How to Install and Configure a Postfix Mail Server with Dovecot on Linux Ubuntu

How to install and configure a Postfix mail server with Dovecot, how to configure a mail server to prevent your emails from falling into the spam folder, how to add DNS records such as SPF, DKIM and DMARC – you’ll find it all in our article.

How to Install and Configure a Postfix Mail Server with Dovecot on Linux Ubuntu

Creating a mail server on Linux-based machines could be one of the most important things that every system administrator should do. If this is the first time you configure your server, you are going to face a lot of aspects that have to be considered during setup. In today’s article, we’ll discover how to perform initial configuration of a mail server, and how to install Postfix mail agent, Dovecot mail server, and how to configure them for proper operation.

Postfix is a free and open-source MTA – mail transfer agent – that can be used to route and deliver electronic mail on a Linux system.

Dovecot is a mail delivery agent created primarily with security in mind. I’ll show you how to configure it as an IMAP or POP3 server.

Go to view
How to Install and Configure a Postfix Mail Server with Dovecot on Linux Ubuntu

How to Install and Configure a Postfix Mail Server with Dovecot on Linux Ubuntu

What you need for installation

To begin the installation, you’ll need a properly configured Linux Ubuntu server with a Fully Qualified Domain Name (FQDN). On the server, you need to add a non-root user but with sudo privileges, and open corresponding ports in your network. I already have a server with the required settings, and its ports are configured properly, so the only thing left to do is to add a user and start installing mail applications.

To add a user, open the terminal by pressing the key shortcut Ctrl+Alt+T, and run this command:

adduser demo

Adding a user with the terminal

Set a new password for this user, and leave other values without changes. You can specify any additional information if you need to. Now you have a new user account with standard privileges. However, sometimes you may have to perform administrative tasks as a root user.

To avoid having to sign out of your regular account and then sign in to a root user account, you can configure the so-called superuser or root privileges for your regular user account. This will let you run commands with administrative privileges by just placing the word “sudo” before the command.

To add privileges, you need to add a new user into the sudo system group by running this command:

usermod -aG sudo demo

Adding a user with the terminal

Set the host name and create DNS entries for the domain

The next thing to do is to set a true domain name for your server.

For this purpose, there is a special command, hostnamectl

sudo hostnamectl set-hostname hetmansoftware.com

Set a true domain name for your server

After that, you need to add MX and A records for the domain in the DNS control panel. These records will show to the other mail agents that your domain is in charge of delivering electronic mail.

Add MX and A records for the domain in the DNS control panel

Open the DNS control panel and add these records, while specifying the public IP address of your server.

Installing a Postfix mail server on Ubuntu

Now you can begin the installation of a Postfix mail agent.

Here is the command you need to use:

$ sudo apt-get install postfix

Add MX and A records for the domain in the DNS control panel

In the Postfix Configuration window that opens, click Ok. After that, the system will suggest you to choose mail configuration type: select Internet Site - Enter.

Choose mail configuration type

In the next window, type the domain name to be used when sending electronic mail. After Postfix is installed, it will start automatically and create a configuration file (in the location in /etc/postfix/main.cf).

Type the domain name to be used when sending electronic mail

You can check Postfix version and service status by using the following commands.

$ sudo systemctl status postfix

Check Postfix version and service status

If you need to change the configuration, type this command:

sudo dpkg-reconfigure postfix

Click ОK and select Internet Site - Enter. In the next window, type the domain name to be used when sending electronic mail. Then add the mail recipient. Specify other destinations to accept mail.

Specify other destinations to accept mail

Force synchronous updates on mail queue: No. Leave local networks settings without changes.

Specify other destinations to accept mail

Mailbox size limit: 0. Local address extension character: + Internet protocols to use: all.

Use all Internet protocols

Testing a Postfix mail server on Ubuntu

Now let’s check if your mail server is connected to port 25 by running this command:

$ telnet gmail-smtp-in.l.google.com 25

Let’s check if your mail server is connected to port 25

The result displayed by the system indicates that the connection has been established successfully. To close the connection, type quit.

Also, you can use a mail application to test the mail service. However, it should be installed first, so run the installation command

apt install mailutils

Here is the command to use:

/usr/sbin/sendmail dmitriyzh23@gmail.com

Specify the email address to send your mail to, subject and contents, and then press Ctrl+D to send.

Sending a test email

The mail service works and the email was delivered, but it ended up in the spam folder. Let’s see what settings should be changed to prevent emails from being classified as spam.

The email ended in the spam folder

After sending the first email, the program will create a file with the user’s name in the var/mail/ folder. In this file, all incoming and outgoing mail will be recorded.

Folder var/mail/

This recording format is known as mbox. To use the maildir format, which divides emails to separate files which are then moved between directories depending on the user’s actions, you need to make some changes to the configuration file.

Sudo nano /etc/postfix/main.cf

Add the line home_mailbox= Maildir/

Making changes to the configuration file

Or run the command:

sudo postconf -e 'home_mailbox= Maildir/'

In this case, mail will be stored in separate files, and can be found by this path:

home/demo/Maildir/new

Installing Dovecot IMAP and POP on Ubuntu

As a result, the mail server is running, you can send and receive mail, but it can hardly do without an opportunity to send mail by SMTP. This protocol is already supported in Postfix, but it has no authentication by default. To add authentication support, you should use Dovecot. As a bonus, you’ll get the opportunity to view your mail by POP3 and IMAP protocols. First of all, you need to install the Dovecot service itself. Here is the command to use:

sudo apt-get install dovecot-imapd dovecot-pop3d

After the installation is over, it is recommended to restart the dovecot service.

sudo systemctl restart dovecot

Install Dovecot service

To configure Dovecot, you should edit the configuration file: /etc/dovecot/dovecot.conf. To open it, you need one more command:

nano /etc/dovecot/dovecot.conf:

You can choose which protocol to use. It could be pop3, pop3s (secure pop3), imap or imaps (secure imap). IMAPS and POP3S are more secure than conventional IMAP and POP3, since they use SSL encryption for their connections. As soon as you have chosen a protocol to use, correct the next line in the file dovecot.conf.

To open it, you need one more command:

nano /etc/dovecot/dovecot.conf:

Add or edit this line:

protocols = pop3 pop3s imap imaps

Ctrl+x, and Yes to save - Enter.

Add to the configuration - pop3 pop3s imap imaps

Now let’s check how POP3 works. Go to a check-up service, enter the data and click to start the test, then check the result.

Add to the configuration pop3 pop3s imap imaps

Now that you have configured the mail service, you need to make sure that mail doesn’t end up in the spam folder, and for that purpose, you should add a few more DNS records. Open the DNS control panel. Add SPF, DMARC and DKIM records.

How to add a DKIM record

To have SPF and DMARC running, all you need is to add their DNS records, but for DKIM to work, it has to be installed on the server.

Add SPF, DMARC and DKIM records in the DNS Panel

DKIM (DomainKeys Identified Mail) is an email authentication method designed to detect forged sender addresses in email (known as email spoofing). DKIM enables the user to check if an email was actually sent from the stated domain.

Here is the command you need to install the package:

apt-get install opendkim opendkim-tools

Installing DKIM

Then start it and add it to automatic startup

sudo systemctl start opendkim

sudo systemctl enable opendkim

After that, you should create a certificate with the help of opendkim-genkey

Create a directory for keys using this command:

mkdir /etc/opendkim

And use another command to generate a key:

opendkim-genkey -D /etc/opendkim/ --domain hetmansoftware.com --selector mail

Here, you need to specify your server’s domain name.

Start DKIM and create a certificate

In the folder /etc/opendkim/ two files should appear, with the extensions .private (a closed key) and .txt (a txt record). Now let’s configure DNS.

View the contents of the txt file:

cat /etc/opendkim/mail.txt

Copy the line with the private DKIM key

Copy the contents, switch to DNS control panel and create a TXT record:

mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "

“the txt file contents”

mail - the selector name,

p= p=MIIBIjANB...IDAQAB - the shortened record of the public key.

Create a record in the DNS Control Panel

sudo chown -R opendkim:opendkim /etc/opendkim

Now let’s make changes to the configuration file

sudo nano /etc/opendkim.conf

Here, you need to comment and add a few lines

AutoRestart Yes

AutoRestartRate 10/1h

Umask 002

Syslog yes

SyslogSuccess Yes

LogWhy Yes

Mode sv

Canonicalization relaxed/simple

UserID opendkim:opendkim

Socket inet:8891@localhost

PidFile /var/run/opendkim/opendkim.pid

ExternalIgnoreList refile:/etc/opendkim/TrustedHosts

InternalHosts refile:/etc/opendkim/TrustedHosts

KeyTable refile:/etc/opendkim/KeyTable

SigningTable refile:/etc/opendkim/SigningTable

SignatureAlgorithm rsa-sha256

Let’s make changes to the configuration file

Add your domain to trusted hosts.

sudo nano /etc/opendkim/TrustedHosts

Add the domain, Ctrl+X, Yes, Enter

Add your domain to trusted hosts

Give the path to the key.

sudo nano /etc/opendkim/KeyTable

mail._domainkey.hetmansoftware.com hetmansoftware.com:mail:/etc/opendkim/dkim.private

Ctrl+X, Yes, Enter

Give the path to the key

The path to the signature

sudo nano /etc/opendkim/SigningTable

*@hetmansoftware.com mail._domainkey.hetmansoftware.com

Ctrl+X, Yes, Enter

Give the path to the signature

Restart the services

sudo systemctl restart opendkim

sudo systemctl restart postfix

Now that the record is added, let’s check it. Open a DKIM checkup service in the browser.

https://dmarcian.com/dkim-inspector/

Type the domain and selector name into the fields. The service has found my DKIM record.

DKIM checkup service

The record is added. For additional fine-tuning, adding trusted hosts, domains etc you’ll have to open the configuration file and add extra settings.

Now let’s test mail sending again.

/usr/sbin/sendmail dmitriyzh23@gmail.com

From: demo@hetmansoftware.com

Subject: test

Test send mail spf dkim dmarc

Ctrl+D

Now the email arrived, and this time it was not dumped into the spam folder. Let’s reply to this email. The mail service works properly.

DKIM checkup service

All right, so you have installed and configured Postfix and Dovecot, checked how the mail service works and added corresponding DNS records. For more convenient work, you can add a MySql storage server and a mail client - for example, Roundcube.

Go to view
⚕️How to Recover Emails📧, Contacts and Profiles in Mozilla Thunderbird (2021)

⚕️How to Recover Emails📧, Contacts and Profiles in Mozilla Thunderbird (2021)

Go to view
How to Restore Access to Gmail, Yahoo, AOL, ICloud, Outlook Mailbox without a Login and Password 📧🔓🔑

How to Restore Access to Gmail, Yahoo, AOL, ICloud, Outlook Mailbox without a Login and Password 📧🔓🔑

Vladimir Artiukh

Author: , Technical Writer

Vladimir Artiukh is a technical writer for Hetman Software, as well as the voice and face of their English-speaking YouTube channel, Hetman Software: Data Recovery for Windows. He handles tutorials, how-tos, and detailed reviews on how the company’s tools work with all kinds of data storage devices.

Oleg Afonin

Editor: , Technical Writer

Oleg Afonin is an expert in mobile forensics, data recovery and computer systems. He often attends large data security conferences, and writes several blogs for such resources as xaker.ru, Elcomsoft and Habr. In addition to his online activities, Oleg’s articles are also published in professional magazines. Also, Oleg Afonin is the co-author of a well-known book, Mobile Forensics - Advanced Investigative Strategies.

  • Updated:
  • Evaluations:
  • 2
  • /
  • :

Share

Questions and answers

  • What are the minimum system requirements for an Ubuntu distributive?

    As far as we know, the minimum system requirements for normal system performance are as follows:

    Basic:

    • CPU: Intel Pentium 4 3 Ghz
    • System memory: 1.5 Gb
    • Graphics adapter: any having 128 Mb of memory
    • Hard disk: any having 10 Gb of free space

    Optimal requirements:

    • CPU: Intel Core 2 Duo 1.8 Ghz
    • System memory: 4 Gb
    • Graphics adapter: any having 256 Mb of memory
    • Hard disk: any having 20 Gb of free space
  • How to open a file manager with root privileges?

    To manage files with root (administrator) privileges, it’s not the best idea to use Nautilus (Nemo) basic file manager. It is so deeply integrated with other system components that you are running a risk of breaching access permissions regarding elements of your home directory. The same would be true for Xubuntu versions with Thunar file manager, and Lubuntu versions with PCmanFM file manager.

    For the reason cited above, it is better to manage files as a root user with a simple file manager app which is not integrated with the desktop environment. To install it, open the terminal and type this command (use the copy/paste options):

    Linux Mint, Ubuntu:

    sudo apt-get install gnome-commander

    Fedora Workstation:

    sudo dnf install gnome-commander

    At a certain moment of this process, you will need to type your password. When the packages are installed, type the command to launch the installed file manager:

    pkexec gnome-commander

  • What are Xubuntu, Kubuntu, Lubuntu and Edubuntu?

    Xubuntu, Kubuntu, Lubuntu and Edubuntu are official versions of Ubuntu (or its official derivatives). They mostly differ by the sets of preinstalled apps and desktop environments they use. Meanwhile, they share the same technologies and software repositories of the Ubuntu project.

    Ubuntu is the main version using GNOME desktop environment.

    Xubuntu is a version of the Ubuntu distributive with Xfce desktop environment.

    Kubuntu uses Ubuntu packages as the basis for KDE desktop environment. While the main idea for GNOME desktop environment was simplicity of operation, the KDE developers intended to implement a menu to deal with a maximum number of various settings.

    Lubuntu is the most lightweight version of Ubuntu distributive: the desktop environment it uses has minimum system requirements and is still easy to work with.

    Edubuntu is a specialized Ubuntu distributive containing specific software meant for schools and education establishments.

  • How to make a computer shut down after a specific period of time?

    Automatically power off Ubuntu after a given period of time. Open the terminal window and get temporary root privileges.

    sudo -i

    When asked, type your password. Your password will not be displayed in any way, even as dots, and this is normal. After you have typed the password, press Enter again.

    Now you need to calculate for how many seconds the computer should be running before shutdown. For example, if you want a computer to work for the next half an hour, you will have to use the number of seconds calculated this way: 30 x 60 = 1,800 seconds. Type the command:

    sleep 1800 && shutdown -h now

    For the command to be performed, don’t close the terminal window and press Enter. As a result, your computer will shut down automatically in 30 minutes.

  • How to disable the Caps Lock key (in all Linux Mint, Ubuntu, and Fedora Workstation editions)?

    Some people really dislike the Caps Lock key as they hit it accidentally from time to time, and this changes letters to uppercase. To disable it in all Linux Mint, Ubuntu, and Fedora Workstation editions you need to make sure that Caps Lock isn’t active. After that, open the terminal window and type this command:

    setxkbmap -option caps:none

    As a result, the Caps Lock will be disabled - that is, nothing will happen even if you press the key by accident!

    Note: this command is only active within the current user session and it will not work after you reboot the computer. If you want it to be run automatically every time you sign in to the operating system, you can just add it to the startup list. In this case, the Caps Lock key will be disabled automatically as soon as you sign in to your account.

    If necessary, you’ll be able to activate the Caps Lock key easily with the help of setxkbmap utility.

    setxkbmap -option

Comments (16)

  • Isoy15
    Isoy15 3.02.2024 13:56 #
    how i can login my postfix email on gmail app via pop3 or imap
    Reply
  • Xavier
    Xavier 10.09.2023 19:59 #
    using the same setup with google domains, The mail service works and the email was delivered, but it ended up in the spam folder
    Reply
    • Hetman Software
      Hetman Software 11.09.2023 10:21 #

      If your emails sent from Google Domains email service are ending up in the recipient's spam folder, it's likely due to several reasons. Here are some steps you can take to improve email deliverability and prevent your emails from being marked as spam:

      Check Your Email Content: Make sure your email content is not spammy. Avoid using excessive capitalization, exclamation marks, and too many links. Ensure that your email is well-written, relevant, and free of any suspicious content.

      Authenticate Your Domain: Verify your domain by setting up SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) records. These authentication methods help prove that your emails are legitimate and not spoofed.

      Use a Reputable IP Address: If you're sending a high volume of emails, consider using a dedicated IP address. This can help maintain your sending reputation. Shared IP addresses can sometimes suffer from the actions of other users on the same IP.

      Maintain a Good Sending Reputation: Avoid sending emails to purchased or outdated email lists. Ensure that your recipients have opted in to receive your emails. High bounce rates and spam complaints can negatively impact your sending reputation.

      Monitor Email Bounces and Complaints: Keep an eye on bounced emails and spam complaints. Remove invalid email addresses from your list and investigate the cause of any complaints to prevent future issues.

      Use Clear and Relevant Subject Lines: Misleading or clickbait subject lines can trigger spam filters. Ensure that your subject lines accurately reflect the content of your emails.

      Avoid Image-Heavy Emails: Emails with too many images and minimal text can look suspicious to spam filters. Balance your email content with text and images appropriately.

      Regularly Update Your Contact List: Remove inactive or disengaged subscribers from your mailing list. Keeping a clean list can improve deliverability.

      Test Your Emails: Send test emails to various email providers to check how they are delivered and whether they end up in spam folders. Adjust your content and settings accordingly.

      Use a Professional Email Marketing Service: Consider using a reputable email marketing service like Mailchimp, SendGrid, or Constant Contact. They often have built-in tools to improve email deliverability.

      Monitor Blacklists: Check if your IP address or domain is listed on email blacklists. If you find it listed, take steps to delist it.

      Engage Subscribers: Encourage recipients to add your email address to their contact list or address book. This can help ensure that your emails are not marked as spam.

      Provide an Unsubscribe Option: Always include a clear and easy way for recipients to unsubscribe from your emails. This helps reduce spam complaints.

      Remember that improving email deliverability is an ongoing process. It's important to regularly review and refine your email marketing practices to maintain a good sender reputation and ensure that your emails reach the inbox rather than the spam folder.

      Reply
  • Armin Mansouri
    Armin Mansouri 10.05.2023 12:10 #
    Could you also show us how to configure the mailserver to use SMTP over TLS (port 587) please?
    Reply
    • Hetman Software
      Hetman Software 16.05.2023 14:58 #

      Sure! Here is how to configure your mail server to use SMTP with TLS encryption (port 587):

      Username: This is usually your full email address, e.g. "example@example.com".

      Password: This is the password you use to access your mail.

      Outgoing mail server (SMTP server): You will need to enter the address of the outgoing mail server provided by your mail provider. Usually it is something like "smtp.example.com" or "mail.example.com". You will need to contact your ISP or check their documentation to find out the correct server settings.

      SMTP port: Use port 587 to connect via TLS (Transport Layer Security). This will provide a secure, encrypted connection for sending mail. Some ISPs may also support SSL (Secure Sockets Layer) on port 465. Check the settings of your ISP for the port to be used.

      Encryption Type: Set TLS (or STARTTLS) as the encryption method. This will ensure a secure connection when sending mail.

      Authentication: Enable the authentication option on the mail server. This is usually done by selecting the 'Enable Authentication' option and providing your username and password.

      Once you have these details, you can use them to set up a mail client or mail sending software that supports SMTP with TLS encryption. There is usually an appropriate section in the mail client settings where you can specify this data and set up a connection via TLS.

      Reply
  • Zack Brownell
    Zack Brownell 27.12.2022 22:54 #
    How can you configure Dovecot to work with Postfix?
    Reply
    • Hetman Software
      Hetman Software 27.12.2022 23:15 #
      Install Dovecot: Install Dovecot on your server using your package manager. Configure Postfix: Edit your Postfix configuration file (main.cf) and add the following lines: # Dovecot configuration mail_spool_directory = /var/mail mailbox_command = /usr/lib/dovecot/deliver virtual_transport = dovecot Configure Dovecot: Edit your Dovecot configuration file (dovecot.conf) and add the following lines: # Postfix configuration protocols = imap pop3 lmtp mail_location = maildir:~/Maildir mail_privileged_group = mail Restart Services: Restart both Postfix and Dovecot services for the changes to take effect.
      Reply
  • Sammy Blanchfield
    Sammy Blanchfield 27.12.2022 20:59 #
    How can you test whether your Postfix configuration is working correctly or not?
    Reply
    • Hetman Software
      Hetman Software 27.12.2022 21:29 #
      1. Check the Postfix log files to ensure that your mail is being delivered correctly.
      2. Send a test email from the server to an external address and verify that it was received.
      3. Use telnet to connect to the Postfix server on port 25 and send a test email.
      4. Use a tool such as swaks to test the server’s SMTP settings.
      5. Use an online SMTP tester to verify the server’s configuration.
      Reply
  • Leon Hurley
    Leon Hurley 27.12.2022 17:01 #
    What are some of the important parameters that need to be set in the main.cf file?
    Reply
    • Hetman Software
      Hetman Software 27.12.2022 17:36 #
      1. myhostname: This is the fully-qualified domain name of the mail server.
      2. mydomain: This is the domain name used for mail routing.
      3. myorigin: This is the domain name that will be used to construct email addresses.
      4. mydestination: This is a list of domains that this server will accept mail for.
      5. relay_domains: This is a list of domains that this server will relay mail for.
      6. inet_interfaces: This is a list of network interfaces that Postfix will listen on.
      7. mynetworks: This is a list of trusted networks that are allowed to relay mail through the server.
      8. virtual_alias_maps: This is a list of mappings from email addresses to other email addresses or destinations.
      9. virtual_mailbox_maps: This is a list of mappings from email addresses to mailbox locations.
      10. smtpd_recipient_restrictions: This is a list of restrictions that will be applied to incoming mail.
      Reply
  • Anderson Carling
    Anderson Carling 27.12.2022 15:07 #
    How can you check whether Postfix is already installed on your system or not?
    Reply
    • Hetman Software
      Hetman Software 27.12.2022 15:31 #
      You can check whether Postfix is already installed on your system by running the following command in the terminal: $ sudo dpkg -s postfix This will display information about the Postfix package, including its version and installation status.
      Reply
  • Terry Mullies
    Terry Mullies 27.12.2022 12:02 #
    What is the first step in setting up Postfix and Dovecot on Linux Ubuntu?
    Reply
    • Hetman Software
      Hetman Software 27.12.2022 12:32 #
      The first step in setting up Postfix and Dovecot on Linux Ubuntu is to install the packages. This can be done by running the following command in a terminal: sudo apt-get install postfix dovecot-core dovecot-imapd dovecot-lmtpd.
      Reply
  • Maxim Cherniga
    Maxim Cherniga 9.11.2022 14:01 #
    If you have any questions about installing and configuring a Postfix mail server with Dovecot, configuring a mail server to prevent your emails from falling into the spam folder, or adding DNS records such as SPF, DKIM and DMARC, feel free to post a comment and ask us.
    Reply
Post comment
User
Leave a reply
Your email address will not be published. Required fields are marked *

Recommended For You
This website uses cookies to improve your experience. Description
Hello! This is AI-based Hetman Software virtual assistant, and it will answer any of your questions right away.
Start Chat