The Perfect Server - Ubuntu 12.04 LTS (Apache2, BIND, Dovecot, ISPConfig 3) - Page 5

16 Install PureFTPd And Quota

PureFTPd and quota can be installed with the following command:

apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool

Edit the file /etc/default/pure-ftpd-common...

vi /etc/default/pure-ftpd-common

... and make sure that the start mode is set to standalone and set VIRTUALCHROOT=true:


Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.

If you want to allow FTP and TLS sessions, run

echo 1 > /etc/pure-ftpd/conf/TLS

In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:

mkdir -p /etc/ssl/private/

Afterwards, we can generate the SSL certificate as follows:

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Some-State]:
<-- Enter your State or Province Name.
Locality Name (eg, city) []:
<-- Enter your City.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
<-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:
<-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, YOUR name) []:
<-- Enter the Fully Qualified Domain Name of the system (e.g. "").
Email Address []:
<-- Enter your Email Address.

Change the permissions of the SSL certificate:

chmod 600 /etc/ssl/private/pure-ftpd.pem

Then restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

Edit /etc/fstab. Mine looks like this (I added ,usrjquota=quota.user,,jqfmt=vfsv0 to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    nodev,noexec,nosuid 0       0
/dev/mapper/server1-root /               ext4    errors=remount-ro,usrjquota=quota.user,,jqfmt=vfsv0 0       1
# /boot was on /dev/sda1 during installation
UUID=4b58d345-1c55-4ac5-940e-7245938656a6 /boot           ext2    defaults        0       2
/dev/mapper/server1-swap_1 none            swap    sw              0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

To enable quota, run these commands:

mount -o remount /

quotacheck -avugm
quotaon -avug


17 Install BIND DNS Server

BIND can be installed as follows:

apt-get install bind9 dnsutils


18 Install Vlogger, Webalizer, And AWstats

Vlogger, webalizer, and AWstats can be installed as follows:

apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

Open /etc/cron.d/awstats afterwards...

vi /etc/cron.d/awstats

... and comment out everything in that file:

#*/10 * * * * www-data [ -x /usr/share/awstats/tools/ ] && /usr/share/awstats/tools/
# Generate static reports:
#10 03 * * * www-data [ -x /usr/share/awstats/tools/ ] && /usr/share/awstats/tools/


19 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold

cd /tmp
tar xvfz jailkit-2.14.tar.gz
cd jailkit-2.14
./debian/rules binary

You can now install the Jailkit .deb package as follows:

cd ..
dpkg -i jailkit_2.14-1_*.deb
rm -rf jailkit-2.14*


20 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log:

apt-get install fail2ban

To make fail2ban monitor PureFTPd and Dovecot, create the file /etc/fail2ban/jail.local:

vi /etc/fail2ban/jail.local

enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

Then create the following two filter files:

vi /etc/fail2ban/filter.d/pureftpd.conf

failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =

vi /etc/fail2ban/filter.d/dovecot-pop3imap.conf

failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =

Restart fail2ban afterwards:

/etc/init.d/fail2ban restart

Share this page:

74 Comment(s)

Add comment


From: Mike at: 2012-06-24 06:53:06

Falko these tutorials are freaking awesome!  I want to personally thank you for taking the time out of your busy schedule to write them.  People like you make it easier to learn this stuff.  Thanks!

From: M1 at: 2012-11-10 18:18:03

i agree with mike. these tutorials helped alot.. cant find any better... falko's the best.. i appreciate the hard work. thanks

From: Anonymous at: 2012-12-14 15:29:49

This is great is there anyway you can load balance this as well so like if one of my servers fail it will go over to the other and also is there a want to integrate this into WHMCS for auto setup of services would really like to try to set this up

 Many Thanks

From: MrSof at: 2013-01-28 09:23:21

Je tenais a vous remercier de cet excellent tuto !
J'installe régulièrement des serveurs et cette mine d'infos est indispensable pour moi :-)

Merci Falko et longue vie à Howtoforge !

From: Vijay Thakur at: 2013-09-20 04:47:37


Many many thanks to you for sharing your knowledge from your busy schedule.  For years i was trying to set up a virtual postfix server, but always failed.  With your guide and steps, it is working finally on my ubuntu 12.04 server.   I hope that in future you will keep up your spirit and try to improve our knowledge.

Thanks a lots.




From: Jordan at: 2013-10-10 06:23:50

Could I get a list of Ports that need to be opened for all the functions too work properly after installing everything from this tutorial?

From: Michael Bernardo at: 2013-10-18 13:33:29

This is my most trusted how-to and have it bookmarked in my browser. Thanks for putting this up. It works all the time.

From: DaleHutch at: 2012-05-05 22:12:35

Greetings Falko!

 Should I be concern about Ubuntu complaining that Init.d isn't the preferred method of restarting services? Looks like "Service" is now preferred.


From: Anonymous at: 2012-06-22 18:58:44

No.  It shouldn't be a problem.  Still works, but may complain.

From: Anonymous at: 2013-05-19 18:46:41

if you are setting this up on a home network via virtual machines or physical machines, do not use public dns servers on ur servers and or clients.

 if you are running windows server 2008 as ur adds and dns server for interagation use that servers ip address as ur primary dns server and also use that ip address in ur ubuntu/linux email and web server in dnsname server it will connect just fine worked for me.

 again all clients and servers should have the same primary dns so they can connect.

use ur main servers ip address as primary dns ip in ipv4 settings under tcp/ip 

From: at: 2012-06-17 21:14:06

This is a learning exercise for me and I have researched till I am blue.

I am at the following location in my setup process.

1st I cannot run /etc/init.d/hostname restart. I get (No such file or directory

2nd hostname and hostname -f are not the same. when I run vi /etc/hosts it looks like this       localhost     server1
# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

When I modify it to make it the same as above it does not save.

can anyone tell me how to make them the same and fix this problem.  Can i use ifconfig to fix this and if so what do I enter.

Now run

echo > /etc/hostname
/etc/init.d/hostname restart

Afterwards, run

hostname -f

Both should show now.

From: Anonymous at: 2012-07-21 00:35:09

Hi, although Falko is asking not to post questions here, rather just comments, I will try to give you an hint.

Make sure you are running as super user e.g. "sudo -s" this may solve a lot of problems.


From: Tapan Upadhyay at: 2012-08-03 05:22:00

Thanks you very much for providing such details in details ;-) it really helped me a lot as i was installing server first time in my life time.

Thanks Again


From: Henry at: 2012-09-26 22:26:40

sale el siguiente error:
ubuntu909 proftpd[3989]: mod_tls/2.4.3: compiled using OpenSSL version 'OpenSSL 1.0.0e 6 Sep 2011' headers, but linked to OpenSSL version 'OpenSSL 1.0.1 14 Mar 2012' library
ubuntu909 proftpd[3989]: mod_sftp/0.9.8: compiled using OpenSSL version 'OpenSSL 1.0.0e 6 Sep 2011' headers, but linked to OpenSSL version 'OpenSSL 1.0.1 14 Mar 2012' library
ubuntu909 proftpd[3989]: mod_tls_memcache/0.1: notice: unable to register 'memcache' SSL session cache: Memcache support not enabled
ubuntu909 proftpd[3989]: Fatal: unknown configuration directive 'Alternative' on line 132 of '/etc/proftpd/proftpd.conf'
como resolver el problema

From: Mike at: 2012-12-08 16:43:25


I followed your guide for Perfect Server 12.04 to the T. It does work. However, I try to use thunderbird to add my email account and the user password is rejected. Tried with squirrelmail also with same result. I am banging my head against the wall. I have been trying to figure this out for a week. I even totally started over several times thinking I missed something. What do you need from me to figure this out? What do you think I am doing wrong. I'm out of ideas!!!

 Thanks for any help.

From: Anonymous at: 2013-09-05 11:20:31

I am assuming that one needs to skip steps 1 to 9 and probably 11 if working on dedicated server.

From: virvinia at: 2014-08-14 07:26:05

i can't access squirrelmail. what is the username and password?

From: van at: 2012-05-03 12:31:09

I'm getting :

root@node:~# /etc/init.d/mailman start
 * Starting Mailman master qrunner mailmanctl                                                                                                                                                                                       [ OK ] 
root@node:~# Traceback (most recent call last):
  File "/usr/lib/mailman/bin/mailmanctl", line 555, in <module>
  File "/usr/lib/mailman/bin/mailmanctl", line 422, in main
    devnull ='/dev/null', 0)
OSError: [Errno 13] Permission denied: '/dev/null'
 So I did:
root@node:~# chmod ga+rw /dev/null
And Problem Solved:
 root@node:~# /etc/init.d/mailman start
 * Starting Mailman master qrunner mailmanctl  

From: Mario at: 2012-06-22 00:37:12

why phpmyadmin is no working?

How to configure aliases?

From: Anonymous at: 2012-10-14 23:45:22

You will need to configure your apache2.conf to make phpMyAdmin works.

vi /etc/apache2/apache2.conf

Then add the following line to the end of the file.

Include /etc/phpmyadmin/apache.conf

From: MrBrooks at: 2012-07-25 07:16:26

I had unexpected problems with Dovecot - service didn't start. Message in error log:
 dovecot main process (xxxxx) terminated with status 89
It turned out that default dovecot configuration is missing parameters. You need to create users dovecot and dovenull or set config parameters default_login_user and default_internal_user to some user.

From: lomax at: 2012-08-26 13:27:56


witch email address should I put in by newlist mailman installation ? would i put in an existing email (e.g. create a new email like here to use as new domain that I install now.
 root@server1:~# newlist mailman
Enter the email of the person running the list: <-- admin email address, e.g.
Initial mailman password: <-- admin password for the mailman list
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases' program:

Like you see by my question, I install a server for absolute first time. I hope you can help me...


From: Anonymous at: 2013-01-11 17:18:20

Have used this setup on several server setups and worked flawlessly, today i got an error following this line:

 apt-get install -y libapache2-mod-fastcgi php5-fpm

- E: Package 'libapache2-mod-fastcgi' has no installation candidate -

 my ubuntu server 12.04.1 lts contained the compatible package the new name if your installation does not already have it is:


From: at: 2013-04-01 13:55:09

Hi, you need to add multiverse repositories. Here's my /etc/apt/sources.list ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. deb precise partner deb-src precise partner deb precise main restricted universe multiverse deb-src precise main restricted universe multiverse ## Major bug fix updates produced after the final release of the ## distribution. deb precise-updates main restricted universe multiverse deb-src precise-updates main restricted universe multiverse deb precise-security main restricted universe multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb precise-backports main restricted universe multiverse deb-src precise-backports main restricted universe multiverse

From: Guy at: 2013-04-23 19:22:40

I had an issue getting php to work... found this via another howto, seems to apply, as it fixed my problem.... fyi

 Next open /etc/apache2/mods-available/suphp.conf...

vi /etc/apache2/mods-available/suphp.conf

... and comment out the <FilesMatch "\.ph(p3?|tml)$"> section and add the line AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml - otherwise all PHP files will be run by SuPHP:

<IfModule mod_suphp.c>
    #<FilesMatch "\.ph(p3?|tml)$">
    #    SetHandler application/x-httpd-suphp
        AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
        suPHP_AddHandler application/x-httpd-suphp
    <Directory />
        suPHP_Engine on
    # By default, disable suPHP for debian packaged web applications as files
    # are owned by root and cannot be executed by suPHP because of min_uid.
    <Directory /usr/share>
        suPHP_Engine off
# # Use a specific php config file (a dir which contains a php.ini file)
#       suPHP_ConfigPath /etc/php5/cgi/suphp/
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
#       suPHP_RemoveHandler <mime-type>

Restart Apache afterwards:

/etc/init.d/apache2 restart

From: Anonymous at: 2013-10-27 20:20:06

What do you think about mysql_secure_installation?

From: Anonymous at: 2014-02-27 02:40:14

Why install spamassassin  if  you are recommending to remove it back on next step?   


From: admin at: 2014-02-27 10:52:14

Spamassassin does not get removed in the next step. The step disabled the spamassassin daemon as spamassasin is run trough amavisd in thsi Setup, so a running spamassassin daemon would just use ram without being used, as amavisd is already running in daemon mode.

From: at: 2012-05-03 14:58:36

If quotacheck fails with the following error...

quotacheck: Cannot stat() mounted device /dev/root: No such file or directory
quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option.

run the following command to link /dev/root to /dev/xvdX

ln -s /dev/xvda /dev/root

From: at: 2014-06-19 13:47:25

Creating the symbolic link between / & /dev/root is only temporary and would not persist through reboots. This is better resolved by creating a file in /etc/udev/rules.d/ and adding this line SUBSYSTEM=="block", KERNEL=="xvda", SYMLINK+="root" Save the file and trigger udev (# udevadm trigger). This should work on any Debian/Ubuntu setup.

From: DVSB at: 2012-06-29 13:42:26

Für die die bei JiffyBox oder DF Hosten hier eine anleitung für Ubuntu 12.04 mit ISPConfig, ext4 und Quotas:

Nach den im Howto beschriebenen Änderungen an der /etc/fstab und dem anschließenden "mount -o remount /" sind die folgenden Befehle nötig:

ln /dev/xvda /dev/root
cd /
touch aquota.user
chmod 600 aquota.user

Nun kann wie im Howto beschrieben mit

quotacheck -avugm
quotaon -avug

weiter gemacht werden.

Da diese Konfiguration leider nicht reboot-fest ist müssen die Befehle bei jedem Neustart der JiffyBox ausgeführt werden. Hierzu ändert man idealerweise die /etc/rc.local und fügt vor dem "exit 0" folgende Zeilen ein:

ln /dev/xvda /dev/root
quotacheck -avugm
quotaon -avug

From: at: 2012-07-17 14:11:51

In Ubuntu Precise 12.04, using filesystem ext4 you'll get this error message on  'quotaon -avug' command:

quotaon: using // on /dev/disk/by-label/cloudimg-rootfs [/]: No such process
quotaon: Quota format not supported in kernel.
quotaon: using //quota.user on /dev/disk/by-label/cloudimg-rootfs [/]: No such process
quotaon: Quota format not supported in kernel.


You need install extra package for virtual linux image kernel:

aptitude install linux-image-extra-virtual


Then, load kernel modules:

modprobe quota_v1

modprobe quota_v2


Now you can enable quota:

quotaon -avug

From: Ben at: 2012-09-13 15:21:13

I had the following issue while following the steps to install quota:

# touch /aquota.user /
# chmod 600 /aquota.*
# mount -o remount /
# quotacheck -avugm
quotacheck: WARNING -  Quotafile //aquota.user was probably truncated. Cannot save quota settings...
quotacheck: WARNING -  Quotafile // was probably truncated. Cannot save quota settings...
# quotaon -avug
quotaon: Cannot find quota file on / [/dev/mapper/ubuntu12-root] to turn quotas on/off.
quotaon: Cannot find quota file on / [/dev/mapper/ubuntu12-root] to turn quotas on/off.

The  solution was as described at :

# modprobe quota_v2
# echo 'quota_v2' >> /etc/modules
# rm /aquota.user /
# quotacheck -avugm
# quotaon -avug

The quotacheck command creates the files /aquota.user and / (with correct [0600] permissions and ownership [root:root]). The quotaon command turns-on quotas.

I tried rebooting the system and quotas are indeed enabled at boot-time (per the system output during boot). Further, executing "quotaon -avug" a second time yields the following, as expected:

quotaon: using // on /dev/mapper/ubuntu12-root [/]: Device or resource busy
quotaon: using //aquota.user on /dev/mapper/ubuntu12-root [/]: Device or resource busy

From: sheshes at: 2013-01-25 17:02:38

Everytime I restarted my services I got 

 quotaonCannot find / on /dev/mapper/server-root

 quotaonCannot find /aquota.user on /dev/mapper/server-root 

My solution was: 

 aptitude install linux-image-extra-virtual

 When asked to keep already installed version of config file press enter

 modprobe quota_v1

 modprobe quota_v2

 rm /quota.user && rm /

quotacheck -avugm

quotaon -avug 

 Problem solved!

From: Anonymous at: 2013-09-08 18:03:12


I tried and installed isp config I have two problems :

1-i have a problem with my dns I have configured the interfaces as you saied but when I enter the it does not load it works only with ip address .I did some queries and I suppose the problem is with bind9 that you did not described how to configure the service

2- I have access to squirrel mail but I do not know the master user and password to enter where I have to edit or what is the user name and password?

I am in a middle of a class project and your help very much.


From: PM at: 2014-02-20 11:39:40

 If you want to force TLS for FTP (ftpes://)

echo 2 > /etc/pure-ftpd/conf/TLS


From: Alfredo Garcia at: 2012-10-08 18:56:39

Be carefully, if you a new alias to the /etc/apache2/conf.d/squirrelmail.conf file, as described in this section, you will have problems with ISPconfig mail management, you will not be able to access to the mail configuration tab.

Workaround, delete the alias and use only the squirrelmail one.

 I'll appreciate if you have any other suggestion to solve this issue


From: at: 2013-06-18 11:07:28

The webmail alias as described in the tutorial works fine. A problem will occur if you use a different alias like "mail" instead of the suggested "webmail" as alias.


From: Fallen-Angel at: 2013-08-07 18:20:28

Please note that in /etc/apache2/conf.d/squirrelmail.conf some parameters need more than one argument. What I mean is:

On line 6: there is a space between "..-php" and ".php"
On line 11: there is a space between "upload_tmp_dir" and "/var..."
On line 12, the same: space between "value_open_basedir" and "/usr..."

 Just in case of any syntax-errors on this lines.

From: pron at: 2013-12-23 09:03:00


 I have installed a mail server using this tuturial. The problem I'm having is that I can't

send mail via client(outlook, thunterdbird).

My setup is the folowing:

 The thing is, that I can send and recive e-mails from roundcube to an gmail, yahoo etc account. The problem is when I send a mail  from a client in my local subnet(outlook, thunterdbird).

-When I'm adding the account to outlook I have to put the local ip adress (mail server of the server into the incoming & outgoing SMTP server. It cannot find the incoming and outgoing mail server(
-I have put the MX record at my isp to point to my ip. If I do na "nslookup" or "dig mx" it returnes the correct ip(exp.
-On my firewall I have forwarded port 25 to my internal ip (mail server -Localy I can telnet to over port 25.

I have instaled roundcube instead of squrelMail.

 I am very grateful for any help

From: Eduardo B at: 2012-04-30 08:31:15

Great job Falko!

 I've tested the steps on HP Cloud server. The quota option is not supported by kernel probably because of the virtualized environment. However, everything seems to be working. Thanks for this another "Perfect Howto".

From: at: 2012-07-17 15:53:50

you need to install extra linux image package and use modprobe to enable quota modules on kernel.

From: at: 2012-04-30 11:33:11

Hi Falko!

Finally you have a tutorial with Ubuntu AND Dovecot with ISP3.

I've upgraded my Ubuntu 11.10 with courier to 12.04 and would change to dovecot.

I know, that dovecot has another folder-structure as courier, but what steps a requered to change from courier to dovecot in Ubuntu 12.04?

 I think so:

1. apt-get install dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve

2. make changes for fail2ban:


3.  Change Mailserver from Courier to Dovecot in ISP3-GUI

4. Update ISP3 with .sh scripts to restore configs

5. Restart services

I'm right? ;)

From: at: 2012-05-02 08:23:10

The last step is:

6) Modify the maildir folder structure for each Mailbox by creating a new folder "Maildir" and moving the contents to that folder. Example:

cd /var/vmail/domain.tld/user/
mkdir Maildir
mv * Maildir/

You will get a error that Maildir can not be moved into Maildir, thats ok and can be ignored.

From: Bruno at: 2012-05-01 13:03:38

Thanks for the HowTo! 
I have a small problem with the email. I usually can send emails, but I not receive any one. In Outlook, the following error appears: <>: Host or domain name not found. name service
     mail.189.xx.xx.xx error for name = type = A: Host not found

Any idea of the problem? Thanks in advance.

Sry for bad english.

From: at: 2012-05-03 16:34:19

Good tutorial.

The most important aspect of the project is SECURITY.  A companion article on how to secure this configuration is essential.  Hope someone will do it.

From: Scott Carter at: 2012-05-04 18:23:18

So I followed the tutorial to the T, but I'm having a heck of a time getting the email tab to display.  For example, if I were at the home tab and clicked over to email the email tab, it still says "Welcome Admin" and lists the available modules, but the side bar shows email accounts, mailing lists, etc.  I tried clicking on each of the links in the side bar, but none of them do anything.

All the other tabs display just fine.

From: Scott Carter at: 2012-05-07 15:37:46

I figured out my issue.  I setup an additional alias for squirrelmail as /mail, which conflicts with the ISPconfig file structure.  Once I removed this alias, everything was happy.  Excellent tutorial!!

From: Stelios_g at: 2012-05-26 10:03:41

Thank you i had the same isue and the fault was the alias at the webmail...

From: Warren Child at: 2012-07-12 02:23:47

How do I remove the alias say I might have put it in? I am kind of a noob and have been reading tutorial after tutorial trying to fix my email, and I followed the directions to a T and have read the 300 page user manual for ISPConfig.

 Any Insight would be much Appreciated!

From: Tim M. Muldoon at: 2012-06-16 00:06:50

You must live in Unimatrix Zero, because this is perfect.

 I got all the way to here in step 22 before I messed up and entered info instead of just hitting 'enter'.

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
 <-- ENTER
An optional company name []: <-- ENTER

 Thanks for a great tutorial.

From: Anonymous at: 2012-06-23 23:06:04

can you explain this? does it go in a file? how do you execute it? I keep getting:


-bash: vzctl: command not found

vzctl set $VPSID --capability ${CAP}:on --save

From: Chris de Kock at: 2012-06-26 12:33:07

Dear Mr. Timme, 

Excellent job! I enjoyed every bit of this tutorial!

Keep up the good work! 


From: Anonymous at: 2012-07-28 08:55:19

Probs a stupid question but what ports do i need to forward to get everything working

From: Anonymous at: 2012-07-31 16:52:46

Hi thanks for this tut its great

how ever i am not able to receive emails i can send them and they arrive sharpish

but i cannot receive.

can anyone shed some light on this and a possible solution

many thanks

From: Jason at: 2012-08-15 17:08:36

Did you get this corrected? I have the same issue. No errors in mail.log. It logs in but no mail. I see that there is mail in the Email -> Mailbox quota.


From: Yuriy_Y at: 2013-03-31 18:37:35

 After installation, you must change /etc/postfix/

mydestination =

 mynetworks = [::1]/128


Restart postfix, enjoy. 

From: Fil at: 2012-09-29 14:00:56

Hello,thanks for this excellent tutorial.

I follow all the steps of this tutorial. I create a dns zone and a site. But when i go to the new site in my browser, i always arrive on the squirrelmail login page. I don't know why???

Thank you in advance for your answer.

Sorry for my bad english 



From: Squirrel at: 2013-12-07 04:32:37


I've the exact same problem. I followed all steps of this tutorial and everything went fine. All features will works just fine. My problem is that if I go to, it always points to squirrelmail login page,

My idea is to use this perfect server as webhost, email server, ftp server and mysql server. I want use my registrant DNS server as a nameservers. I can change all DNS records via my domain registrant.

Here is my setup:

1. Installed the perfect server, ubuntu 12.04.3 LTS (public IP is accessible via internet)
2. Registered
3. My server FQN is (hostname)
4. Changed necessary DNS records (A, CNAME, MX) to point to my perfect server

If I access to my perfect server...
http://<private ip>
http://<public ip> or or

It always points to squirrelmail login page,

I want to host my on my perfect server. The perfect server hostname is the same, whether this matter ??? Should I book and reserve "unique" and use that domain as servername and not the same I want to host (website).

From: at: 2014-01-04 10:34:44

In /etc/squirrelmail/, comment-out the following:

  DocumentRoot /usr/share/squirrelmail

Then restart Apache2:
service apache2 restart

From: onejay at: 2012-10-03 03:23:44

i found this article looking for a guide to install ispconfig, and i find myself scouring through 5 of 6 pages looking for what parts of this guide are important to ispconfig, instead of following a 1 or 2 page guide. much of the first 5 pages are not necessary for ispconfig, but without figuring out what is and what isnt, i get install errors. my suggestion would be tier'd style, walking through the install of the primary topic, and inserting optional addons as side notes. if i'm thinking this, others must be as well, and it would really help out us noobs. 

From: ewrson at: 2012-11-19 08:34:10

Great job, big thx :D

From: Lynton at: 2012-12-03 19:39:21

I cant get my mail to work using SSL at all(sending or receiving)

 I keep getting a generic error saying: 

  postfix/smtps/smtpd[2179]: warning: TLS library problem: 2179:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:628:

I have tried to check all the log files etc but I cant find anything that gives more info on it.

I had to uncomment the lines in my /etc/postfix/  for:

submission inet n       -       -       -       -       smtpd

smtps     inet  n       -       -       -       -       smtpd

just to get it to start sending mail without SSL. I have followed the howto step by step a few times now, re-installed the server twice and also removed and re-installed all packages related to the install, im going a bit insane trying to fix it!!

Can anyone give me some direction on what I should be looking for? 

From: Ascer at: 2013-02-22 15:56:10

The best tutorial ever. Lo mejorcito de internet, muchas gracias, yo ya tengo mi servidor con ispconfig 3. Muchas gracias otra vez

From: davils at: 2013-03-01 01:40:56

This is a great article followed it and am up and running minus one hickup i cant access squirremail using https at all

 SSL connection error Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

I can https into ispconfig no problem tho? any help would be really helpful 


From: Anonymous at: 2013-03-06 20:17:51

This is wonderfull

From: Anonymous at: 2013-04-30 21:39:15

Absolutely amazing :) 

From: at: 2013-05-11 02:08:20

After installation whenever i tried to access ispconfig with ip:8080 it shows error and tell me to access by https wich is normal as i followed that tutorial and did what they said there . But after restarting when i try to access ispconfig with https://ip:8080 it just loading and loading , nothing was and is showing . When i try to http://ip:8080 , it shows Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Hint: But my domain is not yet managed as it takes time(is that?) . I have registered nameserver from my registerer ns1 and ns2 by that ip and changed the nameserver . But as it is yet not live , how can i access ispconfig with that ip as i did before , before restart ?

From: techatyou at: 2013-06-17 20:07:14

Try just your http or https what ever one your using then ip without port number and just /ispconfig

[Like This]

From: Chuck at: 2013-07-30 19:05:58

Thank you very much for a "very! step-by-step" web server setup.  I think I have been resistant to ubuntu simply because of the name.  Lord only know, SuSE and OpenSuSE were bad enough -- Slackware?  Debian?  --- but "oo boon too"?  That was just too much!

 Or so I thought!  After all, there are so many distros to choose from.  I've used SuSE for years to host a mail service using Exim and have had no problems with SuSE 8.0 and Exim 4 has been a joy!  I never liked the GUIs, so the text interface was just right for me.  With most of the new distros, you have to "intervene" to get to text.  So, I've been using OpenSuSE 11.4 with Ctrl-Alt F2 for a good while.  But, 11.4 is no longer "supported" as it seems.

 So, here I am with a project!  I need to set up a website for my daughter and son-in-law and I'd like to host it here under my thumb, as it were.  Where to begin; where to begin?

I began reading your "The Perfect Server" (ignoring the word "Ubuntu" because I could pick my own distro, couldn't I!).  It didn't take but a paragraph of two for me to realize that Ubuntu was just what I needed to use.  I got the 32 and 64-bit versions because I wasn't sure what piece of crap I was going to use for my server.  In the end, I decided to use an old Dell Optiplex GX-270 Small Form Factor with a lowly Celeron processor and only 1 GB of RAM.  Just the on-board VGA, but wait . . . .  I'll be using text!  OK!  Let's get going.

Installation was a breeze and once I got the SSH host installed, I switched to my big machine and used PuTTY 0.62 and the rest was a breeze.

 I'm sure everybody in the world already know this, but you never can tell.  If one highlights text in a GUI like Windows and toggles to his SSH client page, a click of the right mouse button will paste the Windows "scratchpad" at the cursor in the ssh "window" and all that's left is to touch "Enter."

So, your long instructions like adding the following lines to the squirrelmail conf file:

    AddType application/x-httpd-php .php
    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_admin_flag allow_url_fopen Off
    php_value include_path .
    php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
    php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname:/var/spool/squirrelmail
    php_flag register_globals off

were accomplished by highlighting those lines, opening the file with the editor (I like "joe" best), positioning the cursor just below the line "  <IfModule mod_php5.c>" and giving a single click of the right button.  

No more misspelled commands!  During installs, I toggled to a solitaire window where I could see the left edge of the PuTTY screen and when I saw the # prompt reappear, I'd go to the next step.

When I used a Windows machine to resolve the url "" and saw the message "It Works!" --- well, I'm taking a short break to say "Thanks!" before I work on content and then get my DNS info pointing to my server.  Wow!

I did not have one single moment of angst.  Your instructions were very clear and the format of your post made it plain what I was to type as a command.  Where you indicated "vi /etc/network/interfaces" I would type "joe " and then paste "/etc/network/interfaces" and touch Enter.  (Of course, I did have to get "joe" but that was easy.)

Great HowTo!  Thanks again.



From: aaazyyy at: 2013-09-05 16:30:01

This tutorial was not at all awesome, but way way beyond awesome.

Thanks a ton.

From: Salvatore La Rocca at: 2013-09-05 08:59:31

La guida è perfetta e fantastica. Grazie

From: Thach at: 2014-07-11 09:19:03

Thank you very much for your help. It saves me a lot time for installing ISPConfig 3.0.

From: Ray Moncada at: 2015-02-18 23:30:49

This tutorial is great. I use it for every version of lts out there. Thank you for taking the time to write it.