How to Quickly Set Up a Mail Server on Ubuntu 20.04 with Modoboa
This tutorial is going to show you how to quickly set up your own email server on Ubuntu 20.04 with Modoboa, which is a free and open-source mail hosting and management platform designed to work with Postfix SMTP server and Dovecot IMAP/POP3 server.
Modoboa is written in Python, released under the terms of ISC license. Main features of Modoboa are as follows:
- Modoboa by default uses Nginx web server to serve the webmail client and web-based admin panel.
- Compatible with Postfix and Dovecot.
- Support MySQL/MariaDB, or PostgreSQL database.
- Easily create unlimited mailboxes and unlimited mail domains in a web-based admin panel.
- Easily create email alias in the web-based admin panel.
- The webmail client provides an easy-to-use message filter to help you organize messages to different folders.
- It can help you protect your domain reputation by monitoring email blacklists and generating DMARC reports, so your emails have a better chance to land in the inbox instead of the spam folder.
- Includes amavis frontend to block spam and detect viruses in email.
- Calendar and address book.
- Integration with Let’s Encrypt.
- A policy daemon for Postfix that allows you to define daily sending limits for domains and individual accounts.
- Includes AutoMX to allow end-users to easily configure mail account in a desktop or mobile mail client.
Step 1: Choose the Right Hosting Provider and Buy a Domain Name
To set up a complete email server with Modoboa, you need a server with at least 3GB RAM, because after the installation, your server will use more than 2GB of RAM.
Note: You must install Modoboa on a clean fresh Ubuntu 20.04 server.
This tutorial is done on a $9/month Kamatera VPS (virtual private server) with 1 CPU and 3GB RAM. They offer a 30-day free trial.
Kamatera is a very good option to run a mail server because
- They don’t block port 25, so you can send unlimited emails (transactional email and newsletters) without spending money on SMTP relay service. Kamatera doesn’t have any SMTP limits. You can send a million emails per day.
- The IP address isn’t on any email blacklist. (At least this is true in my case. I chose the Dallas data center.) You definitely don’t want to be listed on the dreaded Microsoft Outlook IP blacklist or the spamrats blacklist. Some blacklists block an entire IP range and you have no way to delist your IP address from this kind of blacklist.
- You can edit PTR record to improve email deliverability.
- They allow you to send newsletters to your email subscribers with no hourly limits or daily limits, whatsoever.
- You can order multiple IP addresses for a single server. This is very useful for folks who need to send a large volume of emails. You can spread email traffic on multiple IP addresses to achieve better email deliverability.
Other VPS providers like DigitalOcean blocks port 25. DigitalOcean would not unblock port 25, so you will need to set up SMTP relay to bypass blocking, which can cost you additional money. If you use Vultr VPS, then port 25 is blocked by default. They can unblock it if you open a support ticket, but they may block it again at any time if they decide your email sending activity is not allowed. Vultr actually may re-block it if you use their servers to send newsletters.
Go to Kamatera website to create an account, then create your server in your account dashboard.
I recommend following the tutorial linked below to properly set up your Linux VPS server on Kamatera.
Once you created a server, Kamatera will send you an email with the server SSH login details. To log into your server, you use an SSH client. If you are using Linux or macOS on your computer, then simply open up a terminal window and run the following command to log into your server. Replace 12.34.56.78 with your server’s IP address.
ssh root@12.34.56.78
You will be asked to enter the password.
You also need a domain name. I registered my domain name from NameCheap because the price is low and they give whois privacy protection free for life.
Step 2: Creating DNS MX Record
The MX record specifies which host or hosts handle emails for a particular domain name. For example, the host that handles emails for linuxbabe.com is mail.linuxbabe.com. If someone with a Gmail account sends an email to [email protected], then Gmail server will query the MX record of linuxbabe.com. When it finds out that mail.linuxbabe.com is responsible for accepting email, it then query the A record of mail.linuxbabe.com to get the IP address, thus the email can be delivered.
In your DNS manager, create a MX record for your domain name. Enter @ in the Name field to represent the main domain name, then enter mail.your-domain.com in the Value field.
Note: The hostname for MX record can not be an alias to another name. Also, It’s highly recommended that you use hostnames, rather than bare IP addresses for MX record.
Your DNS manager may require you to enter a preference value (aka priority value). It can be any number between 0 and 65,356. A small number has higher priority than a big number. You can enter 0 for your email server, or accept the default value.
After creating MX record, you also need to create an A record for mail.your-domain.com , so that it can be resolved to an IP address. If your server uses IPv6 address, be sure to add AAAA record.
Hint: If you use Cloudflare DNS service, you should not enable the proxy feature when creating A record for your mail server. Cloudflare doesn’t support SMTP/IMAP proxy.
Step 3: Set up Mail Server on Ubuntu 20.04 with Modoboa Installer
Log into your server via SSH, then run the following command to update software packages.
sudo apt update; sudo apt upgrade -y
I strongly recommend creating a sudo user for managing your server rather than using the default root user to improve server security. Run the following command to create a user. Replace username with your preferred username.
adduser username
Then add the user to the sudo group.
adduser username sudo
Switch to the new user.
su - username
Download modoboa installer from Github.
git clone https://github.com/modoboa/modoboa-installer
Modoboa is written in Python. Run the following command to install the necessary Python software.
sudo apt-get install python3-virtualenv python3-pip
Then navigate to the modoboa-installer directory and create a configuration file. Replace example.com with your own domain name.
cd modoboa-installer
sudo python3 ./run.py --stop-after-configfile-check example.com
Edit the configuration file installer.cfg with a command-line text editor like Nano.
sudo nano installer.cfg
To obtain a valid TLS certificate from Let’s Encrypt for your mail server, in [certificate] section, change the value of type from self-signed to letsencrypt.
type = letsencrypt
And change the email address from [email protected] to your real email address, which will be used for account recovery and important notifications. You will not be able to obtain and install Let’s Encrypt certificate if you use the default email address.
By default, Modoboa installer will install PostgreSQL database server, as indicated by the following lines in the config file.
[database] engine = postgres host = 127.0.0.1 install = true
If you would like to use MariaDB database server, then change the engine from postgres to mysql. (Modoboa will install MariaDB instead of MySQL.)
Save and close the file. (To save a file in Nano text editor, press Ctrl+O, then press Enter to confirm. To exit, press Ctrl+X.)
Next, you should use a fully-qualified domain name (FQDN) as the hostname for your mail server, such as mail.example.com. Run the following command to set the hostname.
sudo hostnamectl set-hostname mail.example.com
Now we need to verify if the DNS records are propagated to the Internet. Depending on the domain registrar you use, your DNS record might be propagated instantly, or it might take up to 24 hours to propagate. You can go to https://dnsmap.io, enter your mail server’s hostname (mail.example.com) to check DNS propagation.
If your DNS record is propagated, run the following command to start the installation. (Please replace example.com with your main domain name such as linuxbabe.com. Do not use the sub-domain mail.example.com in this command).
sudo python3 ./run.py --interactive example.com
The installation process can take a while. It took 10 minutes on my server. If you see an error during the installation, you can use the --debug option to see more detailed output.
sudo python3 ./run.py --interactive --debug example.com
After Modoboa finishes the installation, you can log into the admin panel with username admin and password password.
- If your browser can’t connect to the admin panel, it could be that Nginx is not running. Start it with
sudo systemctl restart nginx. If it fails to start, runsudo nginx -tto find out what’s wrong. - If you see the internal error message, please use the solution here.
Once you are logged in, you should go to Admin -> Settings -> Profile to change the password.
Failed to Obtain Let’s Encrypt TLS Certificate
If you run the sudo ngixn -t command and get the following error,
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/mail.example.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No suc> nginx: configuration file /etc/nginx/nginx.conf test failed Failed to start A high performance web server and a reverse proxy server
It’s likely that your server failed to obtain a Let’s Encrypt TLS certificate. Run the following command to fix it.
sudo systemctl stop nginx sudo ufw allow http sudo ufw allow https sudo certbot certonly --standalone --agree-tos --redirect --hsts --staple-ocsp -d mail.your-domain.com sudo systemctl restart nginx postfix dovecot
Step 4: Adding Mailboxes in Modoboa Admin Panel
Go to Domains tab and click Add button to add a new domain.
Then enter your main domain name in the Name field. It is highly recommended that you enable DKIM signing, which can help with your domain reputation. In Key selector field, you can enter a random word like modoboa. Choose 2048 as the key length.
In the next screen, you can choose to create an admin account for your domain. The SMTP protocol requires that a mail server should have a [email protected] address.
Click the Submit button and your domain name will be added in Modoboa.
Note that the default admin account created during installation isn’t an email account. To add email addresses, go to Domains tab and click your domain name.
Then click mailboxes.
Click Add button and choose Account.
Then choose Simple user as the role. Enter an email address in Username field and enter a password.
In the next screen, you can optionally create an alias for this email address.
After clicking the submit button, the email address is created.
Step 5: Sending Test Emails
To login to the webmail, you need to log out the admin account first and then enter the user credentials.
Once you are logged into Modoboa webmail, you can send a test email from your private email server to your other email address and vice versa.
Inbound emails will be delayed for a few minutes, because by default Modoboa enables greylisting, which tells other sending SMTP server to try again in a few minutes. This is useful to block spam. The following message in /var/log/mail.log indicates greylisting is enabled.
postfix/postscreen[20995]: NOQUEUE: reject: RCPT from [34.209.113.130]:36980: 450 4.3.2 Service currently unavailable;
However, greylisting can be rather annoying. You can disable it by editing the Postfix main configuration file.
sudo nano /etc/postfix/main.cf
Find the following lines at the end of the file and comment them out. (Add a # character at the beginning of each line.)
postscreen_pipelining_enable = yes postscreen_pipelining_action = enforce postscreen_non_smtp_command_enable = yes postscreen_non_smtp_command_action = enforce postscreen_bare_newline_enable = yes postscreen_bare_newline_action = enforce
Save and close the file. Then restart Postfix for the changes to take effect.
sudo systemctl restart postfix
Now you should be able to receive emails without waiting several minutes.
Adding Swap Space
ClamAV is used to scan viruses in email messages. ClamAV can use a fair amount of RAM. If there’s not enough RAM on your server, ClamAV won’t work properly, which will prevent your mail server from sending emails. You can add a swap file to your server to increase the total RAM on your server. (Note that using swap space on the server will degrade server performance. If you want better performance, you should upgrade the physical RAM instead of using swap space.)
To add swap space on the server, first, use the fallocate command to create a file. For example, create a file named swapfile with 1G capacity in root file system:
sudo fallocate -l 1G /swapfile
Then make sure only root can read and write to it.
sudo chmod 600 /swapfile
Format it to swap:
sudo mkswap /swapfile
Output:
Setting up swapspace version 1, size = 1024 MiB (1073737728 bytes) no label, UUID=0aab5886-4dfb-40d4-920d-fb1115c67433
Enable the swap file
sudo swapon /swapfile
To mount the swap space at system boot time, edit the /etc/fstab file.
sudo nano /etc/fstab
Add the following line at the bottom of this file.
/swapfile swap swap defaults 0 0
Save and close the file. Then reload systemd and restart ClamAV.
sudo systemctl daemon-reload sudo systemctl restart clamav-daemon
Step 6: Checking If Port 25 (outbound) is blocked
Your ISP or hosting provider won’t block incoming connection to port 25 of your server, which means you can receive emails from other mail servers. However, many ISP/hosting providers block outgoing connection to port 25 of other mail servers, which means you can’t send emails.
If your email didn’t arrive at your other email address such as Gmail, then run the following command on your mail server to check if port 25 (outbound) is blocked.
telnet gmail-smtp-in.l.google.com 25
If it’s not blocked, you would see messages like below, which indicates a connection is successfully established. (Hint: Type in quit and press Enter to close the connection.)
Trying 74.125.68.26... Connected to gmail-smtp-in.l.google.com. Escape character is '^]'. 220 mx.google.com ESMTP y22si1641751pll.208 - gsmtp
If port 25 (outbound) is blocked, you would see something like:
Trying 2607:f8b0:400e:c06::1a... Trying 74.125.195.27... telnet: Unable to connect to remote host: Connection timed out
In this case, your Postfix can’t send emails to other SMTP servers. Ask your ISP/hosting provider to open it for you. If they refuse your request, you need to set up SMTP relay to bypass port 25 blocking.
Still Can’t Send Email?
If port 25 (outbound) is not blocked, but you still can’t send emails from your own mail server to your other email address like Gmail, then you should check the mail log (/var/log/mail.log).
sudo nano /var/log/mail.log
For example, some folks might see the following lines in the file.
host gmail-smtp-in.l.google.com[2404:6800:4003:c03::1b] said: 550-5.7.1 [2a0d:7c40:3000:b8b::2] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information
This means your mail server is using IPv6 to send the email, but you didn’t set up IPv6 records. You should go to your DNS manager, set AAAA record for mail.your-domain.com, then you should set PTR record for your IPv6 address, which is discussed in step 8.
Step 7: Using Mail Clients on Your Computer or Mobile Device
Fire up your desktop email client such as Mozilla Thunderbird and add a mail account.
- In the incoming server section, select IMAP protocol, enter
mail.your-domain.comas the server name, choose port 993 and SSL/TLS. Choosenormal passwordas the authentication method. - In the outgoing section, select SMTP protocol, enter
mail.your-domain.comas the server name, choose port 587 and STARTTLS. Choosenormal passwordas the authentication method.
You can also use IMAP on port 143 with STARTTLS encryption.
Step 8: Improving Email Deliverability
To prevent your emails from being flagged as spam, you should set PTR, SPF, DKIM and DMARC records.
PTR record
A pointer record, or PTR record, maps an IP address to a FQDN (fully qualified domain name). It’s the counterpart to the A record and is used for reverse DNS lookup, which can help with blocking spammers. Many SMTP servers reject emails if no PTR record is found for the sending server.
To check the PTR record for an IP address, run this command:
dig -x IP-address +short
or
host IP-address
Because you get IP address from your hosting provider or ISP, not from your domain registrar, so you must set PTR record for your IP in the control panel of your hosting provider or ask your ISP. Its value should be your mail server’s hostname: mail.your-domain.com. If your server uses IPv6 address, be sure to add a PTR record for your IPv6 address as well.
To edit the reverse DNS record for your Kamatera VPS, log into the Kamatera client area, then open a support ticket and tell them to add PTR record for your server IP addresss to point the IP address to mail.your-domain.com. It’s not convenient, you might think, but this is to keep spammers away from the platform, so legitimate email senders like us will have a great IP reputation.
SPF Record
SPF (Sender Policy Framework) record specifies which hosts or IP address are allowed to send emails on behalf of a domain. You should allow only your own email server or your ISP’s server to send emails for your domain. In your DNS management interface, create a new TXT record like below.
Explanation:
- TXT indicates this is a TXT record.
- Enter @ in the name field to represent the main domain name.
- v=spf1 indicates this is a SPF record and the version is SPF1.
- mx means all hosts listed in the MX records are allowed to send emails for your domain and all other hosts are disallowed.
- ~all indicates that emails from your domain should only come from hosts specified in the SPF record. Emails that are from other hosts will be flagged as forged.
To check if your SPF record is propagated to the public Internet, you can use the dig utility on your Linux machine like below:
dig your-domain.com txt
The txt option tells dig that we only want to query TXT records.
DKIM Record
DKIM (DomainKeys Identified Mail) uses a private key to digitally sign emails sent from your domain. Receiving SMTP servers verify the signature by using the public key, which is published in the DNS DKIM record.
When we were adding domain name in Moboboa admin panel earlier, we enabled DKIM signing, so the signing part is taken care of. The only thing left to do is creating DKIM record in DNS manager. First go to Modoboa admin panel and select your domain name. In the DNS section, click Show key button.
The public key will be revealed. There are two formats. We only need the Bind/named format.
Go to your DNS manager, create a TXT record, enter modoboa._domainkey in the Name field. (Recall that we used modoboa as the selector when adding domain name in the admin panel.) Copy everything in the parentheses and paste into the value field. Delete all double quotes. Your DNS manager may require you to delete other invalid characters, such as carriage return.
Note that your DKIM record may need sometime to propagate to the Internet. Depending on the domain registrar you use, your DNS record might be propagated instantly, or it might take up to 24 hours to propagate. You can go to https://www.dmarcanalyzer.com/dkim/dkim-check/, enter modoboa as the selector and enter your domain name to check DKIM record propagation.
DMARC Record
DMARC stands for Domain-based Message Authentication, Reporting and Conformance. DMARC can help receiving email servers to identify legitimate emails and prevent your domain name from being used by email spoofing.
To create a DMARC record, go to your DNS manager and add a TXT record. In the name field, enter _dmarc. In the value field, enter the following:
v=DMARC1; p=none; pct=100; rua=mailto:[email protected]
The above DMARC record is a safe starting point. To see the full explanation of DMARC, please check the following article.
Step 7: Testing Email Score and Placement
After creating PTR, SPF, DKIM record, go to https://www.mail-tester.com. You will see a unique email address. Send an email from your domain to this address and then check your score. As you can see, I got a perfect score.
Mail-tester.com can only show you a sender score. There’s another service called GlockApps that allow you to check if your email is placed in the recipient’s inbox or spam folder, or rejected outright. It supports many popular email providers like Gmail, Outlook, Hotmail, YahooMail, iCloud mail, etc
Email is Rejected by Microsoft Mailbox?
Microsoft uses an internal blacklist that blocks many legitimate IP addresses. If your emails are rejected by Outlook or Hotmail, you need to follow the tutorial linked below to bypass Microsoft Outlook blacklist.
What if Your Emails Are Still Being Marked as Spam?
I have more tips for you in this article: How to stop your emails from being marked as spam. Although it will take some time and effort, your emails will eventually be placed in the inbox after applying these tips.
Auto-Renew Let’s Encrypt TLS Certificate
Let’s Encrypt TLS certificate is valid for 90 days. To automatically renew the certificate, edit root user’s crontab file.
sudo crontab -e
Add the following line at the end of this file.
@daily /usr/bin/certbot renew -q && systemctl reload nginx postfix dovecot
Save and close the file. This tells Cron to run the certbot renew command every day. If the certificate has 30 days left, certbot will renew it. It’s necessary to reload Nginx web server, Postfix SMTP server and Dovecot IMAP server so they can pick up the new certificate.
Enabling SMTPS Port 465
If you are going to use Microsoft Outlook client, then you need to enable SMTPS port 465 in Postfix SMTP server.
Troubleshooting
First, please use a VPS with at least 2GB RAM. Running Modoboa on a 1GB RAM VPS will cause the database, SpamAssassin, or ClamAV to be killed because of out-of-memory problem. If you really want to use a 1GB RAM VPS, you are going to lose incoming emails and have other undesirable outcomes.
If the Modoboa web interface isn’t accessible, like a 502 gateway error, you should check the Nginx logs in /var/log/nginx/ directory to find clues. You may also want to check the mail log /var/log/mail.log.
Check if the various services are running.
systemctl status postfix systemctl status dovecot systemctl status nginx systemctl status mariadb systemctl status clamav-daemon systemctl status amavis systemctl status uwsgi systemctl status supervisor
If you enabled the firewall, you should open the following ports in the firewall.
HTTP port: 80 HTTPS port: 443 SMTP port: 25 Submission port: 587 (and 465 if you are going to use Microsoft Outlook mail client) IMAP port: 143 and 993
If you would like to use the UFW firewall, check my guide here: Getting started with UFW firewall on Debian and Ubuntu.
ClamAV Automatically Shutdown
I found that the clamav-daemon service has a tendency to stop without clear reason even when there’s enough RAM. This will delay emails for 1 minute. We can configure it to automatically restart if it stops via the systemd service unit. Copy the original service unit file to the /etc/systemd/system/ directory.
sudo cp /lib/systemd/system/clamav-daemon.service /etc/systemd/system/clamav-daemon.service
Then edit the service unit file.
sudo nano /etc/systemd/system/clamav-daemon.service
Add the following two lines in the [service] section.
Restart=always RestartSec=3
Like this:
[Service] ExecStart=/usr/sbin/clamd --foreground=true # Reload the database ExecReload=/bin/kill -USR2 $MAINPID StandardOutput=syslog Restart=always RestartSec=3
Save and close the file. Then reload systemd and restart clamav-daemon.service.
sudo systemctl daemon-reload sudo systemctl restart clamav-daemon
Sorry, an internal error has occurred
If you see the internal error message when trying to log into the Modoboa admin panel, then edit the settings.py file.
sudo nano /srv/modoboa/instance/instance/settings.py
Turn on debugging mode.
DEBUG = True
Restart uwsgi for the changes to take effect.
sudo systemctl restart uwsgi
Next, try to log into Modoboa admin panel again. This time you will see the exact internal error. For example, on my mail server it’s
database connection isn't set to UTC
So I need to edit the settings.py file
sudo nano /srv/modoboa/instance/instance/settings.py
and turn off time zone.
USE_TZ = False
Save and close the file. Restart uwsgi for the changes to take effect.
sudo systemctl restart uwsgi
(Optional) Set Up Autodiscover and AutoConfig to Automate Mail Client Configuration
Autodiscover and AutoConfig make it easy to configure a desktop or mobile mail client. The end-user just needs to enter a name, email address and password to set up his/her mail account, without having to enter the SMTP or IMAP server details. Autodiscover is supported by Microsoft Outlook mail client and AutoConfig is supported by Mozilla Thunderbird mail client.
Modoboa uses AutoMX to implement this feature on your mail server. All we need to do now is add CNAME records in DNS. In your DNS manager, create two CNAME records.
autoconfig.yourdomain.com CNAME mail.yourdomain.com autodiscover.yourdomain.com CNAME mail.yourdomain.com
Go to the Domains tab in your Modoboa admin panel, if the autoconfig is in green, that means your CNAME records are correct. (Modoboa checks DNS records for your mail server every 30 minutes, so you might need to wait some time for autoconfig to turn green.)
Once the CNAME records are propagated to the Internet, you don’t have to enter the SMTP or IMAP server details when setting up a mail account in Microsoft Outlook and Mozilla Thunderbird.
Host Multiple Domains in Modoboa
See the following article:
Setting Up Backup Mail Server
Your primary mail server could be down sometimes. If you host your mail server in a data center, then the downtime is very minimal, so you shouldn’t be worried about losing inbound emails. If you host your mail server at home, the downtime can’t be predicted so it’s a good practice for you to run a backup mail server in a data center to prevent losing inbound emails. The backup mail server needs just 512MB RAM to run. Please check the full detail in the following article.
I hope this tutorial helped you set up a mail server on Ubuntu 20.04 with Modoboa. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂
I mentioned this in the article, but I want to say it again: The best practice to run Modoboa is using a clean fresh OS.
Generally speaking, if there’s a script that will install lots of software, it’s a good practice to install it on a clean freash OS. Otherwise, the install script might mess up the existing configurations of your software, making it unusable. Or maybe a component of the softwar stack needs to bind to a port, but it’s already been taken by an existing process on the server, resulting in installation failure.
Unless you are very knowledgeable about every piece of software on the server and can spead lots of time debugging, it’s not recommended to install Modoboa on a server that has other applications running.
I have seen many folks who didn’t follow this advice bork the applications on their servers.
Thank you so much for your work Xiao!!!
BTW, I noticed that you skipped over a part of the MySQL area. You should recommend people who are following your tutorial to change the mysql password to the root user. If they don’t change it, then they won’t be able to easily do it later after the installation because Modoboa generates their own long key that isn’t easy to keep track of.
Also, if a user wants to create another database or add other users because they plan on installing other applications on this same server, they won’t be able to easily access the mysql database since Modoboa won’t allow for root access. So you should include this in the steps to change the root password of the mysql. Anyhow, thanks again for your awesome BLOG! I plan on donating soon! God bless you, brother!
The MariaDB package in Ubuntu repository allows you to use the following command to log into MariaDB server without entering the MariaDB root password.
It seems Modoboa disabled Unix_socket authentication in MaraiDB, so we have to use password authentication.
Well, what I did was installed Modoboa, and then I installed Mautic on top of that. It was then that I realized I couldn’t set up a database or a user for Mautic after installing Modoboa. I couldn’t log in even with ‘mysql -u root’, if that’s what you’re asking. Sometimes I notice that you aren’t always detailed on your posts, but over, I still give you 4.5 stars outta 5 because I’m still able to resolve these little parts that you skip over. But anyhow, thanks again my brother.
Ok, I just reinstalled Modoboa with MariaDB database this time. (I was using PostgreSQL database.)
The default MariaDB root password is specified in the
installer.cfgfile.So you can easily log into MariaDB with:
If you need to change the MariaDB root password, it can also be easily done with:
Right, but even after I found that file and tried to use that password, it still wouldn’t let me access the root user. What I had to do was just re-install from the beginning, then set my own password during the beginning of installation when choosing the database, Let’s Encrypt, etc.. If you set it then, that’s when it’s much easier to continue accessing your MariaDB in the future when you need to do additional databases and users for other applications or for whichever reason. I highly recommend setting your own password early on or during installation.
I just installed Modoboa on a Debian 10 server, using the default MariaDB root password. And I can log into MariaDB without any problem. Don’t know why it failed on you.
Also, after installing Mautic on top of this Modoboa, I am no longer able to receive any email for any of the email accounts that I’ve created in Modoboa. What do you think that I should try to do to fix this? Any ideas on what could be stopping the messages from coming in? I’m still able to send email through Modoboa, but not able to receive after the Mautic installation. Thanks again.
Muatic is an PHP application. I don’t think it would interfere with receving emails. You can always check the mail log file (
/var/log/mail.log) and dovecot log (sudo journalctl -eu dovecot) to troubleshoot mail server problems.Right, and that’s why I wanted to install these two together because I figured that the Mautic’s PHP wouldn’t clash with Modoboa and vice versa.
Here is what’s showing with the amavis log & ClamAV :
root@mail:~# systemctl status amavis ● amavis.service - LSB: Starts amavisd-new mailfilter Loaded: loaded (/etc/init.d/amavis; generated) Active: active (running) since Thu 2020-10-29 15:52:01 UTC; 24min ago Docs: man:systemd-sysv-generator(8) Process: 401005 ExecStart=/etc/init.d/amavis start (code=exited, status=0/SUCCESS) Tasks: 2 (limit: 2345) Memory: 192.4M CGroup: /system.slice/amavis.service ├─401035 /usr/sbin/amavisd-new (master) └─401234 /usr/sbin/amavisd-new (ch1-avail) Oct 29 15:52:01 mail amavis[401035]: Found secondary av scanner ClamAV-clamscan at /usr/bin/cla Oct 29 16:05:13 mail amavis[401234]: (401234-01) (!)connect to /var/run/clamav/clamd.ctl failed Oct 29 16:05:14 mail amavis[401234]: (401234-01) (!)connect to /var/run/clamav/clamd.ctl failed Oct 29 16:05:14 mail amavis[401234]: (401234-01) (!)ClamAV-clamd: All attempts (1) failed conne Oct 29 16:05:20 mail amavis[401234]: (401234-01) (!)connect to /var/run/clamav/clamd.ctl failed Oct 29 16:05:20 mail amavis[401234]: (401234-01) (!)ClamAV-clamd av-scanner FAILED: run_av erro Oct 29 16:05:20 mail amavis[401234]: (401234-01) (!)WARN: all primary virus scanners failed, co Oct 29 16:05:44 mail amavis[401234]: (401234-01) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin Oct 29 16:05:44 mail amavis[401234]: (401234-01) (!!)AV: ALL VIRUS SCANNERS FAILED Oct 29 16:05:44 mail amavis[401234]: (401234-01) Passed UNCHECKED {RelayedOpenRelay}, [127.0.0. lines 1-21/21 (END)Any idea if this is part of the problem?
It’s probabaly because your server is running out of RAM and ClamAV is killed. To check ClamAV status:
You can add swap space on your server, but if you need better performance, upgrade the phsycial RAM.
Amavis and ClamAV use about 1.3GB RAM. If your server doesn’t have enough RAM, you might not be able to receive emails. If you don’t need AntiVirus on your mail server, you can disable Amavis and ClamAV. This will save you 1.3GB RAM.
Edit Postfix master configuration file.
Find the following lines in this file and comment them out.
Save and close the file. Then restart Postfix.
Now you can stop Amavis and ClamAV.
And disable auto-start at boot time.
Hi Xiao,
What do you think would be better than running something resource heavy (eating up all my RAM & space) like Modoboa or Zimbra so that I’m not taking up so much space, which costs more money on Digital Ocean?
I was thinking Postfix, Dovecot, & maybe SquirrelMail or Roundcube as my MUA.
I really only wanted an MUA with an Administrator creating business email accounts/users or aliases, to receive email messages and respond through the MUA. But I finally realized that Postfix already created aliases and user accounts, you just need to find a way to display the messages in some MUA. I wouldn’t want to use a terminal to look at and respond to messages (eww!).
So trying to keep the space down on the server, do you think that Postfix, Dovecot & Roundcube would be good enough and sufficient or do you recommend some other MUA? I wasn’t too crazy about iRedMail, especially since it is outdated looking and not mobile responsive.
What do you think would be the most efficient set up to save space, or what would you do in this type of scenario?
BTW, thanks again for your support, my friend!
– Aaron E.
Modoboa uses Postfix SMTP server and Dovecot IMAP/POP server. It doesn’t invent its own wheel if there’s already a tried and true open-source solution.
If you disable Amavis and ClamAV on Modoboa, the RAM usage goes down to about 500MB, and you will get pretty much what you want.
Everything is working as expected, however, any emails sent to an iCloud account from the new mail server are not being delivered. Other email services receive the email no problem.
Any suggestions?
Read the Postmaster information for icloud mail. Basically you need to send an email to the icloud postmaster team to ask for removal of your IP address from the blacklist.
Hi there Xiao!!!
First of all, congrats for the great series that you’ve put up to about modoboa an linux.
I have a request for you.
I’ve followed your tutorial so setting up Modoboa in Ubuntu 19.10, at the time Modoboa’s was at v1.14.0
I would like to update it to the recent version, v1.17.0!
I read the documentation but I found it a bit overwhealming as I’m not familiar with python!
Could you give a little help!
Thanx!!!
Calendars are not working. Just a white screen, no error messages. I can click new calendar and create one but it does not display. I followed this guide exactly and used the modoboa installer on a fresh Ubuntu 20.04 LTS system. I’m not sure what has changed since the last time I installed this but it used to work great and calendars were working. Now for some reason they don’t.
See screenshot showing what my calendars look like. Not sure where to begin looking since it was not a manual install. Google searches for this issue are not coming up with any helpful results either.
Getting some errors when running the installer in debug mode on a fresh Ubuntu 20.04LTS system. I am wondering if this is what is causing the issues with my calendars as mentioned in my previous comment. I’m not sure how to fix this.
Getting requirements to build wheel ... error ERROR: Command errored out with exit status 1: command: /srv/modoboa/env/bin/python3 /srv/modoboa/env/lib/python3.8/site-packages/pip/_vendor/pep517/_in_process.py get_requires_for_build_wheel /tmp/tmp1a8b8a15 cwd: /tmp/pip-install-ediyhhaa/django-braces Complete output (16 lines): Traceback (most recent call last): File "/srv/modoboa/env/lib/python3.8/site-packages/pip/_vendor/pep517/_in_process.py", line 280, in main() File "/srv/modoboa/env/lib/python3.8/site-packages/pip/_vendor/pep517/_in_process.py", line 263, in main json_out['return_val'] = hook(**hook_input['kwargs']) File "/srv/modoboa/env/lib/python3.8/site-packages/pip/_vendor/pep517/_in_process.py", line 114, in get_requires_for_build_wheel return hook(config_settings) File "/tmp/pip-build-env-2jzvjhlr/overlay/lib/python3.8/site-packages/setuptools/build_meta.py", line 149, in get_requires_for_build_wheel return self._get_build_requires( File "/tmp/pip-build-env-2jzvjhlr/overlay/lib/python3.8/site-packages/setuptools/build_meta.py", line 130, in _get_build_requires self.run_setup() File "/tmp/pip-build-env-2jzvjhlr/overlay/lib/python3.8/site-packages/setuptools/build_meta.py", line 145, in run_setup exec(compile(code, __file__, 'exec'), locals()) File "setup.py", line 3, in import braces ModuleNotFoundError: No module named 'braces' ---------------------------------------- ERROR: Command errored out with exit status 1: /srv/modoboa/env/bin/python3 /srv/modoboa/env/lib/python3.8/site-packages/pip/_vendor/pep517/_in_process.py get_requires_for_build_wheel /tmp/tmp1a8b8a15 Check the logs for full command output. ERROR: After October 2020 you may experience errors when installing or updating packages. This is because pip will change the way that it resolves dependency conflicts. We recommend you use --use-feature=2020-resolver to test your packages with the new resolver before it becomes the default. modoboa-radicale 1.5.0 requires caldav==0.7.1, but you'll have caldav 0.6.2 which is incompatible. modoboa-radicale 1.5.0 requires django-filter==2.4.0, but you'll have django-filter 2.2.0 which is incompatible.Looking further into this. It appears that the module django_braces is not installed with the installer. I decided to try and install it using pip3 install django_braces then rerun the modoboa installer. Calendars are now working.
Hi Xiao ! First of all, thank you for this great tutorial.
Got a question for you. I had Modoboa working on my Ubuntu 19.10 Server but I have recently updated it to 20.04 LTS and it broke my Modoboa’s webpanel.
I can still receive and send emails through Thunderbird but when trying to access my https://mail.mydomain.com I got a nginx 502 error.
Checked the error log and this is what it shows:
I got the uwsgi package installed, but directory /run/uwsgi/app/modoboa_instance/socket doesn’t exist anymore.
Got any idea how can I manually create it again ?
Thanks a lot.
Cheers
I want to schedule my e-mail compaign. How to develop mautic or any other mail scheduler along-with this modoboa mail
First, you need to install LEMP stack.
How to Install LEMP Stack on Ubuntu 20.04
Then you need to install Mautic.
Install Mautic Self-Hosted Email Marketing on Ubuntu 20.04
Just a quick question, I’ve got two servers, one running an eshop : www.example.org with apache as a webserver and another one running nginx and modoboa. Is it possible to use the second one to setup a mail server for the first one ?
Do you mean the OXID eShop?
Many web applications provide SMTP settings, which allows the web application to send emails via another SMTP server (such as Modoboa). Check your web application’s documentation to find where’s the SMTP settings.
In the SMTP setting, normally you need to enter
Not that many should need it, but…
Maybe update doc to clearly state this does not enable pop3 or pop3s “out of the box.”
Hi Xiao,
I am confused with the dual IP stack on Ubuntu 20.04 LTS:
– IPv4:
– IPv6:
Any ideas how to synchronize it ?
Please why are my getting the below error ?
Generating new certificate using letsencrypt Installing amavis Traceback (most recent call last): File "./run.py", line 136, in main(sys.argv[1:]) File "./run.py", line 119, in main scripts.install("amavis", config, args.upgrade) File "/root/modoboa-installer/modoboa_installer/scripts/__init__.py", line 22, in install getattr(script, appname.capitalize())(config, upgrade).run() File "/root/modoboa-installer/modoboa_installer/scripts/base.py", line 154, in run self.setup_database() File "/root/modoboa-installer/modoboa_installer/scripts/base.py", line 69, in setup_database self.backend.load_sql_file( File "/root/modoboa-installer/modoboa_installer/database.py", line 139, in load_sql_file self._setup_pgpass(dbname, dbuser, dbpassword) File "/root/modoboa-installer/modoboa_installer/database.py", line 127, in _setup_pgpass pw = pwd.getpwnam(self.dbuser) KeyError: "getpwnam(): name not found: 'postgres'" root@mail:~/modoboa-installer#Best practices for running Modoboa mail server:
1.) Use an LTS release of Ubuntu such as 20.04.
2.) Use a clean fresh Ubuntu 20.04 server.
3.) Make sure your server has at least 2GB RAM.
Hi, I have just started using the product after having used Zimbra for the past couple of years. The installer is very simple, and the configuration is quite easy to follow.
One thing this article did not make clear is that it appears to be reliant on local DNS, or has public DNS configured on the server. With my configuration the mail server (Modoboa) runs behind a firewall with DNAT in place (public IP to private IP).
For anybody running with a similar setup, something that is worth highlighting is the option: modoboa > administration > custom DNS server. I have spent many hours trying to figure out why SPF, DKIM and DMARC would continually show red, even though emails were being received successfully, only to realise it was querying local DNS for this information and failing.
I am having trouble with webmail. It can’t send (or reply). Getting a 500 error on POST but can’t for the life of me track it.
1. Any help on debugging (ubuntu 20)
2. Can we use another webmail like roundcube instead .. and how?
Hi everybody,
which version of Modoboa-installer are you using? Since version 1.15.0 the system has been changed an Ubuntu is not official supported any longer:
I have issues with the NGINX server and with Postfix. Both of those issues are based on changed configurations due distribution upgrade. I have been testing with Debian 10.9 and the latest git clone. It seems not to be possible to clone a certain version.
The docs says “For now, only Debian and CentOS based Linux distributions are supported.” So, Ubuntu is Debian-based and it’s well supported by Modoboa.
Best practice: Use a LTS release of Ubuntu, i.e. Ubuntu 18.04 or 20.04. Don’t upgrade to Ubuntu 20.10 or any other non-LTS releases.
Xiao hello. You wrote great instructions and everything works. I chose modoboa. But here’s the question. Modoboa is installed on ubuntu 20.04. All icons are green. Dkim also. But when sending letters, they are not signed by DKIM. I did according to the instructions https://modoboa.readthedocs.io/en/latest/manual_installation/opendkim.html
But DKIM’s signature in letters did not work. Where to look?
Hi Xiao,
just 2 hints for nginx and dovecot:
/etc/nginx/nginx.conf
Solution: uncomment the line
and increase the value to 64 or better 128
/etc/dovecot/conf.d/10-ssl.conf –> remove or comment out the ssl command from line 41
Would you be willing to add a tutorial on how to upgrade Modoboa server?
Hello,
I have configured according to this tutorial my mail server. It works great but … I can not receive any mails from outlook.com.
An error is
TESTS I DID shows that all is ok :
220 mail.MYDOMAIN.COM ESMTP Posftix
Test Result
SMTP Reverse DNS Mismatch OK – xxx.xxx.xxx.xxx resolves to mail.MYDOMAIN.COM
SMTP Valid Hostname OK – Reverse DNS is a valid Hostname
SMTP Banner Check OK – Reverse DNS matches SMTP Banner
SMTP TLS OK – Supports TLS.
SMTP Connection Time 1.247 seconds – Good on Connection time
SMTP Open Relay OK – Not an open relay.
SMTP Transaction Time 2.139 seconds – Good on Transaction Time
What Can I do to fix this issue ?
Can you tell me what’s your real domain? If you don’t want to show your real domain in public, reply to my email instead of posting it in the comments section.
The hostname
VI1EUR04FT014.eop-eur04.prod.protection.outlook.comdoesn’t have DNS A record. Seems it’s outlook’s fault.Welcome to Modoboa installer! Traceback (most recent call last): File "./run.py", line 138, in main(sys.argv[1:]) File "./run.py", line 84, in main config.read_file(fp) File "/usr/lib/python3.8/configparser.py", line 718, in read_file self._read(f, source) File "/usr/lib/python3.8/configparser.py", line 1082, in _read raise MissingSectionHeaderError(fpname, lineno, line) configparser.MissingSectionHeaderError: File contains no section headers. file: 'installer.cfg', line: 1 ':[general]\n'The above was after running this cmd:
how do i get past it?
You have made a typo or added extra character in the installer.cfg file on line 1.
Hi Xiao
Awesome tutorial, it helped me a lot. However, my mail server was running smoothly for a couple of days when all of a sudden I started getting the error message below…
In addition, I also see this error message
amavis[2471231]: (2471231-05) Blocked MTA-BLOCKED {TempFailedOutbound}, ORIGINATING LOCALHow can I fix this?
Check if your database server is running.
MariaDB
and if it has been killed before.
PostgreSQL
Make sure your server has enough RAM to prevent services from being killed.
I can send emails out, but had trouble receiving emails. Below is the error message:
Installed again with a clean image. The issue went away.
This worked great when I first followed the guide. I’m a big fan by the way, and appreciate your efforts and have followed a number of your guides.
Got some new hardware and it, again installed fine but now my primary server is Apache … I can’t, for the life of me, get this thing to proxy through Apache. One configuration change ends up with “Too many redirects” and another just shows the Nginx default site.
Any suggestions not related to “Just switch to Nginx all the way around” would be appreciated.
First, stop Apache.
Then follow this guide to set up Modoboa, which will install and run Nginx.
Next, follow the guide linked below to configure Apache and Nginx to run on the same server.
Run Apache, Nginx & HAProxy on Same Server (Debian, Ubuntu, CentOS)
I installed as directed, but when I go to my url for the first time nothing happens, then eventually times out
When I ran debut I get this
ANy ideas?
It’s likely that your server failed to obtain a Let’s Encrypt TLS certificate. Run the following command to fix it.
You are so kind to assist me in this matter and for that I truly thank you
I followed your steps. The last step, to restart nginx returned an error
mail.abnportal.com is my fqdn
Any other ideas?
It’s likely that you have made a mistake in step 3.
Run the following command to install Modoboa.
Please replace
example.comwith your main domain name such aslinuxbabe.com. Do not use the sub-domainmail.example.comin this command. The following command is wrong.I recommend reinstalling the operating system on your server and start the Modoboa installation again.
Here is my dns settings in cloudflare
Here is something interesting related to my installation not working from the GUI
When I run the debug option I noticed this:
Not sure how to fix this BTW – This is a new spin up I did using abnmsrvr.com
Your DNS A record is wrong, or your firewall is preventing Let’s Encrypt to access TCP port 80 and 443.
You put a wrong IP address in the DNS A record?
Hi bro
great tutorial everything went great but when i try to login to webmail with user account i get this,
Error: [b'[SERVERBUG] Internal error occurred. Refer to server log for more information. [2022-03-18 19:13:09] (0.001 + 0.000 secs).’]
turned debug on still the same
any help appreciated
Thanks
I need to upgrade my modoboa and my whole server in general.. Mine been working since I followed your 18.04 guide. Although I probably will wait for 21.04 TLS release, I’m assuming the installation will be fairly the same, or will you be making an update once 21.04 is released?
What’s up, I log on to your blogs on a regular basis. Your writing style is witty, keep up the good work!
Write more, that’s all I have to say.
You obviously know what you’re talking about.
This is the right blog for everyone who would like to understand this topic. You understand so much its almost tough to argue with you (not that I really would want to…HaHa). Excellent stuff, just excellent!
Oh my goodness! Incredible article dude! Thank you.