There is a new version of this tutorial available for Debian 8 (Jessie).

The Perfect Server - Debian Wheezy (nginx, BIND, Dovecot, ISPConfig 3) - Page 3

4 Install The SSH Server (Optional)

If you did not install the OpenSSH server during the system installation, you can do it now:

apt-get install ssh openssh-server

From now on you can use an SSH client such as PuTTY and connect from your workstation to your Debian Wheezy server and follow the remaining steps from this tutorial.


5 Install vim-nox (Optional)

I'll use vi as my text editor in this tutorial. The default vi program has some strange behaviour on Debian and Ubuntu; to fix this, we install vim-nox:

apt-get install vim-nox

(You don't have to do this if you use a different text editor such as joe or nano.)


6 Configure The Network

Because the Debian Wheezy installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address (please note that I replace allow-hotplug eth0 with auto eth0; otherwise restarting the network doesn't work, and we'd have to reboot the whole system):

vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static

Then restart your network:

/etc/init.d/networking restart

Then edit /etc/hosts. Make it look like this:

vi /etc/hosts       localhost.localdomain   localhost     server1

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Now run

echo > /etc/hostname
/etc/init.d/ start

Afterwards, run

hostname -f

It is important that both show now!


7 Update Your Debian Installation

First make sure that your /etc/apt/sources.list contains the wheezy-updates repository (this makes sure you always get the newest updates for the ClamAV virus scanner - this project publishes releases very often, and sometimes old versions stop working), and that the contrib and non-free repositories are enabled (some packages such as libapache2-mod-fastcgi are not in the main repository).

vi /etc/apt/sources.list

deb wheezy main contrib non-free
deb-src wheezy main contrib non-free

deb wheezy/updates main contrib non-free
deb-src wheezy/updates main contrib non-free

# wheezy-updates, previously known as 'volatile'
deb wheezy-updates main contrib non-free
deb-src wheezy-updates main contrib non-free


apt-get update

to update the apt package database and

apt-get upgrade

to install the latest updates (if there are any).


8 Change The Default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

dpkg-reconfigure dash

Use dash as the default system shell (/bin/sh)? <-- No

If you don't do this, the ISPConfig installation will fail.


9 Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run

apt-get install ntp ntpdate

and your system time will always be in sync.


10 Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils

We can install Postfix, Dovecot, MySQL, rkhunter, and binutils with a single command:

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo

You will be asked the following questions:

General type of mail configuration: <-- Internet Site
System mail name: <--
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

Next open the TLS/SSL and submission ports in Postfix:

vi /etc/postfix/

Uncomment the submission and smtps sections as follows (leave -o milter_macro_daemon_name=ORIGINATING as we don't need it):

submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

Restart Postfix afterwards:

/etc/init.d/postfix restart

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =

vi /etc/mysql/my.cnf

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           =

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      26796/mysqld



11 Install Amavisd-new, SpamAssassin, And Clamav

To install amavisd-new, SpamAssassin, and ClamAV, we run

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin to free up some RAM:

/etc/init.d/spamassassin stop
update-rc.d -f spamassassin remove

Share this page:

Suggested articles

3 Comment(s)

Add comment



You should use  insserv -rf spamassassin instead of update-rc.d -f spamassassin remove

From: Arthur


Why do I need to change the configuration for a static IP address? Why not suitable DHCP?


I have been setting a few of these as Proxmox OpenVZ VMs.

Before diving into this tutorial:

Basically, you start out by downloading the current Wheezy OpenVZ template (at the time of this writing that's 7.0.2) and creating an openVZ container. Once that is up and running and reachable from the outside world, you can come back to the perfect server tutorial.

Since your virtual machine is already up and running, you can skip over the installation/setup parts. I'm assuming if you're setting up a VM, you already know how to set up your network, and can assign an IP to the VM through venet. Setting all this up would be part of a proxmox tutorial, and goes beyond what makes sense here.

Basically, after skipping the installation steps of this manual, you start directly with step 7 ("Update Your Debian Installation"), and right after that, continue with:


apt-get install console-data keyboard-configuration

This should bring up debconfig with a menu where you can configure your keyboard layout. Pick the keyboard layout you wish to use here.


dpkg-reconfigure locales

Here you choose which locales your system should use. The debian template seems to not set any default here. In my case, I choose both of these:


Personally, I then set de_DE.UTF-8 as my default locale (German). If you're from the US, you can of course simply not install this locale at all. If you're from the UK, you might prefer to install and select en_GB.UTF-8, etc. - use your common sense here.


dpkg-reconfigure tzdata

This is to configure your timezone. By default, your server will use UTC time. This may be fine for you. If not, you can choose a different timezone here (e.g. "Europe/Berlin" for a server in Germany).

You can now continue with step 8 of the perfect server tutorial.