Fail2ban uses iptables by default to block incoming connections when they exceed the max. login retries. The iptables rules used by fail2ban might conflict with other firewall rules, so it might be necessary to reconfigure fail2ban to use the route command for blocking incoming connections. Fail2ban ban using route command To reconfigure fail2ban for using ... Read more
If all your visitors shall access your website with a URL like www.domain.com and not without www, use the following apache rewrite rule for redirecting them. RewriteEngine On RewriteCond %{HTTP_HOST} !^www RewriteRule (.*) http://www.%{HTTP_HOST}$1 [L,R] The apache rewrite rule can be added in a .htaccess file in the website root directory or if you use ... Read more
This tutorial explains how to change your DNSSEC algorithm for a DNS zone managed by ISPConfig 3. In this case, the current algorithm is 7 (NSEC3RSASHA1), and we will be moving to algorithm 13 (ECDSAP256SHA256) Log in to the panel and open the settings for the zone. Enable the new algorithm, but DON'T disable the ... Read more
When a server has more than one IP address, then postfix will use all IP addresses randomly to send out emails. This can cause your emails to be listed as SPAM on other servers because the sending IP does not match the reverse IP of the server hostname. The solution is to bind postfix to ... Read more
If you use postfix and / or amavisd-new on the mail server, you can use the following recipes to block emails with executable (exe, bat, scr) attachments. Block the attachments with a postfix header filter In ISPConfig, click on "Email in the upper menu, then on "Content filter" in the left menu and click on ... Read more
NOTE: This post is about ISPConfig 3.0 and not 3.1 and newer. ISPConfig 3.1 and newer has DKIM support builtin, you can simply enable DKIM in ISPConfig 3.1 GUI now for the mail domain. DKIM is a system to verify the sender and integrity of emails. ISPConfig 3 uses amavisd-new as content filter for spam ... Read more
The pure-ftp daemon by default has a recursion limit of 2000 files, this prevents the server from showing more then 2000 files when you browse a directory with an FTP client. To expand this Limit to e.g 5000 files, create or edit the file /etc/pure-ftpd/conf/LimitRecursion and add a line "5000 500". The first number is the ... Read more
If you use mod_security on your server you might encounter that a website script is not compatible with mod_security. To disable mod_security (v2) for a website, add the following code into the apache directives field: <IfModule mod_security2.c> SecRuleEngine Off </IfModule> For the older mod_security 1 version, use these configuration directives: <IfModule mod_security.c> SecFilterEngine Off </IfModule> ... Read more
This tutorial describes the steps to renew the SSL Certificate of the ISPConfig 3 control panel. There are two alternative ways to achieve that: Create a new OpenSSL Certificate and CSR on the command line with OpenSSL. Renew the SSL Certificate with the ISPConfig updater I'll start with the manual way to renew the ssl ... Read more
ISPConfig 3 has two different configuration files, one for the server part and one for the interface. ISPConfig 3 Interface The config file location is: /usr/local/ispconfig/interface/lib/config.inc.php ISPConfig 3 Server The config file location is: /usr/local/ispconfig/server/lib/config.inc.php The MySQL root password that is used to create new MySQL databases only is stored in the file: /usr/local/ispconfig/server/lib/mysql_clientdb.conf