The Perfect Server - Ubuntu 9.10 [ISPConfig 3] - Page 3

4 Get root Privileges

After the reboot you can login with your previously created username (e.g. administrator). Because we must run all the steps from this tutorial with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we become root right now by typing

sudo su

(You can as well enable the root login by running

sudo passwd root

and giving root a password. You can then directly log in as root, but this is frowned upon by the Ubuntu developers and community for various reasons. See


5 Install The SSH Server (Optional)

If you did not install the OpenSSH server during the system installation, you can do it now:

aptitude install ssh openssh-server

From now on you can use an SSH client such as PuTTY and connect from your workstation to your Ubuntu 9.10 server and follow the remaining steps from this tutorial.


6 Install vim-nox (Optional)

I'll use vi as my text editor in this tutorial. The default vi program has some strange behaviour on Ubuntu and Debian; to fix this, we install vim-nox:

aptitude install vim-nox

(You don't have to do this if you use a different text editor such as joe or nano.)


7 Configure The Network

Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address

vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static

Then restart your network:

/etc/init.d/networking restart

Then edit /etc/hosts. Make it look like this:

vi /etc/hosts       localhost.localdomain   localhost     server1

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Now run

echo > /etc/hostname

... and reboot the server:


Afterwards, run

hostname -f

Both should show now.


8 Edit /etc/apt/sources.list And Update Your Linux Installation

Edit /etc/apt/sources.list. Comment out or remove the installation CD from the file and make sure that the universe and multiverse repositories are enabled. It should look like this:

vi /etc/apt/sources.list

# deb cdrom:[Ubuntu-Server 9.10 _Karmic Koala_ - Release amd64 (20091027.2)]/ karmic main restricted

#deb cdrom:[Ubuntu-Server 9.10 _Karmic Koala_ - Release amd64 (20091027.2)]/ karmic main restricted
# See for how to upgrade to
# newer versions of the distribution.

deb karmic main restricted
deb-src karmic main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb karmic-updates main restricted
deb-src karmic-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb karmic universe
deb-src karmic universe
deb karmic-updates universe
deb-src karmic-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb karmic multiverse
deb-src karmic multiverse
deb karmic-updates multiverse
deb-src karmic-updates multiverse

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb karmic-backports main restricted universe multiverse
# deb-src karmic-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb karmic partner
# deb-src karmic partner

deb karmic-security main restricted
deb-src karmic-security main restricted
deb karmic-security universe
deb-src karmic-security universe
deb karmic-security multiverse
deb-src karmic-security multiverse

Then run

aptitude update

to update the apt package database and

aptitude safe-upgrade

to install the latest updates (if there are any). If you see that a new kernel gets installed as part of the updates, you should reboot the system afterwards:



9 Change The Default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

dpkg-reconfigure dash

Install dash as /bin/sh? <-- No

If you don't do this, the ISPConfig installation will fail.


10 Disable AppArmor

AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

We can disable it like this:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
aptitude remove apparmor apparmor-utils


11 Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run

aptitude install ntp ntpdate

and your system time will always be in sync.


Share this page:

36 Comment(s)

Add comment


From: at: 2009-10-31 08:11:16

be careful when making clean install on 9.10

if you have a RAID0 Grub2 acts realy strange. It cant find the boot sector of the drive. 

sollution : make clean install on 8.10 according on Falko`s pedfect server 8.10. and dist-upgrade to 9.04 and 9.10

From: at: 2011-04-17 00:01:29

Good evening,
I'm also having the same problem, Outlook users may not connect, with the previously ispconfig2 the users were created in / etc / passwd, not this happening in ispconfig3 this, they are only created in mysql ..
claim to know what can be? the distribution and debian 6.

From: Anonymous at: 2010-05-13 20:41:41

First to praise the tutorial, but I have a problem. when I want to download e-mail (Outlook), every time we seek authorization through ISPCONFIG with defined user and his mail box, simply will not let me authorization. I really do not know more what the problem is. In addition to asking configuration. It is also not possible or authorization through Squirrelmail.

tail -f /var/log/mail.log

May 13 22:00:01 myserver postfix/smtpd[8313]: disconnect from localhost.localdomain[]
May 13 22:02:51 myserver pop3d: Connection, ip=[::ffff:]
May 13 22:02:51 myserver pop3d: LOGIN FAILED, user=test, ip=[::ffff:]
May 13 22:02:56 myserver pop3d: Disconnected, ip=[::ffff:]


root@server:/# netstat -tap

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0      *:*                     LISTEN      2106/mydns
tcp        0      0 localhost.locald:domain *:*                     LISTEN      2106/mydns
tcp        0      0 *:ftp                   *:*                     LISTEN      1816/pure-ftpd (SER
tcp        0      0 *:ssh                   *:*                     LISTEN      975/sshd
tcp        0      0 *:smtp                  *:*                     LISTEN      6470/master
tcp        0      0 *:https                 *:*                     LISTEN      1962/apache2
tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      988/amavisd (master
tcp        0      0 localhost.localdo:10025 *:*                     LISTEN      6470/master
tcp        0      0 localhost.localdo:mysql *:*                     LISTEN      4858/mysqld
tcp        0      0 localhost.localdo:spamd *:*                     LISTEN      1227/
tcp        0      0 *:webmin                *:*                     LISTEN      4146/perl
tcp        0      0 *:http-alt              *:*                     LISTEN      1962/apache2
tcp        0      0 *:www                   *:*                     LISTEN      1962/apache2
tcp        0      0 localhost.localdoma:ftp localhost.localdo:40089 TIME_WAIT   -
tcp        0      0 localhost.localdo:mysql localhost.localdo:39324 ESTABLISHED 4858/mysqld
tcp        0      0 localhost.localdo:35514 localhost.localdoma:www TIME_WAIT   -
tcp        0      0 localhost.localdo:39324 localhost.localdo:mysql ESTABLISHED 1643/amavisd (ch3-a
tcp        0     52          ESTABLISHED 1499/0
tcp        0      0 localhost.localdo:45780 localhost.locald:domain TIME_WAIT   -
tcp6       0      0 localhost:domain        [::]:*                  LISTEN      2106/mydns
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      1816/pure-ftpd (SER
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      975/sshd
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      1666/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      1707/couriertcpd
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      7164/couriertcpd
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      1635/couriertcpd

root@server:/# telnet 25

Connected to
Escape character is '^]'.
220 ESMTP Postfix (Ubuntu)


My postfix configuration:

# See /usr/share/postfix/ for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =, localhost, localhost.localdomain
relayhost =
mynetworks = [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/, mysql:/etc/postfix/
virtual_mailbox_domains = proxy:mysql:/etc/postfix/
virtual_mailbox_maps = proxy:mysql:/etc/postfix/
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/, reject_unauth_destination
smtpd_tls_security_level = may
transport_maps = proxy:mysql:/etc/postfix/
relay_domains = mysql:/etc/postfix/
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = maildrop
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
content_filter = amavis:[]:10024
receive_override_options = no_address_mappings
message_size_limit = 0

From: Anonymous at: 2009-12-26 06:01:33

hi all,

setting hostname
Submitted by seamuso (not registered) on Sun, 2009-11-01 22:36.
hostname can be set without a reboot -
hostname -b -f /etc/hostname

..yes, can be set without a reboot, but like that: 

             hostname -b -F /etc/hostname 

hostname --help


   -f, --fqdn, --long    long host name (FQDN)
   -b, --boot                set default hostname if none available
   -F, --file                  read host name or NIS domain name from given file


From: headless_guy at: 2009-12-28 11:14:29

if you want to run 9.10 without keyboard and monitor, you may find it freezes after 10 mins try this:

for i in 1 2 3 4 5 6
   setterm -blank 0 -powersave off -powerdown 0 >/dev/tty$i

The make this script start at system start:

chmod 700 /etc/init.d/local

update-rc.d local defaults 80


From: seamuso at: 2009-11-01 21:36:56

hostname can be set without a reboot -


hostname -b -f /etc/hostname

From: shashank at: 2010-03-02 19:07:05

how i can find these setting for my system- 






bcz my network is dhcp enabled.

please help? 


From: CaPunG at: 2010-08-02 02:53:17

add this for DNS resolving

vi /etc/resolv.conf



ping test

:) cmiiw

From: Harald at: 2009-11-22 12:52:37


I actually dont know your problem, cause I even dont come to this point. You install - as I did - on Ubuntu 9.10 and I am wondering why you didnt have the following problem as I described with my own posting here:

i have

I tried 32 and 64 bit versions - but in both I have "xxxx.dpkg-new"!

What am I doing wrong?

Please help me!

Harald from Austria

From: Harald at: 2009-11-16 14:39:39

Hi! I have problems with imap/pop-ssl. By doing this:
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart
i acutally cannot do this. my system is ubuntu 9.10 server (both 32bit and 64bit) and instead von

i have

What am I doing wrong?
Please respond to my email as well!

THANX in advance

From: at: 2009-11-05 21:42:15

hello, i instaled ispconfig 3 on ubuntu 9.10, and all my sites are working ok...but when i tried to make didn't work and i tryed every combination, but it doesn't work..

can you make a little tutorial with picture to show me an example to understand were i'm rong (show me pls what i must write in dns, web etc)


thanqs a lot.have a good day!bye.

From: walter at: 2010-02-27 01:01:25

no matter, but maybe we can add on step #16 the bellow:

rm -rf mydns-1.2.8*

thanks a lot for this tutorial.

From: cmo at: 2010-07-11 22:26:37

Same error here. Mailclient has "Server needs SMTP Authentification" on.

From: at: 2009-12-02 14:20:41

when adding a site with the ispconfig interface, this value is added

php_admin_value open_basedir /var/www/clients/client1/web1/web:/var/www/clients/client1/web1/tmp:/usr/share/php5

The last section /usr/share/php5, is a directory that in the ubuntu packages, only contains php.ini example files.

Is supposed be the folder that contains the php extra functions and classes, which is in /usr/share/php

To change this, the ispconfig developers told me that editing the conf file: /usr/local/ispconfig/server/conf/vhost.conf.master and modify this sections

<tmpl_if name='security_level' op='==' value='20'>
    php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5

<tmpl_if name='security_level' op='==' value='20'>
    php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5:/tmp



From: Robert at: 2009-12-04 21:13:15

This tutorial is really good and clear. Just like the ones for the other distros.

But what's the point of installing ISPConfig 3 ?

If it was installed after step 6 (Install vim-nox (Optional)) on page 3, or even after step 9 (Change The Default Shell) on page 3, it would have made sense.

But we first install everything by hand, and then install a script to manage it all.

Might as well go the extra mile(s) and do everything from the command line.

Why can't ISPConfig ask for (or read a config/setup file with) what you want to install, and then just do it before installing itself ?

And things like :

That the MySQL root user password has to be entered twice. Once when installing MySQL, and then once again when installing ISPConfig.


"We need a DNS, mail, and LAMP server, but nevertheless I don't select any of them now because I like to have full control over what gets installed on my system." (page 2), but you do let this happen : "The installer automatically configures all underlying services, so no manual configuration is needed." (page 5).

Anyway, it's a good starting point to have a nice server setup quickly. With or without ISPConfig.

From: at: 2010-03-11 18:49:22

You know, I was just thinking the same thing.

I've never installed this software but, since it's supposed to manage all this stuff, it seems very strange to have to install it all by hand first. 

Certainly none of the steps are difficult to script, most are just one command and some of them answering a couple of prompts.  

It looks like it has to have mySQL installed to be able to have a place for its configs but that should just be the first step; and it should remember that config information.

For a version 3, this is pretty immature...



From: tono at: 2009-12-06 22:02:03

Never, ever I read a tutorial so good.

Thank you very much.



From: joerg at: 2009-12-25 18:03:48


how can use squirrelmail from this howto, when i create a domain in ispconfig 3?

The symlink from squirrelmail is set to the standard web location /var/www but the web location for the new domain is /var/www/domain.tld/web.

When i link the squirrelmail directory in the  /var/www/domain.tld/web directory i become a error message from squirrelmail. (No input file specified)

Can anybody help me please??


From: at: 2009-11-18 16:35:21

Suggestion and question.

Would it not be better to download and phpmyadmin and squirrelmail manually and place them within a allowed directory according to  /usr/local/ispconfig/server/conf/vhost.conf.master?

After <tmpl_if name='security_level' op='==' value='20'>

From: Patrick Nelson at: 2009-11-19 00:20:14

If I could, I'd rate this 5 stars! It is perfect to a tee! Thanks a lot for a very helpful and informative article! Truely an easy and good alternative setup to having to pay for those other control panels!

From: at: 2009-11-19 13:28:55

looks like hetzner's ubuntu 9.10 image isn't as minimal as it sounds :) it seems to have a crippled postfix package already installed, and the ispconfig install will fail because there is no /etc/postfix/

to work around this issue, you can remove the package completely before starting with this guide using:

  • aptitude remove --purge postfix
  • dpkg --purge postfix
(the --purge in the first command should also take care of the config files... but it doesn't. calling dpkg manually cleans all the config files.)

 after that the guide works perfectly if you start from step 4.

From: Anonymous at: 2009-11-07 12:59:47

thank you very much for this, it helped me a lot

From: klapifoch at: 2009-11-04 14:40:45

this is an amazing tuto!!! dude thx!

From: Anonymous at: 2009-11-02 12:12:55

maybe ssl on the 8080 port is to be working

From: at: 2009-10-29 18:27:03

Falko .. aswe said in Bulgaria "you are not sleeping" :)

again good job :) 

From: Gaston Suarez Duek at: 2010-02-06 23:31:10

Thx for all the help, my server is now up and running!!!! And just in a couple of hours (or minutes)!!!

From: Warren Bull at: 2010-02-04 05:57:48

This tutorial is absolutely brilliant!

 Thank you sooo much dude!!!

 just one point. i had trouble testing ftp after it was all setup after 3 hours of messing with pureftpd i found a simple solution to the "ERROR: Sorry incorrect address given"

maybe you want to add it to the steps in the tutorial ?


Thanks again!


From: Big Trucker at: 2010-02-21 12:47:43

Very clear and simple to follow, made the job for me a breeze, thank you!

From: Jack at: 2010-03-04 18:15:50

Used this manual to install postfix and ipconfig. Everything was so well documented so it works from the first try!!!

Great job!!!


From: u4david at: 2010-03-04 05:20:00

How would this work out to have /var nad /tmp on separate partitions?


Concerned about Quotas on /var to function properly with Ispconfig3 and have /tmp mounted with noexec.

Do not think that separate /boot would create any complications.

Could someoen propose the partitioning schema for Ispconfig3 with

200 gb harddrive to be used on.

and possible changes how to make it all work together as mentioned? 


From: Anonymous at: 2010-03-24 19:37:50

Thanks for this step by step tutorial.  It was very easy and straight forward.

 I just have 2 quick questions that maybe you could answer.

 1.)Why use myDNS vs Bind9?

 2.)I can only access ISPConfig via http over port 8080 and not https over port 8080.  how do i reconfigure or setup my server so that it will allow ISPConfig via https over port 8080.

 Thanks alot.

From: Joel at: 2010-03-22 23:45:54

Thanks alot...

but can't send out mail messages using outlook configuration...

this is my error

The following recipient(s) could not be reached:

'' on 3/23/2010 7:36 AM

554 5.7.1 <>: Relay access denied

anybody can help me?

From: at: 2010-05-25 23:33:56

I am having exact issue

From: Atran at: 2010-04-14 20:33:50

do i have to install  python-policyd-spf after following this guide?

From: Anonymous at: 2010-04-26 11:57:18

In the SquirrelMail Login page I get the following error: Unknown user or password incorrect.

I'm using the administrator user (the one created in this tutorial in the Ubuntu server installation).

Do i have to activate something?

 Thank you!

From: elricho at: 2013-02-25 14:57:46

Excelent tutorial thank you so so so much !!!