General

Using ISPConfig for Email-Only Hosting with Billing Add-on (No Web/DNS)

invalid@example.com (zems91) — Fri, 10 Apr 2026 04:16:41 +0000

Hello everyone,

I’m planning to deploy a setup using ISPConfig specifically for email hosting services only, and I would like some guidance from the community.

My goal is to:

Use ISPConfig to manage mailboxes, domains, and email accounts only
Integrate the ISPConfig Billing module to automate customer provisioning (orders → email account creation)
Sell email hosting plans (storage-based or mailbox-based)
Allow users to manage their email (via webmail like Roundcube,...

Using ISPConfig for Email-Only Hosting with Billing Add-on (No Web/DNS)

Newbie Question on wyh i dont get a SSLCert (Yes i read the article)

invalid@example.com (StefanGros) — Tue, 07 Apr 2026 11:21:53 +0000

I am new to Linux so pls dont grill me
I have an Ubuntu 25.4 server wirh ISPConfig (perfect server installation).
I host 30 Websites, and after fixing a lot of DNS-issues i got 28 to work. For two i dont get a Lets Encrypt certificate and i have a BIG issue with three sites in the same domain (2 subdomains). Maindomain is ww.kepos.at and it usually works fine. I have two other Websites lsb.kepos.at and mediation.kepos.at both are seperate websites with webs and different IPs. lsb.kepos.at...

Newbie Question on wyh i dont get a SSLCert (Yes i read the article)

website and database back ups - question

invalid@example.com (smokinjo) — Fri, 03 Apr 2026 21:45:51 +0000

When using the back up options fo remails, websites, if we turn off the back ups and say: no backups

What happens to the existing back ups? Do they disappear, or do they remain?

I'd think that they are not deleted, because th eback up tasks are turned off and not active. I just want confirmthat.

Thanks

Joseph

SSH key leaks into jailed env

invalid@example.com (variable99) — Thu, 02 Apr 2026 07:04:21 +0000

When jailed SSH user created, .ssh folder with 'authorized_keys" is copied. If it contains root system public SSH keys - users able to review them. And if those SSH keys contains something like: root@your_panel.tld - you are effectively doxing your system.
Is there an easy way to prevent this?

EDIT: for the time being utilization of authorized_keys2 for root system seems help and users no longer see root system public keys.

ISPConfig doesn't show php-fpm for single site

invalid@example.com (Alan de Almeida) — Wed, 01 Apr 2026 12:00:05 +0000

Hello guys,
I have a recent installation of ISPConfig and the dashboard happens to not be showing PHP for a single site. Does anyone know why and how to adjust?
Occurrence:

Other website:

Thanks!!

[SOLVED]500 error after latest ISPConfig update

invalid@example.com (Jean-François Questiaux) — Tue, 31 Mar 2026 07:41:43 +0000

Hi,
I have a multi-server set up running that has been running for years.
The master server runs on Debian 11 but after updating from ISP Config 3.3.0 to 3.3.1p1, I have a 500 error when I navigate in the console : the menus on the left column are displayed correctly, but the main window does not change from the one opened upon login and the XHR call (like
https://my-server.domain:8080/mail/mail_domain_list.php) returns a 500 error.
This is the first time I have a problem after...

[SOLVED]500 error after latest ISPConfig update

[WARNING] ImunifyAV false positive on system.inc.php file (from ispconfig)

invalid@example.com (Hannes_at) — Mon, 30 Mar 2026 09:46:02 +0000

If you run imunifyAV than better exclude /usr/local/ispconfig/server/lib/classes/system.inc.php or whole /usr/local/ispconfig
Since around 1 week ImunifyAV detects the file as backdoor (false postitive) and if you clean it (clean all) than you end up in a 0 byte file.

View attachment 9530

Undefined array key in rspamd_plugin.inc.php

invalid@example.com (topogigio) — Fri, 27 Mar 2026 17:18:27 +0000

Hi,
I have found this error in my log:

Undefined array key "priority" in /usr/local/ispconfig/server/plugins-available/rspamd_plugin.inc.php on line 479

What can I do?
In fact I suspect that my rspamd is not receiving whitelist and other spam settings from ISPConfig settings because I cannot whitelist some sender.

ISConfig 3.3.1p1 on deb 12
thanks

FTP - never really worked

invalid@example.com (smokinjo) — Thu, 26 Mar 2026 19:25:53 +0000

Hello

I am using ISPCnfig 3.2.2
From my initial installation, I have had spotty luck getting FTP accounts ot work when set up with ISPConfig.

I've gotten around it since it is mainly my own server/hostinbg.

But, that changed a bit.

I've had it work a few times. But, 4-5 tears ago, a friend of mine, a linux guru kind of guy, or learned ispconfig and maintains it for us.

He is not sure why things are not working.

He mentioned: "It looks like we are trying to login with usernames that...

FTP - never really worked

ISPConfig rspamd Security: DMARC, GeoIP Blocking, Whitelist Bypass & DKIM Whitelist

invalid@example.com (haluk yildirim) — Tue, 24 Mar 2026 14:11:57 +0000

Over the past few weeks I've been hardening rspamd on an ISPConfig 3.3.x server managing 38 mail domains and discovered three separate security gaps — each one independently allowing malicious mail to bypass spam filtering. All three are documented in an existing thread but I'm posting this as a quick reference for anyone running ISPConfig + rspamd.

All fixes tested on: rspamd 3.14.3, ISPConfig 3.3.x, Postfix, Dovecot, Debian 12.

---

Fix 1: Inbound DMARC Enforcement — rspamd ignores...

ISPConfig rspamd Security: DMARC, GeoIP Blocking, Whitelist Bypass & DKIM Whitelist

{RESOLVED} ISPConfig 3.3.1p1 on debian

invalid@example.com (jimdaus) — Tue, 24 Mar 2026 10:39:26 +0000

Hi all,
I have been using ISPConfig for many years now with very little problems, but this one has me scratching my head.

It started when i added a new website to my server (lets call it jet). jet was hosted on another platform and i was paying too much to keep only that site operational on that server, so i moved it to my ispconfig site and no issues with getting it operating on http, but turning HTTPS on, was an issue.
i tried the usual googling and found this "" which...

{RESOLVED} ISPConfig 3.3.1p1 on debian

PHP fcgi isn't shown at drop down - only php-fpm

invalid@example.com (carg) — Sat, 21 Mar 2026 11:35:42 +0000

Hello togehter,

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Ubuntu 24.04.4 LTS
[INFO] ISPConfig is installed.
##### ISPCONFIG #####
ISPConfig version is 3.3.1p1
##### VERSION CHECK #####
[INFO] php (cli) version is 8.3.30
[INFO] php-cgi (used for cgi php in default vhost!) is version 8.3.30

I have a strange problem - the Server is fresh installed with all php Versions from 5.6 -...

PHP fcgi isn't shown at drop down - only php-fpm

How to avoid error 500 when using return 403

invalid@example.com (computerwuffi) — Fri, 20 Mar 2026 13:36:31 +0000

hello, i am using the newest ispconfig-panel with nginx on an debian13 VPS. I want to block countrys with geoip, like
if ($blocked_country) {
return 403;
}
that works fine if custom error sites not enabled. But when enabled i got error 500 instead of 403.
I have fastcgi_intercept_errors on; in nginx.conf and tried various syntax like error_page 403 /error/403.html; in the nginx-options within ispconfig, but nothing will work for me. Does anyone have a tip on how I should proceed ? Thanks

Holding off on ISPC update due to age of Debian

invalid@example.com (schwim) — Thu, 19 Mar 2026 14:45:39 +0000

Hi there, everyone!

I was going to update my ISPC this morning but during the OS update, I realized my Debian install is a bit outdated(I received the following when trying to update:

The repository 'http://ftp.debian.org/debian bullseye-backports Release' no longer has a Release file.

and some searching resulted in the regular suggestion to update Debian. This leads me to my question.

Would it be considered safe generally to do an OS update on an ISPC-configured...

Holding off on ISPC update due to age of Debian

Save OS/ISPconfig-updates with VM-snapshots

invalid@example.com (Uwe R) — Wed, 18 Mar 2026 22:47:10 +0000

I guess I am really not the first one to ask this, but I didn't find a specific thread for my problem.

I have the possibility to make a snapshot of my ISPconfig machine (slave in this case)

I would like to try an update from e.g. Debian 10 to 11 or 12 and then ISPconfig 3.2.x to 3.3.x, but in case I get stuck, I want to go back to the snapshot containing the old, running system.

A problem with this strategy is, that mails and website-database related actions in...

Save OS/ISPconfig-updates with VM-snapshots

SSH Connection to Debian 12 with SSH Key type ed255519 not possible

invalid@example.com (muekno) — Wed, 18 Mar 2026 17:35:43 +0000

at least if they are upgraded from previous versions.
Is there a solution?

Mailquota Update intervall

invalid@example.com (Blubmann1337) — Tue, 17 Mar 2026 23:05:58 +0000

Hi everyone,
could you give me a quick hand here? I've set up an ISPConfig mail server. Now I'm having an issue where the used mail storage is displayed incorrectly in the ISPConfig web UI. In Roundcube, 6 MB is shown as used, but the WebGUI says 1 MB. The .quotausage file in the user's mail directory is correct at 6 MB. According to /usr/local/ispconfig/server/lib/classes/cron.d/100-monitor_email_quota.inc.php, the code says
// job schedule
protected $_schedule = ‘*/15 * * *...

Mailquota Update intervall

does a restore of a website backup restore file permissions

invalid@example.com (muekno) — Tue, 17 Mar 2026 10:00:03 +0000

reason. I added a client to a site (nextcloud) where client field was empty before. mynextcloud can not accessed in case of permissions.

debian trixie support

invalid@example.com (muekno) — Sat, 14 Mar 2026 16:34:49 +0000

in the release note of p1 it is noted support for debian uo to13. Can I understand this that it is save to update my ISPConfig servers to Trixie now.

[Solution] Inbound DMARC Enforcement for rspamd on ISPConfig 3.x — Stop Domain Impersonation Phishin

invalid@example.com (haluk yildirim) — Thu, 12 Mar 2026 08:34:50 +0000

Hi everyone,

I've been running ISPConfig for long time (currently 3.3.0p3 with rspamd and 38 mail domains) and recently got hit by a phishing email impersonating my own domain — despite having SPF, DKIM, and DMARC (p=reject) all properly configured.

This was actually confirmed as a known gap by Jesse Norell (HowtoForge Staff) back in 2022 in this thread:
https://forum.howtoforge.com/threads/how-ispconfig-manage-spf-dmarc-for-incoming-mails.88247/

He noted that rspamd checks...

[Solution] Inbound DMARC Enforcement for rspamd on ISPConfig 3.x — Stop Domain Impersonation Phishin