cPanel + Trustix for Hosting
This is a log of Trustix+cPanel additional configuration. Trustix+cPanel has a few broken configurations needed to be fixed before production deployment.
- add this to /etc/cron.daily/logrotate
Update 2005/08/03:
- Logrotate:
/usr/local/apache/logs/error_log /usr/local/apache/logs/access_log /usr/local/apache/logs/suexec_log {Add these few lines to /etc/logrotate.d/syslog and remove duplicated values from old file
postrotate
/usr/bin/killall -HUP httpd
endscript
}
/var/log/messages /var/log/secure /var/log/maillog /var/log/boot.log {- comment out named stuff from /etc/syslog.conf and change local2.* to /var/log/message
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
- add this to /etc/cron.daily/logrotate
export TMPDIR=/var/log/tmp- additional stuff
cd /var/log
rm -rf named
mkdir tmp # our /tmp is mounted suexec, hence we need this
chmod 755 tmp
chown syslog:syslog tmp message message.* maillog maillog.* secure secure.*
export TMPDIR=/var/log/tmp
- swup --install glibc-locales (so a couple pkg that needs locale data will work correctly--such as squirrelmail or autoresponder in cPanel)
- swup --install uw-imap-devel libimap (need this to make php-imap compile)
- To update clamav -- installed with exisscan --> GOT to config exim first, look from current servers
cd /root/src
wget http://umn.dl.sourceforge.net/sourceforge/clamav/clamav-0.82.tar.gz
tar -xvzf clamav-0.82.tar.gz
cd clamav-0.82
./configure --prefix=/usr --sysconfdir=/etc; make; make install
cp /etc/clamav.conf /etc/clamd.conf
service exim restart
- add RBL to /etc/exim.conf (Edit: this is now outdated. I'll write about exim+SA+clam later.)
#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = +relay_hosts
endpass
accept authenticated = *
drop dnslists = sbl.spamhaus.org: relays.ordb.org: list.dsbl.org: bl.spamcop.net: xbl.spamhaus.org
message = your mail server $sender_host_address is in a black list at $dnslist_domain ($dnslist_text)
- Then to prevent cPanel from overwriting this modified config; chattr +i /etc/exim.conf
- To further prevent spam, this is real cool .. http://forums.cpanel.net/showthread.php?t=31710 it contains the instruction on how to setup exim to prevent spam using the list of domains that are found in the body of spam messages.
- cPanel's mod_gzip installation is really dangerous. You better change these lines in httpd.conf:
# change max file size from unlimited to 500k to prevent overcommitted /tmp partition
mod_gzip_maximum_file_size 500000
# and add these lines to ignore graphic & compressed files
mod_gzip_item_exclude mime ^image/
mod_gzip_item_exclude file \.bz2$
mod_gzip_item_exclude file \.tbz2$
mod_gzip_item_exclude file \.gz$
Update 2005/08/03:
- Install exim+clamav
- Also config like ours
- Since cPanel does not support Trustix any more, and also Trustix has stopped being a good guy, I decided it's not worth it to pursue another good distro and focus only on RHES, CentOS, and Gentoo.
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home