There is a new version of this tutorial available for Ubuntu 17.04 (Zesty Zapus).

The Perfect Server - Ubuntu 9.10 [ISPConfig 3] - Page 4

12 Install Postfix, Courier, Saslauthd, MySQL, rkhunter, binutils

We can install Postfix, Courier, Saslauthd, MySQL, rkhunter, and binutils with a single command:

aptitude install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl getmail4 rkhunter binutils

You will be asked the following questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <--
SSL certificate required <-- Ok

Next we install maildrop as follows:

update-alternatives --remove-all maildir.5
update-alternatives --remove-all maildirquota.7

aptitude install maildrop

You will ask yourself why we didn't install maildrop together with all the other packages. The reason for this is a bug in the courier-base package - if you install maildrop together with courier-pop, courier-pop-ssl, courier-imap, and courier-imap-ssl, you will get the following error:

update-alternatives: error: alternative link /usr/share/man/man5/maildir.5.gz is already managed by maildir.5.gz.

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =

vi /etc/mysql/my.cnf

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           =

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      6267/mysqld

During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname ( in this tutorial), delete the certificates...

cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem

... and modify the following two files; replace CN=localhost with (you can also modify the other values, if necessary):

vi /etc/courier/imapd.cnf


vi /etc/courier/pop3d.cnf


Then recreate the certificates...


... and restart Courier-IMAP-SSL and Courier-POP3-SSL:

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart


13 Install Amavisd-new, SpamAssassin, And Clamav

To install amavisd-new, SpamAssassin, and ClamAV, we run

aptitude install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl


14 Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt

Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt can be installed as follows:

aptitude install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp

You will see the following question:

Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No

Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and include:

a2enmod suexec rewrite ssl actions include

Restart Apache afterwards:

/etc/init.d/apache2 restart


15 Install PureFTPd And Quota

PureFTPd and quota can be installed with the following command:

aptitude install pure-ftpd-common pure-ftpd-mysql quota quotatool

Edit the file /etc/default/pure-ftpd-common...

vi /etc/default/pure-ftpd-common

... and make sure that the start mode is set to standalone and set VIRTUALCHROOT=true:


Then restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

Edit /etc/fstab. Mine looks like this (I added ,usrjquota=aquota.user,,jqfmt=vfsv0 to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/mapper/server1-root /               ext4    errors=remount-ro,usrjquota=aquota.user,,jqfmt=vfsv0 0       1
# /boot was on /dev/sda5 during installation
UUID=9ea34148-31b7-4d5c-baee-c2e2022562ea /boot           ext2    defaults        0       2
/dev/mapper/server1-swap_1 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

To enable quota, run these commands:

touch /aquota.user /
chmod 600 /aquota.*
mount -o remount /

quotacheck -avugm
quotaon -avug


16 Install MyDNS

Before we install MyDNS, we need to install a few prerequisites:

aptitude install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev

MyDNS is not available in the Ubuntu 9.10 repositories, therefore we have to build it ourselves as follows:

cd /tmp
tar xvfz mydns-
cd mydns-1.2.8
make install

Next we create the start/stop script for MyDNS:

vi /etc/init.d/mydns

#! /bin/sh
# mydns         Start the MyDNS server
# Author:       Philipp Kern <>.
#               Based upon skeleton 1.9.4 by Miquel van Smoorenburg
#               <> and Ian Murdock <>.

set -e

DESC="DNS server"


# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0

case "$1" in
        echo -n "Starting $DESC: $NAME"
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        echo -n "Stopping $DESC: $NAME"
        start-stop-daemon --stop --oknodo --quiet \
                --exec $DAEMON
        echo "."
        echo -n "Reloading $DESC configuration..."
        start-stop-daemon --stop --signal HUP --quiet \
                --exec $DAEMON
        echo "done."
        echo -n "Restarting $DESC: $NAME"
        start-stop-daemon --stop --quiet --oknodo \
                --exec $DAEMON
        sleep 1
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
        exit 1

exit 0

Then we make the script executable and create the system startup links for it:

chmod +x /etc/init.d/mydns
update-rc.d mydns defaults


17 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

aptitude install vlogger webalizer


18 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

aptitude install build-essential autoconf automake1.9 libtool flex bison

cd /tmp
tar xvfz jailkit-2.10.tar.gz
cd jailkit-2.10
make install
cd ..
rm -rf jailkit-2.10*


19 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the fail2ban log:

aptitude install fail2ban

Share this page:

Suggested articles

4 Comment(s)

Add comment


From: Harald


I actually dont know your problem, cause I even dont come to this point. You install - as I did - on Ubuntu 9.10 and I am wondering why you didnt have the following problem as I described with my own posting here:

i have

I tried 32 and 64 bit versions - but in both I have "xxxx.dpkg-new"!

What am I doing wrong?

Please help me!

Harald from Austria

From: Harald

Hi! I have problems with imap/pop-ssl. By doing this:
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart
i acutally cannot do this. my system is ubuntu 9.10 server (both 32bit and 64bit) and instead von

i have

What am I doing wrong?
Please respond to my email as well!

THANX in advance


hello, i instaled ispconfig 3 on ubuntu 9.10, and all my sites are working ok...but when i tried to make didn't work and i tryed every combination, but it doesn't work..

can you make a little tutorial with picture to show me an example to understand were i'm rong (show me pls what i must write in dns, web etc)


thanqs a lot.have a good day!bye.

From: walter

no matter, but maybe we can add on step #16 the bellow:

rm -rf mydns-1.2.8*

thanks a lot for this tutorial.