How to setup a Mail server on Ubuntu

A mail server allows you to send and receive email. Setting up your own mail server on Ubuntu gives you more control over your email and increases privacy and security. However, managing your own mail server requires a bit more technical knowledge.

This comprehensive guide will walk you through all the steps to create a fully-functioning mail server on Ubuntu 20.04/22.04 from start to finish.

Prerequisites

Before getting started, you’ll need the following:

• A Ubuntu 20.04/22.04 server with a static public IP address. Using a VPS is recommended.
• A registered domain name. This will be used to send and receive emails from your mail server.
• Administrative access to your Ubuntu server.
• Basic knowledge of the Linux command line.

We’ll be using Postfix for the SMTP server, Dovecot for IMAP/POP3, and OpenDMARC for email authentication. A MySQL database will also be configured to store information like virtual domains and users.

Let’s start by updating the package repository and installing some dependencies on our Ubuntu server:

$ sudo apt update
$ sudo apt install postfix postfix-mysql dovecot-imapd dovecot-pop3d mariadb-server openssl openssl-blacklist

Next, we’ll go through the steps to configure each component.

Configuring Postfix

Postfix handles the SMTP service for sending and receiving emails. We need to update some settings in the main Postfix configuration file.

Open the file with:

$ sudo nano /etc/postfix/main.cf

Find the myhostname parameter and set it to your registered domain name:

myhostname = mail.example.com

Next, find the mydomain parameter and set it to your domain:

mydomain = example.com

Set the myorigin parameter to $mydomain:

myorigin = $mydomain

Under the INTERNET_PROTOCOLS section, make sure ipv4 is enabled:

inet_interfaces = all
inet_protocols = all

This allows Postfix to listen on all available IPv4 network interfaces.

Now find the mydestination parameter and set it to the following:

mydestination = $myhostname, localhost.$mydomain, $mydomain

This specifies the domains that Postfix will deliver mail to locally.

Save and close the file when you are done editing.

Next, we need to set up SMTP authentication. Generate a password file for Postfix with the postmap command:

$ sudo postmap /etc/postfix/sasl_passwd

Create the user and password file:

$ sudo nano /etc/postfix/sasl_passwd

Add your email and password on separate lines:

mail.example.com [email protected]
mail.example.com password123

Save and close the file.

Now edit the Postfix SASL configuration:

$ sudo nano /etc/postfix/sasl/smtpd.conf

Make sure it has the following:

pwcheck_method: saslauthd
mech_list: plain login

This sets Postfix to use the saslauthd service for authentication.

Restart Postfix to load the new configuration:

$ sudo systemctl restart postfix

Postfix is now configured and ready for sending and receiving emails.

Configuring Dovecot

Dovecot will be used to handle IMAP and POP3 protocols for accessing emails from mail clients like Outlook or Thunderbird.

Open the Dovecot configuration file:

$ sudo nano /etc/dovecot/dovecot.conf

Find the protocols section and enable imap and pop3:

protocols = imap pop3

Enable SMTP authentication:

disable_plaintext_auth = yes

Set the mail location:

mail_location = maildir:/var/mail/%d/%n

Now open the SMTP authentication config file:

$ sudo nano /etc/dovecot/conf.d/10-auth.conf

Find the auth_mechanisms parameter and set it to:

auth_mechanisms = plain login

This allows plain text and login authentication similar to Postfix.

Finally, open the permissions file:

$ sudo nano /etc/dovecot/conf.d/10-mail.conf

And set:

mail_access_groups = mail

This allows members of the mail group to access mailboxes.

Save and restart Dovecot:

$ sudo systemctl restart dovecot

Dovecot is now ready to handle IMAP and POP3 mail access.

MySQL Database Setup

Next, we’ll set up a MySQL database to store virtual domains and users for our mail server.

Log into the MySQL shell:

$ sudo mysql

Create a database called mailserver:

CREATE DATABASE mailserver;

Create a new user and grant permissions on the database:

GRANT SELECT,INSERT,UPDATE,DELETE ON mailserver.* TO 'mailuser'@'127.0.0.1' IDENTIFIED BY 'password123';

Exit MySQL:

quit

Now we can import the Postfix configuration SQL file to create the necessary tables:

$ sudo mysql mailserver < /etc/postfix/mysql/postfix_db.sql

The MySQL database is now ready to store domain and user information for our mail server.

Virtual Domains and Users

With the database configured, we can create virtual domains and users.

A virtual domain allows you to host multiple domains from a single mail server.

First, open the Postfix virtual domain configuration file:

$ sudo nano /etc/postfix/mysql-virtual_domains.cf

Uncomment the config_directory parameter and set it to our MySQL config:

config_directory = /etc/postfix/mysql

Now let’s create a virtual domain entry in the database. Log into MySQL:

$ sudo mysql mailserver -p

Insert a row for the domain:

INSERT INTO `virtual_domains` (`id` ,`name`) VALUES ('1', 'example.com');

Exit MySQL.

Next, open the virtual users file:

$ sudo nano /etc/postfix/mysql-virtual_mailboxes.cf

Set the config_directory like before:

config_directory = /etc/postfix/mysql

This allows Postfix to lookup users in MySQL.

Enter MySQL again:

$ sudo mysql mailserver -p 

Create a sample user:

INSERT INTO `virtual_users` (`id`, `domain_id`, `password` , `email`) VALUES ('1', '1', ENCRYPT('password123', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), '[email protected]');

This creates a user “[email protected]” with an encrypted password.

Now we need to allow the user to access mailboxes. Insert a row into virtual_aliases:

INSERT INTO `virtual_aliases` (`id`, `domain_id`, `source`, `destination`) VALUES ('1', '1', '[email protected]', '[email protected]');

Exit MySQL and restart Postfix for the changes to take effect:

$ sudo systemctl restart postfix

We can create more domains and users in the same way.

OpenDMARC

OpenDMARC implements the DMARC email authentication standard. This helps improve security and prevent spam and phishing.

First, install OpenDMARC:

$ sudo apt install opendmarc opendmarc-tools

Open the main config file:

$ sudo nano /etc/opendmarc.conf

Set your domain:

AuthservID mail.example.com

Enable logging and reporting:

Socket inet:8893@localhost 
LogLevel debug
Syslog true
RejectFailures false
ReportFailures true
HistoryFile /var/lib/opendmarc/opendmarc.dat
StatsSocket /var/run/opendmarc/opendmarc.sock
MinServers 3  
ServerInterval 60

This logs activity to syslog and enables daily report emails.

Add your domain as the From address:

/etc/opendmarc/ignore.hosts
mail.example.com

Now enable OpenDMARC:

$ sudo systemctl enable opendmarc
$ sudo systemctl start opendmarc

Finally, generate the DMARC TXT record for your domain:

$ sudo opendmarc-gen-policy --domain example.com --policy none --report email:[email protected]

Take this TXT record and add it to your domain’s DNS configuration.

OpenDMARC is now active and will validate incoming emails.

Testing the Mail Server

Our Ubuntu mail server should now be properly configured. Let’s do some testing to validate that it works.

First, send a test email from the server itself with:

$ echo "This is a test" | mail -s Testing [email protected]

Check if the mail was delivered:

$ sudo ls -l /var/mail

You should see a file named after the user you sent it to if delivery was successful.

Next, configure an email client like Thunderbird to connect to the mail server. Add a new account using the IMAP and SMTP credentials you configured.

Send a test message to the email address on your domain. It should be delivered to the user’s inbox folder on the Ubuntu server.

You can also use Telnet to manually connect to Postfix SMTP and send a message:

$ telnet mail.example.com 25

Type EHLO, then MAIL FROM:, RCPT TO: and finally the test message data. This validates that SMTP sending and delivery are working properly.

Check /var/log/mail.log and /var/log/syslog for any errors with Postfix, Dovecot, MySQL or OpenDMARC during testing. Debug and resolve any issues that come up.

When everything is working as expected, your Ubuntu mail server is ready for use!

Securing the Mail Server

Now that we have a functioning mail server, let’s talk about some best practices for securing it:

• Use HTTPS/SSL for services whenever possible to encrypt traffic. Obtain SSL certificates for your domain.
• Restrict access to mail services by IP address using Postfix mynetworks or TCP Wrappers hosts allow list.
• Enable firewall rules only allowing traffic on port 25 (SMTP), 143 (IMAP), 993 (IMAP+TLS) and 110 (POP3).
• Disable password authentication in SSH and use key-based login only.
• Make sure your system packages are always up to date by enabling automatic security updates.
• Monitor server logs regularly for signs of attacks or unauthorized access attempts.
• Setup logrotate to archive and compress logs.
• Disable any unnecessary services not being used.
• Create lower privilege system users for services like Dovecot and Postfix.
• Use strong passwords and enable two-factor authentication where possible.
• Backup your mail data and MySQL databases regularly.

Following security best practices will help protect your mail server and users’ private information. The key things are restricting access, staying up to date, monitoring activity, backing up data, and using encryption.

Conclusion

That concludes this step-by-step guide on deploying a mail server on Ubuntu 20.04. We installed and configured Postfix, Dovecot, MySQL, and OpenDMARC. We also covered important security measures to protect the mail server.

With your own Ubuntu mail server, you can fully control your email while improving privacy, security and deliverability. Users can access mail over IMAP and SMTP using any standard email client.

Running a mail server takes more hands-on maintenance compared to using a hosted email provider. But the benefits of having your own private server often outweigh the extra effort.

Let me know if you have any other questions! I’m happy to provide more details on any part of the mail server setup process.