Setting Up a Mail Server on Ubuntu
Objective: This tutorial will guide you through the installation and configuration of a fully functional mail server on Ubuntu using Postfix as the MTA (Mail Transfer Agent), Dovecot for IMAP and POP3 services, and Roundcube as a web-based email client.
Prerequisites:
- An Ubuntu server (20.04 or later)
- Sudo access
- A registered domain name
- Proper DNS configurations (MX records)
Introduction to Email Servers
An email server is a server that sends and receives email messages. It handles the transmission of messages and stores them for retrieval by the user. Setting up your own mail server can seem daunting, but it gives you complete control over your email communications.
Installing Required Packages
First, ensure your system is updated:
sudo apt update
sudo apt upgrade -yNow, install the necessary packages for Postfix, Dovecot, and MySQL:
sudo apt install postfix dovecot-core dovecot-imapd dovecot-pop3d mysql-server php php-mysql php-mbstring php-xml php-zip -yDuring the Postfix installation, you will be prompted to choose a configuration type. Select Internet Site and set your mail server name to your domain (e.g., mail.yourdomain.com).
Configuring Postfix
Step 1: Basic Configuration
Edit the Postfix main configuration file:
sudo nano /etc/postfix/main.cfAdd or modify the following lines:
myhostname = mail.yourdomain.com
mydomain = yourdomain.com
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =
mynetworks = 127.0.0.0/8
inet_interfaces = all
inet_protocols = allStep 2: Enable SASL Authentication
Add the following lines to enable SASL (Simple Authentication and Security Layer):
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yesStep 3: Enabling TLS
To secure the mail server, you’ll need TLS. Generate a self-signed certificate:
sudo mkdir /etc/ssl/private
sudo openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/mailserver.crt -keyout /etc/ssl/private/mailserver.keyModify main.cf to add:
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/ssl/certs/mailserver.crt
smtpd_tls_key_file = /etc/ssl/private/mailserver.keyStep 4: Restart Postfix
After making changes, restart Postfix:
sudo systemctl restart postfixSetting Up Dovecot
Edit the Dovecot configuration file:
sudo nano /etc/dovecot/dovecot.confAdd the following line to enable SSL:
ssl = requiredNow, configure the SSL settings in dovecot.conf:
ssl_cert = </etc/ssl/certs/mailserver.crt
ssl_key = </etc/ssl/private/mailserver.keyStep 1: Enable Mail Location
Edit the conf.d/10-mail.conf file:
sudo nano /etc/dovecot/conf.d/10-mail.confSet the mail location:
mail_location = maildir:~/MaildirStep 2: Enable Authentication
Edit conf.d/10-auth.conf and set:
auth_mechanisms = plain loginStep 3: Restart Dovecot
After making changes, restart Dovecot:
sudo systemctl restart dovecotConfiguring MySQL for Email Users
Step 1: Create MySQL Database and User
Log into MySQL:
sudo mysql -u root -pCreate a database and user for Roundcube:
CREATE DATABASE roundcube;
CREATE USER 'roundcubeuser'@'localhost' IDENTIFIED BY 'yourpassword';
GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcubeuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;Step 2: Import Roundcube Schema
Navigate to the Roundcube SQL directory:
cd /usr/share/doc/roundcube/SQLImport the schema:
sudo mysql -u roundcubeuser -p roundcube < mysql.sqlInstalling and Configuring Roundcube
Step 1: Install Roundcube
Install Roundcube:
sudo apt install roundcube roundcube-core roundcube-mysql -yStep 2: Configure Roundcube
Edit the Roundcube configuration:
sudo nano /etc/roundcube/config.inc.phpSet the database configuration:
$config['db_dsnw'] = 'mysql://roundcubeuser:yourpassword@localhost/roundcube';Step 3: Configure SMTP and IMAP Settings
Add the SMTP and IMAP settings:
$config['smtp_server'] = 'tls://mail.yourdomain.com';
$config['smtp_port'] = 587;
$config['imap_server'] = 'ssl://mail.yourdomain.com';
$config['imap_port'] = 993;Step 4: Enable URL Rewrite
To enable URL rewriting for Roundcube, you need to edit the Apache configuration:
sudo nano /etc/apache2/conf-available/roundcube.confAdd the following lines:
Alias /roundcube /usr/share/roundcube
<Directory /usr/share/roundcube/>
Options +FollowSymLinks
DirectoryIndex index.php
AllowOverride All
Require all granted
</Directory>Enable the configuration and rewrite module:
sudo a2enconf roundcube
sudo a2enmod rewrite
sudo systemctl restart apache2Securing Your Mail Server
- Firewall Configuration: Use UFW to manage your firewall:
sudo ufw allow OpenSSH sudo ufw allow 'Apache Full' sudo ufw allow 25/tcp sudo ufw allow 465/tcp sudo ufw allow 587/tcp sudo ufw allow 993/tcp sudo ufw allow 995/tcp sudo ufw enable - Fail2Ban Installation: Protect your server from brute-force attacks:
sudo apt install fail2ban -yCreate a jail configuration:
sudo nano /etc/fail2ban/jail.localAdd the following lines:
[postfix] enabled = true port = smtp filter = postfix logpath = /var/log/mail.log maxretry = 3 findtime = 10 bantime = 600Restart Fail2Ban:
sudo systemctl restart fail2ban
Testing Your Mail Server – Setting Up a Mail Server on Ubuntu
- Sending Email: Use the
mailcommand to send a test email:echo "Test email message" | mail -s "Test Subject" [email protected] - Check Mailbox: Log in to Roundcube at
http://mail.yourdomain.com/roundcubeand check if you received the test email. - Inspect Logs: If you encounter any issues, check the logs for errors:
sudo tail -f /var/log/mail.log sudo tail -f /var/log/mail.err
FAQs
Q1: Why isn’t Postfix sending emails?
- Check your configuration in
/etc/postfix/main.cffor any typos. Ensure your DNS settings, particularly MX records, are correctly pointing to your mail server.
Q2: How do I create additional email users?
- You can create new users using the following MySQL command after logging in:
INSERT INTO users (username, password, email) VALUES ('newuser', 'hashedpassword', '[email protected]');Ensure the password is hashed properly, for example using
doveadm pw.
Q3: How can I enable DKIM for my emails?
- Install OpenDKIM, generate keys, and configure Postfix and DKIM to add digital signatures to your emails for better deliverability.
Q4: What can I do to improve the security of my mail server?
- Regularly update your packages, implement rate limiting, configure spam filtering, and use tools like Fail2Ban to block repeated failed login attempts.
By following this comprehensive guide, you now have a functional and secure mail server on Ubuntu using Postfix, Dovecot, and Roundcube. If you have any questions or need further assistance, feel free to ask!