2010年11月30日 星期二

ISPCP安裝實作


CentOS 5.5安裝ispcp控制台
安裝新的 cent os server選項打勾就好了! (系統服務的部分,等下安裝的時候會裝上)

[root@centisp ~]# yum update 更新升級系統

EPEL (Extra Packages for Enterprise Linux)

由於需要安裝必要套件,EPEL這個套件有大部分需要的可以參考網站安裝或直接指令安裝               
su -c 'rpm -Uvh \
http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm'

Les RPM de Remi

cd /etc/yum.repos.d
wget http://rpms.famillecollet.com/enterprise/remi.repo
wget http://rpms.famillecollet.com/RPM-GPG-KEY-remi
rpm --import RPM-GPG-KEY-remi
rm -f RPM-GPG-KEY-remi
vi /etc/yum.repos.d/remi.repo 編輯這個檔案,修改[remi]這個區塊裡的 enable=0 改為1,在新增下面的內容在後面
includepkgs=mysql* php* sqlite*

RPMForge   參考wiki網站

rpm -Uhv \(換行)
http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

vi /etc/yum.repos.d/rpmforge.repo  編輯加入下面資料

includepkgs=postgrey clamav clamd amavisd-new clamav-data clamav-filesystem \
clamav-lib clamav-server-sysv zoo unrar lha ripole clamav-db
[root@centisp yum.repos.d]# yum remove clamav-*
[root@centisp yum.repos.d]# yum install clamav clamd amavisd-new   Y進行安裝
mkdir -p /var/spamassassin/bayes
chown -R amavis. /var/spamassassin/bayes

use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam 1
bayes_auto_learn_threshold_spam 7.5
bayes_path /var/spamassassin/bayes/bayes
bayes_file_mode 0777
score DNS_FROM_OPENWHOIS 0
ok_languages all
ok_locales all

 
vi /etc/mail/spamassassin/local.cf  在這檔案中加入下面資料














安裝postfix
yum install postfix
cd /etc/postfix
openssl req -x509 -nodes -days 1850 -newkey rsa:2048 -keyout privkey.pem -out cert.pem
上面那個需要輸入一些基本資料,留空白也可以
[root@centisp postfix]# chkconfig amavisd on
[root@centisp postfix]# /etc/init.d/postfix restart
[root@centisp postfix]# /etc/init.d/amavisd restart   這邊會出現錯誤訊息! 來去編輯設定檔解決這個問題
                     vi /etc/amavisd.conf
                     $mydomain = 'ezso.tw';   # a convenient default for other settings 輸入正確網址
                     #$myhostname = 'ezso.tw';  # must be a fully-qualified domain name!  去掉#符號 輸入主機名稱
[root@centisp postfix]# /etc/init.d/amavisd restart

接著在下載一些套件

[root@ezso ~]# cd /tmp

[root@ezso ~]# wget http://www.thatfleminggent.com/packages/centos/5/i386/courier-authlib-0.63.0-1.el5.mf.i386.rpm

[root@ezso ~]# wget http://www.thatfleminggent.com/packages/centos/5/i386/courier-authlib-userdb-0.63.0-1.el5.mf.i386.rpm

[root@ezso ~]# wget http://www.thatfleminggent.com/packages/centos/5/i386/courier-imap-4.8.0-1.el5.mf.i386.rpm

下載 policyd-weight

說明請自行參考官網,好像是配合postfix過濾垃圾郵件,病毒郵件的套件
wget http://superb-sea2.dl.sourceforge.net/project/policyd-weight/policyd-weight/\
0.1.15%20beta-3/policyd-weight-0.1.15dev3-1.noarch.rpm
關閉 SElinux
setenforce 0
vi /etc/selinux/config            SELINUX=enforcing 改成 SELINUX=disabled
[root@centisp tmp]# reboot    

Extract ispCP ω Archive 下載ispcp
cd /tmp
wget 下載網址
tar -xvjf ispcp-omega-1.0.7-rc1.tar.bz2
安裝ISPCP
cd /tmp/ispcp-omega-1.0.7
yum install `cat ./docs/CentOS/centos-packages`
安裝perl套件 如果你是第一次安裝,問你是否要自訂安裝選項輸入NOcontine
perl -MCPAN -e 'install Term::ReadPassword'
安裝policyd-weight套件
cd /tmp
rpm -Uvh courier-* policyd-weight-*
移除sendmail
                    yum -y remove sendmail
建立使用群組
[root@ezso tmp]# groupadd -g 3000 courier
[root@ezso tmp]# useradd -u 3000 -c 'Courier Mail Server' -d /dev/null -g courier -d /bin/false courier
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.  警告訊息可以不用管他

啟動 Mysql 時由於是第一次啟動所以會有訊息說要去設定密碼~先不用裡他~因為後面就會下指令更新密碼了
[root@ezso tmp]# service mysqld start
[root@ezso tmp]# mysql_fix_privilege_tables
[root@ezso tmp]# mysql_secure_installation     設定mysql的密碼
mv /etc/httpd/conf.d /etc/httpd/conf.d-disabled
[root@ezso tmp]# mv /etc/httpd/conf.d /etc/httpd/conf.d-disabled
[root@ezso tmp]# mv /var/named/data /var/named/data-disabled
[root@ezso tmp]# ln -s /var/named/chroot/var/named/data /var/named/data
[root@ezso tmp]# echo 'include "/etc/named-ispcp.conf";' >> /var/named/chroot/etc/named.conf

確保perl的版本是新的,後面會先移除本機perl套件
yum remove perl-version
安裝新版 perl
[root@ezso tmp]# cd /tmp
[root@ezso tmp]# rpm -ivh perl-version*
cd /tmp/ispcp-omega-1.0.7
make -f Makefile.centos
cp -RLf /tmp/ispcp/* /
cd /var/www/ispcp/engine/setup
perl ispcp-setup  啟動ispcp安裝程式

按照安裝提問依序完成
[root@ezso setup]# touch /etc/sasldb2
[root@ezso setup]# mkdir -p /var/spool/postfix/etc
[root@ezso setup]# cp /etc/sasldb2 /var/spool/postfix/etc

Vi  /usr/lib/sasl2/smtpd.conf    允許驗證 編輯設定檔加入下面資訊,並註解掉原本設定資料

編輯 Apache Httpd
[root@ezso setup]# echo 'include vhosts/*.conf' >> /etc/httpd/conf/httpd.conf
在最後面檢查這行只要一行就行了   include vhosts/*.conf
變更登入的port 60000
[root@ezso setup]# vi /etc/init.d/postgrey
OPTIONS="--unix=$SOCKET"   改成  OPTIONS="--unix=$SOCKET --inet=60000"
啟動預設服務
chkconfig --level 345 httpd on
chkconfig --level 345 mysqld on
chkconfig --level 345 ispcp_network on
chkconfig --level 345 ispcp_daemon on
chkconfig --level 345 amavisd on
chkconfig --level 345 named on
chkconfig --level 345 proftpd on
chkconfig --level 345 postgrey on chkconfig --level 345 spamassassin on

     啟動ispcp出現不支援chkconfig訊息時,請編輯vi /etc/init.d/ispcp_network
     # chkconfig: 2345 85 15
# description: ispcp_network service 
加入這行
chkconfig --add ispcp_network          再次啟動看看chkconfig --level 345 ispcp_network on
啟動伺服器
service httpd start
service mysqld start
service ispcp_network start
service ispcp_daemon start
service amavisd start
service named start
service proftpd start
service postgrey start
service spamassassin start
chmod 775 /var/www/ispcp/gui/phptmp
移除暫存ispcp目錄
rm -Rf /tmp/ispcp

參考iptables設定值
3.7 Open needed ports

You will need to open ports to the services you plan to use. For me the easiest way was to edit the iptable file and add the ports needed. To do this you will need to edit the /etc/sysconfig/iptables and add the ports.
Add the lines below above the ”-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited” line. If you add them below the reject line the ports will not open:

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT
Next restart iptabes:

/etc/init.d/iptables restart

~忙了半天終於可以登入看看了



更換語言方式: 解開下載壓縮包內容有繁體中文語系,上傳到語言更新項目,在功能列表就可以變換語系了