Setting up a Postfix Mail Server with Dovecot

Postfix is a very popular mail server that can be setup on Linux relatively easily and it is extremely configurable and easy to maintain. Paired with Dovecot for POP/IMAP functionality, you can have a basic mail server setup within minutes. In this guide we will show you how to setup your very own mail server running on an Ubuntu 16.04 instance.

Postfix Prerequisites

In order to properly configure Postfix, you will need to have a fully qualified domain name (FQDN) pointing towards your instance. You will also need to make sure you have an MX record pointing to your mail server if you wish to accept incoming email.

Please note that if you are following this guide on an instance running on Civo, mail server ports are closed by default. Please contact us with your use case to begin the process of opening these ports.

Check out how to setup your DNS records on Civo.com

The steps we are going to be going through in this guide are:

• Install & configure Postfix
• Create a self signed SSL certificate
• Set up SMTP Auth
• Map mail addresses to linux accounts
• Enable Postfix through firewalls
• Install SASL
• Test Postfix with Telnet
• Install Dovecot

Installing and configuring Postfix

Postfix is actually included in Ubuntu's default repo's, which makes the installation very easy and straightforward which is what we like!

First we just need to update the apt package cache on your instance and install the software. We will be using the DEBIAN_PRIORITY=low variable on our installation as it allows us to answer some additional prompts and makes the setup process easier:

sudo apt-get update
sudo DEBIAN_PRIORITY=low apt-get install postfix

You will be prompted with some questions that need to be filled our correctly for your setup. We recommend using the following:

• General type of mail configuration?: For this choose Internet Site
• System mail name: This needs to be the domain / hostname of your mail server. In this example we will be using mailserver.example.com
• Root and postmaster mail recipient: This is the Linux account that gets forwarded mail addressed to root@ and postmaster@. We recommend using your primary account for this. We will be using civo
• Other destinations to accept mail for: This defines the mail destinations that Postfix will accept. We recommend leaving this as the default settings to keep things simple.
• Force synchronous updates on mail queue?: Keep this setting as No
• Local Networks: We recommend leaving this as the default setting as this setting decides what networks your mailserver is configured to relay messages for. If you choose to modify this please be very restrictive or you will end up being used for a spam bot.
• Mailbox size limit: This is used to limit the size of messages. Setting it to 0 disables any size restriction.
• Local address extension character: This is the character the is used to separate the regular portion of the address from the extension. We recommend keeping this as the default of +
• Internet protocols to use: To keep things simple here, we recommend selecting all As this decides the IP version that Postfix will support.

Install and configure a self signed SSL certificate

Now we have Postfix installed, it is recommended that you use an SSL cert. We are going to create a self signed cert for this guide, however if you already have your own certificate, you can also use that. First we need to generate a crt file and key file:

sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout mailserver.key -out mailserver.crt -nodes -days 365

sudo openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 365

The above will prompt for some questions that you can either fill out or leave blank. This will create the following files mailserver.key mailserver.crt cakey.pem cacert.pem

Once completed we need to create a folder to put the SSL certificates that Postfix will use.

sudo mkdir /etc/postfix/ssl

Now we have created the folder, we need to move the certificate files to that folder:

sudo mv mailserver.* /etc/postfix/ssl/
sudo mv cacert.pem /etc/postfix/ssl/
sudo mv cakey.pem /etc/postfix/ssl/

Setup SMTP Auth

The next step is to setup SMTP Auth. SMTP Auth is a basic method of securing your mail server and we strongly recommend that you use it when setting up any mail server. We need to give Postfix some parameters to use SMTP Auth, luckily there is a tool built into Postfix we can use to do this called postconf. The parameters we need to enter are:

sudo postconf -e 'smtpd_sasl_local_domain = mailserver.example.com'
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'
sudo postconf -e 'home_mailbox= Maildir/'
sudo postconf -e 'virtual_alias_maps= hash:/etc/postfix/virtual'

Map mail addresses to linux accounts

We now need to setup the virtual maps file. Open the /etc/postfix/virtual vile in your favorite editor, for example:

sudo vim /etc/postfix/virtual

The virtual alias map table uses a very simple format. On the left, you can list any addresses that you wish to accept email for, each on a separate line. Then to the right of that you can enter the Linux user you would like to get that mail delivered to. Note There needs to be a space between the email address and recipient of the email.

For example, if you would like to accept email at test@mailserver.example.com and admin@mailserver.example.com and would like to have those emails delivered to the civo Linux user, you could set up your file like this:

test@mailserver.example.com civo
admin@mailserver.example.com civo

Once you have mapped all of the addresses to your appropriate accounts, save and exit the file. We can then apply the mapping by doing the following:

sudo postmap /etc/postfix/virtual

Enable Postfix through firewalls

If you are running UFW, you will need to allow ports to be opened so mail can be sent and received without issue. To do this simply run the following:

sudo ufw allow Postfix

If you are using Civo firewall you will need to open ports:

• SMTP: 25
• POP3: 110
• IMAP: 143
• SMTP Secure: 465
• MSA: 587
• IMAP Secure: 993
• POP3 Secure: 995

Checkout how to configure firewalls through Civo.com

Install and configure SASL

What is SASL?

SASL stands for Simple Authentication and Security Layer it is an Internet Standard method for adding authentication support to connection-based protocols.

SASL Prerequisites

Before we install SASL, we need to create a file for Postfix and add some options into it. Using your favorite editor create the /etc/postfix/sasl/smtpd.conffile, for example:

sudo vim /etc/postfix/sasl/smtpd.conf

Add the following to the file and save it:

pwcheckmethod: saslauthd
mechlist: plain login

Installing the SASL packages

Now that is done, we need to install the SASL package and the dependencies it requires. To install the packages do the following:

sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules

Configuring SASL

Once the packages are installed we need to edit the saslauthd file to change and add some configuration. To do this edit the /etc/default/saslauthd file in your favorite editor, for example:

sudo vim /etc/default/saslauthd

Find the following line (which should be close to the top of the file):

# Should saslauthd run automatically on startup? (default: no)
START=no

And change START=no to START=yes

Once done, add the following lines directly below the line we have just changed:

PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"

We now need to scroll to the bottom of the file and look for the line that says:

OPTIONS="-c -m /var/run/saslauthd"

We need to change that to read the following:

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Once done save and exit the file.

We now need to run a command to update the dpkg state, to do this run the following:

sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

You may get an error that says dpkg-statoverride: warning: --update given but /var/spool/postfix/var/run/saslauthd does not exist - this is fine to ignore as the directory will be created when you start the SASL daemon.

We now need to create a symlink for the configuration file:

sudo ln -s /etc/default/saslauthd /etc/saslauthd

Finally we need to start the SASL daemon and restart Postfix itself:

sudo /etc/init.d/saslauthd start
sudo /etc/init.d/postfix restart

Testing Postfix with Telnet

We now have Postfix and SASL configured and we can test that email is working with telnet. First we need to telnet to the server locally:

telnet localhost 25

The server will respond with the following:

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailserver.example.com ESMTP Postfix (Ubuntu)

This tells us Postfix is up and running and we can now greet the server:

ehlo mailserver
250-mailserver.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

We can now tell the server who mail is being sent from using the mail from command:

mail from: root@mailserver.example.com

We now tell the server who we want to send an email to using the rcpt to command:

rcpt to: test@mailserver.example.com

We now add a simple test message by using the data command:

data
Hello this is a test email
.
250 2.0.0 Ok: queued as D9CC7424FE

Note It is very important to use the . and then hit Enter to send your message.

We can now close the telnet session:

quit
221 2.0.0 Bye
Connection closed by foreign host.

Our message should now have sent fine and we can check it has been delivered to the correct Linux user with the following:

ll /home/civo/Maildir/new

You should get something similar to the following:

ll /home/civo/Maildir/new
total 16
drwx------ 2 civo civo 4096 May  1 11:51 ./
drwx------ 5 civo civo 4096 May  1 11:25 ../
-rw------- 1 civo civo  462 May  1 11:51 1525171906.Vfd01I42504M229318.mailserver.example.com

We can now check that the message is the one we are expecting using the less command:

less /home/civo/Maildir/new/1525171906.Vfd01I42504M229318.mailserver.example.com

This should display something similar to:

Return-Path: <root@mailserver.example.com>
X-Original-To: test@mailserver.example.com
Delivered-To: civo@mailserver.example.com
Received: from mailserver (localhost [127.0.0.1])
        by mailserver.example.com (Postfix) with ESMTP id D9CC7424FE
        for <test@mailserver.example.com>; Tue,  1 May 2018 11:46:59 +0100 (BST)
Message-Id: <20180501105118.D9CC7424FE@mailserver.example.com>
Date: Tue,  1 May 2018 11:46:59 +0100 (BST)
From: root@mailserverexample.com


Hello this is a test email

Excellent! We have our first email.

Installing Dovecot

Dovecot is the default POP3/IMAP server for Ubuntu servers, and is installed by default on most setups. However it is best practice to install dovecot and the imapd package with the following command:

sudo apt-get install dovecot-core dovecot-imapd

We can check that Dovecot is now running using the following command:

sudo systemctl status dovecot

You should now get a similar output to the following:

● dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-05-01 12:01:42 BST; 49s ago
     Docs: man:dovecot(1)
           http://wiki2.dovecot.org/
  Process: 10397 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
  Process: 10403 ExecStart=/usr/sbin/dovecot (code=exited, status=0/SUCCESS)
 Main PID: 10407 (dovecot)
    Tasks: 4
   Memory: 1.6M
      CPU: 1.109s
   CGroup: /system.slice/dovecot.service
           ├─10407 /usr/sbin/dovecot
           ├─10409 dovecot/anvil
           ├─10410 dovecot/log
           └─10412 dovecot/config

Finally we can set the permissions on the /var/mail directory so that Dovecot can then create folders for new users:

sudo chmod +x /var/mail

Fantastic! We now have a fully functional Postfix and Dovecot mail server up and running.

End Note

Managing email servers can be a fairly tough and strenuous task for beginner administrators, but with the configuration we have just gone through you should have a basic MTA email functionality to get you started. There are many settings that can be added or amended as Postfix and Dovecot are powerful tools. For more information see the Postfix website and the Dovecot website for any extra configuration options.