Postfix on bare CentOS install


Starting from scratch with a new CentOS 7 Linode, I found that iptables is set by default to block (although not reject) packets to the IMAP and POP3 services.

Rackspace has a good primer on setting up Dovecot that includes these instructions, but here's the short answer:

sudo iptables -I INPUT 2 -p tcp --dport 587 -j ACCEPT sudo iptables -I INPUT 3 -p tcp --dport 110 -j ACCEPT sudo iptables -I INPUT 4 -p tcp --dport 143 -j ACCEPT sudo iptables -I INPUT 5 -p tcp --dport 993 -j ACCEPT sudo iptables -I INPUT 6 -p tcp --dport 995 -j ACCEPT sudo /etc/init.d/iptables save sudo /etc/init.d/iptables restart

That adds a rule to accept the IMAP and POP ports, both the regular and SSL versions. Then we save the chain table and restart iptables. Now you should be able to get in: $ telnet imap Trying Connected to Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.

eGroupware with Virtualmin and CentOS 6


First, you will need the php-mcrypt module which is no longer provided in RHEL6 or Centos 6. For that, you must install the EPEL (Extra Packages for Enterprise Linux) library. As root, follow the instructions here as follows:

rpm -Uvh

(Do not use that command verbatim without double-checking the link above!). Then --

Following the instructions here

but changing the wget to:


then, noting capitazliation:

yum install eGroupware

which should say (amongst much other):

Installed: eGroupware.noarch 0:

The software installs into /usr/share/groupware

I had to edit two parameters in my php.ini file.

Note that with Virtualmin, it is not /etc/php.ini to modify but rather the one for the domain in which you are running eGroupware. If your domain is a Virtualmin subdomain, the actual file might be:


You can find the exact location by creating a file, let's say foo.php, within your public_html directory, and having the following contents:

<?php phpinfo(); ?>

Then look for the value of Loaded Configuration File... that is the php.ini file to edit.

Once you have located the right php.ini file, change:

upload_max_filesize = 16M

and un-commenting and modifying the line:

date.timezone = "America/Phoenix"

...and restart Apache:

sudo service httpd restart

Now, rather than write an Apache alias (which caused me problems with PHP files being returned as plaintext instead of executable code), I set a symlink:

ln -s /usr/share/egroupware public_html/egroupware

The RPM install of eGroupware sets a link from /usr/share/egroupware/ to ../../../var/lib/egroupware/ ... which should be actually in /var itself... thus, presumably, avoiding an RPM update from overwriting your config file. However this may cause problems with permissions. For me, I created the file but found that the directory /var/lib/egroupware was set to owner apache with no read or execute (i.e., list-directory) permissions for anyone else. This did the trick:

sudo chmod 755 /var/lib/egroupware sudo chmod 644 /var/lib/egroupware/

With that done, direct your web browser to and you should see the setup screen.

Note that you can have multiple domains with the single instance of egroupware. We could be fancy and call this a "multi-tenant" install. To do this, remove the "default" domain and add,, and so on.

Copy the text of the created and paste it into /usr/share/egroupware/ (which is actually /var/lib/egroupweare/

In your domain's root directory (the one above public_html), create a directory egw that will contain the files and backup directories:

mkdir egw mkdir egw/files mkdir egw/backup chown youruser:apache -R egw/

and configure eGroupware to use, for example, /home/maindomain/domains/ and /home/maindomain/domains/ as its directories.

At that point, you should be up and running!

Virtualmin and Quotas


Loaded Virtualmin onto a Linode running Centos 6. Ran into some errors when trying to add a domain:

Failed to create virtual server : setquota: Cannot stat() mounted device /dev/root: No such file or directory setquota: Mountpoint (or device) / not found or has no quota enabled. setquota: Not all specified mountpoints are using quota.

And indeed, from a root prompt:

# <strong>quotaon -p -a</strong>
quotaon: Cannot stat() mounted device /dev/root: No such file or directory
group quota on /home (/dev/xvdc) is off
user quota on /home (/dev/xvdc) is off

Hmm, yep, that's the same error. This thread on Virtualmin's forum was a big clue, here's the first step to resolution:

# <strong>mount</strong>
/dev/xvda on / type ext3 (rw,noatime,grpquota,errors=remount-ro,usrquota)

Right, so our root / partition is indeed on /dev/xvda so we can create the missing symbolic link:

# <strong>ln -s /dev/xvda /dev/root</strong>
# <strong>quotaon -a</strong>
quotaon: cannot find /home/ on /dev/xvdc [/home]
quotaon: cannot find /home/aquota.user on /dev/xvdc [/home]

Good, no error message. But things are still not working yet:

# <strong>quotaon /home</strong>
quotaon: cannot find /home/ on /dev/xvdc [/home]
quotaon: cannot find /home/aquota.user on /dev/xvdc [/home]

Before proceeding, in /etc/fstab please be sure "usrquota" and "grpquota" are in the options line:

/dev/xvdc  /home  ext3  grpquota,errors=remount-ro,usrquota,grpquota,noatime,rw  0  1

Now, instead of going thru a dozen cryptic commands, go back to Webmin (if Virtualmin is up, click Webmin on the top line). Open the System tab and then Disk Quotas. You should see the /home partition listed, and it probably says that quotas are not active. Simply hit "Enable Quotas" and the display should change to:

*Filesystem *

*Type *

*Mounted From *

*Status *

*Action *

/home (users) /home (groups)

Linux Native Filesystem

Xen device C

User and Group Quotas Active

Disable Quotas


Virtualmin and Centos 6 on a Linode


Ready to move your hosted websites to a new a Virtualmin + LAMP (Linux/Apache/MySQL/Perl-PHP) server on a Linode? Here's the steps to get everything working smoothly with a minimum of hassle:

Initial Preparation

First, starting with a freshly provisioned CentOS install, ssh into the root account. Let's see what we actually have for a distribution:

$ cat /etc/issue
CentOS Linux release 6.0 (Final)
Kernel r on an m

First, create regular user accounts for the administrators, and disable direct root login. We will place these administrators into the 'wheel' group so they can sudo, and also create a developer group:

# groupadd devel
# useradd -c "Winston Smith" -g devel --groups wheel -m -s /bin/bash wsmith

Use the visudo* *command to edit the /etc/sudoers file, removing the leading # to un-comment this line:

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

Now, set a password for yourself:

# passwd wsmith

The logout, and ssh back in as wsmith

If you haven't read the Linode Security Basics article, now's a good time. At the very least, disable root logins by editing the /etc/ssh/sshd_config file to modify the PermitRootLogin option as follows:

PermitRootLogin no

Then restart ssh:

$ sudo service sshd restart

I also recommend fail2ban, which should reduce the clutter and risk of repeated ssh attacks:

$ sudo yum install fail2ban
$ sudo chkconfig --level 23 fail2ban on
$ sudo service fail2ban start

Next, edit /etc/sysconfig/network and change the hostname. If there is no HOSTNAME line, add one with your desired machine name in your domain; it should look like:

That file is read at boot, so you might also want to set the hostname for the current session:


$ sudo hostname `

Be sure that your DNS server has an A Record with that exact name, pointing to your new server.

Install Updates before Virtualmin

Now we will update the base system --


$ sudo yum update `

We haven't installed PHP and MySQL yet, but let's see what versions will be installed from our currently selected repositories:

$ yum search php
Loaded plugins: fastestmirror
============================================ Matched: php ============================================
php.i686 : PHP scripting language for creating dynamic web sites
php-bcmath.i686 : A module for PHP applications for using the bcmath library
php-cli.i686 : Command-line interface for PHP
php-common.i686 : Common files for PHP
$ yum list php
Loaded plugins: fastestmirror
Available Packages
mysql.i686             5.1.52-1.el6_0.1    updates
php.i686               5.3.2-6.el6_0.1     updates

OK, well that's not the latest, but Centos assures us (as of mid-October 2011) that Centos 6.1 will have updates. Meantime, the folks at Centos recommend the use of the Continuous Release (CR) repository, see this article.

$ sudo yum install centos-release-cr
$ sudo yum update

That installed, on my system, 144 new and updated packages. Now let's see what that will do for us in terms of PHP and MySQL:

$ yum list php mysql
Loaded plugins: fastestmirror
Available Packages
mysql.i686              5.1.52-1.el6_0.1   updates
php.i686                5.3.3-3.el6        cr

Ah, a nice fresh version of PHP. Before going much further, I find it convenient to also install the console version of emacs for editing, and the 'screen' package for multi-virtual-screen remote administration:


$ sudo yum install emacs-nox screen `

Load Virtualmin

Download the script from into /usr/src ... and then execute it:


$ sudo bash # cd /usr/src # wget



That may take some time indeed! Eventually you should see:

INFO - Updating SpamAssassin rules...
INFO - Rule updates done
[root@linode1 src]#

Once it completes, login, as root, to your new virtualmin configuration at your linode's address: .. and then read the next part of this article.

Useful Tools

sudo yum install emacs-nox screen

For PHP with Graphics support

sudo yum install gd php-gd ImageMagick ImageMagick-devel php-devel httpd-devel
sudo pecl install imagick
<em>(and, as root) </em>echo "" > /etc/php.d/imagick.ini
sudo apachectl graceful

The php-devel module is required for loading ImageMagick into PHP; without it, you will get phpize: command not found. Note that the pecl command above actually compiles some code, so you need the gcc compilers and the various development modules.

Webmin and fail2ban

If you ever use Webmin to edit your firewall rules, you should be sure to do this last step. It's also handy if you lock yourself out of your secure shell, to be able to do a one-time reset of fail2ban's rules from the webmin interface.

Login to Webmin. Under Networking, on the “Linux Firewall” main page, click Module Config in the upper-left of the pane. On the configuration page, in the “Configurable options” section, look for the line “Command to run after applying configuration.” Click the button next to the text box on that line, and in the text box enter service fail2ban restart and then click the Save button at the bottom of the page. Now, whenever you click “Apply Configuration” on the Firewall rule page, it will automatically restart fail2ban.

Updating Subversion in Centos 5.5


Interacting with modern Subversion repositories requires a modern copy. Centos 5.5, and other previous versions however, have rather old copies. My server reported (typed text underlined) --

# <span style="text-decoration: underline;">rpm -qa|grep subversion</span>

The first step is to disable the yum-priorities plugin, if you are using it. If it exists, edit the file /etc/yum/pluginconf.d/priorities.conf and set enabled=0 -- you may want to change it back after you are done here.

Now let's see which subversion we have installed.

<code>  $ rpm -qa|grep subversion

Ah, right. Version 1.4.2 ... We want at least 1.5.

Install the rpmforge repository, following the CentOS instructions. There are the commands I used, you will want to verify the latest version.

# <span style="text-decoration: underline;">wget</span>
# <span style="text-decoration: underline;">rpm --import</span>
# <span style="text-decoration: underline;">rpm -K rpmforge-release-0.5.2-2.el5.rf.*.rpm</span>
# <span style="text-decoration: underline;">rpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpm</span>

RPMs that overwrite base CentOS modules have been removed from the main rpmforge repository, and put into the rpmforge-extras repository. Unfortunately that is disabled by default, and it is less than obvious how to enable it. The setting is in /etc/yum.repos.d/rpmforge.repo ... Look for this stanza and change the enabled line:

name = RHEL $releasever - - extras
baseurl =$basearch/extras
mirrorlist =
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge-extras
<strong>enabled = 1</strong>
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1

After this, you can just do a regular yum update or you can manually do just the one:

<pre style="padding-left: 30px;"><code>$ yum --enablerepo=rpmforge check-update subversion
subversion   </code>subversion-1.6.15-0.1.el5.rfx<code>         rpmforge