The Perfect Server - Debian Lenny (Debian 5.0) With MyDNS & Courier [ISPConfig 3] - Page 3

4 Install The SSH Server

Debian Lenny does not install OpenSSH by default, therefore we do it now. Run

apt-get install ssh openssh-server

From now on you can use an SSH client such as PuTTY and connect from your workstation to your Debian Lenny server and follow the remaining steps from this tutorial.


5 Install vim-nox (Optional)

I'll use vi as my text editor in this tutorial. The default vi program has some strange behaviour on Debian and Ubuntu; to fix this, we install vim-nox:

apt-get install vim-nox

(You don't have to do this if you use a different text editor such as joe or nano.)


6 Configure The Network

Because the Debian Lenny installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address (please note that I replace allow-hotplug eth0 with auto eth0; otherwise restarting the network doesn't work, and we'd have to reboot the whole system):

vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static

Then restart your network:

/etc/init.d/networking restart

Then edit /etc/hosts. Make it look like this:

vi /etc/hosts       localhost.localdomain   localhost     server1
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Now run

echo > /etc/hostname
/etc/init.d/ start

Afterwards, run

hostname -f

It is important that both show now!


7 Update Your Debian Installation

First make sure that your /etc/apt/sources.list contains the debian-volatile repository (this makes sure you always get the newest updates for the ClamAV virus scanner - this project publishes releases very often, and sometimes old versions stop working).

vi /etc/apt/sources.list
deb lenny/volatile main contrib non-free


apt-get update

to update the apt package database and

apt-get upgrade

to install the latest updates (if there are any).


8 Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run

apt-get install ntp ntpdate

and your system time will always be in sync.


9 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils

We can install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, and binutils with a single command:

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils sudo

You will be asked the following questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <--
SSL certificate required <-- Ok

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =

vi /etc/mysql/my.cnf
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           =

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      6612/mysqld

During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname ( in this tutorial), delete the certificates...

cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem

... and modify the following two files; replace CN=localhost with (you can also modify the other values, if necessary):

vi /etc/courier/imapd.cnf
vi /etc/courier/pop3d.cnf 

Then recreate the certificates...


... and restart Courier-IMAP-SSL and Courier-POP3-SSL:

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

Share this page:

Suggested articles

23 Comment(s)

Add comment


By: Croydon

Just to be sure:

I learned some time ago that you should only put the hostname and not the fqdn into /etc/hostname, so that the command "hostname" shows "server1" and the command "hostname --fqdn" shows "".

So, what is the correct or better solution?

By: Anonymous

See what adapter name you're using instead of eth0:


By: Haasfos

I did this

vi /etc/network/interfaces

Networking is down

Restart with /etc/init.d/networking restart gifs lots of errors  "No such device"  Failed to bring up eth0

When I remove the line "auto eth0" it starts but not working network and internet


The tutorial is perfect, really perfect. If you cannot get it to work, it means you've skipped something or sone something wrong. Besides, try to use your own brain, don't just copy and paste...

By: Anonymous

ERROR: Unable to load SQL-Dump into database table.

By: heil

Failed to fetch 404 Not Found Failed to fetch 404 Not Found Failed to fetch 404 Not Found Failed to fetch 404 Not Found Failed to fetch 404 Not Found Failed to fetch 404 Not Found Failed to fetch 404 Not Found Failed to fetch 404 Not Found


your tutorial is not perfect and not good

By: admin

Yes, I know, it's always my fault...


apt-get update

and try again.

By: Anonymous

Hey im really new to this.. I was wondering how you would go about commenting out stuff Im using terminal and I cant seem to edit anything



We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =




By: Anonymous

please add that ntp must be configured for the right time, 

 --> /etc/ntp.conf




By: A better pool of ntp servers to use




See for more information on the network time server pool.


By: Alinutz

postfix is instaled only if you have this sources.list


deb lenny/updates main
deb-src lenny/updates main

deb lenny/volatile main
deb-src lenny/volatile main
deb stable main contrib non-free
deb stable/updates main contrib non-free

# official Debian archives
deb stable/updates main contrib non-free
deb stable main contrib non-free
deb testing main contrib non-free
deb unstable main contrib non-free
#deb-src unstable main contrib non-free


then  apt-get update


then  apt-get upgrade



I had the exact same problem, so I changed my /etc/apt/sources.list to: 

# deb cdrom:[Debian GNU/Linux 5.0.1 _Lenny_ - Official i386 CD Binary-1 20090413-00:10]/ lenny main

deb cdrom:[Debian GNU/Linux 5.0.1 _Lenny_ - Official i386 CD Binary-1 20090413-00:10]/ lenny main

deb lenny/updates main
deb-src lenny/updates main

deb lenny/volatile main
deb-src lenny/volatile main
deb stable main contrib non-free
deb stable/updates main contrib non-free


And that did it for me, hope it helps... 

By: Dannyboyd

THANKS to Falko and how to forge -

Its very a great guide - I have taken advantage of your guides and learned Linux the past 2-3 years. I have been working with windows servers , so this is really a great help to build a good Linux server. 

And thoose who still cant make it anyway should never work with servers - so its really a good question why you try and why you complain - Its very close to a step by step guide and if someone dont understand - "Try also to use google and your brain" - and instead of complaining you could make your own guide if you can do better.

So its a good guide and its for free - 

I have learned Linux from reading the guides from Falkotimme and others and now I have my own server hosting homepages for my customers....

I have some danish friends who have also giving me advice online - but Falko is my Guru.
Whenever I install a new Linux I will start with a guide from how to forge- use google  and my own notes.

I have been trying to find an good control panel - I tried Gnupanel , Cpanel and others - but they are awfull and have messed up my server. I thin maybe I would like to buy one control panel for debian that is working well and one simple.

So if someone can recommend a good control panel my server will become a complete webhotel , or just close. I am satisfied with this help i get here.

..Dennis ,,(dannyboyd)  


I am concerned that you say to open up mysql for queries from anywhere on the 'net without the blink of an eye.

This creates a pretty significant security vulnerability it seems to me, and why?  There is no explanation for why other hosts should be able to query mysql.

By: triple5

It is true, I also think that this should not be said without telling, why you would do that. He probably opened mysql to other hosts, in order to provide for the possibillity of a multiserver setup with dedicated hosts for mysql etc. I would also enable mysql only for localhost...


The tutorial doesn't change the postfix SSL-key. The default-one is useless, though.

The same author also did this tutorial (german):

There you find this commands to create a new one:

cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509

Country Name (2 letter code) [AU]: <-- Enter your country (z.B. “DE”).
State or Province Name (full name) [Some-State]: <-- Enter your state.
Locality Name (eg, city) []: <-- Enter your city.
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- e.g. name of your company.
Organizational Unit Name (eg, section) []: <-- e.g. department name.
Common Name (eg, YOUR name) []: <-- Fully Qualified Domain Name of your server (e.g. “”).
Email Address []: <-- your email address.

Change privileges of smtpd.key:

chmod o= /etc/postfix/smtpd.key


When he says to change the CN on the section for pop and smtp, he said you can change information there as well. If you look in the file, all the information that was supposed to be changed by his last guide's commands is right there, an if you change all that, then when you follow through with the mkimapdcert and mkpop3dcert commands all that will be handled.


I noticed some people have problems connecting to Internet (for instance) .If you do do this:
ifconfig -a

and see if your eth0 has an IP address.

If you are getting your IP from DHCP you can run dhclient or dhclient3 

to get a new IP address.

If your eth0 does NOT exist do;

tunctl -t tun0

to create a vpn type virtual NIC then give it an address by;

ifconfig tun0 inet netmask mtu 1500 up

(dont put a dot after last 0)  .

Now of course (I used 1) but if your DHCP is set to give addresses at 192.168.0.X then use  0 .X

LOOK AT THE REPLY where they tell you to edit your /etc/apt/sources.lst to correct the errors in apt-get ????

Don't blame the instructions for the problems that may pre exist or arise please.


In any case if you do not have an eth0 or eth1 and you did before you may need to reboot

if the problem persists then go back and undo changes to your /etc/network/interfaces file


all it was (it used to be like this):

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp

That is it!

re-run networking or reboot.

I am a noob but I enjoy  learning new things. it is not "the end of the world as we know it".


just be cool relax and enjoy!


Thanks to Falko\


After completing step 9, it shows this warning

[quote]To enable saslauthd, edit /etc/default/saslauthd and set START=yes (warning).[/quote]


its used to auto start saslauthd at system startup...



By: suzeFan

If you want to use a commercial WebHosts SMTP for EMail-Routing, you will need authentification . Here is a really good tutorial how to perform this:

Works great for me (as well as this tutorial here 8-)).

Hint to falko: Could be added here as well ;-)

Only thing I miss now in ISPConfig is a way to direct certain SMTP for certain mail accounts.



By: Miguelp

I've followed this tutorial, and overall it's Ok i've got allmost everything working fine, exept for email.

I can see the squirrelmail login page when i do www.domain.tld/webmail, i'm able to login using the accounts i create inside ispconfig.

What's missing, i cannot get nor send messages to any email.

I've tryed to send an email from a gmail account to one of the new emails created, and it fails sending, i cannot recieve, tryed the other way around, send an email from the new email to a gmail account it dosent get there, so at the moment i cant send nor recieve emails.

How do i fix this? i'm a newbie, configuring servers.


Thanks in advance.

By: Anonymous

Thank you so much!

 A few blips here and there - but it is finally working :)


By: Anonymous

Hello guys, I really need some help now. The tutorial here is really good to follow but i did wrong in the installation routine. In the step, where u choose to negate the question "Create directories for web-based administration?", I clicked on yes. I remove the packages in this step several time and reinstalled them, but i didnt get the window again to ask me this sentence. How can i change the option I've made? To "No".