There is a new version of this tutorial available for Ubuntu 17.04 (Zesty Zapus).

The Perfect Server - Ubuntu 15.04 (Vivid Vervet) with Apache, PHP, MySQL, PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3

This tutorial shows the installation of an Ubuntu 15.04 (Vivid Vervet) web hosting server server with Apache2, Postfix, Dovecot, Bind and PureFTPD to prepare it for the installation of ISPConfig 3. The resulting system will provide a Web, Mail, Mailinglist, DNS and FTP Server.

ISPConfig 3 is a webhosting control panel that allows you to configure the following services through a web browser: Apache or nginx web server, Postfix mail server, Courier or Dovecot IMAP/POP3 server, MySQL, BIND or MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and many more. This setup covers the installation of Apache (instead of nginx), BIND (instead of MyDNS), and Dovecot (instead of Courier).

1. Preliminary Note

In this tutorial I use the hostname with the IP address and the gateway . These settings might differ for you, so you have to replace them where appropriate.  Before proceeding further you need to have a basic minimal installation of Ubuntu 15.04 as explained in tutorial.

2. Edit /etc/apt/sources.list And Update Your Linux Installation

Edit /etc/apt/sources.list. Comment out or remove the installation CD from the file and make sure that the universe and multiverse repositories are enabled. It should look like this afterwards:

nano /etc/apt/sources.list


# deb cdrom:[Ubuntu-Server 15.04 _Vivid Vervet_ - Release amd64 (20150422)]/ vivid main restricted

#deb cdrom:[Ubuntu-Server 15.04 _Vivid Vervet_ - Release amd64 (20150422)]/ vivid main restricted

# See for how to upgrade to
# newer versions of the distribution.
deb vivid main restricted
deb-src vivid main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb vivid-updates main restricted
deb-src vivid-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb vivid universe
deb-src vivid universe
deb vivid-updates universe
deb-src vivid-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb vivid multiverse
deb-src vivid multiverse
deb vivid-updates multiverse
deb-src vivid-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb vivid-backports main restricted universe multiverse
deb-src vivid-backports main restricted universe multiverse

deb vivid-security main restricted
deb-src vivid-security main restricted
deb vivid-security universe
deb-src vivid-security universe
deb vivid-security multiverse
deb-src vivid-security multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb vivid partner
# deb-src vivid partner

Then run

apt-get update

to update the apt package database and

apt-get upgrade

to install the latest updates (if there are any). If you see that a new kernel gets installed as part of the updates, you should reboot the system afterwards:



3. Change The Default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

dpkg-reconfigure dash

Use dash as the default system shell (/bin/sh)? <-- No

If you don't do this, the ISPConfig installation will fail.


4. Disable AppArmor

AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

We can disable it like this:

service apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils


5. Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet when you run a physical server. In case you run a virtual server then you should skip this step. Just run

apt-get install ntp ntpdate

and your system time will always be in sync.


6. Install Postfix, Dovecot, MariaDB, phpMyAdmin, rkhunter, binutils

For installing postfix we need to ensure that sendmail is not installed and running. To stop and remove sendmail run this command:

service sendmail stop; update-rc.d -f sendmail remove

The error message:

Failed to stop sendmail.service: Unit sendmail.service not loaded.

Is ok, it just means that sendmail was not installed, so there was nothing to be removed.

Now we can install Postfix, Dovecot, MariaDB (as MySQL replacement), rkhunter, and binutils with a single command:

apt-get install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo

You will be asked the following questions:

Create a self-signed SSL certificate? <-- yes
Host name: <--
General type of mail configuration: <-- Internet Site
System mail name: <--

Next open the TLS/SSL and submission ports in Postfix:

nano /etc/postfix/

Uncomment the submission and smtps sections as follows - add the line -o smtpd_client_restrictions=permit_sasl_authenticated,reject to both sections and leave everything thereafter commented:

submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

Restart Postfix afterwards:

service postfix restart

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =

nano /etc/mysql/mariadb.conf.d/mysqld.cnf

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           =

Now we set a root password in MariaDB. Run:


You will be asked these questions:

Enter current password for root (enter for none): <-- press enter
Set root password? [Y/n] <-- y
New password: <-- Enter the new MariaDB root password here
Re-enter new password: <-- Repeat the password
Remove anonymous users? [Y/n] <-- y
Disallow root login remotely? [Y/n] <-- y
Reload privilege tables now? [Y/n] <-- y

Then we restart MariaDB:

service mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      24603/mysqld    

7. Install Amavisd-new, SpamAssassin, And Clamav

To install amavisd-new, SpamAssassin, and ClamAV, we run

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin to free up some RAM:

service spamassassin stop
update-rc.d -f spamassassin remove

Edit the clamd configuration file:

nano /etc/clamav/clamd.conf

and change the line:

AllowSupplementaryGroups false


AllowSupplementaryGroups true 

And save the file. To start clamav use

service clamav-daemon start


Share this page:

Suggested articles

47 Comment(s)

Add comment


From: Major7

you wrote several times "MariaDB" but you mean "MySQL"

From: till

This tutorial installs MariaDB and not MySQL. The systemd unit of the MariaDB Software is named mysql for compatibility reasons but its still MariaDB that gest restarted and not MySQL.

From: Major7

The Link to additional PHP-Versions is wrong (has the "file" protocol) - as in the previous Tutorials

From: till

Thanks, I fixed that.

From: JohnP

MariaDB should be preferred over mysql these days. The title is wrong even if the steps are for mariadb.

No FTP should even be discussed. FTP should have died out (or been killed off) in 1995.  sFTP, which is built-into openssh-server, should be used.  Since 2000, nobody should run plain FTP. That isn't just my opinion - it is the opinion of security experts worldwide.

From: till

You are partially right about the title, the problem is that not everyone knows that mariadb is a full mysql replacement and poeple are still seeking for a guide with MySQL and not MariaDB due to that fact. This tutorials installs FTP with TLS (FTPS), so the connection is secured. FTPS has some advantages on hosting servers (shared hosting envirments) over sFTP as the FTP dameon supports virtual users while you need a real system user (SSH user) for sFTP.

From: Sgt. Rock

Adding a comment that ClamAV updates may take some time may be helpful for new users... It can take upwards of 5min just for the "daily.cvd" file to download.

From: jon

How to activate Roundcube plugins (auto responder, password change)?

From: Major7

Are you sure the linked Tutorial (Ubuntu 12.10) for installing Multiple PHP-Versions works on Ubuntu 15? Tested it (with PHP 5.3.29) with no luck.

With --with-imap it breaks:

[...]checking whether build with IMAP works... noconfigure: error: build test failed. Please check the config.log for details.[...]

Without --with-imap

[...]/lib/x86_64-linux-gnu/ error adding symbols: DSO missing from command linecollect2: error: ld returned 1 exit statusMakefile:274: recipe for target 'sapi/fpm/php-fpm' failedmake: *** [sapi/fpm/php-fpm] Error 1[...]

From: Alex Hulshof

netstat -tap | grep mysql gives:

tcp6     0    0    [::]:mysql   [::]:*     LISTEN     11629/mysqld

is this correct since the manual shows:

tcp        0      0 *:mysql                 *:*                     LISTEN      24603/mysqld


From: till

Yes, thats corrcet. Your server uses ipv4 and ipv6 while the one in the tutorial has ipv4 only.

From: Vincent Simpson


when adding aliases and running newaliases (Step 9 Install Mailman) I get the following message :

newaliases: fatal: open /etc/postfix/ No such file or directory

And indeed there is but no

Also, doing a service postfix restart (or /etc/init.d/postfix restart), I get no messages (saying ok or otherwise...) is this normal ?

Postfix is installed since I do have /etc/postfix/files_present_in_here 

Is this normal ?

Where am I going wrong ?

Is Mailman essential ?



From: vincent Simpson

Following up on the postfix problem. 

I never got the prompt for "internet site'" upon postfix installation. Maybe a bug in the package ? 

Anyhow, I did a "dpkg-reconfigure postfix"

and followed the install instructions on page1 & everything went correctly from there.

hope this helps out someone else who encounters this problem.

Best regards

From: byman64

I had the same issue, I tried dpkg-reconfigure postfix with no luck. I posted what happen in my case, I am waiting for publishing and help...hope soon.

From: ninjanero

I've problems with dns server, I need help! I create a site from ispconfig but its not reachable.

From: till

The ispconfig community support is available in our forum:

From: radim_h


after installation according this tutorial, there is problem with quotas, when system starting there is message"Failed to start Check and Enable File System Quotas. See 'systemctl status quota.service' for details." as on picture

When you do it , you get message: quota.service - Check And Enable File System Quotas   Loaded: loaded (/lib/systemd/system/quota.service; enabled)   Active: failed (Result: exit-code) since Mon 2015-06-01 10:01:30 CEST; 8min ago     Docs: man:quotaon(8)  Process: 216 ExecStart=/usr/share/quota/ (code=exited, status=1/FAILURE) Main PID: 216 (code=exited, status=1/FAILURE)Jun 01 10:01:30 109-123-216-005[216]: Checking quotas...Jun 01 10:01:30 109-123-216-005 systemd[1]: quota.service: main process exited, code=exited, status=1/FAILUREJun 01 10:01:30 109-123-216-005 systemd[1]: Failed to start Check And Enable File System Quotas.Jun 01 10:01:30 109-123-216-005 systemd[1]: Unit quota.service entered failed state.

repquota -a seems like quotas are working, but when you turn qoutas off "quotaoff -a" repquota -a answer is same, so this probably means nothing

repquota -a*** Report for user quotas on device /dev/vda3Block grace time: 7days; Inode grace time: 7days                        Block limits                File limitsUser            used    soft    hard  grace    used  soft  hard  grace----------------------------------------------------------------------root      -- 1886260       0       0          70925     0     0daemon    --      68       0       0              4     0     0man       --    1884       0       0            147     0     0www-data  --      44       0       0             32     0     0list      --      80       0       0             26     0     0statd     --      12       0       0              3     0     0client    --      32       0       0              6     0     0postfix   --     100       0       0             55     0     0ntp       --      12       0       0              3     0     0mysql     --  117524       0       0            679     0     0clamav    --  151520       0       0             12     0     0debian-spamd --    1592       0       0             25     0     0amavis    --     280       0       0             14     0     0bind      --       8       0       0              2     0     0vmail     --      20       0       0              5     0     0getmail   --      12       0       0              3     0     0ispapps   --      12       0       0              3     0     0ispconfig --   27328       0       0           5604     0     0web1      --      84 2097152 2098176             20     0     0



From: John

I seem to be having pretty much the exact same issue.

From: enzo24

If your running an ubuntu server 15 setup following this tuto, than you'll probably have the same problem I did

I couldn't get anything over 100k to upload :(

Although I got settings right /etc/php5/cgi/php.ini and my joomla site was saying max upload 2000M (yeah i did overkill) I still couldn't get anything to go over 100k

So, I followed th instuctions that I found in a post and edited the /etc/apache2/mods-enabled/fcgid.conf to make it look like this :

<IfModule mod_fcgid.c> FcgidConnectTimeout 200 FcgidMaxRequestLen 1073741824 ....

Then, as root you do :

services apache2 restart service php5-fpm restart

to get all those configs swallowed up and miracles occur... Apparently, fcgi limits to 100k upload if not stated otherwise... and this seems to impact only on ubuntu 15, because I don't think I have this problem on my ubuntu server 14.10...

Hope this helps out folks... i searched 3 days to find the soluce...


From: Tha Juggalo Steve

can somone show me how to enable root login with gui i cant drop my files into the www folder to install my website

From: Mick Walker

Well done.  Another great set of instructions.

Just one remaining problem (after failing to login to phpmyadmin - fixed it).

An existing website that worked fine under 12.04 now fails in 15.04.  I suspect it is an apache config problem.

Bare php works fine.  Embedded php fails to load.  The html code ends at the last character before the %lt;?php opening tag.

Any thoughts?

From: Sajeev

Hi, When i try to install amavisd-new i get the following error:

Creating/updating amavis user account...

Job for amavis.service failed. See "systemctl status amavis.service" and "journalctl -xe" for details.

invoke-rc.d: initscript amavis, action "start" failed.

WARNING: Starting amavisd-new failed. Please check your configuration.

systemctl status amavis.service outputs the following:

? amavis.service - LSB: Starts amavisd-new mailfilter

   Loaded: loaded (/etc/init.d/amavis)

   Active: failed (Result: exit-code) since Fri 2015-07-17 17:06:35 GST; 13s ago

     Docs: man:systemd-sysv-generator(8)

  Process: 10448 ExecStart=/etc/init.d/amavis start (code=exited, status=1/FAILURE)


Jul 17 17:06:35 ramadahserver amavis[10448]: Starting amavisd:   The value of variable $myhostname is "ramadahserver", but should have been

Jul 17 17:06:35 ramadahserver amavis[10448]: a fully qualified domain name; perhaps uname(3) did not provide such.

Jul 17 17:06:35 ramadahserver amavis[10448]: You must explicitly assign a FQDN of this host to variable $myhostname

Jul 17 17:06:35 ramadahserver amavis[10448]: in /etc/amavis/conf.d/05-node_id, or fix what uname(3) provides as a host's

Jul 17 17:06:35 ramadahserver amavis[10448]: network name!

Jul 17 17:06:35 ramadahserver amavis[10448]: (failed).

Jul 17 17:06:35 ramadahserver systemd[1]: amavis.service: control process exited, code=exited status=1

Jul 17 17:06:35 ramadahserver systemd[1]: Failed to start LSB: Starts amavisd-new mailfilter.

Jul 17 17:06:35 ramadahserver systemd[1]: Unit amavis.service entered failed state.

Jul 17 17:06:35 ramadahserver systemd[1]: amavis.service failed.

Please advice on how to solve this error.

From: pjrfigueiredo

btw, we need to install python...

From: Luke Pring

I can access the ISPConfig from, doesn't do anything. firefox isn't even giving me an error page.


Also how do I access the ftp and /var/www/ domain from the network and machines that are not on my network?


Thanks, Luke.

From: David

Thank you! I just followed the entire tutorial, it worked 100%! You are awesome!

From: Zack

Something isn't quite right, I''ve wiped my vps twice and followed these instructions exactly. The "MariaDB" messes up my sql so bad that I cannot make anything work with postfix.

"Unable to connect to the specified MySQL server Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'"

What is going on here?

From: till

I installed a server by doing a copy & paste of the commands from this tutorial this morning and it worked out of the box. Maybe your vps does not has enough RAM. The VPS shall have at least 1GB RAM for this setup.

From: aldo

Please consider to add the following lines (taken from the similar NGIX instructions) just after setting the mysql root password:


Reload privilege tables now? [Y/n] <-- y

Then run this command to disable the auth plugin:

echo "update user set plugin='' where User='root';flush privileges;" | mysql --defaults-file=/etc/mysql/debian.cnf mysql

To allow password based authentication from PHPMyAdmin.

Then we restart MariaDB:


From: Raphael

Hi i didnt get.

root@server1:/etc/mysql/mariadb.conf.d# quotaon -avug/dev/mapper/server1--vg-root [/]: group quotas turned on/dev/mapper/server1--vg-root [/]: user quotas turned on

what did I miss please.

From: Mrbloomfield

 I struggled getting mail to work for a while, If anyone is having trouble remove the "#" from in /etc/postfix/

#smtps inet n - - - - smtpd #submission inet n - - - - smtpd

From: Mrbloomfield

Amazing guide, thank you for your hard work, keep it up!

For those with phpmyadmin issues that give a 404 error type:

sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf

sudo a2enconf phpmyadmin

sudo /etc/init.d/apache2 reload

From: KRG-23

Hello, I could not logg to phpmyadmin user root account.

I got the error : ERROR 1698 (28000): Access denied for user 'root'@'localhost'


I had to follow these steps :

It works fine for me now.


Just so you know in case you too stumble upon that problem.

From: Nicolas



No install, that doesn't work


From: till

Check your /etc/apt/sources.list and compare it with the one of the tutorial. Ensure that the universe and multiverse repositorys are active, then run: "apt-get update" and try to install the package again.

From: Mihari

Wonderful tutorial, do you have have any plans on updating it for 15.10?

From: till

We publish updated versions of all perfect server tutorials regularly. The Ubuntu 15.10 release will be available in a few days.

From: Christos Betsios

This is such a great tutorial, but I have got a problem. I followed exactly the tutorial, but the user that I cretaed at the mailbox don't receive messages... Their emails are at the sent items, but nothing is deliverd and they get Undelivered Mail... What should I do??

From: till

Please post the issue in the forum.

From: byman64

Hi to all and thank for all tutorials  "perfect server...".

I used this guide and my actual result is :

I cannot receive mail, from /var/log/mail.log I see

// quote

NOQUEUE: reject: RCPT from[]: 454 4.7.1 <>: Relay access denied; from=<> to=<> proto=ESMTP helo=<>

// unquote


Let me esplain what happen during installation and what I have done

1) was missing, I discovered it when I run the "newaliases" command:newaliases: fatal: open /etc/postfix/ No such file or directory

2) postfix is not running, is missing

3) I removed postfix and I reinstalled itafter installation a message asked: if you need mail.cfg ...  - cp /usr/share/postfix/ /etc/postfix/  - service postfix restartI am not able to receive message relay access denied

4) dpkg-reconfigure postfixAnother guy, Vincent posted here for same ussue of mine, missing, fixed using reconfigureI also tried but still getting replay access denied.

I don't know what I can do, I would like not ruine my new installation.

If someone can help me soon I would say thanks in advance

From: till

The postfix gets installed automatically by apt when you install postfix as described in this tutorial. When that's not the case then there is a fundamental issue in your base setup or you got a completely broken base system from your ISP. Please make a support thread in the forum as we can not help you here in the comment section.

From: byman64

Thanks for reply.


When you say "support thread" you mean on ISP Config ?

From: till

No, I mean:

From: Chetra PO

Dear my beloved,

This website is very good for me. Now I would like to ask you want question. When we install service like postfix, dovecot, dns ...... so no.., we need internet or not and need disk of os or not? Please let me know..

Thank you before hand.

Best regards,

Chetra PO

From: Luigi Cassolini

Hi, I have this problem during the setup of amavis:

Job for amavis.service failed because the control process exited with error code. See "systemctl status amavis.service" and "journalctl -xe" for details.invoke-rc.d: initscript amavis, action "start" failed.dpkg: error processing package amavisd-new (--configure): subprocess installed post-installation script returned error exit status 1Errors were encountered while processing: amavisd-new

I don't know to solve this.

Thank you very much


From: Antonino Migliore

Hi, first if all thanks for all good Perfect Server Guides.

I have a server ubuntu 15.04 with last version of ISP Config.

I installed the server 1 year ago using this guide or another.

I would like to know if I can update my ubuntu to 16.04 and if there is a guide to do it.

note: ' Parameter from external Argument

thanks in advance

From: till

There is no special update guide available. You can follow the normal Ubuntu update procedure that you can find in the official Ubuntu documentation. Afterwards, update ispconfig and chose to reconfigure services during ISPConfig update.

From: Migliore antonino

Hi, I installed 2 years ago this perfect server  ubuntu 15.04.

This guide was perfect and great.

It would be useful a guide like: How to upgrade the perfect ISP config ubuntu 15.04 to 17.04

I would like upgrade my box but I am not so expert and I dont want to risk compromise my server.

A guide would be REALLY useful