# Setting up Postfix & Dovecot Mail Server

Published 2021-08-29

# Overview - Configuring a secure mail server

Improved Version of Scaleway Guide. I will be configuring a mail server that uses DKIM, Rspam and MariaDB to deliver mails securely. I will install a Roundcube webmail interface to be able to view mails from a web browser.

It's better to have a dedicated virtual or baremetal server for this, with dedicated ip address and rDNS setup.

Ports needed:

  1. 25 - needed to receive mail from the internet;
  2. 465 - secure SMTP port needed to connect to mail server
  3. 587 - port for receiving email

What are those port needed for:

  1. 25 - Used for connection between MTA-MTA (Mail Transfer Agent-Mail Transfer Agent). and also used for connection between a client and a server
  2. 465 - Used for smtps (Simple Mail Transfer Protocol Secure). SSL encryption starts automatically before any connection to SMTP
  3. 587 - Used for MSA (Mail Submission Agent). Almost a standart SMTP port

# Pre-work

Before continuing with this guide, some configuration is required to make sure your mail server will be working

  • To be sure that other servers will accept mails sent from my server, I need to have a valid rDNS configured for a domain (for example mx.ted.ge or mail.ted.ge)
  • Forwarded or Unlocked SMTP ports

1. Updating the system just because

sudo apt update -y && sudo apt upgrade

2. Making sure no other mail software is installed

service sendmail stop; update-rc.d -f sendmail remove

Ignore Failed to stop sendmail.service: Unit sendmail.service not loaded. message. It just tells you that sendmail has not been installed

3. You might need to install software-properties-common and after that add php repo manually:

Installing repository manager

apt install software-properties-common

Installing php repository

sudo add-apt-repository ppa:ondrej/php

# Installing PostfixAdmin

All mailboxes will belong to virtual users. To manage mailboxes, we need one system user which will be the owner of all mailboxes and will be used by all virtual users to access their emails on the server. The home directory of the user will be /var/mail/vmail and all mailboxes will be stored in that directory:

sudo groupadd -g 5000 vmail
sudo useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail

Because PostfixAdmin is a PHP application, we will setup an Nginx, PHP7.2 and MariaDB webserver:

sudo apt install nginx mariadb-server php7.2-fpm php7.2-cli php7.2-imap php7.2-json php7.2-mysql php7.2-opcache php7.2-mbstring php7.2-readline

1. Setting a root password for MariaDB:


The setup tool will ask you the following questions:

  • Enter current password for root (enter for none): Press Enter
  • Set root password? [Y/n] Type Y
  • New password: Enter the password for the root user
  • Remove anonymous users? [Y/n] Type Y
  • Disallow root login remotely? [Y/n] Type Y
  • Remove test database and access to it? [Y/n] Type Y
  • Reload privilege tables now? [Y/n] Type Y

2. Download and unpack PostfixAdmin at the moment of writing tis guide, current version is 3.3.8

wget wget https://altushost-swe.dl.sourceforge.net/project/postfixadmin/postfixadmin-3.3.8/PostfixAdmin%203.3.8.tar.gz
tar xzf PostfixAdmin\ 3.3.8.tar.gz

3. Moving PostfixAdmin into the var/www/postfixadmin directory:

sudo mv postfixadmin-postfixadmin-7d04685/ /var/www/postfixadmin
rm -f PostfixAdmin\ 3.3.8.tar.gz
mkdir /var/www/postfixadmin/templates_c

4. changing directory ownership to www-data user:

sudo chown -R www-data: /var/www/postfixadmin

5. Postfix uses MySQL database, so I will connect to MariaDB server to create a new database and user

mysql -u root -p

6. Create the database, remember to replace your_secret_password with a password for the postfixadmin user:

CREATE DATABASE postfixadmin;
GRANT ALL ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'your_secret_password';

7. Creating a /var/www/postfixadmin/config.local.php config file and opening in a text editor:

nano /var/www/postfixadmin/config.local.php
$CONF['configured'] = true;

$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'your_secret_password';
$CONF['database_name'] = 'postfixadmin';

$CONF['default_aliases'] = array (
'abuse'      => 'abuse@example.com',
'hostmaster' => 'hostmaster@example.com',
'postmaster' => 'postmaster@example.com',
'webmaster'  => 'webmaster@example.com'

$CONF['fetchmail'] = 'NO';
$CONF['show_footer_text'] = 'NO';

$CONF['quota'] = 'YES';
$CONF['domain_quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';
$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';

$CONF['aliases'] = '0';
$CONF['mailboxes'] = '0';
$CONF['maxquota'] = '0';
$CONF['domain_quota_default'] = '0';

Don't forget to replace 'your_secret_password' with the actual password

The configuration defines the database type, login credentials, default aliases, disabled fetchmail and enabled quota.

8. Running following script to install the database schema:

sudo -u www-data php /var/www/postfixadmin/public/upgrade.php

creating db superadmin from CLI tools:

sudo bash /var/www/postfixadmin/scripts/postfixadmin-cli admin add

9. Enter the email address of the admin, and answer the questions of the CLI.

To secure the communication with the webserver, we use Let’s Encrypt to get a free SSL certificate: