How to Quickly Set up a Mail Server on Ubuntu 18.04 with Modoboa

This tutorial is going to show you how to quickly set up your own email server on Ubuntu 18.04 with Modoboa, which is a free and open source mail hosting and management platform designed to work with Postfix SMTP server and Dovecot IMAP/POP3 server.

Modoboa is written in Python, released under the terms of ISC license. The latest version is v1.12.2, released on October 19, 2018. Main features of Modoboa are as follows:

  • Compatible with Postfix and Dovecot.
  • Support MySQL/MariaDB, or PostgreSQL database.
  • Includes a webmail client and web-based admin panel.
  • Modoboa uses Nginx web server.
  • It can help you protect your domain reputation by monitoring email blacklists and generating DMARC report, so your emails have better chance to land in inbox instead of spam folder.
  • Includes amavis frontend to block spam and detect virus in email.
  • Calendar and address book.
  • Integration with Let’s Encrypt.

Prerequisites

To set up a complete email server with Modoboa, you need a server with at least 2GB RAM. After the installation, your server will use more than 1GB of RAM. This tutorial is done on a $10/month Linode VPS (virtual private server). I recommend Linode because it doesn’t block port 25. Other VPS providers like DigitalOcean blocks port 25 and you will need to set up SMTP relay, which can cost you additional money. Once you have a VPS, install Ubuntu on it and follow the instructions below. You also need to have a domain name. I registered my domain name from NameCheap because the price is low and they give whois privacy protection free for life.

It is recommended that you follow the instructions below on a clean install of Ubuntu 18.04 system.

Also, make sure your server IP address isn’t listed in any email blacklist. You can go to mxtoolbox.com and dnsbl.info to check your server IP address. If it’s in a blacklist, you can delete your VPS instance in Linode and create a new one. As Linode uses an hourly billing model, you won’t be charged by month, but by how many hours you used, which makes it convenient to delete a VPS instance at any time.

Step 1: Creating DNS MX Record

The MX record specifies which host or hosts handle emails for a particular domain name. For example, the host that handles emails for linuxbabe.com is mail.linuxbabe.com. If someone with a Gmail account sends an email to [email protected], then Gmail server will query the MX record of linuxbabe.com. When it finds out that mail.linuxbabe.com is responsible for accepting email, it then query the A record of mail.linuxbabe.com to get the IP address, thus the email can be delivered.

In your DNS manager, create a MX record for your domain name. Enter @ in the Name field to represent the main domain name, then enter mail.your-domain.com in the Value field.

modoboa web interface

Note: The hostname for MX record can not be an alias to another name. Also, It’s highly recommended that you use hostnames, rather than bare IP addresses for MX record.

Your DNS manager may require you to enter a preference value (aka priority value). It can be any number between 0 and 65,356. A small number has higher priority than a big number. You can enter 0 for your email server, or accept the default value. After creating MX record, you also need to create an A record for mail.your-domain.com , so that it can be resolved to an IP address. If your server uses IPv6 address, be sure to add AAAA record.

Step 2: Set up Mail Server on Ubuntu 18.04 with Modoboa Installer

SSH into your server, then update software packages.

sudo apt update

sudo apt upgrade

Download modoboa installer from Github.

git clone https://github.com/modoboa/modoboa-installer

Modoboa is written in Python. Run the following command to install the necessary Python software.

sudo apt-get install python-virtualenv python-pip

Then navigate to the modoboa-installer directory and create a configuration file. Replace example.com with your own domain name.

cd modoboa-installer

sudo ./run.py --stop-after-configfile-check example.com

modoboa mail server

Edit the configuration file installer.cfg with a command line text editor like nano.

sudo nano installer.cfg

To obtain a valid TLS certificate from Let’s Encrypt for your mail server, in [certificate] section, change the value of type from self-signed to letsencrypt.

type = letsencrypt

And change the email address from [email protected] to your real email address, which will be used for account recovery and important notifications.

modoboa installer

Save and close the file. Now run the following command to start the installation.

sudo ./run.py --interactive example.com

install modoboa ubuntu

The installation process can take a while. It took 20 minutes on my server. After Modoboa finishes installation, you can log into the admin panel with username admin and password password.

modoboa mail server ubuntu 18.04

Once you are logged in, you should go to Admin -> Settings -> Profile to change the password.

modoboa install

Step 3: Adding Mailboxes in Modoboa Admin Panel

Go to Domains tab and click Add button to add a new domain.

modoboa review

Then enter your main domain name in the Name field. It is highly recommended that you enable DKIM signing, which can help with your domain reputation. In Key selector filed, you can enter a random word like modoboa.  Choose 2048 as the key length.

adding domain name in modoboa

In the next screen, you can choose to create an admin account for your domain. The SMTP protocol requires that a mail server should have a [email protected] address.

modoboa postmaster account

Click the Submit button and your domain name will be added in Modoboa.

To add email addresses, go to Domains tab and click your domain name.

add mailboxes in modoboa

Then click mailboxes.

adding email addresses in modoboa

Click Add button and choose Account.

modoboa alias

Then choose Simple user as the role. Enter an email address in Username field and enter a password.

qucikly set up an email server modoboa

In the next screen, you can optionally create an alias for this email address.

create alias in modoboa

After clicking the submit button, the email address is created.

Step 4: Sending Test Emails

To login to the webmail, you need to log out the admin account first and then enter the user credentials.

modoboa login

Once you are logged into Modoboa webmail, you can send a test email from your private email server to your other email address and vice versa.

modoboa webmail

Inbound emails will be delayed for a few minutes, because by default Modoboa enables greylisting, which tells other sending SMTP server to try again in a few minutes. This is useful to block spam. The following message in /var/log/mail.log indicates greylisting is enabled.

postfix/postscreen[20995]: NOQUEUE: reject: RCPT from [34.209.113.130]:36980: 450 4.3.2 Service currently unavailable;
If your hosting provider or ISP blocks port 25, then you can’t send emails directly. You can set up SMTP relay to solve this problem.

The following message in /var/log/mail.log indicates port 25 is blocked.

Nov 3 10:43:43 mail postfix/smtp[9969]: connect to gmail-smtp-in.l.google.com[74.125.200.27]:25: Connection timed out
Nov 3 10:44:13 mail postfix/smtp[9969]: connect to gmail-smtp-in.l.google.com[2404:6800:4003:c03::1b]:25: Connection timed out

Step 5: Using Mail Clients on Your Computer or Mobile Device

Fire up your desktop email client such as Mozilla Thunderbird and add a mail account.

  • In the incoming server section, select IMAP protocol, enter mail.your-domain.com as the server name, choose port 993 and SSL/TLS. Choose normal password as the authentication method.
  • In the outgoing section, select SMTP protocol, enter mail.your-domain.com as the server name, choose port 587 and STARTTLS. Choose normal password as the authentication method.

modoboa mail server desktop mail client configuration

You can also use IMAP on port 143 with STARTTLS encryption.

Step 6: Improving Your Email Server Reputation

To prevent your emails from being flagged as spam, you should set PTR, SPF, DKIM and DMARC records.

PTR record

A pointer record, or PTR record, maps an IP address to a FQDN (fully qualified domain name). It’s the counterpart to the A record and is used for reverse DNS lookup, which can help with blocking spammers. Many SMTP servers reject emails if no PTR record is found for the sending server.

To check the PTR record for an IP address, run this command:

dig -x IP-address +short

or

host IP-address

Because you get IP address from your hosting provider or ISP, not from your domain registrar, so you must set PTR record for your IP in the control panel of your hosting provider or ask your ISP.  Its value should be your mail server’s hostname: mail.your-domain.com. If your server uses IPv6 address, be sure to add a PTR record for your IPv6 address as well.

SPF Record

SPF (Sender Policy Framework) record specifies which hosts or IP address are allowed to send emails on behalf of a domain. You should allow only your own email server or your ISP’s server to send emails for your domain. In your DNS management interface, create a new TXT record like below.

modoboa spf record

Explanation:

  • TXT indicates this is a TXT record.
  • Enter @ in the name field to represent the main domain name.
  • v=spf1 indicates this is a SPF record and the version is SPF1.
  • mx means all hosts listed in the MX records are allowed to send emails for your domain and all other hosts are disallowed.
  • ~all indicates that emails from your domain should only come from hosts specified in the SPF record. Emails that are from other hosts will be flagged as forged.

To check if your SPF record is propagated to the public Internet, you can use the dig utility on your Linux machine like below:

dig your-domain.com txt

The txt option tells dig that we only want to query TXT records.

DKIM Record

DKIM (DomainKeys Identified Mail) uses a private key to digitally sign emails sent from your domain. Receiving SMTP servers verify the signature by using the public key, which is published in the DNS DKIM record.

When we were adding domain name in Moboboa admin panel earlier, we enabled DKIM signing, so the signing part is taken care of. The only thing left to do is creating DKIM record in DNS manager. First go to Modoboa admin panel and select your domain name. In the DNS section, click Show key button.

modoboa dkim signing

The public key will be revealed. There are two formats. We only need the Bind/named format.

modoboa dkim public key

Go to your DNS manager, create a TXT record, enter modoboa._domainkey in the Name field. (Recall that we used modoboa as the selector when adding domain name in the admin panel.) Copy everything in the parentheses and paste into the value field. Delete all double quotes. Your DNS manager may require you to delete other invalid characters, such as carriage return.

modoboa dkim format

For those who are interested, Modoboa uses OpenDKIM to generate private key for your domainkey and verify signatures of inbound emails.

DMARC Record

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. DMARC can help receiving email servers to identify legitimate emails and prevent your domain name from being used by email spoofing.

To create a DMARC record, go to your DNS manager and add a TXT record. In the name field, enter _dmarc. In the value field, enter the following:

v=DMARC1; p=none; pct=100; rua=mailto:[email protected]

create dmarc record txt

The above DMARC record is a safe starting point. To see the full explanation of DMARC, please check the following article.

Step 7: Testing Email Score and Placement

After creating PTR, SPF, DKIM record, go to https://www.mail-tester.com. You will see a unique email address. Send an email from your domain to this address and then check your score. As you can see, I got a perfect score.

imporve email server reputation

Mail-tester.com can only show you a sender score. There’s another service called GlockApps that allow you to check if your email is placed in the recipient’s inbox or spam folder, or rejected outright. It supports many popular email providers like Gmail, Outlook, Hotmail, YahooMail, iCloud mail, etc

glockapps email placement test

Auto-Renew Let’s Encrypt TLS Certificate

Modoboa installed the latest version of Let’s Encrypt client (certbot) as /opt/certbot-auto. You can find the location of certbot binary by executing the following command.

sudo find / -name "*certbot*"

Let’s Encrypt TLS certificate is valid for 90 days. To automatically renew the certificate, edit root user’s crontab file.

sudo crontab -e

Add the following line at the end of this file.

@daily /opt/certbot-auto renew -q && systemctl reload nginx && systemctl reload postfix && systemctl reload dovecot

Save and close the file. This tells Cron to run the certbot renew command every day. If the certificate has 30 days left, certbot will renew it. It’s necessary to reload Nginx web server, Postfix SMTP server and Dovecot IMAP server so they can pick up the new certificate.

Host Multiple Domains in Modoboa

See the following article:

Setting Up Backup Mail Server

Your primary mail server could be down sometimes. If you host your mail server in a data center, then the downtime is very minimal, so you shouldn’t be worried about losing inbound emails. If you host your mail server at home, the downtime can’t be predicted so it’s a good practice for you to run a backup mail server in a data center to prevent losing inbound emails. The backup mail server needs just 512MB RAM to run. Please check the full detail in the following article.

I hope this tutorial helped you set up a mail server on Ubuntu 18.04 with Modoboa. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial
[Total: 11 Average: 4.9]

54 Responses to “How to Quickly Set up a Mail Server on Ubuntu 18.04 with Modoboa

  • Mysterion
    3 months ago

    Thanks! Worked like a charm!

  • Thank you for very clear and concise tutorials! This is a very complex topic and you have a way of making it much more accessible. I would like to create a mail server on a virtual machine that I will create running 18.04 and I recently found your tutorial that I have been studying on using iRedMail on 16.04 (which I am sure would work on 18.04). What is your opinion on the comparison between Modoboa & iRedMail?

    • Yes, iRedMail works on Ubuntu 18.04 too.

      Both Modoboa and iRedMail make it easy to set up your own email server and host multiple mail domains on a single server.

      Modoboa is more easy to set up, because it has predefined configurations in the installer.cfg file and it integrates with Let’s Encrypt. So you have less work to do compared to iRedMail. If you are lazy, choose Modoboa.

      Other than that, they are very similar.

  • That is very helpful, thank you!

  • Thanks for your great efforts.
    Did you ever experience issues establishing SSL with imap?

  • Correct – but there seems to be an cert issue regarding imap. So that I have to manually trust it in a mail client. Ever seen this one before and solved it without a reinstallation?

  • I tested Modoboa on two servers node – and your guide runs smooth on a fresh install.

    But that’s the thing.
    I tried to establish Let’s encrypt on an install that was setup on open ssl.
    Somehow 993 would still not be trusted though SMTP runs fine.

    I just was keen if you did find a way around the fresh install.

    • Sorry, but I don’t quite understand your situation.

      Are you saying Let’s Encrypt certificate is not trusted by mail client? Or you didn’t choose Let’s Encrypt in the installer.cfg file and now you want to install Let’s Encrypt certificate?

  • The later: I didn’t choose Let’s Encrypt in the installer.cfg file and now I want to install Let’s Encrypt certificate.

    • Please run the following command to install Let’s Encrypt client software (certbot).

      sudo add-apt-repository ppa:certbot/certbot
      sudo apt update
      sudo apt install certbot python3-cerbot-nginx

      Then obtain and install a TLS certificate with the following command.

      sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d mail.your-domain.com

      Then edit Postfix configuration file.

      sudo nano /etc/postfix/main.cf

      Find the following two directives.

      smtpd_tls_cert_file=
      smtpd_tls_key_file=

      Add your certificate and private key.

      smtpd_tls_cert_file=/etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
      smtpd_tls_key_file=/etc/letsencrypt/live/mail.your-domain.com/privkey.pem

      Save and close the file. Then edit Dovecot TLS configuration file.

       sudo nano /etc/dovecot/conf.d/10-ssl.conf

      Find the following two directives.

      ssl_cert = 
      ssl_key = 

      Add your certificate and private key.

      ssl_cert = </etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
      ssl_key = </etc/letsencrypt/live/mail.your-domain.com/privkey.pem

      Save and close the file. Now reload Nginx, Postfix and Dovecot.

      sudo systemctl reload nginx postfix dovecot
  • That did it! – I somehow had dovecot pointing to the wrong directory.
    Thanks for your efforts Xiao Guo-An!

  • I’m having problems installing it a clean version of Ubuntu 18.04. It just stops during the installation of components right after installing modoboa. Any suggestions?

    Installing amavis
    Installing spamassassin
    Installing razor
    Installing clamav
    Installing modoboa

    [email protected]:~/modoboa-installer#

  • ihasaface
    4 weeks ago

    I followed step by step, but when it first asks me to go to mail.mydomain.com to login to modoboa, I only get a server not found error. Please help.

    • Perhaps a firewall is preventing access to port 80 or 443.

      • Ihasaface
        4 weeks ago

        No firewall, but I have ports 80 and 443 forwareded to my website server, on another IP address.

    • That’s the problem. The mail server needs its own web server and should be accessible from port 80 and 443.

    • Looks like you are setting up the mail server on your home network?

      • Ihasaface
        4 weeks ago

        Correct, I have a dedicated server which I already have a website actively hosted on, and I’m trying to get email going as well, with no success.

    • You need to set up a rule in your router that forward request to the IP address of the mail server if the request is meant for mail.your-domain.com.

      • Ihasaface
        4 weeks ago

        I already have ports 80 and 443 sent to my website server- can I somehow forward them to both servers?

    • If your router doesn’t have this capability, you can set up a reverse proxy on your website server. HAProxy is an open-source reverse proxy software that can redirect HTTP/HTTPS requests to different IP addresses by inspecting the domain name in HTTP header. Your router configuration stay the same.

      • ihasaface
        4 weeks ago

        So I did this install on the same server as my website, and I still can’t get past the part where I’m supposed to be able to get to a URL.

    • What does the browser say?

  • Ihasaface
    4 weeks ago

    Says the site cannot be reached

  • Ihasaface
    4 weeks ago

    I did and it is there… I do not understand this. Maybe I need to contact GoDaddy?

    • Yes, contact GoDaddy.

      • Ihasaface
        4 weeks ago

        Will do, thank you so much for your time. I’ll probably end up buying bugging you again after I talk to them!

    • Note that you need to create A record for both lexingtonitsolutions.com and mail.lexingtonitsolutions.com.

      • ihasaface
        3 weeks ago

        Looks like the A record is squared away, but it only brings me to my homepage for the website, while maintaining the mail.lexingtonitsolutions.com URL.

    • I see your lexingtonitsolutions.com website is using Apache web server. Modoboa installs Nginx web server, so the Nginx web server fails to start if Apache is already running on your server.

      One solution is to use Nginx instead of Apache for your lexingtonitsolutions.com website. It’s easy to create a Nginx virtual host for your WordPress site. Please see step 4 of this article: How to Install WordPress on Ubuntu 17.10 with Nginx, MariaDB, PHP7.1 (LEMP). When creating the virtual host file, just replace the domain name, the web root directory and the PHP socket file name.

      After that, stop Apache and restart Nginx.

      sudo systemctl stop apache2
      sudo systemctl disable apach2
      sudo systemctl start nginx

      You also need to enable HTTPS on the WordPress website. See this article: How to Properly Enable HTTPS on Nginx with Let’s Encrypt on Ubuntu 16.04/17.10

      • Ihasaface
        3 weeks ago

        I’d really rather not risk moving my website to the new server application… Is there any way to get an email server going with Apache?

    • Yes, there are other ways.

      1.) Use Apache instead of Nginx as a reverse proxy to the back end Modoboa web app.
      2.) Use HAProxy as a reverse proxy to your WordPress site and the Modoboa web app.

      The details of which warrants another article.

  • ihasaface
    3 weeks ago

    Me again!
    So I started a fresh VM, forwarded all the ports to it, and was successful to the point of making my email address, and being able to successfully send an email. However, I cannot receive any. When I send an email from my gmail account, i receive the error:

    550 5.1.1 Recipient address rejected: undeliverable address: unknown user: “info”

    I’m so close! What is this, been at it for hours.

  • Lyuben
    7 days ago

    Starting…
    Overwrite the existing SSL certificate? (y/N) y
    Generating new self-signed certificate
    Installing amavis
    Amavis is not installed

    my installation stops on first package Amavis ? why is that

  • Dan Gibson
    3 days ago

    Followed your instructions verbatim… didn’t work 🙁

    • Dan Gibson
      3 days ago

      It would have been helpful to know about Apache vs. NGinX! I have an Apache server running and didn’t know (until I started reading through the comments) that the crap ran on NGINX!

  • Hi friend

    How to connect my domain to mail server in namecheap ?
    I have domain name in NameCheap and i have cloudflare account!

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • If my answer helped you, please consider supporting this site. Thanks :)