A mail server allows you to send and receive email. Setting up your own mail server on Ubuntu gives you more control over your email and increases privacy and security. However, managing your own mail server requires a bit more technical knowledge.
This comprehensive guide will walk you through all the steps to create a fully-functioning mail server on Ubuntu 20.04/22.04 from start to finish.
Prerequisites
Before getting started, you’ll need the following:
- A Ubuntu 20.04/22.04 server with a static public IP address. Using a VPS is recommended.
- A registered domain name. This will be used to send and receive emails from your mail server.
- Administrative access to your Ubuntu server.
- Basic knowledge of the Linux command line.
We’ll be using Postfix for the SMTP server, Dovecot for IMAP/POP3, and OpenDMARC for email authentication. A MySQL database will also be configured to store information like virtual domains and users.
Let’s start by updating the package repository and installing some dependencies on our Ubuntu server:
$ sudo apt update
$ sudo apt install postfix postfix-mysql dovecot-imapd dovecot-pop3d mariadb-server openssl openssl-blacklist
Next, we’ll go through the steps to configure each component.
Configuring Postfix
Postfix handles the SMTP service for sending and receiving emails. We need to update some settings in the main Postfix configuration file.
Open the file with:
$ sudo nano /etc/postfix/main.cf
Find the myhostname
parameter and set it to your registered domain name:
myhostname = mail.example.com
Next, find the mydomain
parameter and set it to your domain:
mydomain = example.com
Set the myorigin
parameter to $mydomain
:
myorigin = $mydomain
Under the INTERNET_PROTOCOLS
section, make sure ipv4
is enabled:
inet_interfaces = all
inet_protocols = all
This allows Postfix to listen on all available IPv4 network interfaces.
Now find the mydestination
parameter and set it to the following:
mydestination = $myhostname, localhost.$mydomain, $mydomain
This specifies the domains that Postfix will deliver mail to locally.
Save and close the file when you are done editing.
Next, we need to set up SMTP authentication. Generate a password file for Postfix with the postmap
command:
$ sudo postmap /etc/postfix/sasl_passwd
Create the user and password file:
$ sudo nano /etc/postfix/sasl_passwd
Add your email and password on separate lines:
mail.example.com [email protected]
mail.example.com password123
Save and close the file.
Now edit the Postfix SASL configuration:
$ sudo nano /etc/postfix/sasl/smtpd.conf
Make sure it has the following:
pwcheck_method: saslauthd
mech_list: plain login
This sets Postfix to use the saslauthd
service for authentication.
Restart Postfix to load the new configuration:
$ sudo systemctl restart postfix
Postfix is now configured and ready for sending and receiving emails.
Configuring Dovecot
Dovecot will be used to handle IMAP and POP3 protocols for accessing emails from mail clients like Outlook or Thunderbird.
Open the Dovecot configuration file:
$ sudo nano /etc/dovecot/dovecot.conf
Find the protocols section and enable imap and pop3:
protocols = imap pop3
Enable SMTP authentication:
disable_plaintext_auth = yes
Set the mail location:
mail_location = maildir:/var/mail/%d/%n
Now open the SMTP authentication config file:
$ sudo nano /etc/dovecot/conf.d/10-auth.conf
Find the auth_mechanisms
parameter and set it to:
auth_mechanisms = plain login
This allows plain text and login authentication similar to Postfix.
Finally, open the permissions file:
$ sudo nano /etc/dovecot/conf.d/10-mail.conf
And set:
mail_access_groups = mail
This allows members of the mail
group to access mailboxes.
Save and restart Dovecot:
$ sudo systemctl restart dovecot
Dovecot is now ready to handle IMAP and POP3 mail access.
MySQL Database Setup
Next, we’ll set up a MySQL database to store virtual domains and users for our mail server.
Log into the MySQL shell:
$ sudo mysql
Create a database called mailserver
:
CREATE DATABASE mailserver;
Create a new user and grant permissions on the database:
GRANT SELECT,INSERT,UPDATE,DELETE ON mailserver.* TO 'mailuser'@'127.0.0.1' IDENTIFIED BY 'password123';
Exit MySQL:
quit
Now we can import the Postfix configuration SQL file to create the necessary tables:
$ sudo mysql mailserver < /etc/postfix/mysql/postfix_db.sql
The MySQL database is now ready to store domain and user information for our mail server.
Virtual Domains and Users
With the database configured, we can create virtual domains and users.
A virtual domain allows you to host multiple domains from a single mail server.
First, open the Postfix virtual domain configuration file:
$ sudo nano /etc/postfix/mysql-virtual_domains.cf
Uncomment the config_directory parameter and set it to our MySQL config:
config_directory = /etc/postfix/mysql
Now let’s create a virtual domain entry in the database. Log into MySQL:
$ sudo mysql mailserver -p
Insert a row for the domain:
INSERT INTO `virtual_domains` (`id` ,`name`) VALUES ('1', 'example.com');
Exit MySQL.
Next, open the virtual users file:
$ sudo nano /etc/postfix/mysql-virtual_mailboxes.cf
Set the config_directory
like before:
config_directory = /etc/postfix/mysql
This allows Postfix to lookup users in MySQL.
Enter MySQL again:
$ sudo mysql mailserver -p
Create a sample user:
INSERT INTO `virtual_users` (`id`, `domain_id`, `password` , `email`) VALUES ('1', '1', ENCRYPT('password123', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), '[email protected]');
This creates a user “[email protected]” with an encrypted password.
Now we need to allow the user to access mailboxes. Insert a row into virtual_aliases
:
INSERT INTO `virtual_aliases` (`id`, `domain_id`, `source`, `destination`) VALUES ('1', '1', '[email protected]', '[email protected]');
Exit MySQL and restart Postfix for the changes to take effect:
$ sudo systemctl restart postfix
We can create more domains and users in the same way.
OpenDMARC
OpenDMARC implements the DMARC email authentication standard. This helps improve security and prevent spam and phishing.
First, install OpenDMARC:
$ sudo apt install opendmarc opendmarc-tools
Open the main config file:
$ sudo nano /etc/opendmarc.conf
Set your domain:
AuthservID mail.example.com
Enable logging and reporting:
Socket inet:8893@localhost
LogLevel debug
Syslog true
RejectFailures false
ReportFailures true
HistoryFile /var/lib/opendmarc/opendmarc.dat
StatsSocket /var/run/opendmarc/opendmarc.sock
MinServers 3
ServerInterval 60
This logs activity to syslog and enables daily report emails.
Add your domain as the From address:
/etc/opendmarc/ignore.hosts
mail.example.com
Now enable OpenDMARC:
$ sudo systemctl enable opendmarc
$ sudo systemctl start opendmarc
Finally, generate the DMARC TXT record for your domain:
$ sudo opendmarc-gen-policy --domain example.com --policy none --report email:[email protected]
Take this TXT record and add it to your domain’s DNS configuration.
OpenDMARC is now active and will validate incoming emails.
Testing the Mail Server
Our Ubuntu mail server should now be properly configured. Let’s do some testing to validate that it works.
First, send a test email from the server itself with:
$ echo "This is a test" | mail -s Testing [email protected]
Check if the mail was delivered:
$ sudo ls -l /var/mail
You should see a file named after the user you sent it to if delivery was successful.
Next, configure an email client like Thunderbird to connect to the mail server. Add a new account using the IMAP and SMTP credentials you configured.
Send a test message to the email address on your domain. It should be delivered to the user’s inbox folder on the Ubuntu server.
You can also use Telnet to manually connect to Postfix SMTP and send a message:
$ telnet mail.example.com 25
Type EHLO
, then MAIL FROM:
, RCPT TO:
and finally the test message data. This validates that SMTP sending and delivery are working properly.
Check /var/log/mail.log and /var/log/syslog for any errors with Postfix, Dovecot, MySQL or OpenDMARC during testing. Debug and resolve any issues that come up.
When everything is working as expected, your Ubuntu mail server is ready for use!
Securing the Mail Server
Now that we have a functioning mail server, let’s talk about some best practices for securing it:
- Use HTTPS/SSL for services whenever possible to encrypt traffic. Obtain SSL certificates for your domain.
- Restrict access to mail services by IP address using Postfix
mynetworks
or TCP Wrappers hosts allow list. - Enable firewall rules only allowing traffic on port 25 (SMTP), 143 (IMAP), 993 (IMAP+TLS) and 110 (POP3).
- Disable password authentication in SSH and use key-based login only.
- Make sure your system packages are always up to date by enabling automatic security updates.
- Monitor server logs regularly for signs of attacks or unauthorized access attempts.
- Setup logrotate to archive and compress logs.
- Disable any unnecessary services not being used.
- Create lower privilege system users for services like Dovecot and Postfix.
- Use strong passwords and enable two-factor authentication where possible.
- Backup your mail data and MySQL databases regularly.
Following security best practices will help protect your mail server and users’ private information. The key things are restricting access, staying up to date, monitoring activity, backing up data, and using encryption.
Conclusion
That concludes this step-by-step guide on deploying a mail server on Ubuntu 20.04. We installed and configured Postfix, Dovecot, MySQL, and OpenDMARC. We also covered important security measures to protect the mail server.
With your own Ubuntu mail server, you can fully control your email while improving privacy, security and deliverability. Users can access mail over IMAP and SMTP using any standard email client.
Running a mail server takes more hands-on maintenance compared to using a hosted email provider. But the benefits of having your own private server often outweigh the extra effort.
Let me know if you have any other questions! I’m happy to provide more details on any part of the mail server setup process.