The Perfect Server - Ubuntu 12.04 LTS (Apache2, BIND, Dovecot, ISPConfig 3) - Page 4

12 Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils

We can install Postfix, Dovecot, MySQL, rkhunter, and binutils with a single command:

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo

You will be asked the following questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
General type of mail configuration: <-- Internet Site
System mail name: <--

Next open the TLS/SSL and submission ports in Postfix:

vi /etc/postfix/

Uncomment the submission and smtps sections (leave -o milter_macro_daemon_name=ORIGINATING as we don't need it):

submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

Restart Postfix afterwards:

/etc/init.d/postfix restart

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =

vi /etc/mysql/my.cnf

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           =

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      21298/mysqld


13 Install Amavisd-new, SpamAssassin, And Clamav

To install amavisd-new, SpamAssassin, and ClamAV, we run

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin to free up some RAM:

/etc/init.d/spamassassin stop
update-rc.d -f spamassassin remove


14 Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt

Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt can be installed as follows:

apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-curl php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby libapache2-mod-python libapache2-mod-perl2

You will see the following question:

Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No

Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and include (plus dav, dav_fs, and auth_digest if you want to use WebDAV):

a2enmod suexec rewrite ssl actions include

a2enmod dav_fs dav auth_digest

Restart Apache afterwards:

/etc/init.d/apache2 restart

If you want to host Ruby files with the extension .rb on your web sites created through ISPConfig, you must comment out the line application/x-ruby rb in /etc/mime.types:

vi /etc/mime.types

#application/x-ruby                             rb

(This is needed only for .rb files; Ruby files with the extension .rbx work out of the box.)

Restart Apache afterwards:

/etc/init.d/apache2 restart


14.1 Xcache

Xcache is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It's similar to other PHP opcode cachers, such as eAccelerator and APC. It is strongly recommended to have one of these installed to speed up your PHP page.

Xcache can be installed as follows:

apt-get install php5-xcache

Now restart Apache:

/etc/init.d/apache2 restart


14.2 PHP-FPM

Starting with the upcoming ISPConfig 3.0.5, there will be an additional PHP mode that you can select for usage with Apache: PHP-FPM. If you plan to use this PHP mode, it makes sense to configure your system for it now so that later on when you upgrade to ISPConfig 3.0.5, your system is prepared (the latest ISPConfig version at the time of this writing is ISPConfig

To use PHP-FPM with Apache, we need the mod_fastcgi Apache module (please don't mix this up with mod_fcgid - they are very similar, but you cannot use PHP-FPM with mod_fcgid). We can install PHP-FPM and mod_fastcgi as follows:

apt-get install libapache2-mod-fastcgi php5-fpm

Make sure you enable the module and restart Apache:

a2enmod actions fastcgi alias
/etc/init.d/apache2 restart


15 Install Mailman

Since version 3.0.4, ISPConfig also allows you to manage (create/modify/delete) Mailman mailing lists. If you want to make use of this feature, install Mailman as follows:

apt-get install mailman

Select at least one language, e.g.:

Languages to support: <-- en (English)

Before we can start Mailman, a first mailing list called mailman must be created:

newlist mailman

root@server1:~# newlist mailman
Enter the email of the person running the list:
 <-- admin email address, e.g.
Initial mailman password: <-- admin password for the mailman list
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases' program:

## mailman mailing list
mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"

Hit enter to notify mailman owner...
 <-- ENTER


Open /etc/aliases afterwards...

vi /etc/aliases

... and add the following lines:

## mailman mailing list
mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"



afterwards and restart Postfix:

/etc/init.d/postfix restart

Finally we must enable the Mailman Apache configuration:

ln -s /etc/mailman/apache.conf /etc/apache2/conf.d/mailman.conf

This defines the alias /cgi-bin/mailman/ for all Apache vhosts, which means you can access the Mailman admin interface for a list at http://<vhost>/cgi-bin/mailman/admin/<listname>, and the web page for users of a mailing list can be found at http://<vhost>/cgi-bin/mailman/listinfo/<listname>.

Under http://<vhost>/pipermail you can find the mailing list archives.

Restart Apache afterwards:

/etc/init.d/apache2 restart

Then start the Mailman daemon:

/etc/init.d/mailman start

Share this page:

74 Comment(s)

Add comment


From: Mike at: 2012-06-24 06:53:06

Falko these tutorials are freaking awesome!  I want to personally thank you for taking the time out of your busy schedule to write them.  People like you make it easier to learn this stuff.  Thanks!

From: M1 at: 2012-11-10 18:18:03

i agree with mike. these tutorials helped alot.. cant find any better... falko's the best.. i appreciate the hard work. thanks

From: Anonymous at: 2012-12-14 15:29:49

This is great is there anyway you can load balance this as well so like if one of my servers fail it will go over to the other and also is there a want to integrate this into WHMCS for auto setup of services would really like to try to set this up

 Many Thanks

From: MrSof at: 2013-01-28 09:23:21

Je tenais a vous remercier de cet excellent tuto !
J'installe régulièrement des serveurs et cette mine d'infos est indispensable pour moi :-)

Merci Falko et longue vie à Howtoforge !

From: Vijay Thakur at: 2013-09-20 04:47:37


Many many thanks to you for sharing your knowledge from your busy schedule.  For years i was trying to set up a virtual postfix server, but always failed.  With your guide and steps, it is working finally on my ubuntu 12.04 server.   I hope that in future you will keep up your spirit and try to improve our knowledge.

Thanks a lots.




From: Jordan at: 2013-10-10 06:23:50

Could I get a list of Ports that need to be opened for all the functions too work properly after installing everything from this tutorial?

From: Michael Bernardo at: 2013-10-18 13:33:29

This is my most trusted how-to and have it bookmarked in my browser. Thanks for putting this up. It works all the time.

From: DaleHutch at: 2012-05-05 22:12:35

Greetings Falko!

 Should I be concern about Ubuntu complaining that Init.d isn't the preferred method of restarting services? Looks like "Service" is now preferred.


From: at: 2012-06-17 21:14:06

This is a learning exercise for me and I have researched till I am blue.

I am at the following location in my setup process.

1st I cannot run /etc/init.d/hostname restart. I get (No such file or directory

2nd hostname and hostname -f are not the same. when I run vi /etc/hosts it looks like this       localhost server1
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

When I modify it to make it the same as above it does not save.

can anyone tell me how to make them the same and fix this problem.  Can i use ifconfig to fix this and if so what do I enter.

Now run

echo > /etc/hostname

/etc/init.d/hostname restart

Afterwards, run


hostname -f

Both should show now.

From: Anonymous at: 2012-06-22 18:58:44

No.  It shouldn't be a problem.  Still works, but may complain.

From: Anonymous at: 2012-07-21 00:35:09

Hi, although Falko is asking not to post questions here, rather just comments, I will try to give you an hint.

Make sure you are running as super user e.g. "sudo -s" this may solve a lot of problems.


From: Tapan Upadhyay at: 2012-08-03 05:22:00

Thanks you very much for providing such details in details ;-) it really helped me a lot as i was installing server first time in my life time.

Thanks Again


From: Henry at: 2012-09-26 22:26:40

sale el siguiente error:
ubuntu909 proftpd[3989]: mod_tls/2.4.3: compiled using OpenSSL version 'OpenSSL 1.0.0e 6 Sep 2011' headers, but linked to OpenSSL version 'OpenSSL 1.0.1 14 Mar 2012' library
ubuntu909 proftpd[3989]: mod_sftp/0.9.8: compiled using OpenSSL version 'OpenSSL 1.0.0e 6 Sep 2011' headers, but linked to OpenSSL version 'OpenSSL 1.0.1 14 Mar 2012' library
ubuntu909 proftpd[3989]: mod_tls_memcache/0.1: notice: unable to register 'memcache' SSL session cache: Memcache support not enabled
ubuntu909 proftpd[3989]: Fatal: unknown configuration directive 'Alternative' on line 132 of '/etc/proftpd/proftpd.conf'
como resolver el problema

From: Mike at: 2012-12-08 16:43:25


I followed your guide for Perfect Server 12.04 to the T. It does work. However, I try to use thunderbird to add my email account and the user password is rejected. Tried with squirrelmail also with same result. I am banging my head against the wall. I have been trying to figure this out for a week. I even totally started over several times thinking I missed something. What do you need from me to figure this out? What do you think I am doing wrong. I'm out of ideas!!!

 Thanks for any help.

From: Anonymous at: 2013-05-19 18:46:41

if you are setting this up on a home network via virtual machines or physical machines, do not use public dns servers on ur servers and or clients.

 if you are running windows server 2008 as ur adds and dns server for interagation use that servers ip address as ur primary dns server and also use that ip address in ur ubuntu/linux email and web server in dnsname server it will connect just fine worked for me.

 again all clients and servers should have the same primary dns so they can connect.

use ur main servers ip address as primary dns ip in ipv4 settings under tcp/ip 

From: Anonymous at: 2013-09-05 11:20:31

I am assuming that one needs to skip steps 1 to 9 and probably 11 if working on dedicated server.

From: virvinia at: 2014-08-14 07:26:05

i can't access squirrelmail. what is the username and password?

From: van at: 2012-05-03 12:31:09

I'm getting :

root@node:~# /etc/init.d/mailman start
 * Starting Mailman master qrunner mailmanctl                                                                                                                                                                                       [ OK ] 
root@node:~# Traceback (most recent call last):
  File "/usr/lib/mailman/bin/mailmanctl", line 555, in <module>
  File "/usr/lib/mailman/bin/mailmanctl", line 422, in main
    devnull ='/dev/null', 0)
OSError: [Errno 13] Permission denied: '/dev/null'
 So I did:
root@node:~# chmod ga+rw /dev/null
And Problem Solved:
 root@node:~# /etc/init.d/mailman start
 * Starting Mailman master qrunner mailmanctl  

From: Mario at: 2012-06-22 00:37:12

why phpmyadmin is no working?

How to configure aliases?

From: MrBrooks at: 2012-07-25 07:16:26

I had unexpected problems with Dovecot - service didn't start. Message in error log:
 dovecot main process (xxxxx) terminated with status 89
It turned out that default dovecot configuration is missing parameters. You need to create users dovecot and dovenull or set config parameters default_login_user and default_internal_user to some user.

From: lomax at: 2012-08-26 13:27:56


witch email address should I put in by newlist mailman installation ? would i put in an existing email (e.g. create a new email like here to use as new domain that I install now.
 root@server1:~# newlist mailman
Enter the email of the person running the list: <-- admin email address, e.g.
Initial mailman password: <-- admin password for the mailman list
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases' program:

Like you see by my question, I install a server for absolute first time. I hope you can help me...


From: Anonymous at: 2012-10-14 23:45:22

You will need to configure your apache2.conf to make phpMyAdmin works.

vi /etc/apache2/apache2.conf

Then add the following line to the end of the file.

Include /etc/phpmyadmin/apache.conf

From: Anonymous at: 2013-01-11 17:18:20

Have used this setup on several server setups and worked flawlessly, today i got an error following this line:

 apt-get install -y libapache2-mod-fastcgi php5-fpm

- E: Package 'libapache2-mod-fastcgi' has no installation candidate -

 my ubuntu server 12.04.1 lts contained the compatible package the new name if your installation does not already have it is:


From: at: 2013-04-01 13:55:09

Hi, you need to add multiverse repositories. Here's my /etc/apt/sources.list

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
deb precise partner
deb-src precise partner

deb precise main restricted universe multiverse
deb-src precise main restricted universe multiverse

## Major bug fix updates produced after the final release of the
## distribution.
deb precise-updates main restricted universe multiverse
deb-src precise-updates main restricted universe multiverse

deb precise-security main restricted universe multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb precise-backports main restricted universe multiverse
deb-src precise-backports main restricted universe multiverse

From: Guy at: 2013-04-23 19:22:40

I had an issue getting php to work... found this via another howto, seems to apply, as it fixed my problem.... fyi

 Next open /etc/apache2/mods-available/suphp.conf...

vi /etc/apache2/mods-available/suphp.conf

... and comment out the <FilesMatch "\.ph(p3?|tml)$"> section and add the line AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml - otherwise all PHP files will be run by SuPHP:

<IfModule mod_suphp.c>
#<FilesMatch "\.ph(p3?|tml)$">
# SetHandler application/x-httpd-suphp
AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
suPHP_AddHandler application/x-httpd-suphp
<Directory />
suPHP_Engine on
# By default, disable suPHP for debian packaged web applications as files
# are owned by root and cannot be executed by suPHP because of min_uid.
<Directory /usr/share>
suPHP_Engine off
# # Use a specific php config file (a dir which contains a php.ini file)
# suPHP_ConfigPath /etc/php5/cgi/suphp/
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
# suPHP_RemoveHandler <mime-type>

Restart Apache afterwards:

/etc/init.d/apache2 restart

From: Anonymous at: 2013-10-27 20:20:06

What do you think about mysql_secure_installation?

From: Anonymous at: 2014-02-27 02:40:14

Why install spamassassin  if  you are recommending to remove it back on next step?   


From: admin at: 2014-02-27 10:52:14

Spamassassin does not get removed in the next step. The step disabled the spamassassin daemon as spamassasin is run trough amavisd in thsi Setup, so a running spamassassin daemon would just use ram without being used, as amavisd is already running in daemon mode.

From: at: 2012-05-03 14:58:36

quotacheck fails with the following error...

Cannot stat() mounted device /dev/root: No such file or directory

quotacheck: Cannot find filesystem to check or filesystem not mounted
with quota option.

the following command to link /dev/root to /dev/xvdX

-s /dev/xvda /dev/root

From: DVSB at: 2012-06-29 13:42:26

Für die die bei JiffyBox oder DF Hosten hier eine anleitung für Ubuntu 12.04 mit ISPConfig, ext4 und Quotas:

Nach den im Howto beschriebenen Änderungen an der /etc/fstab und dem anschließenden "mount -o remount /" sind die folgenden Befehle nötig:

ln /dev/xvda /dev/root
cd /
touch aquota.user
chmod 600 aquota.user

Nun kann wie im Howto beschrieben mit

quotacheck -avugm
quotaon -avug

weiter gemacht werden.

Da diese Konfiguration leider nicht reboot-fest ist müssen die Befehle bei jedem Neustart der JiffyBox ausgeführt werden. Hierzu ändert man idealerweise die /etc/rc.local und fügt vor dem "exit 0" folgende Zeilen ein:

ln /dev/xvda /dev/root
quotacheck -avugm
quotaon -avug

From: at: 2012-07-17 14:11:51

In Ubuntu Precise 12.04, using filesystem ext4 you'll get this error message on  'quotaon -avug' command:

quotaon: using // on /dev/disk/by-label/cloudimg-rootfs [/]: No such process
quotaon: Quota format not supported in kernel.
quotaon: using //quota.user on /dev/disk/by-label/cloudimg-rootfs [/]: No such process
quotaon: Quota format not supported in kernel.


You need install extra package for virtual linux image kernel:

aptitude install linux-image-extra-virtual


Then, load kernel modules:

modprobe quota_v1

modprobe quota_v2


Now you can enable quota:

quotaon -avug

From: Ben at: 2012-09-13 15:21:13

I had the following issue while following the steps to install quota:

# touch /aquota.user /
# chmod 600 /aquota.*
# mount -o remount /
# quotacheck -avugm
quotacheck: WARNING -  Quotafile //aquota.user was probably truncated. Cannot save quota settings...
quotacheck: WARNING -  Quotafile // was probably truncated. Cannot save quota settings...
# quotaon -avug
quotaon: Cannot find quota file on / [/dev/mapper/ubuntu12-root] to turn quotas on/off.
quotaon: Cannot find quota file on / [/dev/mapper/ubuntu12-root] to turn quotas on/off.

The  solution was as described at :

# modprobe quota_v2
# echo 'quota_v2' >> /etc/modules
# rm /aquota.user /
# quotacheck -avugm
# quotaon -avug

The quotacheck command creates the files /aquota.user and / (with correct [0600] permissions and ownership [root:root]). The quotaon command turns-on quotas.

I tried rebooting the system and quotas are indeed enabled at boot-time (per the system output during boot). Further, executing "quotaon -avug" a second time yields the following, as expected:

quotaon: using // on /dev/mapper/ubuntu12-root [/]: Device or resource busy
quotaon: using //aquota.user on /dev/mapper/ubuntu12-root [/]: Device or resource busy

From: sheshes at: 2013-01-25 17:02:38

Everytime I restarted my services I got 

 quotaonCannot find / on /dev/mapper/server-root

 quotaonCannot find /aquota.user on /dev/mapper/server-root 

My solution was: 

 aptitude install linux-image-extra-virtual

 When asked to keep already installed version of config file press enter

 modprobe quota_v1

 modprobe quota_v2

 rm /quota.user && rm /

quotacheck -avugm

quotaon -avug 

 Problem solved!

From: Anonymous at: 2013-09-08 18:03:12


I tried and installed isp config I have two problems :

1-i have a problem with my dns I have configured the interfaces as you saied but when I enter the it does not load it works only with ip address .I did some queries and I suppose the problem is with bind9 that you did not described how to configure the service

2- I have access to squirrel mail but I do not know the master user and password to enter where I have to edit or what is the user name and password?

I am in a middle of a class project and your help very much.


From: PM at: 2014-02-20 11:39:40

 If you want to force TLS for FTP (ftpes://)

echo 2 > /etc/pure-ftpd/conf/TLS


From: at: 2014-06-19 13:47:25

Creating the symbolic link between / & /dev/root is only temporary and would not persist through reboots. This is better resolved by creating a file in /etc/udev/rules.d/ and adding this line SUBSYSTEM=="block", KERNEL=="xvda", SYMLINK+="root" Save the file and trigger udev (# udevadm trigger). This should work on any Debian/Ubuntu setup.

From: Alfredo Garcia at: 2012-10-08 18:56:39

Be carefully, if you a new alias to the /etc/apache2/conf.d/squirrelmail.conf file, as described in this section, you will have problems with ISPconfig mail management, you will not be able to access to the mail configuration tab.

Workaround, delete the alias and use only the squirrelmail one.

 I'll appreciate if you have any other suggestion to solve this issue


From: at: 2013-06-18 11:07:28

The webmail alias as described in the tutorial works fine. A problem will occur if you use a different alias like "mail" instead of the suggested "webmail" as alias.


From: Fallen-Angel at: 2013-08-07 18:20:28

Please note that in /etc/apache2/conf.d/squirrelmail.conf some parameters need more than one argument. What I mean is:

On line 6: there is a space between "..-php" and ".php"
On line 11: there is a space between "upload_tmp_dir" and "/var..."
On line 12, the same: space between "value_open_basedir" and "/usr..."

 Just in case of any syntax-errors on this lines.

From: pron at: 2013-12-23 09:03:00


 I have installed a mail server using this tuturial. The problem I'm having is that I can't

send mail via client(outlook, thunterdbird).

My setup is the folowing:

 The thing is, that I can send and recive e-mails from roundcube to an gmail, yahoo etc account. The problem is when I send a mail  from a client in my local subnet(outlook, thunterdbird).

-When I'm adding the account to outlook I have to put the local ip adress (mail server of the server into the incoming & outgoing SMTP server. It cannot find the incoming and outgoing mail server(
-I have put the MX record at my isp to point to my ip. If I do na "nslookup" or "dig mx" it returnes the correct ip(exp.
-On my firewall I have forwarded port 25 to my internal ip (mail server -Localy I can telnet to over port 25.

I have instaled roundcube instead of squrelMail.

 I am very grateful for any help

From: Eduardo B at: 2012-04-30 08:31:15

Great job Falko!

 I've tested the steps on HP Cloud server. The quota option is not supported by kernel probably because of the virtualized environment. However, everything seems to be working. Thanks for this another "Perfect Howto".

From: at: 2012-04-30 11:33:11

Hi Falko!

Finally you have a tutorial with Ubuntu AND Dovecot with ISP3.

I've upgraded my Ubuntu 11.10 with courier to 12.04 and would change to dovecot.

I know, that dovecot has another folder-structure as courier, but what steps a requered to change from courier to dovecot in Ubuntu 12.04?

 I think so:

1. apt-get install dovecot-imapd
dovecot-pop3d dovecot-mysql dovecot-sieve

2. make changes for fail2ban:


3.  Change Mailserver from Courier to Dovecot in ISP3-GUI

4. Update ISP3 with .sh scripts to restore configs

5. Restart services

I'm right? ;)

From: Bruno at: 2012-05-01 13:03:38

Thanks for the HowTo! 

I have a small problem with the email. I usually can send emails, but I not receive any one. In Outlook, the following error appears: <>: Host or domain name not found. name service

     mail.189.xx.xx.xx error for name = type = A: Host not found

Any idea of the problem? Thanks in advance.

Sry for bad english.

From: at: 2012-05-02 08:23:10

The last step is:

6) Modify the maildir folder structure for each Mailbox by creating a new folder "Maildir" and moving the contents to that folder. Example:

cd /var/vmail/domain.tld/user/
mkdir Maildir
mv * Maildir/

You will get a error that Maildir can not be moved into Maildir, thats ok and can be ignored.

From: at: 2012-05-03 16:34:19

Good tutorial.

The most important aspect of the project is SECURITY.  A companion article on how to secure this configuration is essential.  Hope someone will do it.

From: Scott Carter at: 2012-05-04 18:23:18

So I followed the tutorial to the T, but I'm having a heck of a time getting the email tab to display.  For example, if I were at the home tab and clicked over to email the email tab, it still says "Welcome Admin" and lists the available modules, but the side bar shows email accounts, mailing lists, etc.  I tried clicking on each of the links in the side bar, but none of them do anything.

All the other tabs display just fine.

From: Scott Carter at: 2012-05-07 15:37:46

I figured out my issue.  I setup an additional alias for squirrelmail as /mail, which conflicts with the ISPconfig file structure.  Once I removed this alias, everything was happy.  Excellent tutorial!!

From: Stelios_g at: 2012-05-26 10:03:41

Thank you i had the same isue and the fault was the alias at the webmail...

From: Tim M. Muldoon at: 2012-06-16 00:06:50

You must live in Unimatrix Zero, because this is perfect.

 I got all the way to here in step 22 before I messed up and entered info instead of just hitting 'enter'.

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:
 <-- ENTER

An optional company name []: <-- ENTER

 Thanks for a great tutorial.

From: Anonymous at: 2012-06-23 23:06:04

can you explain this? does it go in a file? how do you execute it? I keep getting:


-bash: vzctl: command not found

vzctl set $VPSID --capability ${CAP}:on --save

From: Chris de Kock at: 2012-06-26 12:33:07

Dear Mr. Timme, 

Excellent job! I enjoyed every bit of this tutorial!

Keep up the good work! 


From: Warren Child at: 2012-07-12 02:23:47

How do I remove the alias say I might have put it in? I am kind of a noob and have been reading tutorial after tutorial trying to fix my email, and I followed the directions to a T and have read the 300 page user manual for ISPConfig.

 Any Insight would be much Appreciated!

From: at: 2012-07-17 15:53:50

you need to install extra linux image package and use modprobe to enable quota modules on kernel.

From: Anonymous at: 2012-07-28 08:55:19

Probs a stupid question but what ports do i need to forward to get everything working

From: Anonymous at: 2012-07-31 16:52:46

Hi thanks for this tut its great

how ever i am not able to receive emails i can send them and they arrive sharpish

but i cannot receive.

can anyone shed some light on this and a possible solution

many thanks

From: Jason at: 2012-08-15 17:08:36

Did you get this corrected? I have the same issue. No errors in mail.log. It logs in but no mail. I see that there is mail in the Email -> Mailbox quota.


From: Fil at: 2012-09-29 14:00:56

Hello,thanks for this excellent tutorial.

I follow all the steps of this tutorial. I create a dns zone and a site. But when i go to the new site in my browser, i always arrive on the squirrelmail login page. I don't know why???

Thank you in advance for your answer.

Sorry for my bad english 



From: onejay at: 2012-10-03 03:23:44

i found this article looking for a guide to install ispconfig, and i find myself scouring through 5 of 6 pages looking for what parts of this guide are important to ispconfig, instead of following a 1 or 2 page guide. much of the first 5 pages are not necessary for ispconfig, but without figuring out what is and what isnt, i get install errors. my suggestion would be tier'd style, walking through the install of the primary topic, and inserting optional addons as side notes. if i'm thinking this, others must be as well, and it would really help out us noobs. 

From: ewrson at: 2012-11-19 08:34:10

Great job, big thx :D

From: Lynton at: 2012-12-03 19:39:21

I cant get my mail to work using SSL at all(sending or receiving)

 I keep getting a generic error saying: 

  postfix/smtps/smtpd[2179]: warning: TLS library problem: 2179:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:628:

I have tried to check all the log files etc but I cant find anything that gives more info on it.

I had to uncomment the lines in my /etc/postfix/  for:

submission inet n       -       -       -       -       smtpd

smtps     inet  n       -       -       -       -       smtpd

just to get it to start sending mail without SSL. I have followed the howto step by step a few times now, re-installed the server twice and also removed and re-installed all packages related to the install, im going a bit insane trying to fix it!!

Can anyone give me some direction on what I should be looking for? 

From: Ascer at: 2013-02-22 15:56:10

The best tutorial ever. Lo mejorcito de internet, muchas gracias, yo ya tengo mi servidor con ispconfig 3. Muchas gracias otra vez

From: davils at: 2013-03-01 01:40:56

This is a great article followed it and am up and running minus one hickup i cant access squirremail using https at all

 SSL connection error Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

I can https into ispconfig no problem tho? any help would be really helpful 


From: Anonymous at: 2013-03-06 20:17:51

This is wonderfull

From: Yuriy_Y at: 2013-03-31 18:37:35

 After installation, you must change /etc/postfix/

mydestination =

 mynetworks = [::1]/128


Restart postfix, enjoy. 

From: Anonymous at: 2013-04-30 21:39:15

Absolutely amazing :) 

From: at: 2013-05-11 02:08:20

After installation whenever i tried to access ispconfig with ip:8080 it shows error and tell me to access by https wich is normal as i followed that tutorial and did what they said there . But after restarting when i try to access ispconfig with https://ip:8080 it just loading and loading , nothing was and is showing . When i try to http://ip:8080 , it shows Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.


But my domain is not yet managed as it takes time(is that?) . I have registered nameserver from my registerer ns1 and ns2 by that ip and changed the nameserver . But as it is yet not live , how can i access ispconfig with that ip as i did before , before restart ?

From: techatyou at: 2013-06-17 20:07:14

Try just your http or https what ever one your using then ip without port number and just /ispconfig

[Like This]

From: Chuck at: 2013-07-30 19:05:58

Thank you very much for a "very! step-by-step" web server setup.  I think I have been resistant to ubuntu simply because of the name.  Lord only know, SuSE and OpenSuSE were bad enough -- Slackware?  Debian?  --- but "oo boon too"?  That was just too much!

 Or so I thought!  After all, there are so many distros to choose from.  I've used SuSE for years to host a mail service using Exim and have had no problems with SuSE 8.0 and Exim 4 has been a joy!  I never liked the GUIs, so the text interface was just right for me.  With most of the new distros, you have to "intervene" to get to text.  So, I've been using OpenSuSE 11.4 with Ctrl-Alt F2 for a good while.  But, 11.4 is no longer "supported" as it seems.

 So, here I am with a project!  I need to set up a website for my daughter and son-in-law and I'd like to host it here under my thumb, as it were.  Where to begin; where to begin?

I began reading your "The Perfect Server" (ignoring the word "Ubuntu" because I could pick my own distro, couldn't I!).  It didn't take but a paragraph of two for me to realize that Ubuntu was just what I needed to use.  I got the 32 and 64-bit versions because I wasn't sure what piece of crap I was going to use for my server.  In the end, I decided to use an old Dell Optiplex GX-270 Small Form Factor with a lowly Celeron processor and only 1 GB of RAM.  Just the on-board VGA, but wait . . . .  I'll be using text!  OK!  Let's get going.

Installation was a breeze and once I got the SSH host installed, I switched to my big machine and used PuTTY 0.62 and the rest was a breeze.

 I'm sure everybody in the world already know this, but you never can tell.  If one highlights text in a GUI like Windows and toggles to his SSH client page, a click of the right mouse button will paste the Windows "scratchpad" at the cursor in the ssh "window" and all that's left is to touch "Enter."

So, your long instructions like adding the following lines to the squirrelmail conf file:

    AddType application/x-httpd-php .php
    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_admin_flag allow_url_fopen Off
    php_value include_path .
    php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
    php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname:/var/spool/squirrelmail
    php_flag register_globals off

were accomplished by highlighting those lines, opening the file with the editor (I like "joe" best), positioning the cursor just below the line "  <IfModule mod_php5.c>" and giving a single click of the right button.  

No more misspelled commands!  During installs, I toggled to a solitaire window where I could see the left edge of the PuTTY screen and when I saw the # prompt reappear, I'd go to the next step.

When I used a Windows machine to resolve the url "" and saw the message "It Works!" --- well, I'm taking a short break to say "Thanks!" before I work on content and then get my DNS info pointing to my server.  Wow!

I did not have one single moment of angst.  Your instructions were very clear and the format of your post made it plain what I was to type as a command.  Where you indicated "vi /etc/network/interfaces" I would type "joe " and then paste "/etc/network/interfaces" and touch Enter.  (Of course, I did have to get "joe" but that was easy.)

Great HowTo!  Thanks again.



From: aaazyyy at: 2013-09-05 16:30:01

This tutorial was not at all awesome, but way way beyond awesome.

Thanks a ton.

From: Salvatore La Rocca at: 2013-09-05 08:59:31

La guida è perfetta e fantastica. Grazie

From: Squirrel at: 2013-12-07 04:32:37


I've the exact same problem. I followed all steps of this tutorial and everything went fine. All features will works just fine. My problem is that if I go to, it always points to squirrelmail login page,

My idea is to use this perfect server as webhost, email server, ftp server and mysql server. I want use my registrant DNS server as a nameservers. I can change all DNS records via my domain registrant.

Here is my setup:

1. Installed the perfect server, ubuntu 12.04.3 LTS (public IP is accessible via internet)
2. Registered
3. My server FQN is (hostname)
4. Changed necessary DNS records (A, CNAME, MX) to point to my perfect server

If I access to my perfect server...
http://<private ip>
http://<public ip> or or

It always points to squirrelmail login page,

I want to host my on my perfect server. The perfect server hostname is the same, whether this matter ??? Should I book and reserve "unique" and use that domain as servername and not the same I want to host (website).

From: at: 2014-01-04 10:34:44

In /etc/squirrelmail/, comment-out the following:

  DocumentRoot /usr/share/squirrelmail

Then restart Apache2:
service apache2 restart

From: Thach at: 2014-07-11 09:19:03

Thank you very much for your help. It saves me a lot time for installing ISPConfig 3.0.

From: Ray Moncada at: 2015-02-18 23:30:49

This tutorial is great. I use it for every version of lts out there. Thank you for taking the time to write it.