How to Quickly Set Up a Mail Server on Ubuntu 20.04 with Modoboa

This tutorial is going to show you how to quickly set up your own email server on Ubuntu 20.04 with Modoboa, which is a free and open-source mail hosting and management platform designed to work with Postfix SMTP server and Dovecot IMAP/POP3 server.

Modoboa is written in Python, released under the terms of ISC license. Main features of Modoboa are as follows:

  • Modoboa by default uses Nginx web server to serve the webmail client and web-based admin panel.
  • Compatible with Postfix and Dovecot.
  • Support MySQL/MariaDB, or PostgreSQL database.
  • Easily create unlimited mailboxes and unlimited mail domains in a web-based admin panel.
  • Easily create email alias in the web-based admin panel.
  • The webmail client provides an easy-to-use message filter to help you organize messages to different folders.
  • It can help you protect your domain reputation by monitoring email blacklists and generating DMARC reports, so your emails have a better chance to land in the inbox instead of the spam folder.
  • Includes amavis frontend to block spam and detect viruses in email.
  • Calendar and address book.
  • Integration with Let’s Encrypt.
  • A policy daemon for Postfix that allows you to define daily sending limits for domains and individual accounts.
  • Includes AutoMX to allow end-users to easily configure mail account in a desktop or mobile mail client.

Step 1: Choose the Right Hosting Provider and Buy a Domain Name

To set up a complete email server with Modoboa, you need a server with at least 3GB RAM, because after the installation, your server will use more than 2GB of RAM.

Note: You must install Modoboa on a clean fresh Ubuntu 20.04 server.

This tutorial is done on a $9/month Kamatera VPS (virtual private server) with 1 CPU and 3GB RAM. They offer a 30-day free trial.

Kamatera is a very good option to run a mail server because

  • They don’t block port 25, so you can send unlimited emails (transactional email and newsletters) without spending money on SMTP relay service. Kamatera doesn’t have any SMTP limits. You can send a million emails per day.
  • The IP address isn’t on any email blacklist. (At least this is true in my case. I chose the Dallas data center.) You definitely don’t want to be listed on the dreaded Microsoft Outlook IP blacklist or the spamrats blacklist. Some blacklists block an entire IP range and you have no way to delist your IP address from this kind of blacklist.
  • You can edit PTR record to improve email deliverability.
  • They allow you to send newsletters to your email subscribers with no hourly limits or daily limits, whatsoever.
  • You can order multiple IP addresses for a single server. This is very useful for folks who need to send a large volume of emails. You can spread email traffic on multiple IP addresses to achieve better email deliverability.

Other VPS providers like DigitalOcean blocks port 25. DigitalOcean would not unblock port 25, so you will need to set up SMTP relay to bypass blocking, which can cost you additional money. If you use Vultr VPS, then port 25 is blocked by default. They can unblock it if you open a support ticket, but they may block it again at any time if they decide your email sending activity is not allowed. Vultr actually may re-block it if you use their servers to send newsletters.

Go to Kamatera website to create an account, then create your server in your account dashboard.

kamatera server types

I recommend following the tutorial linked below to properly set up your Linux VPS server on Kamatera.

Once you created a server, Kamatera will send you an email with the server SSH login details. To log into your server, you use an SSH client. If you are using Linux or macOS on your computer, then simply open up a terminal window and run the following command to log into your server. Replace with your server’s IP address.

ssh root@

You will be asked to enter the password.

You also need a domain name. I registered my domain name from NameCheap because the price is low and they give whois privacy protection free for life.

Step 2: Creating DNS MX Record

The MX record specifies which host or hosts handle emails for a particular domain name. For example, the host that handles emails for is If someone with a Gmail account sends an email to [email protected], then Gmail server will query the MX record of When it finds out that is responsible for accepting email, it then query the A record of to get the IP address, thus the email can be delivered.

In your DNS manager, create a MX record for your domain name. Enter @ in the Name field to represent the main domain name, then enter in the Value field.

modoboa web interface

Note: The hostname for MX record can not be an alias to another name. Also, It’s highly recommended that you use hostnames, rather than bare IP addresses for MX record.

Your DNS manager may require you to enter a preference value (aka priority value). It can be any number between 0 and 65,356. A small number has higher priority than a big number. You can enter 0 for your email server, or accept the default value.

After creating MX record, you also need to create an A record for , so that it can be resolved to an IP address. If your server uses IPv6 address, be sure to add AAAA record.

Hint: If you use Cloudflare DNS service, you should not enable the proxy feature when creating A record for your mail server. Cloudflare doesn’t support SMTP/IMAP proxy.

Step 3: Set up Mail Server on Ubuntu 20.04 with Modoboa Installer

Log into your server via SSH, then run the following command to update software packages.

sudo apt update; sudo apt upgrade -y

I strongly recommend creating a sudo user for managing your server rather than using the default root user to improve server security. Run the following command to create a user. Replace username with your preferred username.

adduser username

adduser scalahosting

Then add the user to the sudo group.

adduser username sudo

Switch to the new user.

su - username

Download modoboa installer from Github.

git clone

Modoboa is written in Python. Run the following command to install the necessary Python software.

sudo apt-get install python3-virtualenv python3-pip

Then navigate to the modoboa-installer directory and create a configuration file. Replace with your own domain name.

cd modoboa-installer

sudo python3 ./ --stop-after-configfile-check

modoboa installer ubuntu 20.04

Edit the configuration file installer.cfg with a command-line text editor like Nano.

sudo nano installer.cfg

To obtain a valid TLS certificate from Let’s Encrypt for your mail server, in [certificate] section, change the value of type from self-signed to letsencrypt.

type = letsencrypt

And change the email address from [email protected] to your real email address, which will be used for account recovery and important notifications. You will not be able to obtain and install Let’s Encrypt certificate if you use the default email address.


By default, Modoboa installer will install PostgreSQL database server, as indicated by the following lines in the config file.

engine = postgres
host =
install = true

If you would like to use MariaDB database server, then change the engine from postgres to mysql. (Modoboa will install MariaDB instead of MySQL.)

modoboa mariadb database

Save and close the file. (To save a file in Nano text editor, press Ctrl+O, then press Enter to confirm. To exit, press Ctrl+X.)

Next, you should use a fully-qualified domain name (FQDN) as the hostname for your mail server, such as Run the following command to set the hostname.

sudo hostnamectl set-hostname

Now we need to verify if the DNS records are propagated to the Internet. Depending on the domain registrar you use, your DNS record might be propagated instantly, or it might take up to 24 hours to propagate. You can go to, enter your mail server’s hostname ( to check DNS propagation.

If your DNS record is propagated, run the following command to start the installation. (Please replace with your main domain name such as Do not use the sub-domain in this command).

sudo python3 ./ --interactive

install modoboa ubuntu 20.04 python3

The installation process can take a while. It took 10 minutes on my server. If you see an error during the installation, you can use the --debug option to see more detailed output.

sudo python3 ./ --interactive --debug

After Modoboa finishes the installation, you can log into the admin panel with username admin and password password.

  • If your browser can’t connect to the admin panel, it could be that Nginx is not running. Start it with sudo systemctl restart nginx. If it fails to start, run sudo nginx -t to find out what’s wrong.
  • If you see the internal error message, please use the solution here.


Once you are logged in, you should go to Admin -> Settings -> Profile to change the password.

modoboa install

Failed to Obtain Let’s Encrypt TLS Certificate

If you run the sudo ngixn -t command and get the following error,

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No suc>
 nginx: configuration file /etc/nginx/nginx.conf test failed
Failed to start A high performance web server and a reverse proxy server

It’s likely that your server failed to obtain a Let’s Encrypt TLS certificate. Run the following command to fix it.

sudo systemctl stop nginx

sudo ufw allow http

sudo ufw allow https

sudo certbot certonly --standalone --agree-tos --redirect --hsts --staple-ocsp -d

sudo systemctl restart nginx postfix dovecot

Step 4: Adding Mailboxes in Modoboa Admin Panel

Go to Domains tab and click Add button to add a new domain.

modoboa review

Then enter your main domain name in the Name field. It is highly recommended that you enable DKIM signing, which can help with your domain reputation. In Key selector field, you can enter a random word like modoboa. Choose 2048 as the key length.

adding domain name in modoboa

In the next screen, you can choose to create an admin account for your domain. The SMTP protocol requires that a mail server should have a [email protected] address.

modoboa postmaster account

Click the Submit button and your domain name will be added in Modoboa.

Note that the default admin account created during installation isn’t an email account. To add email addresses, go to Domains tab and click your domain name.

add mailboxes in modoboa

Then click mailboxes.

adding email addresses in modoboa

Click Add button and choose Account.

modoboa alias

Then choose Simple user as the role. Enter an email address in Username field and enter a password.

qucikly set up an email server modoboa

In the next screen, you can optionally create an alias for this email address.

create alias in modoboa

After clicking the submit button, the email address is created.

Step 5: Sending Test Emails

To login to the webmail, you need to log out the admin account first and then enter the user credentials.

modoboa login

Once you are logged into Modoboa webmail, you can send a test email from your private email server to your other email address and vice versa.

modoboa webmail

Inbound emails will be delayed for a few minutes, because by default Modoboa enables greylisting, which tells other sending SMTP server to try again in a few minutes. This is useful to block spam. The following message in /var/log/mail.log indicates greylisting is enabled.

postfix/postscreen[20995]: NOQUEUE: reject: RCPT from []:36980: 450 4.3.2 Service currently unavailable;

However, greylisting can be rather annoying. You can disable it by editing the Postfix main configuration file.

sudo nano /etc/postfix/

Find the following lines at the end of the file and comment them out. (Add a # character at the beginning of each line.)

postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce

postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce

postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = enforce

Save and close the file. Then restart Postfix for the changes to take effect.

sudo systemctl restart postfix

Now you should be able to receive emails without waiting several minutes.

Adding Swap Space

ClamAV is used to scan viruses in email messages. ClamAV can use a fair amount of RAM. If there’s not enough RAM on your server, ClamAV won’t work properly, which will prevent your mail server from sending emails. You can add a swap file to your server to increase the total RAM on your server. (Note that using swap space on the server will degrade server performance. If you want better performance, you should upgrade the physical RAM instead of using swap space.)

To add swap space on the server, first, use the fallocate command to create a file. For example, create a file named swapfile with 1G capacity in root file system:

sudo fallocate -l 1G /swapfile

Then make sure only root can read and write to it.

sudo chmod 600 /swapfile

Format it to swap:

sudo mkswap /swapfile


Setting up swapspace version 1, size = 1024 MiB (1073737728 bytes)
no label, UUID=0aab5886-4dfb-40d4-920d-fb1115c67433

Enable the swap file

sudo swapon /swapfile

To mount the swap space at system boot time, edit the /etc/fstab file.

sudo nano /etc/fstab

Add the following line at the bottom of this file.

/swapfile    swap    swap     defaults    0   0

Save and close the file. Then reload systemd and restart ClamAV.

sudo systemctl daemon-reload

sudo systemctl restart clamav-daemon

Step 6: Checking If Port 25 (outbound) is blocked

Your ISP or hosting provider won’t block incoming connection to port 25 of your server, which means you can receive emails from other mail servers. However, many ISP/hosting providers block outgoing connection to port 25 of other mail servers, which means you can’t send emails.

If your email didn’t arrive at your other email address such as Gmail, then run the following command on your mail server to check if port 25 (outbound) is blocked.

telnet 25

If it’s not blocked, you would see messages like below, which indicates a connection is successfully established. (Hint: Type in quit and press Enter to close the connection.)

Connected to
Escape character is '^]'.
220 ESMTP y22si1641751pll.208 - gsmtp

If port 25 (outbound) is blocked, you would see something like:

Trying 2607:f8b0:400e:c06::1a...
telnet: Unable to connect to remote host: Connection timed out

In this case, your Postfix can’t send emails to other SMTP servers. Ask your ISP/hosting provider to open it for you. If they refuse your request, you need to set up SMTP relay to bypass port 25 blocking.

Still Can’t Send Email?

If port 25 (outbound) is not blocked, but you still can’t send emails from your own mail server to your other email address like Gmail, then you should check the mail log (/var/log/mail.log).

sudo nano /var/log/mail.log

For example, some folks might see the following lines in the file.

host[2404:6800:4003:c03::1b] said: 550-5.7.1 [2a0d:7c40:3000:b8b::2] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 for more information

This means your mail server is using IPv6 to send the email, but you didn’t set up IPv6 records. You should go to your DNS manager, set AAAA record for, then you should set PTR record for your IPv6 address, which is discussed in step 8.

Step 7: Using Mail Clients on Your Computer or Mobile Device

Fire up your desktop email client such as Mozilla Thunderbird and add a mail account.

  • In the incoming server section, select IMAP protocol, enter as the server name, choose port 993 and SSL/TLS. Choose normal password as the authentication method.
  • In the outgoing section, select SMTP protocol, enter as the server name, choose port 587 and STARTTLS. Choose normal password as the authentication method.

modoboa mail server desktop mail client configuration

You can also use IMAP on port 143 with STARTTLS encryption.

Step 8: Improving Email Deliverability

To prevent your emails from being flagged as spam, you should set PTR, SPF, DKIM and DMARC records.

PTR record

A pointer record, or PTR record, maps an IP address to a FQDN (fully qualified domain name). It’s the counterpart to the A record and is used for reverse DNS lookup, which can help with blocking spammers. Many SMTP servers reject emails if no PTR record is found for the sending server.

To check the PTR record for an IP address, run this command:

dig -x IP-address +short


host IP-address

Because you get IP address from your hosting provider or ISP, not from your domain registrar, so you must set PTR record for your IP in the control panel of your hosting provider or ask your ISP. Its value should be your mail server’s hostname: If your server uses IPv6 address, be sure to add a PTR record for your IPv6 address as well.

To edit the reverse DNS record for your Kamatera VPS, log into the Kamatera client area, then open a support ticket and tell them to add PTR record for your server IP addresss to point the IP address to It’s not convenient, you might think, but this is to keep spammers away from the platform, so legitimate email senders like us will have a great IP reputation.

SPF Record

SPF (Sender Policy Framework) record specifies which hosts or IP address are allowed to send emails on behalf of a domain. You should allow only your own email server or your ISP’s server to send emails for your domain. In your DNS management interface, create a new TXT record like below.

modoboa spf record


  • TXT indicates this is a TXT record.
  • Enter @ in the name field to represent the main domain name.
  • v=spf1 indicates this is a SPF record and the version is SPF1.
  • mx means all hosts listed in the MX records are allowed to send emails for your domain and all other hosts are disallowed.
  • ~all indicates that emails from your domain should only come from hosts specified in the SPF record. Emails that are from other hosts will be flagged as forged.

To check if your SPF record is propagated to the public Internet, you can use the dig utility on your Linux machine like below:

dig txt

The txt option tells dig that we only want to query TXT records.

DKIM Record

DKIM (DomainKeys Identified Mail) uses a private key to digitally sign emails sent from your domain. Receiving SMTP servers verify the signature by using the public key, which is published in the DNS DKIM record.

When we were adding domain name in Moboboa admin panel earlier, we enabled DKIM signing, so the signing part is taken care of. The only thing left to do is creating DKIM record in DNS manager. First go to Modoboa admin panel and select your domain name. In the DNS section, click Show key button.

modoboa dkim signing

The public key will be revealed. There are two formats. We only need the Bind/named format.

modoboa dkim public key

Go to your DNS manager, create a TXT record, enter modoboa._domainkey in the Name field. (Recall that we used modoboa as the selector when adding domain name in the admin panel.) Copy everything in the parentheses and paste into the value field. Delete all double quotes. Your DNS manager may require you to delete other invalid characters, such as carriage return.

modoboa dkim format

Note that your DKIM record may need sometime to propagate to the Internet. Depending on the domain registrar you use, your DNS record might be propagated instantly, or it might take up to 24 hours to propagate. You can go to, enter modoboa as the selector and enter your domain name to check DKIM record propagation.

For those who are interested, Modoboa uses OpenDKIM to generate private key for your domainkey and verify signatures of inbound emails.

DMARC Record

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. DMARC can help receiving email servers to identify legitimate emails and prevent your domain name from being used by email spoofing.

To create a DMARC record, go to your DNS manager and add a TXT record. In the name field, enter _dmarc. In the value field, enter the following:

v=DMARC1; p=none; pct=100; rua=mailto:[email protected]

create dmarc record txt

The above DMARC record is a safe starting point. To see the full explanation of DMARC, please check the following article.

Step 7: Testing Email Score and Placement

After creating PTR, SPF, DKIM record, go to You will see a unique email address. Send an email from your domain to this address and then check your score. As you can see, I got a perfect score.

Testing-Email-Score-and-Placement can only show you a sender score. There’s another service called GlockApps that allow you to check if your email is placed in the recipient’s inbox or spam folder, or rejected outright. It supports many popular email providers like Gmail, Outlook, Hotmail, YahooMail, iCloud mail, etc


Email is Rejected by Microsoft Mailbox?

Microsoft uses an internal blacklist that blocks many legitimate IP addresses. If your emails are rejected by Outlook or Hotmail, you need to follow the tutorial linked below to bypass Microsoft Outlook blacklist.

What if Your Emails Are Still Being Marked as Spam?

I have more tips for you in this article: How to stop your emails from being marked as spam. Although it will take some time and effort, your emails will eventually be placed in the inbox after applying these tips.

Auto-Renew Let’s Encrypt TLS Certificate

Let’s Encrypt TLS certificate is valid for 90 days. To automatically renew the certificate, edit root user’s crontab file.

sudo crontab -e

Add the following line at the end of this file.

@daily /usr/bin/certbot renew -q && systemctl reload nginx postfix dovecot

Save and close the file. This tells Cron to run the certbot renew command every day. If the certificate has 30 days left, certbot will renew it. It’s necessary to reload Nginx web server, Postfix SMTP server and Dovecot IMAP server so they can pick up the new certificate.

Enabling SMTPS Port 465

If you are going to use Microsoft Outlook client, then you need to enable SMTPS port 465 in Postfix SMTP server.


First, please use a VPS with at least 2GB RAM. Running Modoboa on a 1GB RAM VPS will cause the database, SpamAssassin, or ClamAV to be killed because of out-of-memory problem. If you really want to use a 1GB RAM VPS, you are going to lose incoming emails and have other undesirable outcomes.

If the Modoboa web interface isn’t accessible, like a 502 gateway error, you should check the Nginx logs in /var/log/nginx/ directory to find clues. You may also want to check the mail log /var/log/mail.log.

Check if the various services are running.

systemctl status postfix

systemctl status dovecot

systemctl status nginx

systemctl status mariadb

systemctl status clamav-daemon

systemctl status amavis

systemctl status uwsgi 

systemctl status supervisor

If you enabled the firewall, you should open the following ports in the firewall.

HTTP port:  80
HTTPS port: 443
SMTP port:  25
Submission port: 587 (and 465 if you are going to use Microsoft Outlook mail client)
IMAP port:  143 and 993

If you would like to use the UFW firewall, check my guide here: Getting started with UFW firewall on Debian and Ubuntu.

ClamAV Automatically Shutdown

I found that the clamav-daemon service has a tendency to stop without clear reason even when there’s enough RAM. This will delay emails for 1 minute. We can configure it to automatically restart if it stops via the systemd service unit. Copy the original service unit file to the /etc/systemd/system/ directory.

sudo cp /lib/systemd/system/clamav-daemon.service /etc/systemd/system/clamav-daemon.service

Then edit the service unit file.

sudo nano /etc/systemd/system/clamav-daemon.service

Add the following two lines in the [service] section.


Like this:

ExecStart=/usr/sbin/clamd --foreground=true
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID

Save and close the file. Then reload systemd and restart clamav-daemon.service.

sudo systemctl daemon-reload
sudo systemctl restart clamav-daemon

Sorry, an internal error has occurred

If you see the internal error message when trying to log into the Modoboa admin panel,  then edit the file.

sudo nano /srv/modoboa/instance/instance/

Turn on debugging mode.

DEBUG = True

Restart uwsgi for the changes to take effect.

sudo systemctl restart uwsgi

Next, try to log into Modoboa admin panel again. This time you will see the exact internal error. For example, on my mail server it’s

database connection isn't set to UTC

database connection isn't set to UTC

So I need to edit the file

sudo nano /srv/modoboa/instance/instance/

and turn off time zone.

USE_TZ = False

Save and close the file. Restart uwsgi for the changes to take effect.

sudo systemctl restart uwsgi

(Optional) Set Up Autodiscover and AutoConfig to Automate Mail Client Configuration

Autodiscover and AutoConfig make it easy to configure a desktop or mobile mail client. The end-user just needs to enter a name, email address and password to set up his/her mail account, without having to enter the SMTP or IMAP server details. Autodiscover is supported by Microsoft Outlook mail client and AutoConfig is supported by Mozilla Thunderbird mail client.

Modoboa uses AutoMX to implement this feature on your mail server. All we need to do now is add CNAME records in DNS. In your DNS manager, create two CNAME records.       CNAME     CNAME

Go to the Domains tab in your Modoboa admin panel, if the autoconfig is in green, that means your CNAME records are correct. (Modoboa checks DNS records for your mail server every 30 minutes, so you might need to wait some time for autoconfig to turn green.)

modoboa automx

Once the CNAME records are propagated to the Internet, you don’t have to enter the SMTP or IMAP server details when setting up a mail account in Microsoft Outlook and Mozilla Thunderbird.

Host Multiple Domains in Modoboa

See the following article:

Setting Up Backup Mail Server

Your primary mail server could be down sometimes. If you host your mail server in a data center, then the downtime is very minimal, so you shouldn’t be worried about losing inbound emails. If you host your mail server at home, the downtime can’t be predicted so it’s a good practice for you to run a backup mail server in a data center to prevent losing inbound emails. The backup mail server needs just 512MB RAM to run. Please check the full detail in the following article.

I hope this tutorial helped you set up a mail server on Ubuntu 20.04 with Modoboa. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂

Rate this tutorial
[Total: 5 Average: 5]

61 Responses to “How to Quickly Set Up a Mail Server on Ubuntu 20.04 with Modoboa

  • Xiao Guoan (Admin)
    3 years ago

    I mentioned this in the article, but I want to say it again: The best practice to run Modoboa is using a clean fresh OS.

    Generally speaking, if there’s a script that will install lots of software, it’s a good practice to install it on a clean freash OS. Otherwise, the install script might mess up the existing configurations of your software, making it unusable. Or maybe a component of the softwar stack needs to bind to a port, but it’s already been taken by an existing process on the server, resulting in installation failure.

    Unless you are very knowledgeable about every piece of software on the server and can spead lots of time debugging, it’s not recommended to install Modoboa on a server that has other applications running.

    I have seen many folks who didn’t follow this advice bork the applications on their servers.

  • Thank you so much for your work Xiao!!!
    BTW, I noticed that you skipped over a part of the MySQL area. You should recommend people who are following your tutorial to change the mysql password to the root user. If they don’t change it, then they won’t be able to easily do it later after the installation because Modoboa generates their own long key that isn’t easy to keep track of.

    Also, if a user wants to create another database or add other users because they plan on installing other applications on this same server, they won’t be able to easily access the mysql database since Modoboa won’t allow for root access. So you should include this in the steps to change the root password of the mysql. Anyhow, thanks again for your awesome BLOG! I plan on donating soon! God bless you, brother!

    • Xiao Guoan (Admin)
      3 years ago

      The MariaDB package in Ubuntu repository allows you to use the following command to log into MariaDB server without entering the MariaDB root password.

      sudo mysql -u root

      It seems Modoboa disabled Unix_socket authentication in MaraiDB, so we have to use password authentication.

      mysql -u root -p
      • Well, what I did was installed Modoboa, and then I installed Mautic on top of that. It was then that I realized I couldn’t set up a database or a user for Mautic after installing Modoboa. I couldn’t log in even with ‘mysql -u root’, if that’s what you’re asking. Sometimes I notice that you aren’t always detailed on your posts, but over, I still give you 4.5 stars outta 5 because I’m still able to resolve these little parts that you skip over. But anyhow, thanks again my brother.

    • Xiao Guoan (Admin)
      3 years ago

      Ok, I just reinstalled Modoboa with MariaDB database this time. (I was using PostgreSQL database.)
      The default MariaDB root password is specified in the installer.cfg file.

      user = root
      password = B1kjdXEVs3cVS81x
      charset = utf8
      collation = utf8_general_ci

      So you can easily log into MariaDB with:

      mysql -u root -p

      If you need to change the MariaDB root password, it can also be easily done with:

      sudo mysql_secure_installation
      • Right, but even after I found that file and tried to use that password, it still wouldn’t let me access the root user. What I had to do was just re-install from the beginning, then set my own password during the beginning of installation when choosing the database, Let’s Encrypt, etc.. If you set it then, that’s when it’s much easier to continue accessing your MariaDB in the future when you need to do additional databases and users for other applications or for whichever reason. I highly recommend setting your own password early on or during installation.

        • Xiao Guoan (Admin)
          3 years ago

          I just installed Modoboa on a Debian 10 server, using the default MariaDB root password. And I can log into MariaDB without any problem. Don’t know why it failed on you.

      • Also, after installing Mautic on top of this Modoboa, I am no longer able to receive any email for any of the email accounts that I’ve created in Modoboa. What do you think that I should try to do to fix this? Any ideas on what could be stopping the messages from coming in? I’m still able to send email through Modoboa, but not able to receive after the Mautic installation. Thanks again.

    • Xiao Guoan (Admin)
      3 years ago

      Muatic is an PHP application. I don’t think it would interfere with receving emails. You can always check the mail log file (/var/log/mail.log) and dovecot log (sudo journalctl -eu dovecot) to troubleshoot mail server problems.

      • Right, and that’s why I wanted to install these two together because I figured that the Mautic’s PHP wouldn’t clash with Modoboa and vice versa.

        Here is what’s showing with the amavis log & ClamAV :

        root@mail:~# systemctl status amavis
        ● amavis.service - LSB: Starts amavisd-new mailfilter
             Loaded: loaded (/etc/init.d/amavis; generated)
             Active: active (running) since Thu 2020-10-29 15:52:01 UTC; 24min ago
               Docs: man:systemd-sysv-generator(8)
            Process: 401005 ExecStart=/etc/init.d/amavis start (code=exited, status=0/SUCCESS)
              Tasks: 2 (limit: 2345)
             Memory: 192.4M
             CGroup: /system.slice/amavis.service
                     ├─401035 /usr/sbin/amavisd-new (master)
                     └─401234 /usr/sbin/amavisd-new (ch1-avail)
        Oct 29 15:52:01 mail amavis[401035]: Found secondary av scanner ClamAV-clamscan at /usr/bin/cla
        Oct 29 16:05:13 mail amavis[401234]: (401234-01) (!)connect to /var/run/clamav/clamd.ctl failed
        Oct 29 16:05:14 mail amavis[401234]: (401234-01) (!)connect to /var/run/clamav/clamd.ctl failed
        Oct 29 16:05:14 mail amavis[401234]: (401234-01) (!)ClamAV-clamd: All attempts (1) failed conne
        Oct 29 16:05:20 mail amavis[401234]: (401234-01) (!)connect to /var/run/clamav/clamd.ctl failed
        Oct 29 16:05:20 mail amavis[401234]: (401234-01) (!)ClamAV-clamd av-scanner FAILED: run_av erro
        Oct 29 16:05:20 mail amavis[401234]: (401234-01) (!)WARN: all primary virus scanners failed, co
        Oct 29 16:05:44 mail amavis[401234]: (401234-01) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin
        Oct 29 16:05:44 mail amavis[401234]: (401234-01) (!!)AV: ALL VIRUS SCANNERS FAILED
        Oct 29 16:05:44 mail amavis[401234]: (401234-01) Passed UNCHECKED {RelayedOpenRelay}, [127.0.0.
        lines 1-21/21 (END)

        Any idea if this is part of the problem?

    • Xiao Guoan (Admin)
      3 years ago

      It’s probabaly because your server is running out of RAM and ClamAV is killed. To check ClamAV status:

      systemctl status clamav-daemon

      You can add swap space on your server, but if you need better performance, upgrade the phsycial RAM.

    • Xiao Guoan (Admin)
      3 years ago

      Amavis and ClamAV use about 1.3GB RAM. If your server doesn’t have enough RAM, you might not be able to receive emails. If you don’t need AntiVirus on your mail server, you can disable Amavis and ClamAV. This will save you 1.3GB RAM.

      Edit Postfix master configuration file.

      sudo nano /etc/postfix/

      Find the following lines in this file and comment them out.

      -o smtpd_proxy_filter=inet:[]:10024
      -o smtpd_proxy_options=speed_adjust
      -o milter_macro_daemon_name=ORIGINATING
      -o smtpd_proxy_filter=inet:[]:10026

      Save and close the file. Then restart Postfix.

      sudo systemctl restart postfix

      Now you can stop Amavis and ClamAV.

      sudo systemctl stop amavis clamav-daemon

      And disable auto-start at boot time.

      sudo systemctl disable amavis clamav-daemon
      • Hi Xiao,

        What do you think would be better than running something resource heavy (eating up all my RAM & space) like Modoboa or Zimbra so that I’m not taking up so much space, which costs more money on Digital Ocean?

        I was thinking Postfix, Dovecot, & maybe SquirrelMail or Roundcube as my MUA.

        I really only wanted an MUA with an Administrator creating business email accounts/users or aliases, to receive email messages and respond through the MUA. But I finally realized that Postfix already created aliases and user accounts, you just need to find a way to display the messages in some MUA. I wouldn’t want to use a terminal to look at and respond to messages (eww!).

        So trying to keep the space down on the server, do you think that Postfix, Dovecot & Roundcube would be good enough and sufficient or do you recommend some other MUA? I wasn’t too crazy about iRedMail, especially since it is outdated looking and not mobile responsive.

        What do you think would be the most efficient set up to save space, or what would you do in this type of scenario?

        BTW, thanks again for your support, my friend!

        – Aaron E.

    • Xiao Guoan (Admin)
      3 years ago

      Modoboa uses Postfix SMTP server and Dovecot IMAP/POP server. It doesn’t invent its own wheel if there’s already a tried and true open-source solution.

      If you disable Amavis and ClamAV on Modoboa, the RAM usage goes down to about 500MB, and you will get pretty much what you want.

  • Everything is working as expected, however, any emails sent to an iCloud account from the new mail server are not being delivered. Other email services receive the email no problem.
    Any suggestions?

  • Hi there Xiao!!!
    First of all, congrats for the great series that you’ve put up to about modoboa an linux.
    I have a request for you.
    I’ve followed your tutorial so setting up Modoboa in Ubuntu 19.10, at the time Modoboa’s was at v1.14.0
    I would like to update it to the recent version, v1.17.0!
    I read the documentation but I found it a bit overwhealming as I’m not familiar with python!
    Could you give a little help!

  • Calendars are not working. Just a white screen, no error messages. I can click new calendar and create one but it does not display. I followed this guide exactly and used the modoboa installer on a fresh Ubuntu 20.04 LTS system. I’m not sure what has changed since the last time I installed this but it used to work great and calendars were working. Now for some reason they don’t.

    See screenshot showing what my calendars look like. Not sure where to begin looking since it was not a manual install. Google searches for this issue are not coming up with any helpful results either.

  • Getting some errors when running the installer in debug mode on a fresh Ubuntu 20.04LTS system. I am wondering if this is what is causing the issues with my calendars as mentioned in my previous comment. I’m not sure how to fix this.

    Getting requirements to build wheel ... error
      ERROR: Command errored out with exit status 1:
       command: /srv/modoboa/env/bin/python3 /srv/modoboa/env/lib/python3.8/site-packages/pip/_vendor/pep517/ get_requires_for_build_wheel /tmp/tmp1a8b8a15
           cwd: /tmp/pip-install-ediyhhaa/django-braces
      Complete output (16 lines):
      Traceback (most recent call last):
        File "/srv/modoboa/env/lib/python3.8/site-packages/pip/_vendor/pep517/", line 280, in 
        File "/srv/modoboa/env/lib/python3.8/site-packages/pip/_vendor/pep517/", line 263, in main
          json_out['return_val'] = hook(**hook_input['kwargs'])
        File "/srv/modoboa/env/lib/python3.8/site-packages/pip/_vendor/pep517/", line 114, in get_requires_for_build_wheel
          return hook(config_settings)
        File "/tmp/pip-build-env-2jzvjhlr/overlay/lib/python3.8/site-packages/setuptools/", line 149, in get_requires_for_build_wheel
          return self._get_build_requires(
        File "/tmp/pip-build-env-2jzvjhlr/overlay/lib/python3.8/site-packages/setuptools/", line 130, in _get_build_requires
        File "/tmp/pip-build-env-2jzvjhlr/overlay/lib/python3.8/site-packages/setuptools/", line 145, in run_setup
          exec(compile(code, __file__, 'exec'), locals())
        File "", line 3, in 
          import braces
      ModuleNotFoundError: No module named 'braces'
    ERROR: Command errored out with exit status 1: /srv/modoboa/env/bin/python3 /srv/modoboa/env/lib/python3.8/site-packages/pip/_vendor/pep517/ get_requires_for_build_wheel /tmp/tmp1a8b8a15 Check the logs for full command output.
    ERROR: After October 2020 you may experience errors when installing or updating packages. This is because pip will change the way that it resolves dependency conflicts.
    We recommend you use --use-feature=2020-resolver to test your packages with the new resolver before it becomes the default.
    modoboa-radicale 1.5.0 requires caldav==0.7.1, but you'll have caldav 0.6.2 which is incompatible.
    modoboa-radicale 1.5.0 requires django-filter==2.4.0, but you'll have django-filter 2.2.0 which is incompatible.
  • Looking further into this. It appears that the module django_braces is not installed with the installer. I decided to try and install it using pip3 install django_braces then rerun the modoboa installer. Calendars are now working.

  • Hi Xiao ! First of all, thank you for this great tutorial.
    Got a question for you. I had Modoboa working on my Ubuntu 19.10 Server but I have recently updated it to 20.04 LTS and it broke my Modoboa’s webpanel.
    I can still receive and send emails through Thunderbird but when trying to access my I got a nginx 502 error.
    Checked the error log and this is what it shows:

    connect() to unix:/run/uwsgi/app/modoboa_instance/socket failed (2: No such file or directory) while connecting to upstream, client:, server:, request: "GET /favicon.ico HTTP/2.0", upstream: "uwsgi://unix:/run/uwsgi/app/modoboa_instance/socket:", host: "", referrer: "

    I got the uwsgi package installed, but directory /run/uwsgi/app/modoboa_instance/socket doesn’t exist anymore.
    Got any idea how can I manually create it again ?
    Thanks a lot.

  • I want to schedule my e-mail compaign. How to develop mautic or any other mail scheduler along-with this modoboa mail

  • TrucBidule
    3 years ago

    Just a quick question, I’ve got two servers, one running an eshop : with apache as a webserver and another one running nginx and modoboa. Is it possible to use the second one to setup a mail server for the first one ?

    • Xiao Guoan (Admin)
      3 years ago

      Do you mean the OXID eShop?

      Many web applications provide SMTP settings, which allows the web application to send emails via another SMTP server (such as Modoboa). Check your web application’s documentation to find where’s the SMTP settings.

      In the SMTP setting, normally you need to enter

      mail server address:
      username:              [email protected]
      password:              your_password
      port number:           587
      Encryption:            STARTTLS (or SSL, TLS)
  • Not that many should need it, but…
    Maybe update doc to clearly state this does not enable pop3 or pop3s “out of the box.”

    • Hi Xiao,
      I am confused with the dual IP stack on Ubuntu 20.04 LTS:
      – IPv4:

       Not shown: 997 closed ports
      443/tcp open  https
      993/tcp open  imaps

      – IPv6:

       Not shown: 993 closed ports
      22/tcp  open  ssh
      25/tcp  open  smtp
      80/tcp  open  http
      443/tcp open  https
      587/tcp open  submission
      993/tcp open  imaps

      Any ideas how to synchronize it ?

  • Apostle
    3 years ago

    Please why are my getting the below error ?

    Generating new certificate using letsencrypt
    Installing amavis
    Traceback (most recent call last):
      File "./", line 136, in 
      File "./", line 119, in main
        scripts.install("amavis", config, args.upgrade)
      File "/root/modoboa-installer/modoboa_installer/scripts/", line 22, in install
        getattr(script, appname.capitalize())(config, upgrade).run()
      File "/root/modoboa-installer/modoboa_installer/scripts/", line 154, in run
      File "/root/modoboa-installer/modoboa_installer/scripts/", line 69, in setup_database
      File "/root/modoboa-installer/modoboa_installer/", line 139, in load_sql_file
        self._setup_pgpass(dbname, dbuser, dbpassword)
      File "/root/modoboa-installer/modoboa_installer/", line 127, in _setup_pgpass
        pw = pwd.getpwnam(self.dbuser)
    KeyError: "getpwnam(): name not found: 'postgres'"
    • Xiao Guoan (Admin)
      3 years ago

      Best practices for running Modoboa mail server:

      1.) Use an LTS release of Ubuntu such as 20.04.

      2.) Use a clean fresh Ubuntu 20.04 server.

      3.) Make sure your server has at least 2GB RAM.

  • StuartM
    3 years ago

    Hi, I have just started using the product after having used Zimbra for the past couple of years. The installer is very simple, and the configuration is quite easy to follow.

    One thing this article did not make clear is that it appears to be reliant on local DNS, or has public DNS configured on the server. With my configuration the mail server (Modoboa) runs behind a firewall with DNAT in place (public IP to private IP).

    For anybody running with a similar setup, something that is worth highlighting is the option: modoboa > administration > custom DNS server. I have spent many hours trying to figure out why SPF, DKIM and DMARC would continually show red, even though emails were being received successfully, only to realise it was querying local DNS for this information and failing.

  • Jacques Amar
    3 years ago

    I am having trouble with webmail. It can’t send (or reply). Getting a 500 error on POST but can’t for the life of me track it.
    1. Any help on debugging (ubuntu 20)
    2. Can we use another webmail like roundcube instead .. and how?

  • Olaf Menzel
    3 years ago

    Hi everybody,
    which version of Modoboa-installer are you using? Since version 1.15.0 the system has been changed an Ubuntu is not official supported any longer: 

    I have issues with the NGINX server and with Postfix. Both of those issues are based on changed configurations due distribution upgrade. I have been testing with Debian 10.9 and the latest git clone. It seems not to be possible to clone a certain version.

    • Xiao Guoan (Admin)
      3 years ago

      The docs says “For now, only Debian and CentOS based Linux distributions are supported.” So, Ubuntu is Debian-based and it’s well supported by Modoboa.

      Best practice: Use a LTS release of Ubuntu, i.e. Ubuntu 18.04 or 20.04. Don’t upgrade to Ubuntu 20.10 or any other non-LTS releases.

  • Aleksandr
    3 years ago

    Xiao hello. You wrote great instructions and everything works. I chose modoboa. But here’s the question. Modoboa is installed on ubuntu 20.04. All icons are green. Dkim also. But when sending letters, they are not signed by DKIM. I did according to the instructions
    But DKIM’s signature in letters did not work. Where to look?

  • Hi Xiao,

    just 2 hints for nginx and dovecot:


     nginx: [emerg] could not build the server_names_hash, you should increase server_names_hash_bucket_size 

    Solution: uncomment the line

     server_names_hash_bucket_size 32; 

    and increase the value to 64 or better 128

    /etc/dovecot/conf.d/10-ssl.conf –> remove or comment out the ssl command from line 41

  • Would you be willing to add a tutorial on how to upgrade Modoboa server?

  • Hello,

    I have configured according to this tutorial my mail server. It works great but … I can not receive any mails from
    An error is

    Remote Server returned '550 5.4.311 DNS record is invalid or misconfigured [Message=InfoMxLoopback] [LastAttemptedServerName=MYDOMAIN.COM []'

    TESTS I DID shows that all is ok :

    220 mail.MYDOMAIN.COM ESMTP Posftix
    Test Result
    SMTP Reverse DNS Mismatch OK – resolves to mail.MYDOMAIN.COM
    SMTP Valid Hostname OK – Reverse DNS is a valid Hostname
    SMTP Banner Check OK – Reverse DNS matches SMTP Banner
    SMTP TLS OK – Supports TLS.
    SMTP Connection Time 1.247 seconds – Good on Connection time
    SMTP Open Relay OK – Not an open relay.
    SMTP Transaction Time 2.139 seconds – Good on Transaction Time

    What Can I do to fix this issue ?

    • Xiao Guoan (Admin)
      3 years ago

      Can you tell me what’s your real domain? If you don’t want to show your real domain in public, reply to my email instead of posting it in the comments section.

    • Xiao Guoan (Admin)
      3 years ago

      The hostname doesn’t have DNS A record. Seems it’s outlook’s fault.

  • Welcome to Modoboa installer!
    Traceback (most recent call last):
      File "./", line 138, in 
      File "./", line 84, in main
      File "/usr/lib/python3.8/", line 718, in read_file
        self._read(f, source)
      File "/usr/lib/python3.8/", line 1082, in _read
        raise MissingSectionHeaderError(fpname, lineno, line)
    configparser.MissingSectionHeaderError: File contains no section headers.
    file: 'installer.cfg', line: 1

    The above was after running this cmd:

    sudo python3 ./ --interactive

    how do i get past it?

    • Xiao Guoan (Admin)
      3 years ago
      file: 'installer.cfg', line: 1

      You have made a typo or added extra character in the installer.cfg file on line 1.

  • Hi Xiao

    Awesome tutorial, it helped me a lot. However, my mail server was running smoothly for a couple of days when all of a sudden I started getting the error message below…

    Aug 14 13:58:25 mail postfix/pickup[2472128]: warning: 4681CB61260: message has been queued for 1 days
    Aug 14 13:58:25 mail postfix/pickup[2472128]: 4681CB61260: uid=0 from=
    Aug 14 13:58:25 mail postfix/cleanup[2481515]: 4681CB61260: message-id=
    Aug 14 13:58:25 mail opendkim[20907]: error looking up "[email protected]" in database: Connection was killed
    Aug 14 13:58:25 mail opendkim[20907]: 4681CB61260: error reading signing table
    Aug 14 13:58:25 mail postfix/cleanup[2481515]: 4681CB61260: milter-reject: END-OF-MESSAGE from localhost[]: 4.7.1 Service unavailable - try again later; from= to=

    In addition, I also see this error message

    amavis[2471231]: (2471231-05) Blocked MTA-BLOCKED {TempFailedOutbound}, ORIGINATING LOCAL

    How can I fix this?

    • Xiao Guoan (Admin)
      3 years ago

      Check if your database server is running.


      sudo systemctl status mariadb

      and if it has been killed before.

      sudo journalctl -eu mariadb


      sudo systemctl status postgresql
      sudo journalctl -eu postgresql

      Make sure your server has enough RAM to prevent services from being killed.

  • I can send emails out, but had trouble receiving emails. Below is the error message:

    Nov 14 14:15:24 mail postfix/smtpd[182315]: NOQUEUE: reject: RCPT from[]: 550 5.1.1 : Recipient address rejected: undeliverable address: unknown user: "info"; from= to= proto=ESMTP helo=
    But [email protected] exists.
    • Installed again with a clean image. The issue went away.

  • This worked great when I first followed the guide. I’m a big fan by the way, and appreciate your efforts and have followed a number of your guides.

    Got some new hardware and it, again installed fine but now my primary server is Apache … I can’t, for the life of me, get this thing to proxy through Apache. One configuration change ends up with “Too many redirects” and another just shows the Nginx default site.

    Any suggestions not related to “Just switch to Nginx all the way around” would be appreciated.

  • Andrew Byrd
    2 years ago

    I installed as directed, but when I go to my url for the first time nothing happens, then eventually times out
    When I ran debut I get this

    nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No suc>
     nginx: configuration file /etc/nginx/nginx.conf test failed
    Failed to start A high performance web server and a reverse proxy server

    ANy ideas?

    • Xiao Guoan (Admin)
      2 years ago

      It’s likely that your server failed to obtain a Let’s Encrypt TLS certificate. Run the following command to fix it.

      sudo systemctl stop nginx
      sudo ufw allow http
      sudo ufw allow https
      sudo certbot certonly --standalone --agree-tos --redirect --hsts --staple-ocsp -d
      sudo systemctl restart nginx postfix dovecot
  • Andrew Byrd
    2 years ago

    You are so kind to assist me in this matter and for that I truly thank you

    I followed your steps. The last step, to restart nginx returned an error

    root@mail:~# sudo systemctl restart nginx
    Job for nginx.service failed because the control process exited with error code.
    See "systemctl status nginx.service" and "journalctl -xe" for details.
    So I ran systemctl status nginx.service and here were the results
    Feb 25 08:19:05 systemd[1]: Starting A high performance web server and a reverse proxy server...
    Feb 25 08:19:05 nginx[505472]: nginx: [emerg] duplicate upstream "automx" in /etc/nginx/sites-enabled/
    Feb 25 08:19:05 nginx[505472]: nginx: configuration file /etc/nginx/nginx.conf test failed
    Feb 25 08:19:05 systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
    Feb 25 08:19:05 systemd[1]: nginx.service: Failed with result 'exit-code'.
    Feb 25 08:19:05 systemd[1]: Failed to start A high performance web server and a reverse proxy server.
 is my fqdn

    Any other ideas?

    • Xiao Guoan (Admin)
      2 years ago

      It’s likely that you have made a mistake in step 3.

      Run the following command to install Modoboa.

      sudo python3 ./ --interactive

      Please replace with your main domain name such as Do not use the sub-domain in this command. The following command is wrong.

      sudo python3 ./ --interactive

      I recommend reinstalling the operating system on your server and start the Modoboa installation again.

  • Andrew Byrd
    2 years ago

    Here is my dns settings in cloudflare

  • Andrew Byrd
    2 years ago

    Here is something interesting related to my installation not working from the GUI

    When I run the debug option I noticed this:

     - The following errors were reported by the server:
       Type:   connection
       Detail: Fetching
       Timeout during connect (likely firewall problem)
       To fix these errors, please make sure that your domain name was
       entered correctly and the DNS A/AAAA record(s) for that domain
       contain(s) the right IP address. Additionally, please check that
       your computer has a publicly routable IP address and that no
       firewalls are preventing the server from communicating with the
       client. If you're using the webroot plugin, you should also verify
       that you are serving files from the webroot path you provided.
    Can't open /etc/letsencrypt/renewal/ No such file or directory.

    Not sure how to fix this BTW – This is a new spin up I did using

    • Xiao Guoan (Admin)
      2 years ago

      Your DNS A record is wrong, or your firewall is preventing Let’s Encrypt to access TCP port 80 and 443.

      You put a wrong IP address in the DNS A record?

  • Hi bro
    great tutorial everything went great but when i try to login to webmail with user account i get this,
    Error: [b'[SERVERBUG] Internal error occurred. Refer to server log for more information. [2022-03-18 19:13:09] (0.001 + 0.000 secs).’]
    turned debug on still the same
    any help appreciated

  • Glaudston
    2 years ago

    I need to upgrade my modoboa and my whole server in general.. Mine been working since I followed your 18.04 guide. Although I probably will wait for 21.04 TLS release, I’m assuming the installation will be fairly the same, or will you be making an update once 21.04 is released?

  • pansymcneal
    1 year ago

    What’s up, I log on to your blogs on a regular basis. Your writing style is witty, keep up the good work!

  • dagathomo
    1 year ago

    Write more, that’s all I have to say.
    You obviously know what you’re talking about.

  • ramonasumsuma
    1 year ago

    This is the right blog for everyone who would like to understand this topic. You understand so much its almost tough to argue with you (not that I really would want to…HaHa). Excellent stuff, just excellent!

  • joelgaron
    1 year ago

    Oh my goodness! Incredible article dude! Thank you.

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community ( for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here