How to Quickly Set up a Mail Server on Ubuntu 18.04 with Modoboa

This tutorial is going to show you how to quickly set up your own email server on Ubuntu 18.04 with Modoboa, which is a free and open source mail hosting and management platform designed to work with Postfix SMTP server and Dovecot IMAP/POP3 server.

Modoboa is written in Python, released under the terms of ISC license. The latest version is v1.12.2, released on October 19, 2018. Main features of Modoboa are as follows:

  • Compatible with Postfix and Dovecot.
  • Support MySQL/MariaDB, or PostgreSQL database.
  • Includes a webmail client and web-based admin panel.
  • It can help you protect your domain reputation by monitoring email blacklists and generating DMARC report, so your emails have better chance to land in inbox instead of spam folder.
  • Includes amavis frontend to block spam and detect virus in email.
  • Calendar and address book.
  • Integration with Let’s Encrypt.

Prerequisites

To set up a complete email server with Modoboa, you need a server with at least 2GB RAM. After the installation, your server will use more than 1GB of RAM. This tutorial is done on a $10/month Linode VPS (virtual private server). Once you have a VPS, install Ubuntu on it and follow the instructions below. You also need to have a domain name. I registered my domain name from NameCheap because the price is low and they give whois privacy protection free for life.

It is recommended that you follow the instructions below on a clean install of Ubuntu 18.04 system.

Also, make sure your server IP address isn’t listed in any email blacklist. You can go to mxtoolbox.com and dnsbl.info to check your server IP address. If it’s in a blacklist, you can delete your VPS instance in Linode and create a new one. As Linode uses an hourly billing model, you won’t be charged by month, but by how many hours you used, which makes it convenient to delete a VPS instance at any time.

Step 1: Creating DNS MX Record

The MX record specifies which host or hosts handle emails for a particular domain name. For example, the host that handles emails for linuxbabe.com is mail.linuxbabe.com. If someone with a Gmail account sends an email to [email protected], then Gmail server will query the MX record of linuxbabe.com. When it finds out that mail.linuxbabe.com is responsible for accepting email, it then query the A record of mail.linuxbabe.com to get the IP address, thus the email can be delivered.

In your DNS manager, create a MX record for your domain name. Enter @ in the Name field to represent the main domain name, then enter mail.your-domain.com in the Value field.

modoboa web interface

Note: The hostname for MX record can not be an alias to another name. Also, It’s highly recommended that you use hostnames, rather than bare IP addresses for MX record.

Your DNS manager may require you to enter a preference value (aka priority value). It can be any number between 0 and 65,356. A small number has higher priority than a big number. You can enter 0 for your email server, or accept the default value. After creating MX record, you also need to create an A record for mail.your-domain.com , so that it can be resolved to an IP address. If your server uses IPv6 address, be sure to add AAAA record.

Step 2: Set up Mail Server on Ubuntu 18.04 with Modoboa Installer

SSH into your server, then update software packages.

sudo apt update

sudo apt upgrade

Download modoboa installer from Github.

git clone https://github.com/modoboa/modoboa-installer

Modoboa is written in Python. Run the following command to install the necessary Python software.

sudo apt-get install python-virtualenv python-pip

Then navigate to the modoboa-installer directory and create a configuration file. Replace example.com with your own domain name.

cd modoboa-installer

sudo ./run.py --stop-after-configfile-check example.com

modoboa mail server

Edit the configuration file installer.cfg with a command line text editor like nano.

sudo nano installer.cfg

To obtain a valid TLS certificate from Let’s Encrypt for your mail server, in [certificate] section, change the value of type from self-signed to letsencrypt.

type = letsencrypt

And change the email address from [email protected] to your real email address, which will be used for account recovery and important notifications.

modoboa installer

Save and close the file. Now run the following command to start the installation.

sudo ./run.py --interactive example.com

install modoboa ubuntu

The installation process can take a while. It took 20 minutes on my server. After Modoboa finishes installation, you can log into the admin panel with username admin and password password.

modoboa mail server ubuntu 18.04

Once you are logged in, you should go to Admin -> Settings -> Profile to change the password.

modoboa install

Step 3: Adding Mailboxes in Modoboa Admin Panel

Go to Domains tab and click Add button to add a new domain.

modoboa review

Then enter your main domain name in the Name field. It is highly recommended that you enable DKIM signing, which can help with your domain reputation. In Key selector filed, you can enter a random word like modoboa.  Choose 2048 as the key length.

adding domain name in modoboa

In the next screen, you can choose to create an admin account for your domain. The SMTP protocol requires that a mail server should have a [email protected] address.

modoboa postmaster account

Click the Submit button and your domain name will be added in Modoboa.

To add email addresses, go to Domains tab and click your domain name.

add mailboxes in modoboa

Then click mailboxes.

adding email addresses in modoboa

Click Add button and choose Account.

modoboa alias

Then choose Simple user as the role. Enter an email address in Username field and enter a password.

qucikly set up an email server modoboa

In the next screen, you can optionally create an alias for this email address.

create alias in modoboa

After clicking the submit button, the email address is created.

Step 4: Sending Test Emails

To login to the webmail, you need to log out the admin account first and then enter the user credentials.

modoboa login

Once you are logged into Modoboa webmail, you can send a test email from your private email server to your other email address and vice versa.

modoboa webmail

Inbound emails will be delayed for a few minutes, because by default Modoboa enables greylisting, which tells other sending SMTP server to try again in a few minutes. This is useful to block spam. The following message in /var/log/mail.log indicates greylisting is enabled.

postfix/postscreen[20995]: NOQUEUE: reject: RCPT from [34.209.113.130]:36980: 450 4.3.2 Service currently unavailable;
If your hosting provider or ISP blocks port 25, then you can’t send emails directly. You can set up SMTP relay to solve this problem.

The following message in /var/log/mail.log indicates port 25 is blocked.

Nov 3 10:43:43 mail postfix/smtp[9969]: connect to gmail-smtp-in.l.google.com[74.125.200.27]:25: Connection timed out
Nov 3 10:44:13 mail postfix/smtp[9969]: connect to gmail-smtp-in.l.google.com[2404:6800:4003:c03::1b]:25: Connection timed out

Step 5: Using Mail Clients on Your Computer or Mobile Device

Fire up your desktop email client such as Mozilla Thunderbird and add a mail account.

  • In the incoming server section, select IMAP protocol, enter mail.your-domain.com as the server name, choose port 993 and SSL/TLS. Choose normal password as the authentication method.
  • In the outgoing section, select SMTP protocol, enter mail.your-domain.com as the server name, choose port 587 and STARTTLS. Choose normal password as the authentication method.

modoboa mail server desktop mail client configuration

You can also use IMAP on port 143 with STARTTLS encryption.

Step 6: Improving Your Email Server Reputation

To prevent your emails from being flagged as spam, you should set PTR, SPF and DKIM records.

PTR record

A pointer record, or PTR record, maps an IP address to a FQDN (fully qualified domain name). It’s the counterpart to the A record and is used for reverse DNS lookup, which can help with blocking spammers. Many SMTP servers reject emails if no PTR record is found for the sending server.

To check the PTR record for an IP address, run this command:

dig -x IP-address +short

or

host IP-address

Because you get IP address from your hosting provider or ISP, not from your domain registrar, so you must set PTR record for your IP in the control panel of your hosting provider or ask your ISP.  Its value should be your mail server’s hostname: mail.your-domain.com. If your server uses IPv6 address, be sure to add a PTR record for your IPv6 address as well.

SPF Record

SPF (Sender Policy Framework) record specifies which hosts or IP address are allowed to send emails on behalf of a domain. You should allow only your own email server or your ISP’s server to send emails for your domain. In your DNS management interface, create a new TXT record like below.

modoboa spf record

Explanation:

  • TXT indicates this is a TXT record.
  • Enter @ in the name field to represent the main domain name.
  • v=spf1 indicates this is a SPF record and the version is SPF1.
  • mx means all hosts listed in the MX records are allowed to send emails for your domain and all other hosts are disallowed.
  • ~all indicates that emails from your domain should only come from hosts specified in the SPF record. Emails that are from other hosts will be flagged as forged.

To check if your SPF record is propagated to the public Internet, you can use the dig utility on your Linux machine like below:

dig your-domain.com txt

The txt option tells dig that we only want to query TXT records.

DKIM Record

DKIM (DomainKeys Identified Mail) uses a private key to digitally sign emails sent from your domain. Receiving SMTP servers verify the signature by using the public key, which is published in the DNS DKIM record.

When we were adding domain name in Moboboa admin panel earlier, we enabled DKIM signing, so the signing part is taken care of. The only thing left to do is creating DKIM record in DNS manager. First go to Modoboa admin panel and select your domain name. In the DNS section, click Show key button.

modoboa dkim signing

The public key will be revealed. There are two formats. We only need the Bind/named format.

modoboa dkim public key

Go to your DNS manager, create a TXT record, enter modoboa._domainkey in the Name field. (Recall that we used modoboa as the selector when adding domain name in the admin panel.) Copy everything in the parentheses and paste into the value field. Delete all double quotes. Your DNS manager may require you to delete other invalid characters, such as carriage return.

modoboa dkim format

For those who are interested, Modoboa uses OpenDKIM to generate private key for your domainkey and verify signatures of inbound emails.

After creating PTR, SPF, DKIM record, go to https://www.mail-tester.com. You will see a unique email address. Send an email from your domain to this address and then check your score. As you can see, I got a perfect score.

imporve email server reputation

Mail-tester.com can only show you a sender score. There’s a better service called GlockApps that allow you to check if your email is landed in the recipient’s inbox or spam folder, or rejected outright. It supports many popular email providers like Gmail, Outlook, Hotmail, YahooMail, iCloud mail, etc

glockapps email placement test

Auto-Renew Let’s Encrypt TLS Certificate

Modoboa installed the latest version of Let’s Encrypt client (certbot) as /opt/certbot-auto. You can find the location of certbot binary by executing the following command.

sudo find / -name "*certbot*"

Let’s Encrypt TLS certificate is valid for 90 days. To automatically renew the certificate, edit root user’s crontab file.

sudo crontab -e

Add the following line at the end of this file.

@daily /opt/certbot-auto renew -q && systemctl reload nginx && systemctl reload postfix && systemctl reload dovecot

Save and close the file. This tells Cron to run the certbot renew command every day. If the certificate has 30 days left, certbot will renew it. It’s necessary to reload Nginx web server, Postfix SMTP server and Dovecot IMAP server so they can pick up the new certificate.

Host Multiple Domains in Modoboa

See the following article:

I hope this tutorial helped you set up a mail server on Ubuntu 18.04 with Modoboa. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial
[Total: 10 Average: 4.9]

14 Responses to “How to Quickly Set up a Mail Server on Ubuntu 18.04 with Modoboa

  • Mysterion
    2 weeks ago

    Thanks! Worked like a charm!

  • Thank you for very clear and concise tutorials! This is a very complex topic and you have a way of making it much more accessible. I would like to create a mail server on a virtual machine that I will create running 18.04 and I recently found your tutorial that I have been studying on using iRedMail on 16.04 (which I am sure would work on 18.04). What is your opinion on the comparison between Modoboa & iRedMail?

    • Yes, iRedMail works on Ubuntu 18.04 too.

      Both Modoboa and iRedMail make it easy to set up your own email server and host multiple mail domains on a single server.

      Modoboa is more easy to set up, because it has predefined configurations in the installer.cfg file and it integrates with Let’s Encrypt. So you have less work to do compared to iRedMail. If you are lazy, choose Modoboa.

      Other than that, they are very similar.

  • That is very helpful, thank you!

  • Leopold
    1 week ago

    Thanks for your great efforts.
    Did you ever experience issues establishing SSL with imap?

  • Leopold
    1 week ago

    Correct – but there seems to be an cert issue regarding imap. So that I have to manually trust it in a mail client. Ever seen this one before and solved it without a reinstallation?

  • Leopold
    5 days ago

    I tested Modoboa on two servers node – and your guide runs smooth on a fresh install.

    But that’s the thing.
    I tried to establish Let’s encrypt on an install that was setup on open ssl.
    Somehow 993 would still not be trusted though SMTP runs fine.

    I just was keen if you did find a way around the fresh install.

    • Sorry, but I don’t quite understand your situation.

      Are you saying Let’s Encrypt certificate is not trusted by mail client? Or you didn’t choose Let’s Encrypt in the installer.cfg file and now you want to install Let’s Encrypt certificate?

  • Leopold
    5 days ago

    The later: I didn’t choose Let’s Encrypt in the installer.cfg file and now I want to install Let’s Encrypt certificate.

    • Please run the following command to install Let’s Encrypt client software (certbot).

      sudo add-apt-repository ppa:certbot/certbot
      sudo apt update
      sudo apt install certbot python3-cerbot-nginx

      Then obtain and install a TLS certificate with the following command.

      sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d mail.your-domain.com

      Then edit Postfix configuration file.

      sudo nano /etc/postfix/main.cf

      Find the following two directives.

      smtpd_tls_cert_file=
      smtpd_tls_key_file=

      Add your certificate and private key.

      smtpd_tls_cert_file=/etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
      smtpd_tls_key_file=/etc/letsencrypt/live/mail.your-domain.com/privkey.pem

      Save and close the file. Then edit Dovecot TLS configuration file.

       sudo nano /etc/dovecot/conf.d/10-ssl.conf

      Find the following two directives.

      ssl_cert = 
      ssl_key = 

      Add your certificate and private key.

      ssl_cert = </etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
      ssl_key = </etc/letsencrypt/live/mail.your-domain.com/privkey.pem

      Save and close the file. Now reload Nginx, Postfix and Dovecot.

      sudo systemctl reload nginx postfix dovecot
  • Leopold
    4 days ago

    That did it! – I somehow had dovecot pointing to the wrong directory.
    Thanks for your efforts Xiao Guo-An!

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • If my answer helped you, please consider supporting this site. Thanks :)