├── Dockerfile
├── autoinstall.ini
├── bin
    └── systemctl
├── etc
    ├── aliases
    ├── apache2
    │   └── conf-enabled
    │   │   ├── roundcube.conf
    │   │   └── squirrelmail.conf
    ├── apt
    │   └── sources.list
    ├── clamav
    │   └── clamd.conf
    ├── cron.d
    │   └── awstats
    ├── cron.daily
    │   └── sql_backup.sh
    ├── default
    │   └── pure-ftpd-common
    ├── fail2ban
    │   ├── filter.d
    │   │   ├── dovecot-pop3imap.conf
    │   │   └── pureftpd.conf
    │   └── jail.local
    ├── mysql
    │   ├── debian.cnf
    │   └── mariadb.conf.d
    │   │   └── 50-server.cnf
    ├── postfix
    │   └── master.cf
    ├── roundcube
    │   └── config.inc.php
    ├── security
    │   └── limits.conf
    ├── squirrelmail
    │   └── config.php
    └── systemd
    │   └── system
    │       └── mysql.service.d
    │           └── limits.conf
├── start.sh
└── supervisord.conf


/Dockerfile:
--------------------------------------------------------------------------------
  1 | #
  2 | #                    ##        .
  3 | #              ## ## ##       ==
  4 | #           ## ## ## ##      ===
  5 | #       /""""""""""""""""\___/ ===
  6 | #  ~~~ {~~ ~~~~ ~~~ ~~~~ ~~ ~ /  ===- ~~~
  7 | #       \______ o          __/
  8 | #         \    \        __/
  9 | #          \____\______/
 10 | #
 11 | #          |          |
 12 | #       __ |  __   __ | _  __   _
 13 | #      /  \| /  \ /   |/  / _\ |
 14 | #      \__/| \__/ \__ |\_ \__  |
 15 | #
 16 | # Dockerfile for ISPConfig with MariaDB database
 17 | #
 18 | # https://www.howtoforge.com/tutorial/perfect-server-debian-8-jessie-apache-bind-dovecot-ispconfig-3/
 19 | #
 20 | 
 21 | FROM debian:stretch-slim
 22 | 
 23 | MAINTAINER Jeremie Robert <appydo@gmail.com> version: 0.2
 24 | 
 25 | # Let the container know that there is no tty
 26 | ENV DEBIAN_FRONTEND noninteractive
 27 | 
 28 | # --- 1 Preliminary
 29 | RUN apt-get -y update && apt-get -y upgrade && apt-get -y install rsyslog rsyslog-relp logrotate supervisor screenfetch
 30 | # Create the log file to be able to run tail
 31 | RUN touch /var/log/cron.log /var/log/auth.log
 32 | 
 33 | # --- 2 Install the SSH server
 34 | RUN apt-get -y install ssh openssh-server rsync
 35 | 
 36 | # --- 3 Install a shell text editor
 37 | RUN apt-get -y install nano vim-nox
 38 | 
 39 | # --- 5 Update Your Debian Installation
 40 | ADD ./etc/apt/sources.list /etc/apt/sources.list
 41 | RUN apt-get -y update && apt-get -y upgrade
 42 | 
 43 | # --- 6 Change The Default Shell
 44 | RUN echo "dash  dash/sh boolean no" | debconf-set-selections && dpkg-reconfigure dash
 45 | 
 46 | # --- 7 Synchronize the System Clock
 47 | # RUN apt-get -y install ntp ntpdate
 48 | 
 49 | # --- 8 Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils
 50 | RUN echo 'mysql-server mysql-server/root_password password pass' | debconf-set-selections \
 51 | && echo 'mysql-server mysql-server/root_password_again password pass' | debconf-set-selections \
 52 | && echo 'mariadb-server mariadb-server/root_password password pass' | debconf-set-selections \
 53 | && echo 'mariadb-server mariadb-server/root_password_again password pass' | debconf-set-selections
 54 | RUN apt-get -y install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo
 55 | ADD ./etc/postfix/master.cf /etc/postfix/master.cf
 56 | RUN mv /etc/mysql/mariadb.conf.d/50-server.cnf /etc/mysql/mariadb.conf.d/50-server.cnf.backup
 57 | ADD ./etc/mysql/mariadb.conf.d/50-server.cnf /etc/mysql/mariadb.conf.d/50-server.cnf
 58 | # RUN apt-get -y install expect
 59 | RUN mv /etc/mysql/debian.cnf /etc/mysql/debian.cnf.backup
 60 | ADD ./etc/mysql/debian.cnf /etc/mysql/debian.cnf
 61 | ADD ./etc/security/limits.conf /etc/security/limits.conf
 62 | RUN mkdir -p /etc/systemd/system/mysql.service.d/
 63 | ADD ./etc/systemd/system/mysql.service.d/limits.conf /etc/systemd/system/mysql.service.d/limits.conf
 64 | 
 65 | # --- 9 Install Amavisd-new, SpamAssassin And Clamav
 66 | RUN apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
 67 | ADD ./etc/clamav/clamd.conf /etc/clamav/clamd.conf
 68 | RUN service spamassassin stop && systemctl disable spamassassin
 69 | 
 70 | # --- 9.1 Install Metronome XMPP Server
 71 | RUN echo "deb http://packages.prosody.im/debian jessie main" > /etc/apt/sources.list.d/metronome.list
 72 | RUN wget http://prosody.im/files/prosody-debian-packages.key -O - | apt-key add -
 73 | RUN apt-get -qq update && apt-get -y -qq install git lua5.1 liblua5.1-0-dev lua-filesystem libidn11-dev libssl-dev lua-zlib lua-expat lua-event lua-bitop lua-socket lua-sec luarocks luarocks
 74 | RUN luarocks install lpc
 75 | RUN adduser --no-create-home --disabled-login --gecos 'Metronome' metronome
 76 | RUN cd /opt && git clone https://github.com/maranda/metronome.git metronome
 77 | RUN cd /opt/metronome && ./configure --ostype=debian --prefix=/usr && make && make install
 78 | 
 79 | # --- 10 Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt
 80 | RUN echo 'phpmyadmin phpmyadmin/dbconfig-install boolean true' | debconf-set-selections \
 81 | && echo 'phpmyadmin phpmyadmin/mysql/admin-pass password pass' | debconf-set-selections \
 82 | && echo 'phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2' | debconf-set-selections
 83 | RUN service mysql start && apt-get -y install apache2 apache2-doc apache2-utils libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap phpmyadmin php7.0-cli php7.0-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear php7.0-mcrypt mcrypt  imagemagick libruby libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring memcached libapache2-mod-passenger php7.0-soap
 84 | RUN a2enmod suexec rewrite ssl actions include dav_fs dav auth_digest cgi
 85 | 
 86 | # --- 11 Install Let's Encrypt
 87 | RUN apt-get -y install certbot
 88 | 
 89 | # --- 12 Opcode and PHP-FPM
 90 | RUN apt-get -y install php7.0-fpm php7.0-opcache php-apcu
 91 | RUN a2enmod actions proxy_fcgi alias
 92 | # php5 fpm (non-free)
 93 | # RUN apt-get -y install libapache2-mod-fastcgi php5-fpm
 94 | # RUN a2enmod actions fastcgi alias
 95 | 
 96 | # --- 13 Install Mailman
 97 | RUN echo 'mailman mailman/default_server_language en' | debconf-set-selections
 98 | RUN apt-get -y install mailman
 99 | # RUN ["/usr/lib/mailman/bin/newlist", "-q", "mailman", "mail@mail.com", "pass"]
100 | ADD ./etc/aliases /etc/aliases
101 | RUN newaliases
102 | RUN ln -s /etc/mailman/apache.conf /etc/apache2/conf-enabled/mailman.conf
103 | 
104 | # --- 14 Install PureFTPd And Quota
105 | # RUN apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool
106 | 
107 | # --- 14 Install PureFTPd And Quota
108 | # install package building helpers
109 | RUN apt-get -qq -y --force-yes install dpkg-dev debhelper openbsd-inetd debian-keyring
110 | # install dependancies
111 | RUN apt-get -y -qq build-dep pure-ftpd
112 | # build from source
113 | RUN mkdir /tmp/pure-ftpd-mysql/ && \
114 |     cd /tmp/pure-ftpd-mysql/ && \
115 |     apt-get -qq source pure-ftpd-mysql && \
116 |     cd pure-ftpd-* && \
117 |     sed -i '/^optflags=/ s/$/ --without-capabilities/g' ./debian/rules && \
118 |     dpkg-buildpackage -b -uc > /tmp/pureftpd-build-stdout.txt 2> /tmp/pureftpd-build-stderr.txt
119 | # install the new deb files
120 | RUN dpkg -i /tmp/pure-ftpd-mysql/pure-ftpd-common*.deb && dpkg -i /tmp/pure-ftpd-mysql/pure-ftpd-mysql*.deb
121 | # Prevent pure-ftpd upgrading
122 | RUN apt-mark hold pure-ftpd-common pure-ftpd-mysql
123 | # setup ftpgroup and ftpuser
124 | RUN groupadd ftpgroup && useradd -g ftpgroup -d /dev/null -s /etc ftpuser
125 | RUN apt-get -qq update && apt-get -y -qq install quota quotatool
126 | #RUN /bin/bash -c 'sed -i "s/{{ SSLCERT_ORGANIZATION }}/${SSLCERT_ORGANIZATION}/g;s/{{ SSLCERT_UNITNAME }}/${SSLCERT_UNITNAME}/g;s/{{ SSLCERT_EMAIL }}/${SSLCERT_EMAIL}/g;s/{{ SSLCERT_LOCALITY }}/${SSLCERT_LOCALITY}/g;s/{{ SSLCERT_STATE }}/${SSLCERT_STATE}/g;s/{{ SSLCERT_COUNTRY }}/${SSLCERT_COUNTRY}/g;s/{{ SSLCERT_CN }}/${FQDN}/g" /root/config/openssl.cnf'
127 | #RUN openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -config /root/config/openssl.cnf -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
128 | #RUN chmod 600 /etc/ssl/private/pure-ftpd.pem
129 | 
130 | # install package building helpers
131 | # RUN apt-get -y --force-yes install dpkg-dev debhelper openbsd-inetd
132 | # install dependancies
133 | # RUN apt-get -y build-dep pure-ftpd
134 | # build from source
135 | # RUN mkdir /tmp/pure-ftpd-mysql/ && \
136 | #    cd /tmp/pure-ftpd-mysql/ && \
137 | #    apt-get source pure-ftpd-mysql && \
138 | #    cd pure-ftpd-* && \
139 | #    sed -i '/^optflags=/ s/$/ --without-capabilities/g' ./debian/rules && \
140 | #    dpkg-buildpackage -b -uc
141 | # install the new deb files
142 | # RUN dpkg -i /tmp/pure-ftpd-mysql/pure-ftpd-common*.deb
143 | # RUN dpkg -i /tmp/pure-ftpd-mysql/pure-ftpd-mysql*.deb
144 | # Prevent pure-ftpd upgrading
145 | # RUN apt-mark hold pure-ftpd-common pure-ftpd-mysql
146 | # setup ftpgroup and ftpuser
147 | # RUN groupadd ftpgroup
148 | # RUN useradd -g ftpgroup -d /dev/null -s /etc ftpuser
149 | # RUN apt-get -y install quota quotatool
150 | ADD ./etc/default/pure-ftpd-common /etc/default/pure-ftpd-common
151 | RUN echo 1 > /etc/pure-ftpd/conf/TLS && mkdir -p /etc/ssl/private/
152 | # RUN openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
153 | # RUN chmod 600 /etc/ssl/private/pure-ftpd.pem
154 | 
155 | # --- 15 Install BIND DNS Server
156 | RUN apt-get -y install bind9 dnsutils haveged
157 | 
158 | # --- 16 Install Vlogger, Webalizer, And AWStats
159 | RUN apt-get -y install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl
160 | ADD etc/cron.d/awstats /etc/cron.d/
161 | 
162 | # --- 17 Install Jailkit
163 | RUN apt-get -y install build-essential autoconf automake libtool flex bison debhelper binutils
164 | RUN cd /tmp \
165 | && wget http://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gz \
166 | && tar xvfz jailkit-2.19.tar.gz \
167 | && cd jailkit-2.19 \
168 | && echo 5 > debian/compat \
169 | && ./debian/rules binary \
170 | && cd /tmp \
171 | && dpkg -i jailkit_2.19-1_*.deb
172 | 
173 | # --- 18 Install fail2ban
174 | RUN apt-get -y install fail2ban
175 | ADD ./etc/fail2ban/jail.local /etc/fail2ban/jail.local
176 | ADD ./etc/fail2ban/filter.d/pureftpd.conf /etc/fail2ban/filter.d/pureftpd.conf
177 | ADD ./etc/fail2ban/filter.d/dovecot-pop3imap.conf /etc/fail2ban/filter.d/dovecot-pop3imap.conf
178 | RUN echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf
179 | 
180 | # --- 19 Install RoundCube
181 | # RUN apt-get -y install squirrelmail
182 | # ADD ./etc/apache2/conf-enabled/squirrelmail.conf /etc/apache2/conf-enabled/squirrelmail.conf
183 | # ADD ./etc/squirrelmail/config.php /etc/squirrelmail/config.php
184 | # RUN mkdir /var/lib/squirrelmail/tmp
185 | # RUN chown www-data /var/lib/squirrelmail/tmp
186 | RUN service mysql start && apt-get -y install roundcube roundcube-core roundcube-mysql roundcube-plugins
187 | ADD ./etc/apache2/conf-enabled/roundcube.conf /etc/apache2/conf-enabled/roundcube.conf
188 | ADD ./etc/roundcube/config.inc.php /etc/roundcube/config.inc.php
189 | 
190 | # --- 20 Install ISPConfig 3
191 | RUN cd /root && wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz && tar xfz ISPConfig-3-stable.tar.gz
192 | # RUN ["/bin/bash", "-c", "cat /tmp/install_ispconfig.txt | php -q /tmp/ispconfig3_install/install/install.php"]
193 | # RUN sed -i -e"s/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/" /etc/mysql/my.cnf
194 | # RUN sed -i -e "s/upload_max_filesize\s*=\s*2M/upload_max_filesize = 100M/g" /etc/php5/fpm/php.ini
195 | # RUN sed -i -e "s/post_max_size\s*=\s*8M/post_max_size = 100M/g" /etc/php5/fpm/php.ini
196 | 
197 | # ADD ./etc/mysql/my.cnf /etc/mysql/my.cnf
198 | ADD ./etc/clamav/clamd.conf /etc/clamav/clamd.conf
199 | 
200 | RUN echo "export TERM=xterm" >> /root/.bashrc
201 | 
202 | EXPOSE 20/tcp 21/tcp 22/tcp 53 80/tcp 443/tcp 953/tcp 8080/tcp 30000 30001 30002 30003 30004 30005 30006 30007 30008 30009 3306
203 | 
204 | # ISPCONFIG Initialization and Startup Script
205 | ADD ./start.sh /start.sh
206 | ADD ./supervisord.conf /etc/supervisor/supervisord.conf
207 | ADD ./etc/cron.daily/sql_backup.sh /etc/cron.daily/sql_backup.sh
208 | ADD ./autoinstall.ini /root/ispconfig3_install/install/autoinstall.ini
209 | RUN mkdir -p /var/run/sshd /var/log/supervisor /var/run/supervisor
210 | RUN mv /bin/systemctl /bin/systemctloriginal
211 | ADD ./bin/systemctl /bin/systemctl
212 | RUN chmod 755 /start.sh /bin/systemctl
213 | 
214 | RUN mkdir -p /var/backup/sql
215 | RUN freshclam
216 | 
217 | # CLEANING
218 | RUN apt-get autoremove -y && apt-get clean && rm -rf /tmp/*
219 | 
220 | VOLUME ["/var/www/","/var/mail/","/var/backup/","/var/lib/mysql","/var/log/"]
221 | 
222 | CMD ["/bin/bash", "/start.sh"]
223 | 


--------------------------------------------------------------------------------
/autoinstall.ini:
--------------------------------------------------------------------------------
 1 | [install]
 2 | language=en
 3 | install_mode=standard
 4 | hostname=server1.example.com
 5 | mysql_hostname=localhost
 6 | mysql_root_user=root
 7 | mysql_root_password=pass
 8 | mysql_database=dbispconfig
 9 | mysql_port=3306
10 | mysql_charset=utf8
11 | http_server=apache
12 | ispconfig_port=8080
13 | ispconfig_use_ssl=y
14 | ispconfig_admin_password=admin
15 | 
16 | [ssl_cert]
17 | ssl_cert_country=AU
18 | ssl_cert_state=Some-State
19 | ssl_cert_locality=Chicago
20 | ssl_cert_organisation=Internet Widgits Pty Ltd
21 | ssl_cert_organisation_unit=IT department
22 | ssl_cert_common_name=server1.example.com
23 | 
24 | [expert]
25 | mysql_ispconfig_user=admin
26 | mysql_ispconfig_password=admin
27 | join_multiserver_setup=n
28 | mysql_master_hostname=localhost
29 | mysql_master_root_user=root
30 | mysql_master_root_password=pass
31 | mysql_master_database=dbispconfig
32 | configure_mail=y
33 | configure_jailkit=y
34 | configure_ftp=y
35 | configure_dns=y
36 | configure_apache=y
37 | configure_nginx=y
38 | configure_firewall=y
39 | install_ispconfig_web_interface=y
40 | 
41 | [update]
42 | do_backup=yes
43 | mysql_root_password=ispconfig
44 | mysql_master_hostname=localhost
45 | mysql_master_root_user=root
46 | mysql_master_root_password=pass
47 | mysql_master_database=dbispconfig
48 | reconfigure_permissions_in_master_database=no
49 | reconfigure_services=yes
50 | ispconfig_port=8080
51 | create_new_ispconfig_ssl_cert=no
52 | reconfigure_crontab=yes
53 | 


--------------------------------------------------------------------------------
/bin/systemctl:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | SERVICE=${2/%.service/}
 3 | case "$1" in
 4 |         restart)
 5 |                 /etc/init.d/$SERVICE restart
 6 |         ;;
 7 |         stop)
 8 |                 /etc/init.d/$SERVICE stop
 9 |         ;;
10 |         status)
11 |                 /etc/init.d/$SERVICE status
12 |         ;;
13 |         start)
14 |                 /etc/init.d/$SERVICE start
15 |         ;;
16 |         *)
17 |                 command systemctloriginal "$@"
18 |         exit 1
19 | esac
20 | 


--------------------------------------------------------------------------------
/etc/aliases:
--------------------------------------------------------------------------------
 1 | # See man 5 aliases for format
 2 | postmaster:    root
 3 | clamav: root
 4 | ## mailman mailing list
 5 | mailman:              "|/var/lib/mailman/mail/mailman post mailman"
 6 | mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
 7 | mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
 8 | mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
 9 | mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
10 | mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
11 | mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
12 | mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
13 | mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
14 | mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"
15 | 


--------------------------------------------------------------------------------
/etc/apache2/conf-enabled/roundcube.conf:
--------------------------------------------------------------------------------
 1 | # Those aliases do not work properly with several hosts on your apache server
 2 | # Uncomment them to use it or adapt them to your configuration
 3 | #    Alias /roundcube /var/lib/roundcube
 4 | Alias /webmail /var/lib/roundcube
 5 | 
 6 | <Directory /var/lib/roundcube/>
 7 |   Options +FollowSymLinks
 8 |   # This is needed to parse /var/lib/roundcube/.htaccess. See its
 9 |   # content before setting AllowOverride to None.
10 |   AllowOverride All
11 |   <IfVersion >= 2.3>
12 |     Require all granted
13 |   </IfVersion> 
14 |   <IfVersion < 2.3>
15 |     Order allow,deny
16 |     Allow from all
17 |   </IfVersion>
18 | </Directory>
19 | 
20 | # Protecting basic directories:
21 | <Directory /var/lib/roundcube/config>
22 |         Options -FollowSymLinks
23 |         AllowOverride None
24 | </Directory>
25 | 
26 | <Directory /var/lib/roundcube/temp>
27 |         Options -FollowSymLinks
28 |         AllowOverride None
29 |         <IfVersion >= 2.3>
30 |           Require all denied
31 |         </IfVersion> 
32 |         <IfVersion < 2.3>
33 |           Order allow,deny
34 |           Deny from all
35 |         </IfVersion>
36 | </Directory>
37 | 
38 | <Directory /var/lib/roundcube/logs>
39 |         Options -FollowSymLinks
40 |         AllowOverride None
41 |         <IfVersion >= 2.3>
42 |           Require all denied
43 |         </IfVersion> 
44 |         <IfVersion < 2.3>
45 |           Order allow,deny
46 |           Deny from all
47 |         </IfVersion>
48 | </Directory>
49 | 


--------------------------------------------------------------------------------
/etc/apache2/conf-enabled/squirrelmail.conf:
--------------------------------------------------------------------------------
 1 | Alias /webmail /usr/share/squirrelmail
 2 | 
 3 | <Directory /usr/share/squirrelmail>
 4 |   Options FollowSymLinks
 5 |   <IfModule mod_php5.c>
 6 |     AddType application/x-httpd-php .php
 7 |     php_flag magic_quotes_gpc Off
 8 |     php_flag track_vars On
 9 |     php_admin_flag allow_url_fopen Off
10 |     php_value include_path .
11 |     php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
12 |     php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname
13 |     php_flag register_globals off
14 |   </IfModule>
15 |   <IfModule mod_dir.c>
16 |     DirectoryIndex index.php
17 |   </IfModule>
18 | 
19 |   # access to configtest is limited by default to prevent information leak
20 |   <Files configtest.php>
21 |     order deny,allow
22 |     deny from all
23 |     allow from 127.0.0.1
24 |   </Files>
25 | </Directory>
26 | 
27 | # users will prefer a simple URL like http://webmail.example.com
28 | #<VirtualHost 1.2.3.4>
29 | #  DocumentRoot /usr/share/squirrelmail
30 | #  ServerName webmail.example.com
31 | #</VirtualHost>
32 | 
33 | # redirect to https when available (thanks omen@descolada.dartmouth.edu)
34 | #
35 | #  Note: There are multiple ways to do this, and which one is suitable for
36 | #  your site's configuration depends. Consult the apache documentation if
37 | #  you're unsure, as this example might not work everywhere.
38 | #
39 | #<IfModule mod_rewrite.c>
40 | #  <IfModule mod_ssl.c>
41 | #    <Location /squirrelmail>
42 | #      RewriteEngine on
43 | #      RewriteCond %{HTTPS} !^on$ [NC]
44 | #      RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI}  [L]
45 | #    </Location>
46 | #  </IfModule>
47 | #</IfModule>
48 | 
49 | 


--------------------------------------------------------------------------------
/etc/apt/sources.list:
--------------------------------------------------------------------------------
1 | deb http://ftp.us.debian.org/debian/ stretch main contrib non-free
2 | deb-src http://ftp.us.debian.org/debian/ stretch main contrib non-free
3 | 
4 | deb http://security.debian.org/debian-security stretch/updates main contrib non-free
5 | deb-src http://security.debian.org/debian-security stretch/updates main contrib non-free
6 | 


--------------------------------------------------------------------------------
/etc/clamav/clamd.conf:
--------------------------------------------------------------------------------
 1 | #Automatically Generated by clamav-daemon postinst
 2 | #To reconfigure clamd run #dpkg-reconfigure clamav-daemon
 3 | #Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
 4 | LocalSocket /var/run/clamav/clamd.ctl
 5 | FixStaleSocket true
 6 | LocalSocketGroup clamav
 7 | LocalSocketMode 666
 8 | # TemporaryDirectory is not set to its default /tmp here to make overriding
 9 | # the default with environment variables TMPDIR/TMP/TEMP possible
10 | User clamav
11 | AllowSupplementaryGroups true
12 | ScanMail true
13 | ScanArchive true
14 | ArchiveBlockEncrypted false
15 | MaxDirectoryRecursion 15
16 | FollowDirectorySymlinks false
17 | FollowFileSymlinks false
18 | ReadTimeout 180
19 | MaxThreads 12
20 | MaxConnectionQueueLength 15
21 | LogSyslog false
22 | LogRotate true
23 | LogFacility LOG_LOCAL6
24 | LogClean false
25 | LogVerbose false
26 | DatabaseDirectory /var/lib/clamav
27 | OfficialDatabaseOnly false
28 | SelfCheck 3600
29 | Foreground false
30 | Debug false
31 | ScanPE true
32 | MaxEmbeddedPE 10M
33 | ScanOLE2 true
34 | ScanPDF true
35 | ScanHTML true
36 | MaxHTMLNormalize 10M
37 | MaxHTMLNoTags 2M
38 | MaxScriptNormalize 5M
39 | MaxZipTypeRcg 1M
40 | ScanSWF true
41 | DetectBrokenExecutables false
42 | ExitOnOOM false
43 | LeaveTemporaryFiles false
44 | AlgorithmicDetection true
45 | ScanELF true
46 | IdleTimeout 30
47 | CrossFilesystems true
48 | PhishingSignatures true
49 | PhishingScanURLs true
50 | PhishingAlwaysBlockSSLMismatch false
51 | PhishingAlwaysBlockCloak false
52 | PartitionIntersection false
53 | DetectPUA false
54 | ScanPartialMessages false
55 | HeuristicScanPrecedence false
56 | StructuredDataDetection false
57 | CommandReadTimeout 5
58 | SendBufTimeout 200
59 | MaxQueue 100
60 | ExtendedDetectionInfo true
61 | OLE2BlockMacros false
62 | ScanOnAccess false
63 | AllowAllMatchScan true
64 | ForceToDisk false
65 | DisableCertCheck false
66 | DisableCache false
67 | MaxScanSize 100M
68 | MaxFileSize 25M
69 | MaxRecursion 10
70 | MaxFiles 10000
71 | MaxPartitions 50
72 | MaxIconsPE 100
73 | StatsEnabled false
74 | StatsPEDisabled true
75 | StatsHostID auto
76 | StatsTimeout 10
77 | StreamMaxLength 25M
78 | LogFile /var/log/clamav/clamav.log
79 | LogTime true
80 | LogFileUnlock false
81 | LogFileMaxSize 0
82 | Bytecode true
83 | BytecodeSecurity TrustSigned
84 | BytecodeTimeout 60000
85 | 


--------------------------------------------------------------------------------
/etc/cron.d/awstats:
--------------------------------------------------------------------------------
1 | #MAILTO=root
2 | 
3 | #*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh
4 | 
5 | # Generate static reports:
6 | #10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh
7 | 


--------------------------------------------------------------------------------
/etc/cron.daily/sql_backup.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | if [ $SQL_BACKUP = 1 ]
 3 | then
 4 | MUSER=root
 5 | MPASS=pass
 6 | BACKUP=/var/backup/sql
 7 | NOW="$(date +"%d-%m-%Y_%H%M")"
 8 | OLD="$(date +"%d-%m-%Y" -d '-7 day')"
 9 | # create directory
10 | mkdir -p "$BACKUP/sql/$NOW/"
11 | # all databases
12 | mysqldump -u $MUSER --password=$MPASS --all-databases --single-transaction > "$BACKUP/sql/$NOW/all_databases.sql"
13 | # backup each base of the database
14 | DBS="$(mysql -u $MUSER -p$MPASS -Bse 'show databases')"
15 | for db in $DBS
16 | do
17 | 	mysqldump -u $MUSER --password=$MPASS $db --single-transaction > "$BACKUP/sql/$NOW/$db.sql"
18 | done
19 | # delete old sql
20 | rm -r $BACKUP/sql/$OLD*
21 | fi
22 | 


--------------------------------------------------------------------------------
/etc/default/pure-ftpd-common:
--------------------------------------------------------------------------------
 1 | # Configuration for pure-ftpd
 2 | # (this file is sourced by /bin/sh, edit accordingly)
 3 | 
 4 | # STANDALONE_OR_INETD
 5 | # valid values are "standalone" and "inetd".
 6 | # Any change here overrides the setting in debconf.
 7 | STANDALONE_OR_INETD=standalone
 8 | 
 9 | # VIRTUALCHROOT: 
10 | # whether to use binary with virtualchroot support
11 | # valid values are "true" or "false"
12 | # Any change here overrides the setting in debconf.
13 | VIRTUALCHROOT=true
14 | 
15 | # UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
16 | # pure-uploadscript will also be run to spawn the program given below
17 | # for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
18 | # pure-uploadscript(8)
19 | 
20 | # example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
21 | UPLOADSCRIPT=
22 | 
23 | # if set, pure-uploadscript will spawn  running as the
24 | # given uid and gid
25 | UPLOADUID=
26 | UPLOADGID=
27 | 


--------------------------------------------------------------------------------
/etc/fail2ban/filter.d/dovecot-pop3imap.conf:
--------------------------------------------------------------------------------
1 | [Definition]
2 | failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
3 | ignoreregex =
4 | 


--------------------------------------------------------------------------------
/etc/fail2ban/filter.d/pureftpd.conf:
--------------------------------------------------------------------------------
1 | [Definition]
2 | failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
3 | ignoreregex =
4 | 


--------------------------------------------------------------------------------
/etc/fail2ban/jail.local:
--------------------------------------------------------------------------------
 1 | [pure-ftpd]
 2 | enabled = true
 3 | port = ftp
 4 | filter = pure-ftpd
 5 | logpath = /var/log/syslog
 6 | maxretry = 3
 7 | 
 8 | [dovecot]
 9 | enabled = true
10 | filter = dovecot
11 | logpath = /var/log/mail.log
12 | maxretry = 5
13 | 
14 | [postfix-sasl]
15 | enabled = true
16 | port = smtp
17 | filter = postfix-sasl
18 | logpath = /var/log/mail.log
19 | maxretry = 3
20 | 


--------------------------------------------------------------------------------
/etc/mysql/debian.cnf:
--------------------------------------------------------------------------------
 1 | [client]
 2 | host     = localhost
 3 | user     = root
 4 | password = pass
 5 | socket   = /var/run/mysqld/mysqld.sock
 6 | [mysql_upgrade]
 7 | host     = localhost
 8 | user     = root
 9 | password = pass
10 | socket   = /var/run/mysqld/mysqld.sock
11 | basedir  = /usr


--------------------------------------------------------------------------------
/etc/mysql/mariadb.conf.d/50-server.cnf:
--------------------------------------------------------------------------------
  1 | #
  2 | # These groups are read by MariaDB server.
  3 | # Use it for options that only the server (but not clients) should see
  4 | #
  5 | # See the examples of server my.cnf files in /usr/share/mysql/
  6 | #
  7 | 
  8 | # this is read by the standalone daemon and embedded servers
  9 | [server]
 10 | 
 11 | # this is only for the mysqld standalone daemon
 12 | [mysqld]
 13 | 
 14 | #
 15 | # * Basic Settings
 16 | #
 17 | user		= mysql
 18 | pid-file	= /var/run/mysqld/mysqld.pid
 19 | socket		= /var/run/mysqld/mysqld.sock
 20 | port		= 3306
 21 | basedir		= /usr
 22 | datadir		= /var/lib/mysql
 23 | tmpdir		= /tmp
 24 | lc-messages-dir	= /usr/share/mysql
 25 | skip-external-locking
 26 | 
 27 | # Instead of skip-networking the default is now to listen only on
 28 | # localhost which is more compatible and is not less secure.
 29 | #bind-address		= 127.0.0.1
 30 | 
 31 | sql-mode="NO_ENGINE_SUBSTITUTION"
 32 | 
 33 | #
 34 | # * Fine Tuning
 35 | #
 36 | key_buffer_size		= 16M
 37 | max_allowed_packet	= 16M
 38 | thread_stack		= 192K
 39 | thread_cache_size       = 8
 40 | # This replaces the startup script and checks MyISAM tables if needed
 41 | # the first time they are touched
 42 | myisam_recover_options  = BACKUP
 43 | #max_connections        = 100
 44 | #table_cache            = 64
 45 | #thread_concurrency     = 10
 46 | 
 47 | #
 48 | # * Query Cache Configuration
 49 | #
 50 | query_cache_limit	= 1M
 51 | query_cache_size        = 16M
 52 | 
 53 | #
 54 | # * Logging and Replication
 55 | #
 56 | # Both location gets rotated by the cronjob.
 57 | # Be aware that this log type is a performance killer.
 58 | # As of 5.1 you can enable the log at runtime!
 59 | #general_log_file        = /var/log/mysql/mysql.log
 60 | #general_log             = 1
 61 | #
 62 | # Error log - should be very few entries.
 63 | #
 64 | log_error = /var/log/mysql/error.log
 65 | #
 66 | # Enable the slow query log to see queries with especially long duration
 67 | #slow_query_log_file	= /var/log/mysql/mariadb-slow.log
 68 | #long_query_time = 10
 69 | #log_slow_rate_limit	= 1000
 70 | #log_slow_verbosity	= query_plan
 71 | #log-queries-not-using-indexes
 72 | #
 73 | # The following can be used as easy to replay backup logs or for replication.
 74 | # note: if you are setting up a replication slave, see README.Debian about
 75 | #       other settings you may need to change.
 76 | #server-id		= 1
 77 | #log_bin			= /var/log/mysql/mysql-bin.log
 78 | expire_logs_days	= 10
 79 | max_binlog_size   = 100M
 80 | #binlog_do_db		= include_database_name
 81 | #binlog_ignore_db	= exclude_database_name
 82 | 
 83 | #
 84 | # * InnoDB
 85 | #
 86 | # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
 87 | # Read the manual for more InnoDB related options. There are many!
 88 | 
 89 | #
 90 | # * Security Features
 91 | #
 92 | # Read the manual, too, if you want chroot!
 93 | # chroot = /var/lib/mysql/
 94 | #
 95 | # For generating SSL certificates you can use for example the GUI tool "tinyca".
 96 | #
 97 | # ssl-ca=/etc/mysql/cacert.pem
 98 | # ssl-cert=/etc/mysql/server-cert.pem
 99 | # ssl-key=/etc/mysql/server-key.pem
100 | #
101 | # Accept only connections using the latest and most secure TLS protocol version.
102 | # ..when MariaDB is compiled with OpenSSL:
103 | # ssl-cipher=TLSv1.2
104 | # ..when MariaDB is compiled with YaSSL (default in Debian):
105 | # ssl=on
106 | 
107 | #
108 | # * Character sets
109 | #
110 | # MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
111 | # utf8 4-byte character set. See also client.cnf
112 | #
113 | character-set-server  = utf8mb4
114 | collation-server      = utf8mb4_general_ci
115 | 
116 | #
117 | # * Unix socket authentication plugin is built-in since 10.0.22-6
118 | #
119 | # Needed so the root database user can authenticate without a password but
120 | # only when running as the unix root user.
121 | #
122 | # Also available for other users if required.
123 | # See https://mariadb.com/kb/en/unix_socket-authentication-plugin/
124 | 
125 | # this is only for embedded server
126 | [embedded]
127 | 
128 | # This group is only read by MariaDB servers, not by MySQL.
129 | # If you use the same .cnf file for MySQL and MariaDB,
130 | # you can put MariaDB-only options here
131 | [mariadb]
132 | 
133 | # This group is only read by MariaDB-10.1 servers.
134 | # If you use the same .cnf file for MariaDB of different versions,
135 | # use this group for options that older servers don't understand
136 | [mariadb-10.1]
137 | 


--------------------------------------------------------------------------------
/etc/postfix/master.cf:
--------------------------------------------------------------------------------
  1 | #
  2 | # Postfix master process configuration file.  For details on the format
  3 | # of the file, see the master(5) manual page (command: "man 5 master" or
  4 | # on-line: http://www.postfix.org/master.5.html).
  5 | #
  6 | # Do not forget to execute "postfix reload" after editing this file.
  7 | #
  8 | # ==========================================================================
  9 | # service type  private unpriv  chroot  wakeup  maxproc command + args
 10 | #               (yes)   (yes)   (yes)   (never) (100)
 11 | # ==========================================================================
 12 | smtp      inet  n       -       -       -       -       smtpd
 13 | #smtp      inet  n       -       -       -       1       postscreen
 14 | #smtpd     pass  -       -       -       -       -       smtpd
 15 | #dnsblog   unix  -       -       -       -       0       dnsblog
 16 | #tlsproxy  unix  -       -       -       -       0       tlsproxy
 17 | submission inet n       -       -       -       -       smtpd
 18 |   -o syslog_name=postfix/submission
 19 |   -o smtpd_tls_security_level=encrypt
 20 |   -o smtpd_sasl_auth_enable=yes
 21 |   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 22 | #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 23 | #  -o smtpd_client_restrictions=$mua_client_restrictions
 24 | #  -o smtpd_reject_unlisted_recipient=no
 25 | #  -o smtpd_helo_restrictions=$mua_helo_restrictions
 26 | #  -o smtpd_sender_restrictions=$mua_sender_restrictions
 27 | #  -o smtpd_recipient_restrictions=
 28 | #  -o milter_macro_daemon_name=ORIGINATING
 29 | smtps     inet  n       -       -       -       -       smtpd
 30 |   -o syslog_name=postfix/smtps
 31 |   -o smtpd_tls_wrappermode=yes
 32 |   -o smtpd_sasl_auth_enable=yes
 33 |   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 34 | #  -o smtpd_client_restrictions=$mua_client_restrictions
 35 | #  -o smtpd_reject_unlisted_recipient=no
 36 | #  -o smtpd_helo_restrictions=$mua_helo_restrictions
 37 | #  -o smtpd_sender_restrictions=$mua_sender_restrictions
 38 | #  -o smtpd_recipient_restrictions=
 39 | #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 40 | #  -o milter_macro_daemon_name=ORIGINATING
 41 | #628       inet  n       -       -       -       -       qmqpd
 42 | pickup    unix  n       -       -       60      1       pickup
 43 | cleanup   unix  n       -       -       -       0       cleanup
 44 | qmgr      unix  n       -       n       300     1       qmgr
 45 | #qmgr     unix  n       -       n       300     1       oqmgr
 46 | tlsmgr    unix  -       -       -       1000?   1       tlsmgr
 47 | rewrite   unix  -       -       -       -       -       trivial-rewrite
 48 | bounce    unix  -       -       -       -       0       bounce
 49 | defer     unix  -       -       -       -       0       bounce
 50 | trace     unix  -       -       -       -       0       bounce
 51 | verify    unix  -       -       -       -       1       verify
 52 | flush     unix  n       -       -       1000?   0       flush
 53 | proxymap  unix  -       -       n       -       -       proxymap
 54 | proxywrite unix -       -       n       -       1       proxymap
 55 | smtp      unix  -       -       -       -       -       smtp
 56 | relay     unix  -       -       -       -       -       smtp
 57 | #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
 58 | showq     unix  n       -       -       -       -       showq
 59 | error     unix  -       -       -       -       -       error
 60 | retry     unix  -       -       -       -       -       error
 61 | discard   unix  -       -       -       -       -       discard
 62 | local     unix  -       n       n       -       -       local
 63 | virtual   unix  -       n       n       -       -       virtual
 64 | lmtp      unix  -       -       -       -       -       lmtp
 65 | anvil     unix  -       -       -       -       1       anvil
 66 | scache    unix  -       -       -       -       1       scache
 67 | #
 68 | # ====================================================================
 69 | # Interfaces to non-Postfix software. Be sure to examine the manual
 70 | # pages of the non-Postfix software to find out what options it wants.
 71 | #
 72 | # Many of the following services use the Postfix pipe(8) delivery
 73 | # agent.  See the pipe(8) man page for information about ${recipient}
 74 | # and other message envelope options.
 75 | # ====================================================================
 76 | #
 77 | # maildrop. See the Postfix MAILDROP_README file for details.
 78 | # Also specify in main.cf: maildrop_destination_recipient_limit=1
 79 | #
 80 | maildrop  unix  -       n       n       -       -       pipe
 81 |   flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
 82 | #
 83 | # ====================================================================
 84 | #
 85 | # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
 86 | #
 87 | # Specify in cyrus.conf:
 88 | #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
 89 | #
 90 | # Specify in main.cf one or more of the following:
 91 | #  mailbox_transport = lmtp:inet:localhost
 92 | #  virtual_transport = lmtp:inet:localhost
 93 | #
 94 | # ====================================================================
 95 | #
 96 | # Cyrus 2.1.5 (Amos Gouaux)
 97 | # Also specify in main.cf: cyrus_destination_recipient_limit=1
 98 | #
 99 | #cyrus     unix  -       n       n       -       -       pipe
100 | #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
101 | #
102 | # ====================================================================
103 | # Old example of delivery via Cyrus.
104 | #
105 | #old-cyrus unix  -       n       n       -       -       pipe
106 | #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
107 | #
108 | # ====================================================================
109 | #
110 | # See the Postfix UUCP_README file for configuration details.
111 | #
112 | uucp      unix  -       n       n       -       -       pipe
113 |   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
114 | #
115 | # Other external delivery methods.
116 | #
117 | ifmail    unix  -       n       n       -       -       pipe
118 |   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
119 | bsmtp     unix  -       n       n       -       -       pipe
120 |   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
121 | scalemail-backend unix	-	n	n	-	2	pipe
122 |   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
123 | mailman   unix  -       n       n       -       -       pipe
124 |   flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
125 |   ${nexthop} ${user}
126 | 
127 | 


--------------------------------------------------------------------------------
/etc/roundcube/config.inc.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | /*
 4 | +-----------------------------------------------------------------------+
 5 | | Local configuration for the Roundcube Webmail installation.           |
 6 | |                                                                       |
 7 | | This is a sample configuration file only containing the minimum       |
 8 | | setup required for a functional installation. Copy more options       |
 9 | | from defaults.inc.php to this file to override the defaults.          |
10 | |                                                                       |
11 | | This file is part of the Roundcube Webmail client                     |
12 | | Copyright (C) 2005-2013, The Roundcube Dev Team                       |
13 | |                                                                       |
14 | | Licensed under the GNU General Public License version 3 or            |
15 | | any later version with exceptions for skins & plugins.                |
16 | | See the README file for a full license statement.                     |
17 | +-----------------------------------------------------------------------+
18 | */
19 | 
20 | $config = array();
21 | 
22 | /* Do not set db_dsnw here, use dpkg-reconfigure roundcube-core to configure database ! */
23 | include_once("/etc/roundcube/debian-db-roundcube.php");
24 | 
25 | // The mail host chosen to perform the log-in.
26 | // Leave blank to show a textbox at login, give a list of hosts
27 | // to display a pulldown menu or set one host as string.
28 | // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
29 | // Supported replacement variables:
30 | // %n - hostname ($_SERVER['SERVER_NAME'])
31 | // %t - hostname without the first part
32 | // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
33 | // %s - domain name after the '@' from e-mail address provided at login screen
34 | // For example %n = mail.domain.tld, %t = domain.tld
35 | $config['default_host'] = 'localhost';
36 | 
37 | // SMTP server host (for sending mails).
38 | // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
39 | // If left blank, the PHP mail() function is used
40 | // Supported replacement variables:
41 | // %h - user's IMAP hostname
42 | // %n - hostname ($_SERVER['SERVER_NAME'])
43 | // %t - hostname without the first part
44 | // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
45 | // %z - IMAP domain (IMAP hostname without the first part)
46 | // For example %n = mail.domain.tld, %t = domain.tld
47 | $config['smtp_server'] = 'localhost';
48 | 
49 | // SMTP port (default is 25; use 587 for STARTTLS or 465 for the
50 | // deprecated SSL over SMTP (aka SMTPS))
51 | $config['smtp_port'] = 25;
52 | 
53 | // SMTP username (if required) if you use %u as the username Roundcube
54 | // will use the current username for login
55 | $config['smtp_user'] = '';
56 | 
57 | // SMTP password (if required) if you use %p as the password Roundcube
58 | // will use the current user's password for login
59 | $config['smtp_pass'] = '';
60 | 
61 | // provide an URL where a user can get support for this Roundcube installation
62 | // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
63 | $config['support_url'] = '';
64 | 
65 | // Name your service. This is displayed on the login screen and in the window title
66 | $config['product_name'] = 'Roundcube Webmail';
67 | 
68 | // this key is used to encrypt the users imap password which is stored
69 | // in the session record (and the client cookie if remember password is enabled).
70 | // please provide a string of exactly 24 chars.
71 | // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
72 | $config['des_key'] = '9Pisv22vwSXoEICSsaB8xn6E';
73 | 
74 | // List of active plugins (in plugins/ directory)
75 | // Debian: install roundcube-plugins first to have any
76 | $config['plugins'] = array(
77 | );
78 | 
79 | // skin name: folder from skins/
80 | $config['skin'] = 'larry';
81 | 
82 | // Disable spellchecking
83 | // Debian: spellshecking needs additional packages to be installed, or calling external APIs
84 | //         see defaults.inc.php for additional informations
85 | $config['enable_spellcheck'] = false;
86 | 


--------------------------------------------------------------------------------
/etc/security/limits.conf:
--------------------------------------------------------------------------------
 1 | # /etc/security/limits.conf
 2 | #
 3 | #Each line describes a limit for a user in the form:
 4 | #
 5 | #<domain>        <type>  <item>  <value>
 6 | #
 7 | #Where:
 8 | #<domain> can be:
 9 | #        - a user name
10 | #        - a group name, with @group syntax
11 | #        - the wildcard *, for default entry
12 | #        - the wildcard %, can be also used with %group syntax,
13 | #                 for maxlogin limit
14 | #        - NOTE: group and wildcard limits are not applied to root.
15 | #          To apply a limit to the root user, <domain> must be
16 | #          the literal username root.
17 | #
18 | #<type> can have the two values:
19 | #        - "soft" for enforcing the soft limits
20 | #        - "hard" for enforcing hard limits
21 | #
22 | #<item> can be one of the following:
23 | #        - core - limits the core file size (KB)
24 | #        - data - max data size (KB)
25 | #        - fsize - maximum filesize (KB)
26 | #        - memlock - max locked-in-memory address space (KB)
27 | #        - nofile - max number of open files
28 | #        - rss - max resident set size (KB)
29 | #        - stack - max stack size (KB)
30 | #        - cpu - max CPU time (MIN)
31 | #        - nproc - max number of processes
32 | #        - as - address space limit (KB)
33 | #        - maxlogins - max number of logins for this user
34 | #        - maxsyslogins - max number of logins on the system
35 | #        - priority - the priority to run user process with
36 | #        - locks - max number of file locks the user can hold
37 | #        - sigpending - max number of pending signals
38 | #        - msgqueue - max memory used by POSIX message queues (bytes)
39 | #        - nice - max nice priority allowed to raise to values: [-20, 19]
40 | #        - rtprio - max realtime priority
41 | #        - chroot - change root to directory (Debian-specific)
42 | #
43 | #<domain>      <type>  <item>         <value>
44 | #
45 | 
46 | #*               soft    core            0
47 | #root            hard    core            100000
48 | #*               hard    rss             10000
49 | #@student        hard    nproc           20
50 | #@faculty        soft    nproc           20
51 | #@faculty        hard    nproc           50
52 | #ftp             hard    nproc           0
53 | #ftp             -       chroot          /ftp
54 | #@student        -       maxlogins       4
55 | mysql soft nofile 65535
56 | mysql hard nofile 65535
57 | 
58 | # End of file
59 | 


--------------------------------------------------------------------------------
/etc/squirrelmail/config.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | /**
  4 |  * SquirrelMail Configuration File
  5 |  * Created using the configure script, conf.pl
  6 |  */
  7 | 
  8 | global $version;
  9 | $config_version = '1.4.0';
 10 | $config_use_color = 2;
 11 | 
 12 | $org_name      = "SquirrelMail";
 13 | $org_logo      = SM_PATH . 'images/sm_logo.png';
 14 | $org_logo_width  = '308';
 15 | $org_logo_height = '111';
 16 | $org_title     = "SquirrelMail $version";
 17 | $signout_page  = '';
 18 | $frame_top     = '_top';
 19 | 
 20 | $provider_uri     = 'http://squirrelmail.org/';
 21 | 
 22 | $provider_name     = 'SquirrelMail';
 23 | 
 24 | $motd = "";
 25 | 
 26 | $squirrelmail_default_language = 'en_US';
 27 | $default_charset       = 'iso-8859-1';
 28 | $lossy_encoding        = false;
 29 | 
 30 | $domain                 = trim(implode('', file('/etc/'.(file_exists('/etc/mailname')?'mail':'host').'name')));
 31 | $imapServerAddress      = 'localhost';
 32 | $imapPort               = 143;
 33 | $useSendmail            = false;
 34 | $smtpServerAddress      = 'localhost';
 35 | $smtpPort               = 25;
 36 | $sendmail_path          = '/usr/sbin/sendmail';
 37 | $sendmail_args          = '-i -t';
 38 | $pop_before_smtp        = false;
 39 | $pop_before_smtp_host   = '';
 40 | $imap_server_type       = 'dovecot';
 41 | $invert_time            = false;
 42 | $optional_delimiter     = 'detect';
 43 | $encode_header_key      = '';
 44 | 
 45 | $default_folder_prefix          = '';
 46 | $trash_folder                   = 'Trash';
 47 | $sent_folder                    = 'Sent';
 48 | $draft_folder                   = 'Drafts';
 49 | $default_move_to_trash          = true;
 50 | $default_move_to_sent           = true;
 51 | $default_save_as_draft          = true;
 52 | $show_prefix_option             = false;
 53 | $list_special_folders_first     = true;
 54 | $use_special_folder_color       = true;
 55 | $auto_expunge                   = true;
 56 | $default_sub_of_inbox           = false;
 57 | $show_contain_subfolders_option = false;
 58 | $default_unseen_notify          = 2;
 59 | $default_unseen_type            = 1;
 60 | $auto_create_special            = true;
 61 | $delete_folder                  = false;
 62 | $noselect_fix_enable            = false;
 63 | 
 64 | $data_dir                 = '/var/lib/squirrelmail/data/';
 65 | $attachment_dir           = '/var/spool/squirrelmail/attach/';
 66 | $dir_hash_level           = 0;
 67 | $default_left_size        = '150';
 68 | $force_username_lowercase = true;
 69 | $default_use_priority     = true;
 70 | $hide_sm_attributions     = false;
 71 | $default_use_mdn          = true;
 72 | $edit_identity            = true;
 73 | $edit_name                = true;
 74 | $hide_auth_header         = false;
 75 | $allow_thread_sort        = false;
 76 | $allow_server_sort        = false;
 77 | $allow_charset_search     = true;
 78 | $uid_support              = true;
 79 | 
 80 | $plugins[0] = 'view_as_html';
 81 | 
 82 | $theme_css = '';
 83 | $theme_default = 0;
 84 | $theme[0]['PATH'] = SM_PATH . 'themes/default_theme.php';
 85 | $theme[0]['NAME'] = 'Default';
 86 | $theme[1]['PATH'] = SM_PATH . 'themes/plain_blue_theme.php';
 87 | $theme[1]['NAME'] = 'Plain Blue';
 88 | $theme[2]['PATH'] = SM_PATH . 'themes/sandstorm_theme.php';
 89 | $theme[2]['NAME'] = 'Sand Storm';
 90 | $theme[3]['PATH'] = SM_PATH . 'themes/deepocean_theme.php';
 91 | $theme[3]['NAME'] = 'Deep Ocean';
 92 | $theme[4]['PATH'] = SM_PATH . 'themes/slashdot_theme.php';
 93 | $theme[4]['NAME'] = 'Slashdot';
 94 | $theme[5]['PATH'] = SM_PATH . 'themes/purple_theme.php';
 95 | $theme[5]['NAME'] = 'Purple';
 96 | $theme[6]['PATH'] = SM_PATH . 'themes/forest_theme.php';
 97 | $theme[6]['NAME'] = 'Forest';
 98 | $theme[7]['PATH'] = SM_PATH . 'themes/ice_theme.php';
 99 | $theme[7]['NAME'] = 'Ice';
100 | $theme[8]['PATH'] = SM_PATH . 'themes/seaspray_theme.php';
101 | $theme[8]['NAME'] = 'Sea Spray';
102 | $theme[9]['PATH'] = SM_PATH . 'themes/bluesteel_theme.php';
103 | $theme[9]['NAME'] = 'Blue Steel';
104 | $theme[10]['PATH'] = SM_PATH . 'themes/dark_grey_theme.php';
105 | $theme[10]['NAME'] = 'Dark Grey';
106 | $theme[11]['PATH'] = SM_PATH . 'themes/high_contrast_theme.php';
107 | $theme[11]['NAME'] = 'High Contrast';
108 | $theme[12]['PATH'] = SM_PATH . 'themes/black_bean_burrito_theme.php';
109 | $theme[12]['NAME'] = 'Black Bean Burrito';
110 | $theme[13]['PATH'] = SM_PATH . 'themes/servery_theme.php';
111 | $theme[13]['NAME'] = 'Servery';
112 | $theme[14]['PATH'] = SM_PATH . 'themes/maize_theme.php';
113 | $theme[14]['NAME'] = 'Maize';
114 | $theme[15]['PATH'] = SM_PATH . 'themes/bluesnews_theme.php';
115 | $theme[15]['NAME'] = 'BluesNews';
116 | $theme[16]['PATH'] = SM_PATH . 'themes/deepocean2_theme.php';
117 | $theme[16]['NAME'] = 'Deep Ocean 2';
118 | $theme[17]['PATH'] = SM_PATH . 'themes/blue_grey_theme.php';
119 | $theme[17]['NAME'] = 'Blue Grey';
120 | $theme[18]['PATH'] = SM_PATH . 'themes/dompie_theme.php';
121 | $theme[18]['NAME'] = 'Dompie';
122 | $theme[19]['PATH'] = SM_PATH . 'themes/methodical_theme.php';
123 | $theme[19]['NAME'] = 'Methodical';
124 | $theme[20]['PATH'] = SM_PATH . 'themes/greenhouse_effect.php';
125 | $theme[20]['NAME'] = 'Greenhouse Effect (Changes)';
126 | $theme[21]['PATH'] = SM_PATH . 'themes/in_the_pink.php';
127 | $theme[21]['NAME'] = 'In The Pink (Changes)';
128 | $theme[22]['PATH'] = SM_PATH . 'themes/kind_of_blue.php';
129 | $theme[22]['NAME'] = 'Kind of Blue (Changes)';
130 | $theme[23]['PATH'] = SM_PATH . 'themes/monostochastic.php';
131 | $theme[23]['NAME'] = 'Monostochastic (Changes)';
132 | $theme[24]['PATH'] = SM_PATH . 'themes/shades_of_grey.php';
133 | $theme[24]['NAME'] = 'Shades of Grey (Changes)';
134 | $theme[25]['PATH'] = SM_PATH . 'themes/spice_of_life.php';
135 | $theme[25]['NAME'] = 'Spice of Life (Changes)';
136 | $theme[26]['PATH'] = SM_PATH . 'themes/spice_of_life_lite.php';
137 | $theme[26]['NAME'] = 'Spice of Life - Lite (Changes)';
138 | $theme[27]['PATH'] = SM_PATH . 'themes/spice_of_life_dark.php';
139 | $theme[27]['NAME'] = 'Spice of Life - Dark (Changes)';
140 | $theme[28]['PATH'] = SM_PATH . 'themes/christmas.php';
141 | $theme[28]['NAME'] = 'Holiday - Christmas';
142 | $theme[29]['PATH'] = SM_PATH . 'themes/darkness.php';
143 | $theme[29]['NAME'] = 'Darkness (Changes)';
144 | $theme[30]['PATH'] = SM_PATH . 'themes/random.php';
145 | $theme[30]['NAME'] = 'Random (Changes every login)';
146 | $theme[31]['PATH'] = SM_PATH . 'themes/midnight.php';
147 | $theme[31]['NAME'] = 'Midnight';
148 | $theme[32]['PATH'] = SM_PATH . 'themes/alien_glow.php';
149 | $theme[32]['NAME'] = 'Alien Glow';
150 | $theme[33]['PATH'] = SM_PATH . 'themes/dark_green.php';
151 | $theme[33]['NAME'] = 'Dark Green';
152 | $theme[34]['PATH'] = SM_PATH . 'themes/penguin.php';
153 | $theme[34]['NAME'] = 'Penguin';
154 | $theme[35]['PATH'] = SM_PATH . 'themes/minimal_bw.php';
155 | $theme[35]['NAME'] = 'Minimal BW';
156 | $theme[36]['PATH'] = SM_PATH . 'themes/redmond.php';
157 | $theme[36]['NAME'] = 'Redmond';
158 | $theme[37]['PATH'] = SM_PATH . 'themes/netstyle_theme.php';
159 | $theme[37]['NAME'] = 'Net Style';
160 | $theme[38]['PATH'] = SM_PATH . 'themes/silver_steel_theme.php';
161 | $theme[38]['NAME'] = 'Silver Steel';
162 | $theme[39]['PATH'] = SM_PATH . 'themes/simple_green_theme.php';
163 | $theme[39]['NAME'] = 'Simple Green';
164 | $theme[40]['PATH'] = SM_PATH . 'themes/wood_theme.php';
165 | $theme[40]['NAME'] = 'Wood';
166 | $theme[41]['PATH'] = SM_PATH . 'themes/bluesome.php';
167 | $theme[41]['NAME'] = 'Bluesome';
168 | $theme[42]['PATH'] = SM_PATH . 'themes/simple_green2.php';
169 | $theme[42]['NAME'] = 'Simple Green 2';
170 | $theme[43]['PATH'] = SM_PATH . 'themes/simple_purple.php';
171 | $theme[43]['NAME'] = 'Simple Purple';
172 | $theme[44]['PATH'] = SM_PATH . 'themes/autumn.php';
173 | $theme[44]['NAME'] = 'Autumn';
174 | $theme[45]['PATH'] = SM_PATH . 'themes/autumn2.php';
175 | $theme[45]['NAME'] = 'Autumn 2';
176 | $theme[46]['PATH'] = SM_PATH . 'themes/blue_on_blue.php';
177 | $theme[46]['NAME'] = 'Blue on Blue';
178 | $theme[47]['PATH'] = SM_PATH . 'themes/classic_blue.php';
179 | $theme[47]['NAME'] = 'Classic Blue';
180 | $theme[48]['PATH'] = SM_PATH . 'themes/classic_blue2.php';
181 | $theme[48]['NAME'] = 'Classic Blue 2';
182 | $theme[49]['PATH'] = SM_PATH . 'themes/powder_blue.php';
183 | $theme[49]['NAME'] = 'Powder Blue';
184 | $theme[50]['PATH'] = SM_PATH . 'themes/techno_blue.php';
185 | $theme[50]['NAME'] = 'Techno Blue';
186 | $theme[51]['PATH'] = SM_PATH . 'themes/turquoise.php';
187 | $theme[51]['NAME'] = 'Turquoise';
188 | 
189 | $default_use_javascript_addr_book = false;
190 | $abook_global_file = '';
191 | $abook_global_file_writeable = false;
192 | $abook_global_file_listing = true;
193 | $abook_file_line_length = 2048;
194 | 
195 | $addrbook_dsn = '';
196 | $addrbook_table = 'address';
197 | 
198 | $prefs_dsn = '';
199 | $prefs_table = 'userprefs';
200 | $prefs_user_field = 'user';
201 | $prefs_key_field = 'prefkey';
202 | $prefs_val_field = 'prefval';
203 | $addrbook_global_dsn = '';
204 | $addrbook_global_table = 'global_abook';
205 | $addrbook_global_writeable = false;
206 | $addrbook_global_listing = false;
207 | 
208 | $no_list_for_subscribe = false;
209 | $smtp_auth_mech = 'none';
210 | $imap_auth_mech = 'login';
211 | $smtp_sitewide_user = '';
212 | $smtp_sitewide_pass = '';
213 | $use_imap_tls = false;
214 | $use_smtp_tls = false;
215 | $session_name = 'SQMSESSID';
216 | $only_secure_cookies     = true;
217 | $disable_security_tokens = false;
218 | $check_referrer          = '';
219 | $browser_rendering_mode  = 'quirks';
220 | 
221 | $config_location_base    = '';
222 | 
223 | @include SM_PATH . 'config/config_local.php';
224 | 
225 | 


--------------------------------------------------------------------------------
/etc/systemd/system/mysql.service.d/limits.conf:
--------------------------------------------------------------------------------
1 | [Service]
2 | LimitNOFILE=infinity


--------------------------------------------------------------------------------
/start.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # DOCKERPASS=$(openssl rand -base64 32)
 3 | # sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
 4 | if [ ! -z "$DEFAULT_EMAIL_HOST" ]; then
 5 | 	sed -i "s/^\(DEFAULT_EMAIL_HOST\) = .*$/\1 = '$MAILMAN_EMAIL_HOST'/g" /etc/mailman/mm_cfg.py
 6 | 	newlist -q mailman $(MAILMAN_EMAIL) $(MAILMAN_PASS)
 7 | 	newaliases
 8 | fi
 9 | if [ ! -z "$LANGUAGE" ]; then
10 | 	sed -i "s/^language=en$/language=$LANGUAGE/g" /root/ispconfig3_install/install/autoinstall.ini
11 | fi
12 | if [ ! -z "$COUNTRY" ]; then
13 | 	sed -i "s/^ssl_cert_country=AU$/ssl_cert_country=$COUNTRY/g" /root/ispconfig3_install/install/autoinstall.ini
14 | fi
15 | if [ ! -z "$HOSTNAME" ]; then
16 | 	sed -i "s/^hostname=server1.example.com$/hostname=$HOSTNAME/g" /root/ispconfig3_install/install/autoinstall.ini
17 | fi
18 | if [ ! -f /usr/local/ispconfig/interface/lib/config.inc.php ]; then
19 | 	mysql_install_db
20 | 	service mysql start \
21 | 	&& echo "UPDATE mysql.user SET Password = PASSWORD('pass') WHERE User = 'root';" | mysql -u root \
22 | 	&& echo "UPDATE mysql.user SET plugin='mysql_native_password' where user='root';" | mysql -u root \
23 | 	&& echo "DELETE FROM mysql.user WHERE User='';" | mysql -u root \
24 | 	&& echo "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" | mysql -u root \
25 | 	&& echo "DROP DATABASE IF EXISTS test;" | mysql -u root \
26 | 	&& echo "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';" | mysql -u root \
27 | 	&& echo "FLUSH PRIVILEGES;" | mysql -u root
28 | 	sed -i "s/^hostname=server1.example.com$/hostname=$HOSTNAME/g" /root/ispconfig3_install/install/autoinstall.ini
29 | 	# RUN mysqladmin -u root password pass
30 | 	service mysql start && php -q /root/ispconfig3_install/install/install.php --autoinstall=/root/ispconfig3_install/install/autoinstall.ini
31 | 	mkdir /var/www/html
32 | 	echo "" > /var/www/html/index.html
33 | 	rm -r /root/ispconfig3_install
34 | fi
35 | 
36 | 
37 | 
38 | screenfetch
39 | 
40 | /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
41 | 


--------------------------------------------------------------------------------
/supervisord.conf:
--------------------------------------------------------------------------------
 1 | [supervisorctl]
 2 | serverurl = unix:///tmp/supervisor.sock
 3 | 
 4 | [supervisord]
 5 | logfile=/var/log/supervisor/supervisor.log    ; supervisord log file
 6 | logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
 7 | logfile_backups=10                              ; number of backed up logfiles
 8 | loglevel=error                                  ; info, debug, warn, trace
 9 | pidfile=/var/run/supervisord.pid                ; pidfile location
10 | nodaemon=true                                   ; (start in foreground if true;default false)
11 | minfds=1024                                     ; number of startup file descriptors
12 | minprocs=200                                    ; number of process descriptors
13 | user=root                                       ; default user
14 | childlogdir=/var/log/supervisor/               ; where child log files will live
15 | ;umask=022                  ; (process file creation umask;default 022)
16 | ;identifier=supervisor       ; (supervisord identifier, default is 'supervisor')
17 | ;directory=/tmp              ; (default is not to cd during start)
18 | ;nocleanup=true              ; (don't clean up tempfiles at start;default false)
19 | ;childlogdir=/tmp            ; ('AUTO' child log dir, default $TEMP)
20 | ;environment=KEY=value       ; (key value pairs to add to environment)
21 | ;strip_ansi=false            ; (strip ansi escape codes in logs; default false)
22 | logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
23 | pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
24 | 
25 | [program:sshd]
26 | command=/usr/sbin/sshd -D
27 | autorestart=true
28 | 
29 | [program:mysql]
30 | command=/usr/bin/pidproxy /var/run/mysqld/mysqld.pid /usr/sbin/mysqld
31 | autorestart=true
32 | 
33 | [program:postfix]
34 | process_name = master
35 | directory = /etc/postfix
36 | command = /usr/sbin/postfix -c /etc/postfix start
37 | startsecs = 0
38 | autorestart = false
39 | 
40 | [program:rsyslogd]
41 | command=/usr/sbin/rsyslogd -n
42 | process_name=%(program_name)s
43 | autostart=true
44 | autorestart=true
45 | user=root
46 | directory=/
47 | priority=912
48 | stdout_logfile=/var/log/%(program_name)s-stdout.log
49 | stderr_logfile=/var/log/%(program_name)s-stderr.log
50 | 
51 | [program:cron]
52 | command = /usr/sbin/cron -f
53 | stdout_logfile = /var/log/%(program_name)s-stdout.log
54 | stderr_logfile = /var/log/%(program_name)s-stderr.log
55 | autorestart = true
56 | 
57 | [program:bind9]
58 | command=/usr/sbin/named -c /etc/bind/named.conf -u bind -f
59 | 
60 | [program:apache2]
61 | command=/bin/bash -c "source /etc/apache2/envvars && rm -f -r /run/apache2/* && exec /usr/sbin/apache2 -DFOREGROUND"
62 | 
63 | [program:fail2ban]
64 | command = /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock
65 | 
66 | [program:dovecot]
67 | command=/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf -F
68 | autorestart=true
69 | 
70 | [program:mailman]
71 | command=/usr/lib/mailman/bin/mailmanctl start
72 | autorestart=true
73 | 
74 | [program:pureftpd]
75 | command=/usr/sbin/pure-ftpd-mysql-virtualchroot -p 30000:30009 -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -D -A -H -b -8 UTF-8 -E -u 1000 -O clf:/var/log/pure-ftpd/transfer.log
76 | stdout_logfile=/var/log/ftpserver.log
77 | stderr_logfile=/var/log/ftpserver.log
78 | autorestart=true
79 | 


--------------------------------------------------------------------------------