This is not edited but the commands have been checked for validity and correctness. Obviously, I cant say for definit it will work on your system. It is meant more as a guide line than an instructional step by step process.

Prepare the package manager and update it’s list of available packages and updates:

apt-get update

If like me, you used the cd with the web installer type facility where only a small CD image is used and the installation pulls the remaining files from the

Debian servers, you probably don’t need this step. But, if your using a full CD image that’s over 600 megs or a DVD then this is definitly a crucial step.

apt-get upgrade

This isn’t a complete list of applications you will need. In fact, some, in the case of nano for example won’t be required by you at all. Nano is strangely

my editor of choice when working in the CLI in Linux.

apt-get install mysql-server mysql-client libmysqlclient15-dev phpmyadmin lynx nano icecast2 squirrelmail ssh binutils cpp fetchmail flex gcc libarchive-

zip-perl libc6-dev libcompress-zlib-perl libpcre3 libpopt-dev m4 make ncftp nmap openssl postfix libsasl2-2 sasl2-bin libsasl2-modules libdb4.2-dev procmail

db4.6-util libsasl2-modules postfix sasl2-bin courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin

libgamin0 libglib2.0-0 php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc

php5-xsl libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap proftpd ucf webalizer ntp ntpdate

libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl fail2ban build-essential libtool flex

If you are planning on accessing your server remotely through SSH. you will need to start the service:

/etc/init.d/ssh start

Now, if your like me, and you are using this machine as a server, you will want to set a static IP. Interestingly, the information provided to

/etc/resolv.conf remains even when not using DHCP but obviously, if you didn’t have DHCP to begin with, this is something you would need to edit also. Note

too that you supplied the hostname and the domain search suffix during installation so you don’t really need to edit /etc/hosts

nano /etc/network/interfaces

remove the last line for the eth0 interface. This usually refers to dynamic addressing. Paste the following lines replacing the addresses with the scheme you


auto eth0
iface eth0 inet static

Above, we installed postfix. Now lets configure it. Follow the wizzard that appears:

dpkg-reconfigure postfix

postconf -e ‘smtpd_sasl_local_domain =’
postconf -e ‘smtpd_sasl_auth_enable = yes’
postconf -e ‘smtpd_sasl_security_options = noanonymous’
postconf -e ‘broken_sasl_auth_clients = yes’
postconf -e ‘smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’
postconf -e ‘inet_interfaces = all’

Now, create the certificates for TLS.

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

postconf -e ‘smtp_use_tls = yes’
postconf -e ‘smtpd_use_tls = yes’
postconf -e ‘smtp_tls_note_starttls_offer = yes’
postconf -e ‘smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key’
postconf -e ‘smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt’
postconf -e ‘smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem’
postconf -e ‘smtpd_tls_loglevel = 1’
postconf -e ‘smtpd_tls_received_header = yes’
postconf -e ‘smtpd_tls_session_cache_timeout = 3600s’
postconf -e ‘tls_random_source = dev:/dev/urandom’
postconf -e ‘myhostname =’
Restart postfix

/etc/init.d/postfix restart

mkdir -p /var/spool/postfix/var/run/saslauthd

Activate or enable SASL Auth by doing the following:

nano /etc/default/saslauthd

In this file, change start to yes and replace the line beginning with options with the following. For me, the options line was at the end of the file.

OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -r”

Now start the service.

/etc/init.d/saslauthd start

Now edit /etc/apache2/mods-available/dir.conf

nano /etc/apache2/mods-available/dir.conf

Replace the directory index line with the following:

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.xhtml

Edit /etc/apache2/ports.conf and add Listen 443:

nano /etc/apache2/ports.conf

add Listen 443 right below the line for Listen 80.
Now, enabled the required Apache2 modules:

a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include

Reload the Apache2 configuration:

/etc/init.d/apache2 force-reload

nano /etc/mime.types

Comment out the following lines by placing the # sign at the start.

#application/x-httpd-php phtml pht php
#application/x-httpd-php-source phps
#application/x-httpd-php3 php3
#application/x-httpd-php3-preprocessed php3p
#application/x-httpd-php4 php4

there’s more editing to do.


nano /etc/apache2/mods-enabled/php5.conf

Comment out the two lines as shown below:

# AddType application/x-httpd-php .php .phtml .php3
# AddType application/x-httpd-php-source .phps

Now restart Apache.

/etc/init.d/apache2 restart

Turn off IPV6 in proftp or you’ll get errors:

nano /etc/proftpd/proftpd.conf

UseIPv6 off

ISP expects the config to be somewhere else for proftp so run the following command to create a link to it:

ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf

Now start the FTP server:

/etc/init.d/proftpd restart

Run the following commands if you will have the need to run services in a chroot environment.

cd /tmp
tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
make install
cd ..
rm -rf jailkit-2.5*

Not sure if I’ve covered these already. These packages handle antivirus and antispam.

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-

perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

Now for the final part of the installation, download and install ISPConfig:

cd /tmp
cd ispconfig3_install/install/
php -q install.php

Answer the questions provided.

Note, if you have problems with port 443 and 8080, remove the listen line that I wrote about earlier in the ports file for apache2.