A Perfect Server Setup with Nginx, ISPConfig, BIND and Dovecot 13


This tutorial shows how to prepare a Debian 9 server (with Nginx, BIND, Dovecot) for the installation of ISPConfig 3.1, and how to install ISPConfig 3.1. ISPConfig 3 is a web hosting control panel that allows you to configure the following services through a web browser: Apache or web that is nginx, Postfix mail host, Courier or Dovecot IMAP/POP3 host, MySQL, BIND or MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and so many more. This setup covers Nginx internet host, BIND as DNS Server, and Dovecot as IMAP / POP3 host.

1 initial Note

In this guide, i take advantage of the hostname server1.example.com with all the ip and also the gateway These settings might vary you have to replace them where appropriate for you, so. Before proceeding further you need to have a installation that is minimal of 9. This could be a debian image that is minimal your hosting provider or you use the Minimal Debian Server tutorial to setup the base system.

2 Install the SSH Server

If you did not install the OpenSSH server during the system installation, you can do it now:

apt-get -y install ssh openssh-server

From now on you can use an SSH client such as PuTTY and connect from your workstation to your Debian 9 server and follow the remaining steps from this tutorial.

3 Install a shell text editor (Optional)

I’ll use nano text editor in this tutorial. Some users prefer the vi that is classic, for that reason i shall install both editors right here. The standard vi system has some behavior that is strange Debian and Ubuntu; to fix this, we install vim-nox:

apt-get -y install nano vim-nox

(You don’t have to do this if you use a different text editor such as joe.)

4 Configure the Hostname

The hostname of your server should be a subdomain like “server1.example.com”. Do not use a domain name without subdomain part like “example.com” as hostname as this will cause problems later with your mail setup. First, the hostname should be checked by you in /etc/hosts and alter it whenever necessary. The line is: “IP Address – space – full hostname incl. domain – space – subdomain part”. Edit /etc/hosts. Ensure it is appear to be this:

nano /etc/hosts       localhost.localdomain   localhost   server1.example.com     server1
 # these lines are desirable for IPv6 capable hosts
 ::1     localhost ip6-localhost ip6-loopback
 ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters

Then edit the /etc/hostname file:

nano /etc/hostname

It shall include just the subdomain component, within our situation:


Finally, reboot the host to use the alteration:


Log in once more and verify that the hostname is proper now with one of these commands:

hostname -f

The production will be similar to this:

[email protected]:/tmp# hostname
[email protected]:/tmp# hostname -f

5 improve your Debian Installation

First make sure your /etc/apt/sources.list offers the stretch/updates repository (this will make certain you constantly obtain the latest updates the ClamAV virus scanner – this task posts releases frequently, and versions that are sometimes old working), and that the contrib and non-free repositories are enabled.

nano /etc/apt/sources.list

deb http://ftp.us.debian.org/debian/ stretch contrib that is main*************************)deb-src http://ftp.us.debian.org/debian/ stretch primary contrib non-free

deb http://security.debian.org/debian-security stretch/updates primary contrib non-free
deb-src http://security.debian.org/debian-security stretch/updates primary contrib non-free

IMPORTANT: include the Debian Backports repository as shown above.


apt-get update

to upgrade the package that is apt and

apt-get upgrade

to install the latest updates (if there are any).

6 Change the Default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

dpkg-reconfigure dash

Use dash as the default system shell (/bin/sh)? <– No

If you don’t do this, the ISPConfig installation will fail.

7 Synchronize the System Clock

It is a idea that is good synchronize the machine clock with an NTP (network time protocol) host online. Merely run

apt-get install ntp

and the body time is always in sync.

8 Install Postfix, Dovecot, MySQL, rkhunter and binutils

We can install Postfix, Dovecot, MySQL, rkhunter, and Binutils with a command that is single**********)

apt-get install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo

You will be asked the following questions:

General type of mail configuration: <– Internet Site
System mail name: <– server1.example.com

To secure the MariaDB / MySQL installation and to disable the test database, run this command:


We don’t have to change the MySQL root password as we just set a new one during installation. Answer the relevant concerns the following:

Change the main password? [Y/n] <– y
New password: <– Enter a fresh MySQL root password
Re-enter brand new password: <– Repeat the MySQL root password
Remove anonymous users? [Y/n] <– y
Disallow root login from another location? [Y/n] <– y
Remove test database and use of it? [Y/n] <– y
Reload privilege tables now? [Y/n] <– y

Next, start the TLS/SSL and distribution ports in Postfix:

nano /etc/postfix/master.cf

Uncomment the submission and smtps parts the following (leave -o milter_macro_daemon_name=ORIGINATING it):

 submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING

Restart Postfix afterwards:

service postfix restart

We want MariaDB to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/mariadb.conf.d/50-server.cnf and comment out the line bind-address =  and add the line sql-mode=”NO_ENGINE_SUBSTITUTION”:

nano /etc/mysql/mariadb.conf.d/50-server.cnf( as we don’t need**********)

# Instead of skip-networking the default is now to listen only on
 # localhost which is more compatible and is not less &# that is secure****************************************************************************); #bind-address           =



Set the password verification technique in MariaDB to native so we are able to utilize PHPMyAdmin later on to get in touch as root user**********) that is:(*****************)echo “update mysql.user set plugin = ‘mysql_native_password’ where user=’root’;” | mysql -u root

Edit the file /etc/mysql/debian.cnf and set the MYSQL / MariaDB root password there twice in the rows that start with password.

nano /etc/mysql/debian.cnf

The MySQL root password that needs to be added is shown in red, in this example, the password is “howtoforge”.

# Automatically generated for Debian scripts. DO NOT TOUCH!
host = localhost
user = root
password = howtoforge
socket = /var/run/mysqld/mysqld.sock
host =*************************)user that is localhost( root
password = howtoforge
socket = /var/run/mysqld/mysqld.sock
basedir = /usr

To avoid the mistake ‘Error in accept: a lot of available files‘ we’ll set greater file that is open for MariaDB now.

Open the file /etc/security/limits.conf with an editor:

nano /etc/security/limits.conf

and add these lines at the end of the file.

mysql soft nofile 65535
mysql hard nofile 65535

Next, create a directory /etc/systemd/system/mysql.service that is new.d/ with all the mkdir demand.

mkdir -p /etc/systemd/system/mysql.service.d/

and include a file that is new:

nano /etc/systemd/system/mysql.service.d/limits.conf

paste the lines that are following that file:


Save the file and shut the nano editor.

Then we reload systemd and restart MariaDB:

systemctl daemon-reload
service mysql restart

Now make sure that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

[email protected]:~# netstat -tap | grep mysql
tcp6       0      0 [::]:mysql              [::]:*                  LISTEN      4027/mysqld
[email protected]:~#

9 Install Amavisd-new, SpamAssassin, and ClamAV

To install amavisd-new, SpamAssassin, and ClamAV, we run:

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl libdbd-mysql-perl postgrey

The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin to free some RAM:


service spamassassin stop
systemctl disable spamassassin

9.1 Install Metronome XMPP Server (optional)

This step installs the Metronome XMPP Server which provides a chat server that is compatible with the XMPP protocol. This step is optional, then you can skip this step if you do not need a chat server. No other ISPConfig functions be determined by this pc software.

Add the Prosody package repository in Debian.

echo “deb http://packages.prosody.im/debian stretch main” > /etc/apt/sources.list.d/metronome.list
wget http://prosody.im/files/prosody-debian-packages.key -O – | sudo apt-key add –

Update the package list:

apt-get update

Install the programs which are needed for the create procedure

apt-get install build-essential

and install the packages with apt.

apt-get install git liblua5.1-0-dev that is lua5.1 lua-filesystem libid libssl-dev that is n11-dev lua-expat lua-event lua-bitop lua-socket lua-sec luarocks luarocks

luarocks install lpc

Add a shell individual for Metronome.

adduser –no-create-home –disabled-login –gecos ‘Metronome’ metronome

Download Metronome toward /opt directory and compile it.

cd /opt; git clone https://github.com/maranda/metronome.git metronome
cd ./metronome; ./configure –ostype=debian –prefix=/usr
make install

Metronome has be set up to /opt/metronome.

Just how to Automate Elixir-Phoenix Deployment with Distillery and edeliver on Ubuntu 16.04

Previous article

Just how to enhance Database Searches with Full-Text Research in MySQL 5.6 on Ubuntu 16.04

Next article

You may also like


Leave a Reply

More in Apache