Tag Archives: ispconfig3

ISPConfig 3.1 Automated Installation

Miscellaneous, , , , ,

This article is about Automated Installation of ISPConfig3.1 on Ubuntu 18.04 and the issue with Roundcube.

The installation steps can be found here and very well laid down – https://www.howtoforge.com/tutorial/ubuntu-ispconfig-automated-install-script/

I installed it on a Linode instance (the $10 instance).

The first thing I found is the softwares is better updated manually prior to the automated installation of the ISPConfig. In my case the installer script couldn’t install the updates.

The biggest problem I faced was after the installation Roundcube was neither sending or receiving any mails. Though the mailbox is opening and I can compose mails but on sending the mail it failed with a “Timed Out” error. Neither any incoming mails were received.

Upon searching and going through lots of suggestions (even a re-installation of Roundcube) ultimately found the issue was with two lines in the postfix master file (marked with red color and bold below)

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

The # infront of the submission and smtps needs to be removed.

Thanks to Till and this post on HowtoForge

One more important issue was this line in the main.cf file

mydestination = domain-name.com, localhost, localhost.localdomain

Though by default the domain name was added to the config but it prevented mails from being received. After removing the domain name and leaving only the localhost entries everything worked fine

While trying to fix the problem I found in the process – for ISPConfig based setup it is better to leave the SSL Certificate settings that the script has set. I tried changing to a purchased SSL and incoming mails stopped. It was about 4:30 AM in the morning and was too tired to do anything more. So reverted back to the original files and everything was fine.

While trying different possible solutions I had enabled the necessary ports in UFW. So is  not sure if that is really needed or not. But worth giving a try if mails are not delivered or received even after correcting the settings in the /etc/postfix/master.cf file

Roundcube errors can be found here – /var/log/roundcube/errors

ISPConfig with Jailkit – allowing custom or other commands for users

Miscellaneous, , , ,

By default Jailkit allows certain commands or applications only. Below is the process to allow your users to access other commands or any custom command.

Here I wanted users to access PHP commandline and composer

  1. If needed then first install those applications normally as root
  2. Add entries for the applications/commands to the jailkit config file

 
These block names will be used in ISPConfig.

The folder/directories are important - else the necessary libraries and supporting files will not be copied and the application will not work properly for the users.
  3. Once the blocks have been added, the programs and all related files will have to be copied to the particular users webspace. 

The jk_init command copies all files and related libraries with permissions. 

jk_init -c /etc/jailkit/jk_init.ini -f -k -j /var/www/clients/clientXXX/webXXX php

jk_init -c /etc/jailkit/jk_init.ini -f -k -j /var/www/clients/client1/web3 composer

  4. After copying the files update the Jailkit section of ISPConfig - add the block names of the applications that the users will be permitted to use
System -> Server Config -> Jailkit chroot app section

If the commands are still not accessible – then the users should try relogin first.