Build Your Own Email Server on Ubuntu: Basic Postfix Setup

Why run your own email server? Perhaps you have a website, which needs to send emails to users, or maybe you want to store your emails on your own server to protect your privacy. However, building your own email server can be a pain in the butt because there are so many software components you need to install and configure properly. To make this journey easy for you, I’m creating a tutorial series on how to build your own email server on Ubuntu.

I’m confident to say that this is the best tutorial series about building email server from scratch on the Internet. Not only will you have a working email server, but also you will have a much better understanding about how email works. This tutorial series is divided into 9 parts.

  1. Setting up a basic Postfix SMTP server
  2. Set up Dovecot IMAP server and TLS encryption
  3. Create Virtual Mailboxes with PostfixAdmin on Ubuntu
  4. Creating SPF and DKIM record to get through spam filters
  5. Setting Up DMARC to protect your domain reputation
  6. How to Stop Your Email From Being Marked as Spam
  7. How to Host Multiple Mail Domains in PostfixAdmin
  8. Blocking Email Spam with Postfix
  9. Blocking Email Spam with SpamAssassin

I know this seems to be a very daunting task. However, based on what you want to achieve, you might not need to follow all of them. My articles are easy to follow, so if you dedicate sometime to it, you will have a working email server.

This article is part 1 of this tutorial series. In this article, I will show you how to set up a very basic Postfix SMTP server, also known as an MTA (message transport agent). Once you finish this article, you should be able to send and receive emails with your own email domain on your own email server. This tutorial is tested on Ubuntu 18.04 and 16.04 server.

About Postfix

Postfix is a state-of-the-art message transport agent (MTA), aka SMTP server, which serves two purposes.

  • It’s responsible for transporting email messages from a mail client/mail user agent (MUA) to a remote SMTP server.
  • It’s also used to accept emails from other SMTP servers.

Postfix was built by Wietse Venema who is a Unix and security expert. It’s easy to use, designed with security and modularity in mind, with each module running at the lowest possible privilege level required to get the job done. Postfix integrates tightly with Unix/Linux and does not provide functionalities that Unix/Linux already provides. It’s reliable in both simple and stressful conditions.

Postfix was originally designed as a replacement for Sendmail – the traditional SMTP server on Unix. In comparison, Postfix is more secure and easier to configure. It is compatible with Sendmail, so if you uninstall Sendmail and replace it with Postfix, your existing scripts and programs will continue to work seamlessly.

In this tutorial, you will learn how to configure Postfix for a single domain.


In order to send emails from your server, port 25 (outbound) must be open. Many ISPs and hosting providers such as DigitalOcean block port 25 to control spam and they would not unblock it. I recommend using Hostwinds VPS (virtual private server), because it doesn’t block port 25 (outbound), so you can send unlimited emails with no extra cost. Before you buy a VPS, you can ask them if port 25 is blocked. Here’s a transcript of a live chat with hostwinds.

hostwinds live chat transcript

Once you have a hostwinds server, install Ubuntu on it and follow the instructions below.

You also need a domain name. I registered my domain name from NameCheap because the price is low and they give you whois privacy protection free for life.

Things To Do Before Installing Postfix

To make Postfix perform better and get the most out of Postfix, you need to properly set up your Ubuntu server.

Set A Correct Hostname for Ubuntu Server

By default, Postfix uses your server’s hostname to identify itself when communicating with other MTAs. Hostname can have two forms: a single word and FQDN.

The single word form is used mostly on personal computers. Your Linux home computer might be named linux, debian, ubuntu etc. FQDN (Fully Qualified Domain Name) is commonly used on Internet-facing servers and we should use FQDN on our mail servers. It consists of two parts: a node name and a domain name. For example:

is an FQDN. mail is the nodename, is the domain name. FQDN will appear in the smtpd banner. Some MTAs reject messages if your Postfix does not provide FQDN in smtpd banner. Some MTAs even query DNS to see if FQDN in the smtpd banner resolves to the IP of your mail server.

Enter the following command to see the FQDN form of your hostname.

hostname -f

If your Ubuntu server doesn’t have an FQDN yet, you can use hostnamectl to set one.

sudo hostnamectl set-hostname your-fqdn

A common FQDN for mail server is You need to log out and log back in to see this change at the command prompt. Also note that FQDN can be overridden by Postfix with myhostname parameter in the Postfix configuration file. I will show you how to do it later in the article.

Set Up DNS Records for Your Mail Server

You need to go to your DNS hosting service (usually your domain registrar) to set up DNS records

MX record

An MX record tells other MTAs that your mail server is responsible for email delivery for your domain name.

MX record    @ 

A common name for the MX host is You can specify more than one MX record and set priority for your mail servers. A lower number means higher priority. Here we only use one MX record and set 0 as the priority value. (0 – 65355)

A record

An A record maps a FQDN to an IP address.        <IP-address>

AAAA record

If your server uses IPv6 address, it’s also a good idea to add AAAA record for        <IPv6-address>

PTR record

A pointer record, or PTR record, maps an IP address to an FQDN. It’s the counterpart to the A record and is used for reverse DNS lookup.

Reverse resolution of IP address with PTR record can help with blocking spammers. Many MTAs accept email only if the server is really responsible for a certain domain. You should definitely set a PTR record for your email server so your emails have a better chance of landing in recipient’s inbox instead of spam folder.

To check the PTR record for an IP address, you can use the following command.

dig -x <IP> +short


host <IP>

Because you get IP address from your hosting provider, not from your domain registrar, so you must set PTR record for your IP address in your hosting provider’s control panel. If your server uses IPv6 address, then add PTR record for your IPv6 address as well.

After all of the above is done, let’s play with Postfix.

Installing Postfix

On your ubuntu server, run the following two commands.

sudo apt-get update

sudo apt-get install postfix -y

You will be asked to select a type for mail configuration. Normally, you will want to select the second type: Internet Site.

build your own email server with postfix

  • No configuration means the installation process will not configure any parameters.
  • Internet Site means using Postfix for sending emails to other MTAs and receiving email from other MTAs.
  • Internet with smarthost means using postfix to receive email from other MTAs, but using another smart host to relay emails to the recipient.
  • Satellite system means using smart host for sending and receiving email.
  • Local only means emails are transmitted only between local user accounts.

Next, enter your domain name for the system mail name, i.e. the domain name after @ symbol. For example, my email address is [email protected], so I entered for the system mail name. This domain name will be appended to addresses that doesn’t have a domain name specified.

build your own email server with postfix

Once installed, Postfix will be automatically started and a /etc/postfix/ file will be generated. Now we can check Postfix version with this command:

sudo postconf mail_version

On Ubuntu 16.04, the Postfix version is 3.1.0, and Ubuntu 18.04 ships with version 3.3.0.

mail_version = 3.3.0

The netstat utility tells us that the Postfix master process is listening on TCP port 25. (If your Ubuntu server doesn’t have the netstat command, you can run sudo apt install net-tools command to install it.)

sudo netstat -lnpt

build your own email server

Postfix ships with many binaries under the /usr/sbin/ directory, as can be seen with the following command.

dpkg -L postfix | grep /usr/sbin/



Open Port 25 in Firewall

Ubuntu doesn’t enable a firewall by default. If you have enabled the UFW firewall, you need to open port 25 with the following command, so Postfix can receive emails from other SMTP servers.

sudo ufw allow 25/tcp

Then we can use nmap to scan open ports on our server. Run the following command on a separate computer such as your personal computer. (I assume you are reading this tutorial on a Linux computer.) Replace your-server-ip with actual IP.

sudo nmap your-server-ip

build your own email server

You can see  from the above screenshot that TCP port 25 is open on my server.

nmap can be installed on Linux with one of the following commands, depending on your Linux distro.

sudo apt install nmap

sudo yum install nmap

sudo zypper install nmap

sudo pacman -S nmap

Checking If Port 25 (outbound) is blocked

Run the following command on your mail server to check if port 25 (outbound) is blocked.

telnet 25

If it’s not blocked, you would see messages like below, which indicates a connection is successfully established. (Hint: Type in quit and press Enter to close the connection.)

Connected to
Escape character is '^]'.
220 ESMTP y22si1641751pll.208 - gsmtp

If port 25 (outbound) is blocked, you would see something like:

Trying 2607:f8b0:400e:c06::1a...
telnet: Unable to connect to remote host: Connection timed out

In this case, your Postfix can’t send emails to other SMTP servers. Ask your ISP/hosting provider to open it for you. If they refuse your request, you need to set up SMTP relay to bypass port 25 blocking.

Sending Test Email

As a matter of fact, we can now send and receive email from the command line. If your Ubuntu server has a user account called user1, then the email address for this user is [email protected]. You can send an email to root user [email protected]. You can also send emails to Gmail, yahoo mail or any other email service.

When installing Postfix, a sendmail binary is placed at /usr/sbin/sendmail, which is compatible with the traditional Sendmail SMTP server. You can use Postfix’s sendmail binary to send a test email to your Gmail account like this:

echo "test email" | sendmail [email protected]

In this simple command, sendmail reads a message from standard input and make “test email” as the message body, then send this message to your Gmail account. You should be able to receive this test email in your Gmail inbox (or spam folder). You can see that although we didn’t specify the from address, Postfix automatically append a domain name for the from address. That’s because we added our domain name in system mail name when installing Postfix.

Also, you can try to reply to this test email to see if Postfix can receive email messages. It’s likely that emails sent from your domain are labeled as spam. Don’t worry, we will tackle it in part 3 of this tutorial series.

The inbox for each user is located at /var/spool/mail/<username> or /var/mail/<username> file. If you are unsure where to look for the inbox, use this command.

postconf mail_spool_directory

The Postfix mail log is stored at /var/log/mail.log.

Using the mail program to Send and Read Email

Now let’s install a command-line MUA (mail user agent).

sudo apt-get install mailutils

To send email, type

mail [email protected]
[email protected]:~$ mail [email protected]
Subject: 2nd test email
I'm sending this email using the mail program.

Enter the subject line and the body text. To tell mail that you have finished writing, press Ctrl+D and mail will send this email message for you.

To read incoming emails, just type mail.


Here’s how to use the mail program to manage your mailbox.

  • To read the first email message, type 1. If only parts of the message is displayed, press Enter to show the remaining part of the message.
  • To display message headers starting from message 1, type h.
  • To show the last screenful of messages, type h$ or z.
  • To read the next email message, type n.
  • To delete message 1, type d 1.
  • To delete message 1, 2 and 3, type d 1 2 3.
  • To delete messages from 1 to 10, type d 1-10.
  • To replay to message 1, type reply 1.
  • To exit out of mail, type q.

Messages that have been opened will be moved from /var/mail/<username> to /home/<username>/mbox file. That means other mail clients can’t read those messages. To prevent this from happening, type x instead of q to exit out of the mail.

How To Increase Attachment Size Limit

By default, the attachment cannot be larger than 10MB, which is indicated by the message_size_limit parameter.

postconf | grep message_size_limit


message_size_limit = 10240000

This parameter defines the size limit for emails originating from your own mail server and for emails coming to your mail server.

To allow attachment of 50MB in size, run the following command.

sudo postconf -e message_size_limit=52428800

When postconf command is invoked with the -e (edit) option, it will try to find the parameter (message_size_limit) in the Postfix main configuration file (/etc/postfix/ and change the value. If the parameter can’t be found, then it adds the parameter at the end of the file.

Note that the message_size_limit should not be larger than the mailbox_size_limit, whose default value is 51200000 bytes (about 48MB) in the upstream Postfix package. On Ubuntu, the default value is set to 0, as can be seen with

postconf | grep mailbox_size_limit


mailbox_size_limit = 0

This means that the mailbox has no size limit.

Restart Postfix for the changes to take effect.

sudo systemctl restart postfix

When sending an email with large attachments from your mail server, you should also beware of the receiving server’s attachment size limit. For example, You can not send an attachment larger than 25MB to a Gmail address.

Setting the Postfix Hostname

By default, Postfix SMTP server uses the OS’s hostname. However, the OS hostname might change, so it’s a good practice to set the hostname directly in Postfix configuration file. Open the Postfix main configuration file with a command line text editor, such as Nano.

sudo nano /etc/postfix/

Find the myhostname parameter and set as the value.

myhostname =

Save and close the file. (To save a file in Nano text editor, press Ctrl+O, then press Enter to confirm. To exit, press Ctrl+X.)  Restart Postfix for the change to take effect.

sudo systemctl restart postfix

Creating Email Alias

There are certain required aliases that you should configure when operating your mail server in a production environment. You can add email alias in the /etc/aliases file, which is a special Postfix lookup table file using a Sendmail-compatible format.

sudo nano /etc/aliases

By default, there are only two lines in this file.

# See man 5 aliases for format
postmaster: root

The first line is a comment. The second line is the only definition of an alias in this file. The left-hand side is the alias name. The right-hand side is the final destination of the email message. So emails for [email protected] will be delivered to [email protected]. The postmaster email address is required by RFC 2142.

Normally we don’t use the root email address. Instead, the postmaster can use a normal login name to access emails. So you can add the following line. Replace username with your real username.

root:   username

This way, emails for [email protected] will be delivered to [email protected].  Now you can save and close the file. Then rebuild the alias database with the newaliases command

sudo newaliases

Congrats! Now you have a basic Postfix email server up and running. You can send plain text emails and read incoming emails using the command line. In the next part of this tutorial series, we will see how to install Dovecot IMAP server and enable TLS encryption. Stay tuned!

Rate this tutorial
[Total: 51 Average: 4.3]

53 Responses to “Build Your Own Email Server on Ubuntu: Basic Postfix Setup

  • Great article…looking forward to the second part of it.

  • Joe Genshlea
    3 years ago

    I’m looking to setup postfix on ubuntu 16.04 to simply relay a message to the gmail smtp server. Will that be discussed?

  • Julio Cesar Sanders
    3 years ago

    Very good !!

  • Julian Çuni
    2 years ago

    Setting up and configuring a mail server is kind of hard and boring task to do. I just started to read this article and I found this at the very beginning – “Have you heard that Hillary Clinton uses her private email server? Hillary used it for her evil purposes.”
    I couldn’t agree more. Also I couldn’t resist the temptation to comment before reading it all.

  • In which config file ??? thats not clear here !
    Set up DNS Records for Your Mail Server
    MX record

    An MX record tells other MTAs that your mail server is responsible for email delivery for your domain.

    MX record @

    A common name for a mail host is You can specify more than one MX record and set priority for your mail servers. A lower number means higher priority.
    A record

    An A record maps a FQDN to an IP address.

  • James Young
    2 years ago

    I’m having a lot of difficulty setting up an email server, because in /var/log/mail.log I always get messages like this:

    Sep 12 17:35:30 instance-1 postfix/smtp[19741]: connect to[2607:f8b0:400c:c02::1b]:25: Network is unreachable
    Sep 12 17:35:33 instance-1 postfix/smtps/smtpd[19735]: disconnect from[x.x.x.x] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
    Sep 12 17:35:35 instance-1 dovecot: imap-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=, mpid=19743, TLS, session=
    Sep 12 17:36:00 instance-1 postfix/smtp[19741]: connect to[]:25: Connection timed out
    Sep 12 17:36:00 instance-1 postfix/smtp[19741]: connect to[2a00:1450:400c:c06::1a]:25: Network is unreachable
    Sep 12 17:36:00 instance-1 postfix/smtp[19741]: connect to[2a00:1450:400b:c01::1a]:25: Network is unreachable
    Sep 12 17:36:10 instance-1 dovecot: imap([email protected]): Logged out in=30633 out=1715

    As far as I know, I’ve got the setup alright. I use MySQL and have virtual domains and virtual users. It seems to work fine and the test commands all work out.

    But now I get to the point where I set up Outlook at home, and add my new IMAP account. mail.mysite:993 and mail.mysite:465. This adds the account and a message from Outlook is dropped in /var/mail/.

    But when I go to send email from Outlook, which should go to my server and get passed on, I keep getting blocked. It must be the port 25 it’s trying to reach another server on. I don’t know really, that’s my guess. I want the mail server to connect and e.g. deliver mail over SSL/TLS to the recipient email server on port 465 or 587. How do I get this working, so my mail server will accept mail from me and deliver it?

    I’ve googled for hours and I’m making absolutely no progress!

  • Much appreciated. Well written article.

  • Thank you for the great article explaining what goes into an end-to-end email server. I am using mine now on Ubuntu 18.10.

  • Great article. What would be useful too is how to set up specific email addresses to RECEIVE mail on the server. All the articles I’ve found deal with sending mail… which I can do, but when I try and send from gmail > myServer, I get “550 5.7.1 Relaying denied” email response ( ? )

  • Raymond Wu
    10 months ago

    Thank you for putting all these together. Very helpful!!!!!

  • Shibasis Patel
    6 months ago

    The first time I tried, it worked and I got a mail in my spam folder. The next time I tried, it didn’t send my email and said:

    1] Our system has detected an
        550-5.7.1 unusual rate of unsolicited mail originating from your IP
        address. To 550-5.7.1 protect our users from spam, mail sent from your IP
        address has been 550-5.7.1 blocked. Please visit 550-5.7.1 to review our 550
        5.7.1 Bulk Email Senders Guidelines. q2si5578154pgd.28 - gsmtp (in reply to
        end of DATA command)
    • It’s pretty clear that your IP address had been used to send spam (aka unsolicited commercial email).

      To solve this problem,

      First, stop spam from your server.

      Then, you can try sending email to your own Gmail account a few times to create good user engagement: If the email land into spam folder, mark it as not spam. You should send emails back and forth several times.

      After that, the Gmail rate limiting will gradually be relaxed and finally disappear.

      You can also set up SMTP relay so that Gmail cannot check your mail server’s IP address.

  • Auditor R.
    6 months ago

    Followed all the tutorial parts, everything is good and working.
    Learned a lot by doing from scratch. Big Thanks.
    Got one question. How can i add other domains, ex: [email protected], [email protected] ?

  • 5 star writing! Very clear and informative and plain language for understanding. One shot then started as smoothly as expected. Continue learning Part 2 and Part 3.

  • G.R.Regis
    5 months ago

    I’ve alway heard that setting up your own email server with postfix and dovecot was a terrible pain and it was just best to use something like iRedmail or Modoboa if you wanted to host your own. I’ve tried in the past using various tutorial and gave up used those other packages for a while. After being my go to for linux guides because they are always so easy to follow and just work, I decided to try Linuxbabe’s Postfix/Dovecot tutorial series (on Debian 10 instead) and it was a breeze. I highly recommend this entire series and any other tutorial on this site.

    • Hi G.R.Regis,

      Thanks for your comment.

      I just published a new tutorial showing how to create virtual mailboxes with PostfixAdmin, which is an open-source web-based interface to manage mail domains and users, so you can use Maildir format, easily create virtual users and aliases.

      • G.R.Regis
        3 months ago

        I’ve done that tutorial too now, and once again it worked nicely. I had a couple hiccups along the way, but that was probably because I was doing it in a Docker container so if I need to reinstall my server or migrate it, it’ll be easy to keep everything without have to deal with migrating databases.

  • Hello,
    Sorry for my bad English, I’m French and I use google translate.
    Super tutorial very well explained. Too bad he just use the Mbox format. Indeed, it is not very practical to have to create an account on the server for each email address without speaking that we can not, if I’m not mistaken, make aliases. (For example, to [email protected] and [email protected] in the container [email protected]).
    Do you want to follow this tutorial using the Maildir format?
    Otherwise, is it difficult to adapt this tutorial to switch to Maildir format and use MySQL to create postfix accounts?
    In any case, thank you again for this great tutorial!

  • itsmesri
    3 months ago

    IS this works for iRedmail server too? I think I need to implement this.

    • If you use iRedMail, then you don’t need to follow this tutorial. iRedMail is a shell script that automatically installs and configures mail server components for you.

      This tutorial series shows you how to manually set up a mail server.

    • I have already talked about SPF, DKIM, DMARC in the iRedMail tutorial. If you follow the instructions you are good to go.

      iRedMail ships with spam filters in the Postfix configuration file, so you don’t need to follow the blocking spam with Postfix tutorial.

  • Ken Wright
    2 months ago

    I’ve been following your instructions here, but I’d rather set up Postfix to use virtual users. Is there a way to do this?

  • Masood Arif
    2 months ago

    Hey my college assignment is to make email server i found this one but i’m confused that is it a GUI based email server or just terminal based, waiting for your kind response.

  • After installing dovecot-pop3d, what should I change in the configuration to work with the POP server as well?

    • First, edit main config file.

      sudo nano /etc/dovecot/dovecot.conf

      If you use POP3 to fetch emails, then also add POP3 protocol.

      protocols = imap pop3

      Save and close the file. Restart Dovecot.

      sudo systemctl restart dovecot

      Allow port 110 and 995 in firewall.

      sudo ufw allow 110,995/tcp
  • Hello thank you so much for this wonderful tutorial.
    I have challenges though,…
    I have setup a live website on the main domain ( In this tutorial you say that we use as the hostname for mail hosting. You also state that we should set the DNS at the hosting company. So far thankfully very clear. Except am confused because the DNS for is the same as DNS for This has made it really hard to figure things out because:
    1). The current hostname is while you said it should be
    QUESTION: Should I change the hostname from to
    2). Setting up TLS encryption has challenges because, again, it’s the same domain name.

    Further, I went ahead and created another server for mail hosting but again encryption won’t work because of share base domain but with a different IP address.

    Main question:
    How would you structure having a main domain name ( and wanting an email setup( Do they all go to the same server (eg Digital ocean droplet)?

    • If you set the hostname in the Postfix main configuration file (/etc/postfix/, then you don’t need to change the OS hostname.

      You can have multiple virtual host files in Apache or Nginx to host multiple domain names (, If you follow the instructions in the article, you should have no problem in enabling TLS encryption.

  • Jonathan
    2 months ago

    First page… it says hostnamectl set-hostname will set your machine hostname… and it does but, when I type hostname –long or hostname -f, all I get is Not, which was set by hostnamectl. I’ve confirmed it is set correctly by typing just hostname, by itself. Any idea why the –long or -f command wouldn’t work properly?

    • I don’t know, but you can set the hostname directly in Postfix, so the OS hostname won’t be used.

      sudo postconf

      Then restart Postfix.

      sudo systemctl restart postfix
    • Just check in the /etc/hosts file. Probably the order is backwards; it should read the fqdn first and then the local hostname on the line that has both. You can just switch them and save the file and it will be fine.

      • Jonathan
        4 weeks ago

        I went back to verify this when I got the email and I found this…       localhost       localhost.myotherdomaincom

        obviously I’ve substitued actual IPs for 254,253,252 but you can see that it’s still backwards. However, if I type hostname now, it comes up with… which is strange. I think it stopped returning the fqdn incorrectly when I edited my host file directly, adding

    • You should put the hostnames on the same line for the same IP address. localhost
  • Thanks for this Postfix-Dovecot guide. I have one remark and few problems;
    Remark: You used 2 different mail dir in this guide, one is var/mail and other is var/vmail so maybe you can review it.
    Main problem is that I cannot receive emails at all. Can send but cant receive. I have reinstalled postfix-dovecot but then other problems arose. Since this guide was giving me problems in receiving emails so I consulted another guide from: 

    Postfix log:

    22-02-20 17:35	server1	postfix/smtpd[30738]	connect from[]
    22-02-20 17:35	server1	dovecot	lmtp([email protected]): Error: quota: Failed to get quota resource STORAGE_BYTES for INBOX: quota-dict: dict_lookup(priv/quota/storage) failed: net_connect_unix(/var/run/dovecot/dict) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm: /var/run/dovecot/dict, we're not in group 8(mail), dir owned by 0:0 mode=0755) (reply took 0.000 secs (0.000 in dict wait, 0.000 in other ioloops, 0.000 in locks)) - copying mail anyway
    22-02-20 17:35	server1	dovecot	lmtp([email protected]): Error: lmtp-server: conn unix:pid=30745,uid=126 [1]: rcpt [email protected]: Mailbox INBOX: open(/var/mail/ failed: Permission denied
    22-02-20 17:35	server1	postfix/smtpd[30738]	Anonymous TLS connection established from[]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
    22-02-20 17:35	server1	postfix/trivial-rewrite[30742]	warning: do not list domain in BOTH mydestination and virtual_mailbox_domains
    22-02-20 17:35	server1	postfix/smtpd[30738]	1573B2214B7:[]
    22-02-20 17:35	server1	postfix/cleanup[30743]	1573B2214B7: message-id=
    22-02-20 17:35	server1	postfix/qmgr[30653]	1573B2214B7: from=, size=2782, nrcpt=1 (queue active)
    22-02-20 17:35	server1	postfix/trivial-rewrite[30742]	warning: do not list domain in BOTH mydestination and virtual_mailbox_domains
    22-02-20 17:35	server1	postfix/smtpd[30738]	disconnect from[] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
    22-02-20 17:35	server1	dovecot	lmtp(30746): Connect from local
    22-02-20 17:35	server1	dovecot	lmtp([email protected]): Error: quota: Failed to get quota resource STORAGE_BYTES for INBOX: quota-dict: dict_lookup(priv/quota/storage) failed: net_connect_unix(/var/run/dovecot/dict) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm: /var/run/dovecot/dict, we're not in group 8(mail), dir owned by 0:0 mode=0755) (reply took 0.000 secs (0.000 in dict wait, 0.000 in other ioloops, 0.000 in locks)) - copying mail anyway
    22-02-20 17:35	server1	dovecot	lmtp([email protected]): Error: lmtp-server: conn unix:pid=30745,uid=126 [1]: rcpt [email protected]: Mailbox INBOX: open(/var/mail/ failed: Permission denied
    22-02-20 17:35	server1	dovecot	lmtp([email protected]): msgid=: save failed to INBOX: Mailbox INBOX: open(/var/mail/ failed: Permission denied
    22-02-20 17:35	server1	dovecot	lmtp(30746): Disconnect from local: Client has quit the connection (state=READY)
    22-02-20 17:35	server1	postfix/lmtp[30745]	1573B2214B7: to=,[private/dovecot-lmtp], delay=0.06, delays=0.02/0.01/0.02/0, dsn=4.2.0, status=deferred (host[private/dovecot-lmtp] said: 451 4.2.0  Internal error occurred. Refer to server log for more information. [2020-02-22 17:35:09] (in reply to end of DATA command))
    22-02-20 17:35	server1	dovecot	pop3-login: Login: user=, method=PLAIN, rip=, lip=, mpid=30752, TLS, session=
    22-02-20 17:35	server1	dovecot	pop3([email protected]): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0

    I have checked thru different tools and my DNS records are good including spf, DMARC.
    I will certainly buy you cappuccino for your hints. THANKS.

    • In part 2, I used /var/mail directory for canonical domain. Part 3 is for virtual mailbox domains and I said that you need to change the mail_location to use /var/vmail/. So there’s no problem at all.

      You can’t have a domain that’s both a canonical domain and a virtual mailbox domain. In part 3, I said you should delete the apex domain name from the Postfix mydestination parameter. You didn’t delete it, so Postfix gave you a warning.

      warning: do not list domain in BOTH mydestination and virtual_mailbox_domains

      Your vmail account doesn’t have read permission on /var/run/dovecot/dict, so that’s another problem.

      Do not mix mail server tutorials from different websites.

      Hope this helps.

  • Thanks for your reply. Indeed you are right and I did not see correctly. You did mention about vmail and mail folder and the apex domain. Actually I did not install all this in one sitting that is why things got misplaced and mixed up. Last night I have corrected all the other mistakes and now I have one problem remain that I cannot receive email and get this message.

     23-02-20 11:23 server1	dovecot	lmtp([email protected]): msgid=: save failed to INBOX: Mailbox INBOX: open(/var/mail/ failed: Permission denied 

    I dont know what is wrong because there is no more info in the logs anywhere.
    Do you have a hint or a direction where to search for the problem?

    • I think you need to use /var/vmail/ as the mailbox base directory. In /etc/postfix/ file, check the value of virtual_mailbox_base parameter. In my tutorial, it’s set to

      virtual_mailbox_base = /var/vmail

      Also, check the mail_location parameter in /etc/dovecot/conf.d/10-mail.conf file. It should be set to:

      mail_location = maildir:/var/vmail/%d/%n
  • Thanks but I purged postfix and dovecot and now I begin from only your guide again. This time I will not consult anything else.
    Postfixadmin is working without errors so I kept it. I hope things workout this time. Thanks again for your second reply.

  • Ok I have installed and configured everything according to your guide and this is the main error. rest is Ok. Log sonly give the following

     143FB220927: to=, relay=virtual, delay=2118, delays=2118/0.03/0/0.01, dsn=4.2.0, status=deferred (maildir delivery failed: create maildir file /var/mail/ Permission denied) 

    Now I have no idea why this maildir is giving the headache.
    Something is wrong with 10-mail.conf. mail_location line. I have used everywhere /var/mail and dropped all the vmail.

  • Ha ha… last …Just wanted to let you know that it worked out with var/vmail and everything is running as it should be. Var/mail never worked out for me no matter how much I tried.
    So I thank you deeply on this guide because I have now a working dkim and dmarc and gmail says that the mails are authenticated.
    So I owe you that cappuccino for a very good guide. I guess best on the internet so far.
    Have a nice day !!!

  • – This series of articles are EXCELLENT for anyone who want or need to have a dedicated email server.

    – Thank You so much for this great content.

  • hi Xiao,

    I am new to the idea of email server setup I wanted to understand the logic to create a FQDN
    i have a ubuntu machine with machine name as mb and my domain from go daddy is
    then what should be my FQDN or or

    please help me in understanding the actual logic for FQDN.

    • An FQDN is a hostname plus your apex domain name. A common FQDN for mail server is When you change the FQDN, your hostname also changes. It couldn’t be simpler.

  • Once again, this really is a fantastic series – thank you so much. I’m very close to having a great email server – getting an almost perfect score on My struggle is the PTR record for reverse DNS. I’m using AWS for everything. My mail server is an EC2 instance, with a public IP and also a public domain assigned by AWS (, where the Xs represent the IP address). Currently, mail-tester reports the following:

    Your IP address XX.XXX.XX.XX is associated with the domain
    Nevertheless your message appears to be sent from

    (I’ve changed my domain and IP address).

    So far, I’ve created a PTR record as described here:

    I’ve also had a little play with a CNAME record.

    If anyone has any tips that would be greatly appreciated. Many thanks in advance.

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community ( for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.