After the installation of an OS, for example Debian, following one of the excellent "perfect servers" how-tos and then installing ISPConfig3, there are a few more things I consider to be essential: - install Mod_Security. This can be skipped if you use only software that is guaranteed to be secure. Mod_security needs some work for fine-tuning, but if you run a hosting environment for clients or if you use opensource software, Mod_Security might save you more than just a couple bucks... - install the PEAR mail package Most if not almost all software packages involving mailing to users make use of the PHP mail()/sendmail function. The problem with this is that regardless of all your efforts using SPF and setting PTRs, your mail will be stopped by spamfilters of all major email providers because it was not sent using SMTP auth. PEAR provides a simple way for sending mail using SMTP auth, so you increase your website's reach.