together with the password, and select the local mailbox (in the
Destination field) where mails retrieved from the remote server should be put. If you want
emails to be automatically deleted on the remote host after they have been retrieved, check
the Delete emails after retrieval
checkbox:
267
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Afterwards you can find the new Fetchmail account in the list under Email > Fetchmail >
Fetchmail :
268
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
From the list view, it is possible to delete the Fetchmail account (click on the
button).
5.12 How Do I Create A DNS Zone?
To create a DNS zone, it is recommended to use the DNS Wizard (DNS > DNS Wizard > Add
DNS Zone ) which will automatically create a set of common DNS records for your domain (like www,
mail , ns records, etc.) (see chapter 4.8.1.1).
269
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Afterwards you can find the new zone in the list under DNS > DNS > Zones
:
270
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
From the list view, it is possible to delete the DNS zone (click on the
button).
If you edit the zone and go to the Records tab, you will see the records that have automatically
been created by the DNS Wizard (the Default template will create A records for mydomain.com ,
www.mydomain.com , and mail.mydomain.com , two NS (nameserver) records, plus an MX (mail
exchanger) record for mydomain.com that points to mail.mydomain.com
):
271
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
On the Records tab, you can edit or delete existing records and add further ones.
5.13 How Do I Create A Secondary DNS Zone?
(This feature is supported only if you use the BIND name server. If you use MyDNS, database
replication will be used to transfer data to the secondary DNS server.)
If you've already created the master DNS zone for a domain on another server and would like to
use ISPConfig to create the secondary zone for the domain on one of the servers controlled by
ISPConfig, go to DNS > Secondary DNS > Secondary Zones and click on the Add new
secondary DNS Zone button (see chapter 4.8.3.1).
Select the server and the client for the secondary zone, then fill in the domain for which you
want to create the secondary zone in the DNS Zone field, e.g. someexampledomain.com . - please
note that you need a dot at the end. Then specify the IPv4 address of the primary nameserver for
the domain in the NS field, e.g. 1.2.3.4 . Make sure that the Active checkbox is checked
and click on Save :
272
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Afterwards you can find the new zone in the list under DNS > Secondary DNS > Secondary
Zones :
273
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
From the list view, it is possible to delete the secondary DNS zone (click on the
button).
5.14 How Do I Create A Mirror?
Please take a look at chapter 3.3
5.15 How Do I Split Up Services Between Multiple Servers?
Please take a look at chapter 3.2.
5.16 How Do I Unblock An IP Address That Got Blocked By
fail2ban?
If you want to unblock an IP address that got blocked by fail2ban, first run
274
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
iptables -L
Output could be as follows:
root@server1:~# iptables -L
Chain INPUT (policy ACCEPT)
target
prot opt source
fail2ban-ssh tcp -- anywhere
destination
anywhere
tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target
prot opt source
destination
Chain OUTPUT (policy ACCEPT)
target
prot opt source
destination
Chain fail2ban-ssh (1 references)
target
prot opt source
destination
DROP
0 -- some.remote.host anywhere
RETURN
0 -- anywhere
anywhere
root@server1:~#
Notice some.remote.host
is currently being blocked here. You can tell iptables to drop that rule.
The syntax is iptables -D <rulename> <rule line>
. To unblock some.remote.host
, run
iptables -D fail2ban-ssh 1
Run iptables -L
again, and you should see that the rule is gone, and some.remote.host
should be able to log in via SSH again.
5.17 How Do I Create A Subdomain And Redirect It To A
Different Folder/Web Site?
Go to Sites > Websites > Subdomain for website
(see chapter 4.6.1.2). In the Redirect
Type field, please select the flag that you want to use for the redirect:
Flags:
• R: Use of the [R] flag causes a HTTP redirect to be issued to the browser. If a fully-qualified URL
is specified (that is, including http://servername/ ) then a redirect will be issued to that
location. Otherwise, the current servername will be used to generate the URL sent with the
redirect.
• L: The [L] flag causes mod_rewrite to stop processing the rule set. In most contexts, this
275
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
means that if the rule matches, no further rules will be processed.
• R,L: You will almost always want to use [R] in conjunction with [L] (that is, use [R,L]) because
on its own, the [R] flag prepends http://thishost[:thisport]
to the URI, but then passes
this on to the next rule in the ruleset, which can often result in 'Invalid URI in request'
warnings.
More details about flags can be found here:
http://httpd.apache.org/docs/2.2/rewrite/rewrite_flags.html
If you want to do a URL redirect, you should use the R,L flags, while for a directory redirect it is recommended to just
use the L flag.
If you want to do a URL redirect, please specify the redirect target URL in the Redirect Path
field (e.g. http://www.someotherwebsite.com/subdir/
or http://www.someotherwebsite.com/
Please note that the URL should have a trailing slash:
).
If you want to do a redirect to a subdirectory of your web site, please specify the subdirectory or
the path to the subdirectory (relative to the document root of your web site) in the Redirect Path
field. Please note that the path must begin and end with a slash (e.g.
/subdirectory/anothersubdirectory/
):
276
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
5.18 How Do I Manually Configure New IP Addresses On My
System?
I'm assuming that your system uses the static IP address 192.168.0.100
interface eth0 , and that you want to add the IP address 192.168.0.101
on the network
to that interface.
Debian/Ubuntu:
Open /etc/network/interfaces
:
vi /etc/network/interfaces
It will probably look like this:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
277
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
What we do now is duplicate the eth0 stanza, but instead of eth0 we use eth0:0
(a virtual
network device), and in the address line we use the new IP address 192.168.0.101
instead of
192.168.0.100
. All other settings remain the same. In the end the complete file looks as
follows:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
auto eth0:0
iface eth0:0 inet static
address 192.168.0.101
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
(If you want to use a third, fourth, etc. IP address, use the virtual interfaces eth0:1 , eth0:2 , and
so on. If you are unsure about the network settings, you can use this network calculator:
http://subnetmask.info/ .)
Restart the network afterwards:
278
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
/etc/init.d/newtorking restart
The command
ifconfig
should show the new interface afterwards:
server1:~# ifconfig
eth0
Link encap:Ethernet HWaddr 00:0C:29:FD:78:BE
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fefd:78be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:130 errors:0 dropped:0 overruns:0 frame:0
TX packets:137 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:12592 (12.2 KiB) TX bytes:31876 (31.1 KiB)
Base address:0x1070 Memory:ec820000-ec840000
eth0:0 Link encap:Ethernet HWaddr 00:0C:29:FD:78:BE
inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Base address:0x1070 Memory:ec820000-ec840000
lo
Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
server1:~#
Fedora/CentOS:
The file /etc/sysconfig/network-scripts/ifcfg-eth0
contains the settings for eth0 . We can
use this as a sample for our new virtual network interface eth0:0
(which we use for our
additional IP address 192.168.0.101
):
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0
279
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Now we want to use the IP address 192.168.0.101
on the virtual interface eth0:0 . Therefore
we open the file /etc/sysconfig/network-scripts/ifcfg-eth0:0
and modify it as follows (use
eth0:0 in the DEVICE line and 192.168.0.101
in the IPADDR line; the other settings should
remein the same; we can leave out the HWADDRline as it is the same physical network card):
vi /etc/sysconfig/network-scripts/ifcfg-eth0:0
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=192.168.0.255
IPADDR=192.168.0.101
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
(If you want to use a third, fourth, etc. IP address, do the same steps again, but use the virtual
interfaces eth0:1 , eth0:2 , and so on. If you are unsure about the network settings, you can
use this network calculator: http://subnetmask.info/
.)
Restart the network afterwards:
/etc/init.d/network restart
Now run
ifconfig
You should now see your new IP address in the output:
[root@server1 ~]# ifconfig
eth0
Link encap:Ethernet HWaddr 00:0C:29:FD:78:BE
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fefd:78be/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:130 errors:0 dropped:0 overruns:0 frame:0
TX packets:137 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:12592 (12.2 KiB) TX bytes:31876 (31.1 KiB)
Base address:0x1070 Memory:ec820000-ec840000
eth0:0 Link encap:Ethernet HWaddr 00:0C:29:FD:78:BE
inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
280
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Base address:0x1070 Memory:ec820000-ec840000
lo
Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
[root@server1 ~]#
OpenSUSE:
Start YaST:
yast2
Go to Network Devices > Network Settings
:
281
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Mark the current network interface and select [Edit]
In the Additional Addresses
:
box, select [Add] :
282
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Fill in 0 in the Alias Name field (this translates to the virtual network interface eth0:0 ; if you
want to add a third, fourth, etc. IP address later on, you'd use 1, 2, etc. in this field - this would
translate to eth0:1 , eth0:2 , and so on), 192.168.0.101
in the IP Address field, and
255.255.255.0
in the Netmask field (in most cases the netmask is the same as for eth0 ; if you
are unsure about the network settings, you can use this network calculator:
http://subnetmask.info/ ). Then select [OK] :
283
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Select [NEXT] on the following screen:
284
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Select [OK] :
285
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Now you can leave YaST by selecting [Quit]
:
286
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Now run
ifconfig
You should now see your new IP address in the output:
server1:~ # ifconfig
eth0
Link encap:Ethernet HWaddr 00:0C:29:0A:18:82
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe0a:1882/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:326 errors:0 dropped:0 overruns:0 frame:0
TX packets:67 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:33800 (33.0 Kb) TX bytes:7555 (7.3 Kb)
eth0:0
Link encap:Ethernet HWaddr 00:0C:29:0A:18:82
inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo
Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
287
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:100 (100.0 b) TX bytes:100 (100.0 b)
server1:~ #
5.19 How To Build A PureFTPd Debian Package For
OpenVZ Virtual Machines (Without Capabilities Enabled)
The PureFTPd package that comes with Debian 5.0 (Lenny) does not start in an OpenVZ
virtual machine as it is compiled with "capabilities". This tutorial describes the steps to build a
PureFTPd Debian package with capabilities disabled:
Make a temporary directory:
mkdir /usr/src/pure-ftpd
cd /usr/src/pure-ftpd
Download the source package for PureFTPd:
apt-get source pure-ftpd
apt-get build-dep pure-ftpd
Edit the rules file and add the switch -&ndash;without-capabilities
:
cd pure-ftpd-1.0.21/debian
nano rules
Change the line:
optflags=--with-everything --with-largefile --with-pam --with-privsep --with-tls
to (one line!):
288
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
optflags=--with-everything --with-largefile --with-pam --with-privsep --with-tls --without-capabilities
Build the Debian (.deb) package...
cd ..
dpkg-buildpackage -uc -b
... and install it:
cd ..
dpkg -i pure-ftpd-common_1.0.21-11.4_all.deb pure-ftpd-mysql_1.0.21-11.4_i386.deb
/etc/init.d/pure-ftpd-mysql restart
To prevent that apt overwrites these manually compiled packages with the default packages
from the Debian repositories, execute these commands:
echo 'pure-ftpd-common hold' | dpkg --set-selections
echo 'pure-ftpd-mysql hold' | dpkg --set-selections
5.20 How To Display Hidden Files With PureFTPd On
Debian And Ubuntu Linux
If hidden files (files that start with a dot like .htaccess, .bash_history, .profile or .ssh) are not
displayed in your FTP client, then they are most likely disabled in the FTP server. To enable
hidden files in PureFTPd on Debian and Ubuntu Linux, execute this command...
echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles
... and then restart PureFTPd:
/etc/init.d/pure-ftpd-mysql restart
289
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
5.21 PureFTPd Does Not Show More Than 2,000 Files On
Debian And Ubuntu
The PureFTPd daemon by default has a recursion limit of 2,000 files, this prevents the server from
showing more than 2,000 files when you browse a directory with an FTP client. To
expand this limit to e.g. 5,000 files, create or edit the file /etc/pure-ftpd/conf/LimitRecursion
and add the line 5000 500 :
echo "5000 500" > /etc/pure-ftpd/conf/LimitRecursion
Then restart PureFTPd:
/etc/init.d/pure-ftpd-mysql restart
5.22 How To Speed Up Logins In PureFTPd On Debian Or
Ubuntu Linux By Disabling Name Resolving
If you experience problems with slow logins in PureFTPd, this is often caused by a problem with
the resolving of the client's hostname. This happens e.g. when you run an FTP server in your
intranet and the hostname of the client computer does not exist in DNS. To disable name resolving
in PureFTPd, run the command:
echo 'yes' > /etc/pure-ftpd/conf/DontResolve
Then restart PureFTPd:
/etc/init.d/pure-ftpd-mysql restart
Disabling name resolving also fixes the following error message:
Jul 24 16:26:28 ispconfig pure-ftpd: (?@?) [ERROR] Sorry, invalid address given
5.23 How To Enable Verbose Logging In PureFTPd On
Debian And Ubuntu Linux
To turn on verbose logging (e.g. to debug FTP connection or authentication problems) in
PureFTPd FTP server on Debian and Ubuntu Linux, execute the following command as root user
on the shell:
290
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
echo 'yes' > /etc/pure-ftpd/conf/VerboseLog
Then restart PureFTPd:
/etc/init.d/pure-ftpd-mysql restart
The debug output will be logged to syslog. To view the log content, execute:
tail -n 100 /var/log/syslog
To disable verbose logging, execute these commands:
rm -f /etc/pure-ftpd/conf/VerboseLog
/etc/init.d/pure-ftpd-mysql restart
5.24 How To Enable FTPS For PureFTPd On Debian And
Ubuntu Linux
To enable FTPS for PureFTPd on Debian Lenny and Ubuntu, run:
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out
/etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem
Then restart PureFTPd:
/etc/init.d/pure-ftpd-mysql restart
291
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
6 Security Considerations
6.1 How Do I Disable Certain PHP Functions?
Debian/Ubuntu:
Debian and Ubuntu systems come with multiple php.ini files (/etc/php5/apache2/php.ini
for
mod_php, /etc/php5/cgi/php.ini
for Fast-CGI and CGI, and /etc/php5/cli/php.ini
for
command-line PHP). You can use the disable_functions =
directive to disable potentially
dangerous PHP functions such as exec , passthru , popen , ini_set , system , but only in
/etc/php5/apache2/php.ini
and /etc/php5/cgi/php.ini
, e.g. as follows:
[...]
; This directive allows you to disable certain functions for security reasons. ; It
receives a comma-delimited list of function names. This directive is ; *NOT*
affected by whether Safe Mode is turned On or Off.
disable_functions
=
exec,passthru,popen,ini_set,system,show_source,shell_exec,proc_open,phpinfo
[...]
If you modify /etc/php5/apache2/php.ini
, please do not forget to restart Apache afterwards:
/etc/init.d/apache2 restart
Please note that you must not disable any functions in the php.ini file for the command line,
/etc/php5/cli/php.ini
, because if you do, ISPConfig will not work correctly anymore!
Fedora/CentOS/OpenSUSE:
These distributions come with just one php.ini file which is used by mod_php, Fast-CGI/CGI,
and command-line PHP. Therefore we cannot disable PHP functions in that php.ini file
because that would also affect command.line PHP, and ISPConfig would not work anymore.
But you can disable functions individually for each web site in ISPConfig, either through the
Custom php.ini settings
field (if you use Fast-CGI, CGI, or SuPHP), or through the Apache
directives
field (if you use Mod-PHP), both on the Options tab of a web site (see chapter
4.6.1.1).
In the Custom php.ini settings
field, you can place something like
disable_functions =
exec,passthru,popen,ini_set,system,show_source,shell_exec,proc_open,phpinfo
In the Apache directives
field, you can use the php_flag disable_functions
directive, one
292
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
directive per function, e.g. as follows:
php_flag disable_functions exec
php_flag disable_functions passthru
php_flag disable_functions popen
php_flag disable_functions ini_set
php_flag disable_functions system
php_flag disable_functions show_source
php_flag disable_functions shell_exec
php_flag disable_functions proc_open
php_flag disable_functions phpinfo
6.2 Enabling SSL For The ISPConfig Web Interface
(These instructions are for Debian/Ubuntu.)
The ISPConfig control panel login is running on http by default. This short tutorial shows you how
to enable SSL encryption (https) for the ISPConfig vhost.
Make the directory for the SSL certificate:
mkdir /etc/apache2/ssl cd /etc/apache2/ssl
Create the SSL certificate files:
openssl genrsa -des3 -out ispserver.key 4096
openssl req -new -key ispserver.key -out ispserver.csr
openssl x509 -req -days 3650 -in ispserver.csr \
-signkey ispserver.key -out ispserver.crt
openssl rsa -in ispserver.key -out ispserver.key.insecure
mv ispserver.key ispserver.key.secure
mv ispserver.key.insecure ispserver.key
Enable the mod_ssl module:
a2enmod ssl
293
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Edit the ISPConfig vhost file...
vi /etc/apache2/sites-available/ispconfig.vhost
... and insert the following lines between the <VirtualHost &hellip;.></VirtualHost>
tags:
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/ispserver.crt
SSLCertificateKeyFile /etc/apache2/ssl/ispserver.key
Restart Apache2:
/etc/init.d/apache2 restart
The ISPConfig control panel login is now reachable on port 8080 by https.
6.3 Using SuExec For The ISPConfig Web Interface
(These instructions are for Debian/Ubuntu.)
Before you do this, you should close all browser windows where you use ISPConfig because
afterwards the current sessions will be invalid.
Open /etc/apache2/sites-available/ispconfig.vhost
vi /etc/apache2/sites-available/ispconfig.vhost
... and comment out the <IfModule mod_php5.c>...</IfModule>
section:
[...]
# <IfModule mod_php5.c>
#
DocumentRoot /usr/local/ispconfig/interface/web/
#
AddType application/x-httpd-php .php
# <Directory /usr/local/ispconfig/interface/web>
#
Options FollowSymLinks
#
AllowOverride None
#
Order allow,deny
#
Allow from all
#
php_value magic_quotes_gpc
0
# </Directory>
# </IfModule>
294
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
[...]
Then delete the following symlink...
rm -f /var/www/ispconfig
... and restart Apache:
/etc/init.d/apache2 restart
6.4 What Are Secure Settings For Web Sites Created
Through ISPConfig?
• Use Fast-CGI, CGI, or SuPHP instead of Mod-PHP.
• Always activate suExec if you use Fast-CGI or CGI.
• Enable only the features that you really need. For example, if you don't need SSI for a web site,
then don't enable it.
6.5 How Do I Make fail2ban Monitor Additional Services?
(These instructions are for Debian/Ubuntu.)
By default, fail2ban monitors the SSH service and tries to block users with too many failed
login attempts for this service. But fail2ban can also be used to monitor additional services and
block users with too many failed login attempts. This tutorial has more details about it:
http://www.howtoforge.com/fail2ban_debian_etch
6.5.1 PureFTPd
Open /etc/fail2ban/jail.local
:
vi /etc/fail2ban/jail.local
Add the following section at the end:
295
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
[...]
[pureftpd]
enabled = true
port
= ftp
filter = pureftpd
logpath = /var/log/syslog
maxretry = 3
Then create the file /etc/fail2ban/filter.d/pureftpd.conf
:
vi /etc/fail2ban/filter.d/pureftpd.conf
[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =
Restart fail2ban:
/etc/init.d/fail2ban restart
6.5.2 SASL
Open /etc/fail2ban/jail.local
vi /etc/fail2ban/jail.local
... and make sure you have the following section in it:
[...]
[sasl]
enabled = true
port
= smtp
filter = sasl
failregex = warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
logpath = /var/log/mail.log
maxretry = 5
[...]
296
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Restart fail2ban:
/etc/init.d/fail2ban restart
6.5.3 Courier
Open /etc/fail2ban/jail.local
vi /etc/fail2ban/jail.local
... and make sure you have the following two sections in it:
[...]
[courierpop3]
enabled = true
port
= pop3
filter = courierlogin
failregex = courierpop3login: LOGIN FAILED.*ip=\[.*:<HOST>\]
logpath = /var/log/mail.log
maxretry = 5
[courierimap]
enabled = true
port
= imap2
filter = courierlogin
failregex = imapd: LOGIN FAILED.*ip=\[.*:<HOST>\]
logpath = /var/log/mail.log
maxretry = 5
[...]
Restart fail2ban:
/etc/init.d/fail2ban restart
6.5.4 Dovecot
297
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
Open /etc/fail2ban/jail.local
:
vi /etc/fail2ban/jail.local
Add the following section at the end:
[...]
[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 20
findtime = 1200
bantime = 1200
Then create the file /etc/fail2ban/filter.d/dovecot-pop3imap.conf
:
vi /etc/fail2ban/filter.d/dovecot-pop3imap.conf
[Definition]
failregex = (?: pop3-login|imap-login):
(?:Authentication failure|Aborted login
\(auth failed|Aborted login
\(tried to use
disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
ignoreregex =
Restart fail2ban:
/etc/init.d/fail2ban restart
7 Troubleshooting
7.1 How Do I Find Out What Is Wrong If ISPConfig Does Not
Work?
1) Did all jobs finish? Take a look at the job queue (Monitor > System State (All Servers) >
Show Jobqueue ) (see chapter 4.10.1.3). Jobs that are listed there are either not yet
completed (i.e., ISPConfig is still working on them) or did not complete because of some kind of
problem.
298
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
[ISPConfig 3 Manual ]
2) If there are open jobs, please check if there are messages with the status "error" in the
system log (Monitor > System State (All Servers) > Show System-Log
) (see chapter
4.10.1.2). If there are, please try to fix the error. After you have fixed the error, please delete the
error message from the system log in ISPConfig, so that ISPConfig can continue to
process the open jobs.
3) If it is not clear what is causing the error, please set the log level to Debug under System >
System > Server Config
(see chapter 4.9.2.2). After one or two minutes, there should be more
detailed messages in ISPConfig's system log (Monitor > System State (All Servers) > Show
System-Log ).
4) If this still doesn't help, then go to the command line of the server on which the error
happens (on multiserver systems, it is often the slave and not the master) and run (as root):
crontab -e
Comment out the server.sh
cron job:
#* * * * * /usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log
Then run the command:
/usr/local/ispconfig/server/server.sh
This will display any errors directly on the command line which should help you to fix the error.
If you have fixed the error, please don't forget to uncomment the server.sh cron job again.
299
The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by
any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed
form for your personal use. All rights reserved.
Uploaded by: SiByte | http://SiByte.si/
Download PDF
Similar pages