How to Install and Configure a Postfix Mail Server with Dovecot on Linux Ubuntu
How to install and configure a Postfix mail server with Dovecot, how to configure a mail server to prevent your emails from falling into the spam folder, how to add DNS records such as SPF, DKIM and DMARC – you’ll find it all in our article.
- What you need for installation
- Set the host name and create DNS entries for the domain
- Installing a Postfix mail server on Ubuntu
- Testing a Postfix mail server on Ubuntu
- Installing Dovecot IMAP and POP on Ubuntu
- Questions and answers
Creating a mail server on Linux-based machines could be one of the most important things that every system administrator should do. If this is the first time you configure your server, you are going to face a lot of aspects that have to be considered during setup. In today’s article, we’ll discover how to perform initial configuration of a mail server, and how to install Postfix mail agent, Dovecot mail server, and how to configure them for proper operation.
Postfix is a free and open-source MTA – mail transfer agent – that can be used to route and deliver electronic mail on a Linux system.
To begin the installation, you’ll need a properly configured Linux Ubuntu server with a Fully Qualified Domain Name (FQDN). On the server, you need to add a non-root user but with sudo privileges, and open corresponding ports in your network. I already have a server with the required settings, and its ports are configured properly, so the only thing left to do is to add a user and start installing mail applications.
To add a user, open the terminal by pressing the key shortcut Ctrl+Alt+T, and run this command:
Set a new password for this user, and leave other values without changes. You can specify any additional information if you need to. Now you have a new user account with standard privileges. However, sometimes you may have to perform administrative tasks as a root user.
To avoid having to sign out of your regular account and then sign in to a root user account, you can configure the so-called superuser or root privileges for your regular user account. This will let you run commands with administrative privileges by just placing the word “sudo” before the command.
To add privileges, you need to add a new user into the sudo system group by running this command:
usermod -aG sudo demo
The next thing to do is to set a true domain name for your server.
For this purpose, there is a special command, hostnamectl
sudo hostnamectl set-hostname hetmansoftware.com
After that, you need to add MX and A records for the domain in the DNS control panel. These records will show to the other mail agents that your domain is in charge of delivering electronic mail.
Open the DNS control panel and add these records, while specifying the public IP address of your server.
Now you can begin the installation of a Postfix mail agent.
Here is the command you need to use:
$ sudo apt-get install postfix
In the Postfix Configuration window that opens, click Ok. After that, the system will suggest you to choose mail configuration type: select Internet Site - Enter.
In the next window, type the domain name to be used when sending electronic mail. After Postfix is installed, it will start automatically and create a configuration file (in the location in /etc/postfix/main.cf).
You can check Postfix version and service status by using the following commands.
$ sudo systemctl status postfix
If you need to change the configuration, type this command:
sudo dpkg-reconfigure postfix
Click ОK and select Internet Site - Enter. In the next window, type the domain name to be used when sending electronic mail. Then add the mail recipient. Specify other destinations to accept mail.
Force synchronous updates on mail queue: No. Leave local networks settings without changes.
Mailbox size limit: 0. Local address extension character: + Internet protocols to use: all.
Now let’s check if your mail server is connected to port 25 by running this command:
$ telnet gmail-smtp-in.l.google.com 25
The result displayed by the system indicates that the connection has been established successfully. To close the connection, type quit.
Also, you can use a mail application to test the mail service. However, it should be installed first, so run the installation command
apt install mailutils
Here is the command to use:
Specify the email address to send your mail to, subject and contents, and then press Ctrl+D to send.
The mail service works and the email was delivered, but it ended up in the spam folder. Let’s see what settings should be changed to prevent emails from being classified as spam.
After sending the first email, the program will create a file with the user’s name in the var/mail/ folder. In this file, all incoming and outgoing mail will be recorded.
This recording format is known as mbox. To use the maildir format, which divides emails to separate files which are then moved between directories depending on the user’s actions, you need to make some changes to the configuration file.
Sudo nano /etc/postfix/main.cf
Add the line home_mailbox= Maildir/
Or run the command:
sudo postconf -e 'home_mailbox= Maildir/'
In this case, mail will be stored in separate files, and can be found by this path:
As a result, the mail server is running, you can send and receive mail, but it can hardly do without an opportunity to send mail by SMTP. This protocol is already supported in Postfix, but it has no authentication by default. To add authentication support, you should use Dovecot. As a bonus, you’ll get the opportunity to view your mail by POP3 and IMAP protocols. First of all, you need to install the Dovecot service itself. Here is the command to use:
sudo apt-get install dovecot-imapd dovecot-pop3d
After the installation is over, it is recommended to restart the dovecot service.
sudo systemctl restart dovecot
To configure Dovecot, you should edit the configuration file: /etc/dovecot/dovecot.conf. To open it, you need one more command:
You can choose which protocol to use. It could be pop3, pop3s (secure pop3), imap or imaps (secure imap). IMAPS and POP3S are more secure than conventional IMAP and POP3, since they use SSL encryption for their connections. As soon as you have chosen a protocol to use, correct the next line in the file dovecot.conf.
To open it, you need one more command:
Add or edit this line:
protocols = pop3 pop3s imap imaps
Ctrl+x, and Yes to save - Enter.
Now let’s check how POP3 works. Go to a check-up service, enter the data and click to start the test, then check the result.
Now that you have configured the mail service, you need to make sure that mail doesn’t end up in the spam folder, and for that purpose, you should add a few more DNS records. Open the DNS control panel. Add SPF, DMARC and DKIM records.
To have SPF and DMARC running, all you need is to add their DNS records, but for DKIM to work, it has to be installed on the server.
DKIM (DomainKeys Identified Mail) is an email authentication method designed to detect forged sender addresses in email (known as email spoofing). DKIM enables the user to check if an email was actually sent from the stated domain.
Here is the command you need to install the package:
apt-get install opendkim opendkim-tools
Then start it and add it to automatic startup
sudo systemctl start opendkim
sudo systemctl enable opendkim
After that, you should create a certificate with the help of opendkim-genkey
Create a directory for keys using this command:
And use another command to generate a key:
opendkim-genkey -D /etc/opendkim/ --domain hetmansoftware.com --selector mail
Here, you need to specify your server’s domain name.
In the folder /etc/opendkim/ two files should appear, with the extensions .private (a closed key) and .txt (a txt record). Now let’s configure DNS.
View the contents of the txt file:
Copy the contents, switch to DNS control panel and create a TXT record:
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
“the txt file contents”
mail - the selector name,
p= p=MIIBIjANB...IDAQAB - the shortened record of the public key.
sudo chown -R opendkim:opendkim /etc/opendkim
Now let’s make changes to the configuration file
sudo nano /etc/opendkim.conf
Here, you need to comment and add a few lines
Add your domain to trusted hosts.
sudo nano /etc/opendkim/TrustedHosts
Add the domain, Ctrl+X, Yes, Enter
Give the path to the key.
sudo nano /etc/opendkim/KeyTable
Ctrl+X, Yes, Enter
The path to the signature
sudo nano /etc/opendkim/SigningTable
Ctrl+X, Yes, Enter
Restart the services
sudo systemctl restart opendkim
sudo systemctl restart postfix
Now that the record is added, let’s check it. Open a DKIM checkup service in the browser.
Type the domain and selector name into the fields. The service has found my DKIM record.
The record is added. For additional fine-tuning, adding trusted hosts, domains etc you’ll have to open the configuration file and add extra settings.
Now let’s test mail sending again.
Test send mail spf dkim dmarc
Now the email arrived, and this time it was not dumped into the spam folder. Let’s reply to this email. The mail service works properly.
All right, so you have installed and configured Postfix and Dovecot, checked how the mail service works and added corresponding DNS records. For more convenient work, you can add a MySql storage server and a mail client - for example, Roundcube.