How to Quickly Set Up a Mail Server on Debian 9 Stretch with Modoboa

Setting up a mail server on Linux from scratch is a pain in the neck. This tutorial is going to show you how to quickly set up your own email server on Debian 9 Stretch with Modoboa, saving you lots of time and headaches. Modoboa is a free and open source mail hosting and management platform designed to work with Postfix SMTP server and Dovecot IMAP/POP3 server.

Modoboa is written in Python, released under the terms of ISC license. At the time of writing, the latest version is v1.14.0, released on July 3, 2019. Main features of Modoboa are as follows:

  • Modoboa by default uses Nginx web server to server the webmail client and web-based admin panel.
  • Compatible with Postfix and Dovecot.
  • Supports MySQL/MariaDB, and PostgreSQL database.
  • Easily create unlimited mailboxes and unlimited mail domains in a web-based admin panel.
  • Easily create email alias in the web-based admin panel.
  • The webmail client provides an easy-to-use message filter to help you organize messages to different folders.
  • It can help you protect your domain reputation by monitoring email blacklists and generating DMARC report, so your emails have better chance to land in inbox instead of spam folder.
  • Includes amavis frontend to block spam and detect virus in email.
  • Calendar and address book.
  • Integration with Let’s Encrypt to get valid SSL/TLS certificate.
  • Includes AutoMX to allow end users to easily configure mail account in a desktop or mobile mail client.

Note: The Modoboa installer is currently not compatible with Debian 10 Buster.

Step 1: Choose the Right Hosting Provider and Buy a Domain Name

To set up a complete email server with Modoboa, you need a server with at least 2GB RAM. After the installation, your server will use more than 1GB of RAM. This tutorial is done on a $10/month Vultr VPS (virtual private server). I recommend Vultr because it doesn’t block port 25, so you can send unlimited emails with no extra cost. You can create an account at Vultr via my referral link to get $50 free credit.

Other VPS providers like DigitalOcean blocks port 25 and you will need to set up SMTP relay to bypass port 25 blocking, which can cost you additional money. Once you have an account on Vultr, you can easily create a server instance in the Vultr web control panel and install Debian 9 on it.

There are 4 types of server in Vultr. Here we will choose the $10/month plan in Cloud Compute, which costs less than the other 3 types and is good enough to run Modoboa.

vultr mail server

It is recommended that you follow the instructions below on a clean install of Debian 9 OS.

You also need to have a domain name. I registered my domain name from NameCheap because the price is low and they give whois privacy protection free for life.

Also, make sure your server IP address isn’t listed in any email blacklist. You can go to mxtoolbox.com and dnsbl.info to check your server IP address. If it’s in a blacklist, you can delete your server instance in Vultr and create a new one. As Vultr uses an hourly billing model, you won’t be charged by month, but by how many hours you used, which makes it convenient to delete a server instance at any time.

Step 2: Creating MX Record and A Record in DNS

The MX record specifies which host or hosts handle emails for a particular domain name. For example, the host that handles emails for linuxbabe.com is mail.linuxbabe.com. If someone with a Gmail account sends an email to [email protected], then Gmail server will query the MX record of linuxbabe.com. When it finds out that mail.linuxbabe.com is responsible for accepting email, it then query the A record of mail.linuxbabe.com to get the IP address, thus the email can be delivered.

You can log in to your domain registrar’s website (such as NameCheap) to create DNS records.

In your DNS manager, create a MX record for your domain name. Enter @ in the Name field to represent the main domain name, then enter mail.your-domain.com in the Value field.

modoboa web interface

Note: The hostname for MX record can not be an alias to another name. Also, It’s highly recommended that you use hostnames, rather than bare IP addresses for MX record.

Your DNS manager may require you to enter a preference value (aka priority value). It can be any number between 0 and 65,356. A small number has higher priority than a big number. You can enter 0 for your email server, or accept the default value.

After creating MX record, you also need to create an A record for mail.your-domain.com , so that it can be resolved to an IP address. If your server uses IPv6 address, be sure to add AAAA record.

If you use Cloudflare DNS service, you should not enable the CDN feature when creating A record for your mail server. Cloudflare does not support SMTP proxy.

Step 3: Set up Mail Server on Debian 9 Stretch with Modoboa Installer

Log into your server via SSH, then update software packages.

sudo apt update

sudo apt upgrade

Debian 9 by default ships with Exim SMTP server. Since Modoboa will use Postfix SMTP server, we need to remove Exim.

sudo apt remove exim4 exim4-base exim4-daemon-light

Download modoboa installer from Github.

sudo apt install git

git clone https://github.com/modoboa/modoboa-installer

Modoboa is written in Python. Run the following command to install the necessary Python software.

sudo apt-get install python-virtualenv python-pip

Then navigate to the modoboa-installer directory and create a configuration file. Replace example.com with your own domain name.

cd modoboa-installer

sudo ./run.py --stop-after-configfile-check example.com

modoboa-mail-server-debian-9-stretch

Edit the configuration file installer.cfg with a command line text editor like nano.

sudo nano installer.cfg

To obtain a valid TLS certificate from Let’s Encrypt for your mail server, in [certificate] section, change the value of type from self-signed to letsencrypt.

type = letsencrypt

And change the email address from [email protected] to your real email address, which will be used for account recovery and important notifications.

modoboa installer

To save the file in Nano text editor, press Ctrl+O, then press Enter to confirm. Press Ctrl+X to exit. Now run the following command to start the installation.

sudo ./run.py --interactive example.com

install modoboa debian 9 stretch

The installation process can take a while. It took 10 minutes on my Vultr server. If you experience an error during the installation, you can use the --debug option to see more detailed output.

sudo ./run.py --interactive --debug example.com

After Modoboa finishes installation, you can log into the admin panel with username admin and password password.

modoboa-mail-server-debian 9

Once you are logged in, you should go to Admin -> Settings -> Profile to change the password.

modoboa install

Step 4: Adding Mailboxes in Modoboa Admin Panel

Please note that the default admin account isn’t an email account. It can only be used to administer the mail server. To send emails, you need to add mailboxes with the admin account.

Go to Domains tab and click Add button to add a new domain.

modoboa review

Then enter your main domain name in the Name field. It is highly recommended that you enable DKIM signing, which can help with your domain reputation. In Key selector filed, you can enter a random word like modoboa.  Choose 2048 for the key length.

adding domain name in modoboa

In the next screen, you can choose to create an admin account for this particular domain name. The SMTP protocol requires that a mail server should have a [email protected] address.

modoboa postmaster account

Click the Submit button and your domain name will be added in Modoboa.

To add email addresses, go to Domains tab and click your domain name.

add mailboxes in modoboa

Then click mailboxes.

adding email addresses in modoboa

Click Add button and choose Account.

modoboa alias

Then choose Simple user as the role. Enter an email address in Username field and enter a password.

qucikly set up an email server modoboa

In the next screen, you can optionally create an alias for this email address.

create alias in modoboa

After clicking the submit button, the email address is created.

Step 5: Sending Test Emails

To login to the webmail, you need to log out the admin account first and then enter the user credentials.

modoboa login

Once you are logged into Modoboa webmail, you can send a test email from your private email server to your other email address and vice versa.

modoboa webmail

Inbound emails will be delayed for a few minutes, because by default Modoboa enables greylisting, which tells other sending SMTP server to try again in a few minutes. This is useful to block spam. The following message in /var/log/mail.log indicates greylisting is enabled.

postfix/postscreen[20995]: NOQUEUE: reject: RCPT from [34.209.113.130]:36980: 450 4.3.2 Service currently unavailable;

Step 6: Unblocking Port 25 for Your Vultr Server

Your ISP or hosting provider won’t block incoming connection to port 25 of your server, which means you can receive emails from other mail servers.  However, many ISP/hosting providers are likely to block outgoing connection to port 25 of other mails server, which means you can’t send emails.

If your emails didn’t arrive at your other email address such as Gmail, you should check the mail log (/var/log/mail.log). The following message in /var/log/mail.log indicates port 25 is blocked.

mail postfix/smtp[9969]: connect to gmail-smtp-in.l.google.com[74.125.200.27]:25: Connection timed out
mail postfix/smtp[9969]: connect to gmail-smtp-in.l.google.com[2404:6800:4003:c03::1b]:25: Connection timed out

If port 25 is blocked for outgoing connections on your Vultr server, then you should open a support ticket in your Vultr account. They will unblock port 25 for you. Here’s what I said to the support stuff.

Hi

I'm setting up a mail server. Looks like port 25 is blocked on this server. Please open it for me.

Thanks :)

The support stuff replied very quickly:

Hello XIAO GUO AN,

Thank you for your SMTP unblock request!

In order to combat spam and spam-like activities, we will need to review some additional information prior to removing the SMTP filter.

Please reply to this ticket with the following information:

1. The business name and organization URL(s) under which you offer services.
2. Describe, in as much detail as possible, the nature of the emails you intend to send.
3. The volume of email that you plan to deliver on a daily/monthly basis.

We need to know this in order to make an informed decision regarding your account settings and resource limits to ensure the integrity of our network/systems/online reputation.

John Doe
www.vultr.com

So you just need to answer 3 simple questions. You can use the following as a template.

Hi

My business name is LinuxBabe and website is https://www.linuxbabe.com,

I'm setting up this mail server for my website, so I would be able to send registration emails and notifications emails to my users.

The volume of outgoing email is below 50 emails per day.

Thanks.

And then the stuff replied:

Hello,

Thank you for the information provided!

We have removed the default SMTP block on your account. Please restart any active instances via https://my.vultr.com for the change to take effect (restarting via the server itself _will_not_ work).

Also, keep in mind that marketing and bulk email is restricted in our platform. For reference, our ANTI-SPAM policy is listed here: https://www.vultr.com/legal/antispam_policy.php

If you have any additional questions our team is happy to assist you further. Thank you for choosing Vultr!

Kind Regards,
Customer Support

Once they removed the SMTP block on your account, you need to restart your server via the Vultr control panel.

Note that Vultr does not allow you to send maketing/bulk email on their servers, regardless of whether it’s spam or not, which means you can’t send newsletter from your Vultr server. So you are only allowed to send transactional emails for your website (registration email, notification email, etc) or send personal emails. If you need to send newsletters, I recommend using a SMTP relay service .

If your ISP or hosting provider (such as DigitalOcean) refuses to unblock port 25, then you can’t send emails directly, you also need to set up SMTP relay to solver this problem.

Step 7: Using Mail Clients on Your Computer or Mobile Device

Fire up your desktop email client such as Mozilla Thunderbird and add a mail account.

  • In the incoming server section, select IMAP protocol, enter mail.your-domain.com as the server name, choose port 143 and STARTTLS. Choose normal password as the authentication method.
  • In the outgoing section, select SMTP protocol, enter mail.your-domain.com as the server name, choose port 587 and STARTTLS. Choose normal password as the authentication method.

modoboa-mail-server-desktop-mail-client-configuration-automx

You can also use IMAP on port 993 with SSL/TLS encryption.

Step 8: Improving Your Email Server Reputation

To prevent your emails from being flagged as spam, you should set PTR, SPF, DKIM and DMARC records.

PTR record

A pointer record, or PTR record, maps an IP address to a FQDN (fully qualified domain name). It’s the counterpart to the A record and is used for reverse DNS lookup, which can help with blocking spammers. Many SMTP servers reject emails if no PTR record is found for the sending server.

To check the PTR record for an IP address, run this command:

dig -x IP-address +short

or

host IP-address

Because you get IP address from your hosting provider or ISP, not from your domain registrar, so you must set PTR record for your IP in the control panel of your hosting provider or ask your ISP.  Its value should be your mail server’s hostname: mail.your-domain.com. If your server uses IPv6 address, be sure to add a PTR record for your IPv6 address as well.

To edit the reverse DNS record for your Vultr server, log into Vultr control panel, select your server and the settings tab. Then you can edit the reverse DNS record for both IPv4 and IPv6 address.

modoboa mail server PTR record

SPF Record

SPF (Sender Policy Framework) record specifies which hosts or IP address are allowed to send emails on behalf of a domain. You should allow only your own email server or your ISP’s server to send emails for your domain. In your DNS management interface, create a new TXT record like below.

modoboa spf record

Explanation:

  • TXT indicates this is a TXT record.
  • Enter @ in the name field to represent the main domain name.
  • v=spf1 indicates this is a SPF record and the version is SPF1.
  • mx means all hosts listed in the MX records are allowed to send emails for your domain and all other hosts are disallowed.
  • ~all indicates that emails from your domain should only come from hosts specified in the SPF record. Emails that are from other hosts will be flagged as forged.

To check if your SPF record is propagated to the public Internet, you can use the dig utility on your Linux machine like below:

dig your-domain.com txt

The txt option tells dig that we only want to query TXT records.

DKIM Record

DKIM (DomainKeys Identified Mail) uses a private key to digitally sign emails sent from your domain. Receiving SMTP servers verify the signature by using the public key, which is published in the DNS DKIM record.

When we were adding domain name in Moboboa admin panel earlier, we enabled DKIM signing, so the signing part is taken care of. The only thing left to do is creating DKIM record in DNS manager. First go to Modoboa admin panel as the admin user and select your domain name. In the DNS section, click Show key button.

modoboa dkim signing

The public key will be revealed. There are two formats. We only need the Bind/named format.

modoboa dkim public key

Go to your DNS manager, create a TXT record, enter modoboa._domainkey in the Name field. (Recall that we used modoboa as the selector when adding domain name in the admin panel.) Copy everything in the parentheses and paste into the value field. Delete all double quotes. Your DNS manager may require you to delete other invalid characters, such as carriage return.

modoboa dkim format

For those who are interested, Modoboa uses OpenDKIM to generate private key for your domainkey and verify signatures of inbound emails.

DMARC Record

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. DMARC can help receiving email servers to identify legitimate emails and prevent your domain name from being used by email spoofing.

To create a DMARC record, go to your DNS manager and add a TXT record. In the name field, enter _dmarc. In the value field, enter the following:

v=DMARC1; p=none; pct=100; rua=mailto:[email protected]

create dmarc record txt

The above DMARC record is a safe starting point. To see the full explanation of DMARC, please check the following article.

Step 9: Testing Email Score and Placement

After creating PTR, SPF, DKIM record, go to https://www.mail-tester.com. You will see a unique email address. Send an email from your domain to this address and then check your score. As you can see, I got a perfect score.

imporve email server reputation

Mail-tester.com can only show you a sender score. There’s another service called GlockApps that allow you to check if your email is placed in the recipient’s inbox or spam folder, or rejected outright. It supports many popular email providers like Gmail, Outlook, Hotmail, YahooMail, iCloud mail, etc

glockapps email placement test

Auto-Renew Let’s Encrypt TLS Certificate

Modoboa installed the latest version of Let’s Encrypt client (certbot) as /opt/certbot-auto. Let’s Encrypt TLS certificate is valid for 90 days. To automatically renew the certificate, edit root user’s crontab file.

sudo crontab -e

Add the following line at the end of this file.

@daily /opt/certbot-auto renew -q && systemctl reload nginx postfix dovecot

Save and close the file. This tells Cron to run the certbot renew command every day. If the certificate has 30 days left, certbot will renew it. It’s necessary to reload Nginx web server, Postfix SMTP server and Dovecot IMAP server so they can pick up the new certificate.

Enabling SMTPS Port 465

If you are going to use Microsoft Outlook client, then you need to enable SMTPS port 465 in Postfix SMTP server.

(Optional) Set Up Autodiscover and AutoConfig to Automate Mail Client Configuration

Autodiscover and AutoConfig make it easy to configure a desktop or mobile mail client. The end user just need to enter a name, email address and password to set up his/her mail account, without having to enter the SMTP or IMAP server details. Autodiscover is supported by Microsoft Outlook mail client and AutoConfig is supported by Mozilla Thunderbird mail client.

Modoboa uses AutoMX to implement this feature on your mail server. All we need to do now is add CNAME records in DNS. In your DNS manager, create two CNAME records.

autoconfig.yourdomain.com       CNAME         mail.yourdomain.com
autodiscover.yourdomain.com     CNAME         mail.yourdomain.com

Go to the Domains tab in your Modoboa admin panel, if the autoconfig is in green, that means your CNAME records are correct. (Modoboa checks DNS records for your mail server every 30 minutes, so you might need to wait some time for autoconfig to turn green.)

modoboa automx

Once the CNAME records are propagated to Internet, you don’t have to enter the SMTP or IMAP server details when setting up mail account in Microsoft Outlook and Mozilla Thunderbird.

Host Multiple Domains in Modoboa

See the following article:

Wrapping Up

I hope this tutorial helped you set up a mail server on Debian 9 Stretch with Modoboa. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial
[Total: 2 Average: 4.5]

report this ad

28 Responses to “How to Quickly Set Up a Mail Server on Debian 9 Stretch with Modoboa

  • John Long
    20 hours ago

    Please i am getting error with my domain. DNS and A record.

    do i need a nameserver for my domain or do i need to host the domain first? please help

    • You can use your domain’s registrar’s name server and you can create DNS record at your domain registar’s website.

      You don’t need to host a website before setting up mail server.

      • John Long
        20 hours ago

        I did everything. the installation was successful. but my domain is not connecting even after creating the DNS and A record. here is my domain name. NETEASEACCOUNTS.COM. I tried to ping the domain name and it said host could not be found. i tried running –debug and i got the below error.

        http-01 challenge for mail.neteaseaccounts.com
        Waiting for verification…
        Challenge failed for domain mail.neteaseaccounts.com
        http-01 challenge for mail.neteaseaccounts.com
        Cleaning up challenges
        Some challenges have failed.

        IMPORTANT NOTES:
        – The following errors were reported by the server:

        Domain: mail.neteaseaccounts.com
        Type: connection
        Detail: dns :: DNS problem: NXDOMAIN looking up A for
        mail.neteaseaccounts.com

        To fix these errors, please make sure that your domain name was
        entered correctly and the DNS A/AAAA record(s) for that domain
        contain(s) the right IP address. Additionally, please check that
        your computer has a publicly routable IP address and that no
        firewalls are preventing the server from communicating with the
        client. If you’re using the webroot plugin, you should also verify
        that you are serving files from the webroot path you provided.
        Can’t open /etc/letsencrypt/renewal/mail.neteaseaccounts.com.conf: No such file or directory.

    • I see you are using NameCheap’s name server, but I didn’t find the MX record for neteaseaccounts.com and the A record for mail.neteaseaccounts.com.

      Create the two records in your NameCheap account.

      Maybe you should wait some time after creating DNS records, because it can take some time for the DNS records to be propagated to the Internet.

    • Use dig command to check your MX record.

      dig MX neteaseaccounts.com

      Check your A record.

      dig A mail.neteaseaccounts.com
    • I see there’s A record for neteaseaccounts.com, but there’s no A record for mail.neteaseaccounts.com.

      • John Long
        19 hours ago

        How do i set up a record for mail.neteaseaccounts.com?

        my imput on namecheap is
        @ IP

      • John Long
        19 hours ago

        AND I USED https://www.whatsmydns.net/#MX/NETEASEACCOUNTS.COM to check my MX and A record both are pointing to my server.

      • John Long
        19 hours ago

        I did everything both the A / MX record and still the login page is not coming up it showing below error on my browser. is there something im doing wrong?

        This site can’t be reached mail.neteaseaccounts.com’s server IP address could not be found.
        Try running Windows Network Diagnostics.
        DNS_PROBE_FINISHED_NXDOMAIN

    • Replace

      @ IP

      with

      mail IP
    • I see there’s A record for mail.neteaseaccounts.com now.

      You should now run the following command to complete the Modoboa installation.

      sudo ./run.py --interactive neteaseaccounts.com
      • John Long
        18 hours ago

        Thank you so much. its working now. another question bro. I am trying to build my own mass mailer application that works on windows, a .exe software that send up to 3k mails in less than 2seconds. is there a tutorial you can direct me to. i would really appreciate. thanks again.

      • John Long
        17 hours ago

        My smtp on port 587 is not working. i tried using it on third party app but its not connecting and its showing error.

    • I don’t teach people how to install something on Windows. This is a Linux blog.

    • Check if you can login from a desktop mail client.

      • John Long
        15 hours ago

        I tried connecting it with desktop mail client mozilla thunderbird and its not connecting. so i need to set anything from the admin?

      • John Long
        15 hours ago

        Hi bro, still having issue connecting with thunderbird

    • Maybe you have enabled a firewall, and you need to open port 587. Also open the IMAP port 143 and 993.

      • John Long
        14 hours ago

        I can send directly from the web, but not connecting with other mail client. i also tried to ping the smtp but failed to connect as well. please how can i enable the port? is it from my server terminal or my hosting panel?

    • Are you running Modoboa on a clean install of Debian 9 OS?

    • By default, a clean Debian 9 OS does not enable firewall. So you may need to find if there’s any firewall settings in your hosting panel.

      Also, check the mail log (/var/log/mail.log), which may give you some clue.

      • John Long
        3 hours ago

        Hi bro this is the error message im getting from the mail.log

        No DNS record found for autodiscover.neteaseaccounts.com

    • Autodiscover and AutoConfig make it easy to configure a desktop or mobile mail client, but it’s not mandatory.

      If you want to enable them, simply create two CNAME records in your DNS manager.

      autoconfig.yourdomain.com    CNAME         mail.yourdomain.com
      autodiscover.yourdomain.com     CNAME         mail.yourdomain.com

      It’s optional.

      You can use the nmap command from another Linux box to scan your email server’s open port to see if port 587, 143 and 993 is open.

      sudo apt install nmap
      sudo nmap mail.yourdomain.com

      If the ports are open but you still can’t login, you might as well start it over, because running the run.py scipt multiple times can corrupt some files. It’s not a big task to reinstall Debian 9 and Modoboa.

      • John Long
        1 hour ago

        Thanks a lot bro. its working now. one more question please. is there any app on linux for sending bulk messages?

    • I’m currently using Mailtrain to send newsletters/bulk emails. You can check out the following article. (It’s written for Ubuntu 18.04, but most of the commands works on Debian 9.)

      How to Install Mailtrain on Ubuntu 18.04 without docker

      • John Long
        57 mins ago

        Alright thank. I will check that out. one last thing. which hosting company is the best for sending bulk messages to office 365 users without being blacklist after sending less than 100 messages.

        thanks for your help.

    • By office 365 you mean Exchange mail server users? I’m using Linode VPS to send bulk messages and I don’t see my IP address being blacklisted by Exchange mail servers. You mileage may vary.

      It’s important that you follow bulk email sending best practices, which you can find on Gmail, Yahoo, outlook’s postmaster guideline.

      Or you can use SMTP relay.

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • If my answer helped you, please consider supporting this site. Thanks :)