The Perfect Server - Ubuntu Intrepid Ibex (Ubuntu 8.10) - Page 5

15 Postfix With SMTP-AUTH And TLS

In order to install Postfix with SMTP-AUTH and TLS do the following steps:

apt-get install postfix libsasl2-2 sasl2-bin libsasl2-modules procmail

You will be asked two questions. Answer as follows:

General type of mail configuration: <-- Internet Site
System mail name: <--

Then run

dpkg-reconfigure postfix

Again, you'll be asked some questions:

General type of mail configuration: <-- Internet Site
System mail name: <--
Root and postmaster mail recipient: <-- [blank]
Other destinations to accept mail for (blank for none): <--,, localhost.localdomain, localhost
Force synchronous updates on mail queue? <-- No
Local networks: <-- [::ffff:]/104 [::1]/128
Use procmail for local delivery? <-- Yes
Mailbox size limit (bytes): <-- 0
Local address extension character: <-- +
Internet protocols to use: <-- all

Next, do this:

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf

Afterwards we create the certificates for TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Next we configure Postfix for TLS (make sure that you use the correct hostname for myhostname):

postconf -e 'myhostname ='

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

The file /etc/postfix/ should now look like this:

cat /etc/postfix/

# See /usr/share/postfix/ for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =,, localhost.localdomain, localhost
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Authentication will be done by saslauthd. We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have to do the following:

mkdir -p /var/spool/postfix/var/run/saslauthd

Now we have to edit /etc/default/saslauthd in order to activate saslauthd. Set START to yes and change the line OPTIONS="-c -m /var/run/saslauthd" to OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r":

vi /etc/default/saslauthd

# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.

# Should saslauthd run automatically on startup? (default: no)

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)

# Which authentication mechanisms should saslauthd use? (default: pam)
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
# Only one option may be used at a time. See the saslauthd man page
# for more information.
# Example: MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
#OPTIONS="-c -m /var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

Next add the postfix user to the sasl group (this makes sure that Postfix has the permission to access saslauthd):

adduser postfix sasl

Now restart Postfix and start saslauthd:

/etc/init.d/postfix restart
/etc/init.d/saslauthd start

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your Postfix mail server type

ehlo localhost

If you see the lines




everything is fine.

The output on my system looks like this:

root@server1:/etc/postfix/ssl# telnet localhost 25
Connected to localhost.localdomain.
Escape character is '^]'.
220 ESMTP Postfix (Ubuntu)
ehlo localhost
250-SIZE 10240000
250 DSN
221 2.0.0 Bye
Connection closed by foreign host.



to return to the system's shell.


16 Courier-IMAP/Courier-POP3

Run this to install Courier-IMAP/Courier-IMAP-SSL (for IMAPs on port 993) and Courier-POP3/Courier-POP3-SSL (for POP3s on port 995):

apt-get install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0

You will be asked two questions:

Create directories for web-based administration? <-- No
SSL certificate required <-- Ok

If you do not want to use ISPConfig, configure Postfix to deliver emails to a user's Maildir*:

postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart

*Please note: You do not have to do this if you intend to use ISPConfig on your system as ISPConfig does the necessary configuration using procmail recipes. But please go sure to enable Maildir under Management -> Server -> Settings -> EMail in the ISPConfig web interface.

Share this page:

38 Comment(s)

Add comment


From: Anonymous at: 2008-11-01 19:05:25

oops… posted comment to the wrong tutorial. a reboot after the upgrade and reconfiguring/rerunning the console setup worked fine. no problems so far…

From: Anonymous at: 2008-10-31 15:38:17

following these details got me stuck at the following:

Setting up console-setup (1.25ubuntu3) ...

Installing new version of config file /etc/init.d/keyboard-setup ...

Installing new version of config file /etc/init.d/console-setup ...

 * Setting up console font and keymap...

 is there a clear way to cleanly complete the upgrade?

From: Anonymous at: 2008-11-07 19:39:00

Thanks for a great tutorial.

I have a few comments. I think a note saying something to the effect of "you *must* install /all/ these programs if you want to use ISPConfig" would be a useful addition to the tutorial.

I tried leaving out Quota and ProFTPd (as I don't need them) and ISPConfig barfed when I tried to install it the first time. "ISPConfig runs on it out of the box" I respectfully disagree. To illustrate my point, I list here my failed installation attempts and the reasons for failure. Remember, this is on a box which has just completed the above tutorial. Hopefully those who didn't fall for these mistakes will get a chuckle out of them.

Try #1: The Ubuntu devs (in their infinite wisdom) have changed the /bin/sh link from /bin/bash to /bin/dash, thus completely breaking ISPConfig's setup. That's an easy problem to solve (see the link I post in #5).

Try #2: The setup script erroneously thinks I'm running Debian. This leads to a problem in line 76 of "setup2", whose fix is here.

Try #3: Line 821 of install.php doesn't like the database I've prepared in MySQL specially for it. Apparently, this database must NOT exist before installing. Also, I find the installer has deleted the install directory, which means I can't make a change and restart the install. I delete the database and start again.

Try #4: Line 821 of install.php doesn't like the user I prepared for it either. According to a post buried somewhere in the forum, you must use a MySQL root user to install the database.

Try #5: This one almost worked, but for some reason ISPConfig didn't save *any* of the settings I entered during install.

Try #6: I have high hopes for this one. The generated SSL certificate is corrupt if Firefox and Opera are to be believed. Both refuse to connect to ISPConfig. But I think this can be fixed post-install using these instructions. Thanks to David Yin for posting them. It's a good thing I'm patient, since each install attempt takes the better part of an hour on this slow server. But I think my point is made - ISPConfig does NOT install out of the box on Ubuntu 8.10 Server.

From: admin at: 2008-11-07 21:55:45

I really don't understand your point. All you have to do is follow the tutorial and install ISPConfig - nothing else. Nowhere is it said that you need to create a database or a database user for ISPConfig. I also don't understand your other points. I've completed this setup so many times and *never* had any problems installing ISPConfig.

From: Anonymous at: 2008-11-07 23:52:42

Yeah, I was half expecting that reaction. I'm not having a go or anything. Apologies if I gave that impression.

I was trying to give some constructive criticism on the article, but halfway through it sort of turned into a newbie guide for what to do when ISPConfig fails to install on Intrepid. Apologies again for being offtopic. I just didn't want to say "hey, you said this, you were wrong" without backing it up.

Agreed that I got a little bit creative with the database, but being a security-conscious server administrator I thought that rather than let ISPConfig take complete control of MySQL I would handle it myself. That is, give it a limited user rather than root access. I guess I need to let ISPConfig install and then tighten the screws.

I'll try again. :) My two points are:

1. I think the article would be improved by a sentence saying "you must install all these programs for ISPConfig to work, you may NOT leave any of them out".

2. I think you're wrong when you say "ISPConfig runs on it out of the box".

From: at: 2009-01-29 04:37:38

I'm not "having a go" either, and I can honestly say that so far, NOTHING having to do with getting ISPConfig running has worked, out-of-the-box or otherwise.  I guess that as comments have been made, the tutorials have either been updated, and/or the distribution configuration, because many of the warnings about making some change seem to already be made for me, but I still check.

Specifically, I have a T-1 connection with a block of 32 static IP addresses and have created all of the proper entries for my external DNS hosting to point my domain I wish to host to one of my IP addresses.  Done long ago, DNS has propagated, the address resolves fine from anywhere on the 'net with a simple ping to my domain name.

I have a small computer system running a dual-core Intel x86 CPU, 1 Gb of RAM, and a new 120 Gb hd, with a temporarily connected DVD-ROM drive for the purpose of getting this machine running, since it will become a headless server.

During the install, I chose not to let it detect my keyboard (the 2nd attempt and thereafter), because I can manually choose it faster than the setup can detect it, and noticed no errors due to an improperly chosen keyboard, but still, even though I went through this How-To literally to the letter, I haven't yet been able to even see a log-in page in any web browser for ISPConfig on any computer or with any browser I can try it with so far, which includes IE, Firefox, Seamonkey, and Lynx.

I usually have made it through the "Perfect Server" installation and setup with no visible wounds, but have no idea why I am so far completely unable to get ISPConfig to install to any level of functionality.  All of their web help for this points back to this How-to, or to their mostly incomplete Wiki, the forum, where I've yet to find anyone posting about similar problems, or their install guide, which takes me full circle...

Regardless of the author's experiences, I beg to differ in that I can certainly vouch for the fact that this most certainly isn't working "out of the box", and I'm about to wipe and reload from a clean install (for the 8th time).

Sadly enough, at some point soon, my employer will be forcing me to produce results, which may mean buying another license/copy of some flavor of Microsloft server, and setting up IIS, since they know I can get a website up with that combination...

To the author--I believe that you are and have successfully running this, but I just can't figure out the missing links/steps that have fallen below your radar, so they didn't get explicitly listed here and those with sufficient experience don't stumble over those most obvious barriers, but those of us so far down in knowlege are finding them impassable walls.

I will keep trying, but by no later than Monday, I have to have some visible signs of success that my upper management will both recognize and be happy with.  No excuses. 

From: at: 2008-11-18 22:05:11

The server install process went without snag, however the ISPConfig had a snag trying to install.

"Flex" was missing.  So I installed it, and ISPConfig installed, but I was unable to get it to work - it deleted after reboot?

I'm going through the setup process again on another fresh machine, and think this will work out fine.

- Geoff


From: mind at: 2008-11-26 18:44:07

./setup script gives some errors then building extensions

checking for MySQL support... yes
checking for specified location of the MySQL UNIX socket... no
checking for MySQL UNIX socket location... no
configure: error: Cannot find MySQL header files under /usr.
Note that the MySQL client library is not bundled anymore!
ERROR: Could not configure PHP
cd: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
mv: cannot stat `binaries/aps.tar.gz': No such file or directory
mv: cannot stat `binaries/spamassassin.tar.gz': No such file or directory
mv: cannot stat `binaries/uudeview.tar.gz': No such file or directory
mv: cannot stat `binaries/clamav.tar.gz': No such file or directory
mv: cannot stat `binaries/cronolog': No such file or directory
mv: cannot stat `binaries/cronosplit': No such file or directory
mv: cannot stat `binaries/ispconfig_tcpserver': No such file or directory
mv: cannot stat `binaries/zip': No such file or directory
mv: cannot stat `binaries/unzip': No such file or directory
tar: spamassassin.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `spamassassin': No such file or directory
tar: uudeview.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `uudeview': No such file or directory
tar: clamav.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `clamav': No such file or directory
tar: aps.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
mv: cannot stat `ispconfig_tmp': No such file or directory
cp: cannot stat `': No such file or directory
All prerequisites are fulfilled.
Here we go...
chmod: cannot access `./install.php': No such file or directory
Please enter your MySQL server:Please enter your MySQL server:^C

From: bosaka at: 2009-01-26 13:00:31 is this what you plan to name your website?

From: at: 2008-12-09 05:01:36

If you want to use Putty to complete the setup remotely as specified in step 5 on page 3,  you should use a password that has no capital letters. 

 For some stupid reason, putty will fail even though you are using the correct IP, correct username, and correct password, if the password has any capitals in it.

 If your password does, you can change it at the command prompt with the "passwd" command.

You should do that for both your user account AND the super user if you intend to use "sudo su" over Putty.

*****************************  EDIT  EDIT  EDIT 2009-01-20  ******************

I got PuTTy to work on a brand new install, perhaps it only fails sometimes, perhaps if the first letter of the password is a capital letter.

From: at: 2008-12-09 05:12:46

If you want to use Putty to complete the setup remotely as specified in step 5 on page 3,  you should use a password that has no capital letters. 

 For some stupid reason, putty will fail even though you are using the correct IP, correct username, and correct password, if the password has any capitals in it.

 If your password does, you can change it at the command prompt with the "passwd" command.

You should do that for both your user account AND the super user if you intend to use "sudo su" over Putty.

From: at: 2008-12-17 23:44:43

Actually, I have not had any difficulty with capitals in passwords using putty. Not sure why it does not seem to work for you.

From: at: 2008-12-13 04:12:56


apt-get dist-upgrade

 to upgrade your kernel too, in step 8 before you


 I was having trouble on my Dell 9200 with 7300LE Nvidia video card.  It would hang on reboot at the very end.  Processes shutdown, but it would not finally turn the power off for the restart.  Restart failed, so I had to physically hold the button down for 10 seconds to cycle the power off & on.  It would happen with another equivalent reboot command,

init 6

, too.

But this bug was fixed in an updated kernel.  To get that updated kernel, use this apt-get dist-upgrade command.

********************** EDIT  EDIT EDIT 2009-01-20 *****************

**********************     MORE INSTRUCTIONS     *******************

I noticed this grub file must be altered, to fix this reboot hang problem on a Dell 9200.

We’ll make a script to edit your /boot/grub/menu.lst file automatically. Make a folder, and add the path to this new folder to your $PATH environment variable, so that the bash shell of the command line will function on the script you will create inside that folder.

echo $PATH
export PATH=$PATH:/tempscript
echo $PATH
mkdir tempscript
cd /tempscript

Then make a script to edit the grub file. Start the vi text editor to create the file:

vi alter_menu

then press "i" to enter insert mode:


Cut & paste this script into the file (make sure you're not also pasting the HTML tags of this text too, because you are copying it from the browser):

cat $MENU | while read LINE
   if [[ $LINE =~ ^$ ]]; then
     echo $LINE
   elif [[ $LINE =~ ^[^kernel] ]] || [[ $LINE =~ .*bin$ ]]; then
     echo $LINE
   elif [[ $LINE =~ ^kernel.* ]]; then
     echo $LINE reboot=b

Press [ESC] to exit insert mode of the vi editor, then press


to save the script file and exit the editor. Now run the script and clean up:

chmod 777 alter_menu
alter_menu > /boot/grub/menu.lst.tmp
mv /boot/grub/menu.lst.tmp /boot/grub/menu.lst
cd ../../../../../../../../..
rm -r /tempscript

It is necessary to reboot manually one more time with the manual power button if your machine suffers from this problem, So that the server’s grub can boot with these new settings.

From: Anonymous at: 2009-01-25 15:34:23

I had to set the DNS server address in /etc/resolv.conf to get the dns to work.

(Running  Ubuntu 8.10 server in VirtualBox under Vista with two netw adapters, the VBox network on secondary host interface, and InternetConnectionSharing turned on in Vista)

From: Anonymousjames at: 2008-11-13 22:07:34

some of the apt-get commands don't work due to the fact that the package names have changed oh and he doesn't explain how he got uuid for the fstab file  from where???  y? cause i need to find my own ????  oh and the nameserver

"The /etc/resolv.conf file could look something like this:


"Rute by Paul Sheer 2002 available online (you have to know your dns server ip addy)

2 stars it will get you there if you work at it  a little confused but hey tutorials go  out of date
linux newbie and IT professional

From: Anonymous at: 2008-12-03 05:21:32

after i restarted the mysql when it disconected then tried to restart it failed, now what do i do?

From: sudopeople at: 2009-04-29 22:23:29

root@puter:/etc/postfix/ssl# /etc/init.d/saslauthd start
etc/default/saslauthd: 50: to: not found
  * Starting SASL Authentication Daemon saslauthd
  * No run directory defined for saslauthd, not starting

Make sure your OPTIONS line reads:

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

I copied and pasted the line from the tutorial which shouldn't have happened:

 OPTIONS="-c -m /var/run/saslauthd" to OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"


From: at: 2009-03-30 04:35:26

how do I fix this problem No run directory defined for saslauthd, not starting

From: Ben at: 2008-11-02 02:52:49

Just setup my linux box and it all worked great with one minor exception.

My server was not accepting mail for my domain with the following error in the syslog:

"Relay access denied"...

The fix is that in the 'Other destinations to accept mail' setting in the Postfix setup I needed to add my domain, excluding the server name.  Possible my stupidity, but it wasn't clear to me in the write-up. 

It may be more clear to write:

Other destinations to accept mail for (blank for none): <--,,, localhost.localdomain, localhost

 I ended up just adding my domain to the Postfix config file and everything worked.  Edit the following line in /etc/postifx/main.conf :

Change from:

mydestination =,, localhost.localdomain, localhost


mydestination =,,, localhost.localdomain, localhost


Hope this helps...

 PS.  Fantastic Post...

From: Joel barnard at: 2008-11-06 18:59:05

After the setup i was unable to telnet to localhost, i checked the log and found there was a "numerical error", so I opened up the config file (editor /etc/postfix/ and found a period "." in the following spot... (see after the 1)

smtpd_tls_loglevel = 1.

Remove that period, save the file, restart postfix and saslauthd and it should all be fine.

From: Mallegonian at: 2008-12-03 01:19:33

Thanks for the great guide! After installing postfix I couldn't telnet to localhost port 25 - it connected, but no 220 or ehlo response. /var/log/syslog showed "Dec  2 20:11:40 myserver postfix/tlsmgr[5678]: fatal: open database /var/lib/postfix/smtpd_scache.db: Permission denied"

To fix it, I ran, as root,

chown postfix:postfix /var/lib/postfix/smtpd_scache.db; chown postfix:postfix /var/lib/postfix/smtpd_scache.db

I have Ubuntu 8.10 dist-upgraded from 8.04, fully patched as of Dec 2.

From: Sean at: 2008-11-09 16:30:56

It would only take another paragraph or two to setup ProFTPD to use SSL/TLS and be a secure FTP server.  I understand firewall setup would be more complicated, but not sending your shell account passwords over the Internet PLAIN TEXT would be worth a little additional effort.  Might be a worthwhile enhancement to an already excellent guide.  Thanks for the guide!


From: Anonymous at: 2008-11-01 18:42:41

Ok, thank you for your article, but can you tell me:

1. why don't you use the default email server from tasksel or from the ubuntu server guide?

tasksel --task-packages mail-server

Why are you using courier and cyrus-sasl2 instead dovecot?

2.  why you're disable the apparmour and enable root account but you use bind chrooted?

3. why don't you just select lamp server at install and go for the suplimentary needed packages later?

It seems to me that this is not the "perfect ubuntu server", but a platform for ispconfig.

From: admin at: 2008-11-01 23:28:39

1.) It's just a choice I've made. You can use Dovecot as well.

2.) I did not enable the root account. I disabled AppArmor because otherwise BIND doesn't start.

3.) Because I like to have control over what I install. You can as well install the lamp package if you like that better.

As I said in the introduction, there are many ways to skin a cat.

From: admin at: 2008-10-31 15:51:16

Here you go:

I don't want to include this in the tutorial because

a) it would become too long

b) it would lock out the users that have just one hard drive in their servers.

I hope you can understand this.

From: Anonymous at: 2008-10-31 14:45:45

I just have a question, on how can you have a "reliable" server without a form of RAID? You should have the instructions for RAID.


From: Patrick at: 2009-09-01 20:56:21

Just a note:

I had to wrap ServerIdents off in the <global> tag for ProFTP to pick it up. i.e.

ServerIdents off

Also, it takes a long time for users to log into ftp if you don't add the following line:

UseReverseDNS off

From: Rogerio Martinelli at: 2009-04-06 20:07:44

Look at your apache error log.

i resolved with that.

my problem was with logger so:

sudo apt-get install vlogger


all the best



From: sims at: 2008-11-02 23:04:36

I don't think that's the best choice for and FTP server. Might want to give vsftpd a try.

From: garfunkle at: 2008-10-31 16:55:33

Been waiting for a perfect server since beta. I use this in a virtual environment to practise my networking skills and so far it's installed great, done everything except ISP Config. Will be testing the features now.

From: Anonymous at: 2010-03-20 14:43:52

Did not see clamav and freshclam installation in this tutorial

From: Tyger at: 2008-11-08 22:52:24

Thanks for an excellent tutorial.

From: clabrown at: 2008-11-21 17:57:52

Thanks very much this is really helpful.

 You may need to add a section about corrections to resolv.conf in the networking section, 7 on page 3. This seems to end up with the gateway's ip for the nameserver, and "home" (I think) for the default "domain" and "search" parameters.

 In my case my gateway does not provide dns, and I had to change the domain and search entries to "".

From: Koop at: 2008-11-25 17:24:08


Thanks so much for the killer setup how to's. They literally have taught me everything I know about linux so far.  A great follow up How To would be a how to on how to add functionality to these perfect servers. I want to take this setup, which is running awesome by the way, and add backup, load balancing, and intrusion detection. 

Anyway, awesome so far thanks!


From: mrmikey05 at: 2009-03-21 09:16:19

Hey guys. This tut is really perfect. the only problem I have now is, my apache2 failed after installing ispconfig. how do i go about fixing that?

Please direct me to help.

Thanks again for a great tut.

From: Sem Wong at: 2009-02-05 18:26:37

Hey! Thanks for this awesome howto! Thanks to you I got a fully functioning server.

 I got 1 problem here (nothing wrong with the tutorial, since it all works perfect :))
My ISP (Internet Service Provider) blocks all incoming port 80 requests. I would like to know how I can change the listening port so I can put it at port 88 :).

1 more thing, Which ports do I have to portforward for all the things? ftp is port 21 and the mail server?

thanks in advance,
Sem Wong.

From: Sonic at: 2009-02-28 15:22:48

Al of your settings work like a charm. The only thing that doesn't work, is the installation of Ispconfig.

 When all the settings are in place, and he is restarting all services, the apache2 server "fails".

 When I manually want to start it, it also fails.. Now I'm really stuck with a non working server...


Please help :-/

From: willebanksIII at: 2010-02-19 12:30:43

Howdy all,

I have been cutting and pasting one line at a time within each blue box. Can I just select everything within the whole box? I bet I can but I really don't feel like experimenting and breaking something.

I realize I'm not suppose to ask questions here but I figure a yes or no answer will get the job done!