CentOS Installation Guide

ispCP Version	1.0.5
INSTALL Script	1.6
Maintainer	motokochan
Linux Distros	CentOS 5.4
Last Update	26.03.2010

This installation of ispCP ω has three major sections: Pre-Install Preparation, Install, and Post-Install Configuration. The installation should take 30-60 minutes.

This documentation was written for CentOS 5, specifically 5.4. While you might be able to install on earlier versions, you may encounter difficulties or differences. In addition, this guide uses the YUM tool to install packages. If you normally use a different tool, you will need to modify the instructions to fit your system.

The instructions are based on a minimum installation of CentOS with no optional packages marked during OS install. If you selected additional options during the install process, some extra server services may need to be disabled to avoid interfering with the packages used by ispCP ω.

The install instructions attempt to keep system changes to a minimum, so these instructions should also work under Red Hat Enterprise Linux 5. If you encounter differences, please notify the maintainer.

The install instructions should be done under the root account.

Warning This documentation is undergoing rewriting. It may be inaccurate in some parts, or leave steps out. This note will be removed when the documentation has been brought back up to quality.

There is no must-have specification for systems running ispCP ω. The following are recommended minimums.

• Pentium III or K6-4 with 500 MHz
• 512 MB RAM
• 100 MB free disk space for ispCP ω itself
• A supported Linux distribution - this guide is for CentOS 5

Required software packages are listed in docs/CentOS/centos-packages.

The very first thing you should do is make sure your base Linux install is fully updated. To do so, simply run

yum update

as root. If there was a kernel upgrade, you will want to reboot before continuing.

The CentOS repositories do not include all the software needed to run icpCP ω. You will need to add two repositories to your system to install everything you need.

EPEL contains most of the additional packages needed.

You should install this repository following the linked instructions.

Remi Collet maintains a repository of updated packages for Fedora and CentOS/RHEL. We need his repository to install updated PHP and MySQL packages as CentOS 5 comes with PHP 5.1 and we need PHP 5.2 at a minimum.

First, install the repository following the linked instructions.

The repository installs in a disabled state. We now want to enable the repository and only include the packages we want from it. To do this, edit the file /etc/yum.repos.d/remi.repo. In the file, under the [remi] heading, change the value of enabled from 0 to 1, then add the following line at the bottom of that section:

includepkgs=mysql* php* sqlite*

RPMForge is needed for one package that none of the other repositories currently has.

First, install the repository following the linked instructions.

We do not want all the packages from RPMForge as it replaces a good deal of the system. To avoid this, edit the file /etc/yum.repos.d/rpmforge.repo. In the file, add the following line at the end:

includepkgs=postgrey clamav clamd amavisd-new clamav-data clamav-filesystem clamav-lib 
clamav-server-sysv zoo unrar lha ripole clamav-db

yum remove clamav-*
yum install p7zip

then install the following packages

yum install clamav clamd amavisd-new

and run this commands :

mkdir -p /var/spamassassin/bayes
chown -R amavis. /var/spamassassin/bayes

In /etc/mail/spamassassin/local.cf change the following parameters to this:

use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam 1
bayes_auto_learn_threshold_spam 7.5

bayes_path /var/spamassassin/bayes/bayes
bayes_file_mode 0777

score FH_DATE_PAST_20XX 0
score DNS_FROM_OPENWHOIS 0

ok_languages all
ok_locales all

Run the following command:

cd /etc/postfix
openssl req -x509 -nodes -days 1850 -newkey rsa:2048 -keyout privkey.pem -out cert.pem

change the service configuration:

chkconfig amavisd on
/etc/init.d/postfix restart
/etc/init.d/amavisd restart

There are a few pieces of software you will need to download individually that aren't in any major repositories.

Michael Fleming maintains RPMs of Courier-IMAP at his website, thatfleminggent.com.

You will need to download the latest RPMs of courier-imap, courier-authlib, and courier-authlib-userdb from his site at the following locations:

• i386 (32-bit): http://www.thatfleminggent.com/packages/centos/5/i386/repoview/system_environment.daemons.group.html
• x86_64 (64-bit): http://www.thatfleminggent.com/packages/centos/5/x86_64/repoview/system_environment.daemons.group.html

RPMs for policyd-weight can be found at the project's SourceForge Files area

SELinux will need to be disabled if it is enabled. To disable, run

setenforce 0

as root. To ensure that it stays disabled between reboots, edit the file /etc/selinux/config and change the value of SELINUX to disabled.

If you have not already, download the icpCP ω package and extract it. Once extracted, change into the directory to prepare for the next steps.

A list of packages required by this software is located in docs/CentOS/centos-packages and can be used to easily install the packages you need by running the following command:

yum install `cat ./docs/CentOS/centos-packages`

Note: Running this command will install both x86_64 and i3/5/686 packages on x86_64 installs for all packages that have both architectures in the repository! To avoid, either add

exclude=*.i386 *.i586 *.i686

for your yum repository configuration files, or install the packages listed in the file one-by-one, making sure to specify the package name in the format packagename.x86_64.

There is also one Perl package you will need to install as there is no RPM for it. This is as simple as running the command

perl -MCPAN -e 'install Term::ReadPassword'

as root. If you have not run CPAN before, you will be prompted for manual configuration. You can simply say no and the install will continue.

Next, install the Courier and policyd RPMs you downloaded. You can use the following commands in the directory where you downloaded the RPMs:

rpm -Uvh courier-*
rpm -Uvh policyd-weight-*

CentOS installs Sendmail by default, but icpCP ω uses Postfix. Simply run the command

 yum remove sendmail

to remove Sendmail and have Centos switch to the Postfix which was just installed.

Courier needs a user and group account configured to run, and the following commands run as root will create them:

groupadd -g 3000 courier
useradd -u 3000 -c 'Courier Mail Server' -d /dev/null -g courier -d /bin/false courier

MySQL will also need to be configured. First, make sure it is running. If it is not, you can run the command

service mysqld start

to start it. Now, run the command

mysql_fix_privilege_tables

mysql_secure_installation

and set the root password and other options. Remember the root password you set, it will be needed later.

As one last thing, we need to clean out Apache's conf.d directory for the new configuration files that will be installed. Simply run the following command to move the existing conf.d directory to a backup location:

mv /etc/httpd/conf.d /etc/httpd/conf.d-disabled

icpCP ω keeps domain configuration in a file named named-ispcp.conf. We need to link that to named.conf for the DNS service to start. We also need to make a few links for zones to be managed correctly. Simply run the following commands:

mv /var/named/data /var/named/data-disabled
ln -s /var/named/chroot/var/named/data /var/named/data
echo 'include "/etc/named-ispcp.conf";' >> /var/named/chroot/etc/named.conf

For the following process, you will need to be in your extracted icpCP ω directory, the MySQL service will need to be running, and you will want to run all commands as root.

Look over configs/centos/ispcp.conf and adjust any values to match your server.

To build the software, simply run the command:

make -f Makefile.centos

The software will be built for CentOS and the install structure will be staged at /tmp/ispcp.

If you have not yet, now is a good time to make backups of your server. The following steps make fundamental changes to your system configuration.

To install icpCP ω from the staging area, run the following commands:

cp -RLf /tmp/ispcp/* /

Now that the files are copied, we need to configure icpCP ω. To configure things, simply run the following commands:

cd /var/www/ispcp/engine/setup
perl ispcp-setup

Note: During setup, you will be asked if you are using fastcgi or fcgid. You will want to choose the option for fcgid (shortcut key “f” on the prompt).

Now that icpCP ω is installed, we have to configure a few services still.

We need to create the SASL database for authenticating mail users and configure SASL authenitcation. First, we create the SASL database with the following commands:

touch /etc/sasldb2
mkdir -p /var/spool/postfix/etc
cp /etc/sasldb2 /var/spool/postfix/etc

To allow authentication, edit /usr/lib/sasl2/smtpd.conf and replace the contents with the following:

pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

The Apache webserver needs to be configured to read website configuration in the directory /etc/httpd/vhosts/. To establish this, run the following command:

echo 'include vhosts/*.conf' >> /etc/httpd/conf/httpd.conf

By default, Postgrey runs on a socket. We want it to run on port 60000. Edit the file /etc/init.d/postgrey and change the line:

OPTIONS="--unix=$SOCKET"

to

OPTIONS="--unix=$SOCKET --inet=60000"

Several services need to be set to run on boot. To do this, run the following commands:

chkconfig --level 345 httpd on
chkconfig --level 345 mysqld on
chkconfig --level 345 ispcp_network on
chkconfig --level 345 ispcp_daemon on
chkconfig --level 345 amavisd on
chkconfig --level 345 named on
chkconfig --level 345 proftpd on
chkconfig --level 345 postgrey on
chkconfig --level 345 spamassassin on

If you want to start the services without a reboot, run the following commands:

service httpd start
service mysqld start
service ispcp_network start
service ispcp_daemon start
service amavisd start
service named start
service proftpd start
service postgrey start
service spamassassin start

The default permissions for the temporary directory of the control panel need to be adjusted. Please run the following command:

chmod 775 /var/www/ispcp/gui/phptmp

Once you have things working properly, you might want to delete the staging environment for icpCP ω. To do so, run the following command:

rm -R /tmp/ispcp