Build Your Own Email Server on Ubuntu: Basic Postfix Setup

Why build your own email server? Have you heard that Hillary Clinton uses her private email server? Hillary used it for her evil purposes. But building your own, private email server can help protect your privacy because only you, the server admin, have access to the emails stored on the server. On the other hand, building your own email server can be a pain in the butt because there are so many details to which you need to pay attention.

So I’m creating a tutorial series on how to build your own email server to ease things a little bit. This tutorial series is divided into 5 parts:

  1. Setting up a basic Postfix SMTP server
  2. Set up Dovecot IMAP server and TLS encryption
  3. Creating SPF and DKIM record to get through spam filters
  4. Setting up DMARC to protect your domain reputation
  5. Blocking email spams with Postfix

This article is part 1 of this tutorial series. In this article, I will show you how to set up a very basic Postfix SMTP server, also known as a MTA (message transport agent). Once you finish this article, you should be able to send and receive emails with your own email domain on your own email server. This tutorial is tested on Ubuntu 18.04 and 16.04 server.

About Postfix

Postfix is a state-of-the-art message transport agent (MTA), aka SMTP server, which serves two purposes.

  • It’s responsible for transporting email messages from a mail client/mail user agent (MUA) to a remote SMTP server.
  • It’s also used to accept emails from other SMTP servers.

Postfix was built by Wietse Venema who is an Unix expert. It’s designed with security and modularity in mind, with each module running at the lowest possible privilege level required to get the job done. Postfix integrates tightly with Unix/Linux and does not provide functionalities that Unix/Linux already provides. In this tutorial, you will learn how to configure Postfix for a single domain.

Prerequisites

In order to send emails from your server, port 25 (outbound) must be open. Many ISPs and hosting providers such as DigitalOcean block port 25 to control spam and they would not unblock it. I recommend using Hostwinds VPS (vritual private server), because it doesn’t block port 25 (outbound), so you can send unlimited emails with no extra cost. Before you buy a VPS, you can ask them if port 25 is blocked. Here’s a transcript of a live chat with hostwinds.

hostwinds live chat transcript

Once you have a hostwinds server, install Ubuntu on it and follow the instructions below.

You also need a domain name. I registered my domain name from NameCheap because the price is low and they give you whois privacy protection free for life.

Things To Do Before Installing Postfix

To make Postfix perform better and get the most out of Postfix, you need to properly set up your Ubuntu server.

Set A Correct Hostname for Ubuntu Server

By default, Postfix uses your server’s hostname to identify itself when communicating with other MTAs. Hostname can have two forms: a single word and FQDN.

The single word form is used mostly on personal computers. Your Linux home computer might be named linux, debian, ubuntu etc. FQDN (Fully Qualified Domain Name) is commonly used on Internet-facing servers and we should use FQDN on our mail servers. It consists of two parts: a node name and a domain name. For example:

mail.linuxbabe.com

is a FQDN. mail is the nodename, linuxbabe.com is the domain name. FQDN will appear in the smtpd banner. Some MTAs reject message if your Postfix does not provide FQDN in smtpd banner. Some MTAs even query DNS to see if FQDN in the smtpd banner resolves to the IP of your mail server.

Enter the following command to see the FQDN form of your hostname.

hostname -f

If your Ubuntu server doesn’t have a FQDN yet, you can use hostnamectl to set one.

sudo hostnamectl set-hostname your-fqdn

A common FQDN for mail server is mail.yourdomain.com. You need to log out and log back in to see this change at the command prompt. Also note that FQDN can be overridden by Postfix with myhostname parameter in Postfix configuration file, but Let’s not worry about this parameter right now.

Set Up DNS Records for Your Mail Server

You need to go to your DNS hosting service (usually your domain registrar) to set up DNS records

MX record

An MX record tells other MTAs that your mail server mail.yourdomain.com is responsible for email delivery for your domain name.

MX record    @           mail.linuxbabe.com

A common name for the MX host is mail.yourdomain.com. You can specify more than one MX record and set priority for your mail servers. A lower number means higher priority. Here we only use one MX record and set 0 as the priority value. (0 – 65355)

A record

An A record maps a FQDN to an IP address.

mail.linuxbabe.com        <IP-address>

AAAA record

If your server uses IPv6 address, it’s also a good idea to add AAAA record for mail.yourdomain.com.

mail.linuxbabe.com        <IPv6-address>

PTR record

A pointer record, or PTR record, maps an IP address to a FQDN. It’s the counterpart to the A record and is used for reverse DNS lookup.

Reverse resolution of IP address with PTR record can help with blocking spammers. Many MTAs accept email only if the server is really responsible for a certain domain. You should definitely set a PTR record for your email server so your emails have a better chance of landing in recipient’s inbox instead of spam folder.

To check the PTR record for an IP address, you can use the following command.

dig -x <IP> +short

or

host <IP>

Because you get IP address from your hosting provider, not from your domain registrar, so you must set PTR record for your IP address in your hosting provider’s control panel. If your server uses IPv6 address, then add PTR record for your IPv6 address as well.

After all of the above is done, let’s play with Postfix.

Installing Postfix

On your ubuntu server, run the following two commands.

sudo apt-get update

sudo apt-get install postfix -y

You will be asked to select a type for mail configuration. Normally, you will want to select the second type: Internet Site.

build your own email server with postfix

  • No configuration means the installation process will not configure any parameters.
  • Internet Site means using Postfix for sending email to other MTAs and receiving email from other MTAs.
  • Internet with smarthost means using postfix to receive email from other MTAs, but using another smart host to relay emails to the recipient.
  • Satellite system means using smart host for sending and receiving email.
  • Local only means emails are transmitted only between local user accounts.

Next, enter your domain name for the system mail name, i.e. the domain name after @ symbol. For example, my email address is [email protected], so I entered linuxbabe.com for the system mail name. This domain name will be appended to addresses that doesn’t have domain name specified.

build your own email server with postfix

Once installed, Postfix will be automatically started and a /etc/postfix/main.cf file will be generated. Now we can check Postfix version with this command:

sudo postconf mail_version

On Ubuntu 16.04, the Postfix version is 3.1.0, and Ubuntu 18.04 ships with version 3.3.0.

mail_version = 3.3.0

The netstat utility tells us that the Postfix master process is listening on TCP port 25. (If your Ubuntu server doesn’t have the netstat command, you can run sudo apt install net-tools command to install it.)

sudo netstat -lnpt

build your own email server

Open Port 25 in Firewall

Ubuntu doesn’t enable firewall by default. If you have enabled the UFW firewall, you need to open port 25 with the following command, so Postfix can receive emails from other SMTP servers.

sudo ufw allow 25/tcp

Then we can use nmap to scan open ports on our server. Run the following command on a separate computer such as your personal computer. (I assume you are reading this tutorial on a Linux computer.) Replace your-server-ip with actual IP.

sudo nmap your-server-ip

build your own email server

You can see  from the above screenshot that TCP port 25 is open on my server.

nmap can be installed on Linux with one of the following commands, depending on your Linux distro.

sudo apt install nmap

sudo yum install nmap

sudo zypper install nmap

sudo pacman -S nmap

Checking If Port 25 (outbound) is blocked

Run the following command on your mail server to check if port 25 (outbound) is blocked.

telnet gmail-smtp-in.l.google.com 25

If it’s not blocked, you would see messages like below, which indicates a connection is successfully established. (Hint: Type in quit and press Enter to close the connection.)

Trying 74.125.68.26...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP y22si1641751pll.208 - gsmtp

If port 25 (outbound) is blocked, you would see something like:

Trying 2607:f8b0:400e:c06::1a...
Trying 74.125.195.27...
telnet: Unable to connect to remote host: Connection timed out

In this case, your Postfix can’t send emails to other SMTP servers. Ask your ISP/hosting provider to open it for you. If they refuse your request, you need to set up SMTP relay to bypass port 25 blocking.

Sending Test Email

As a matter of fact, we can now send and receive email from the command line. If your Ubuntu server has a user account called user1, then the email address for this user is [email protected]. You can send an email to root user [email protected]. You can also send emails to Gmail, yahoo mail or any other email service.

When installing Postfix, a sendmail binary is put at /usr/sbin/sendmail.  You can use Postfix’s sendmail binary to send a test email to your Gmail account like this:

echo "test email" | sendmail [email protected]

In this simple command, sendmail reads a message from standard input and make “test email” as the message body, then send this message to your Gmail account. You should be able to receive this test email in your Gmail inbox (or spam folder). You can see that although we didn’t specify the from address, Postfix automatically append a domain name for the from address. That’s because we added our domain name in system mail name when installing Postfix.

Also you can try to reply to this test email to see if Postfix can receive email messages. It’s likely that emails sent from your domain are labeled as spam. Don’t worry, we will tackle it in part 3 of this tutorial series.

The inbox for each user is located at /var/spool/mail/<username> or /var/mail/<username> file. If you are unsure where to look for the inbox, use this command.

postconf mail_spool_directory

The Postfix mail log is stored at /var/log/mail.log.

Using the mail program to Send and Read Email

Now let’s install a command line MUA (mail user agent).

sudo apt-get install mailutils

To send email, type

mail [email protected]
[email protected]:~$ mail [email protected]
Cc: 
Subject: 2nd test email
I'm sending this email using the mail program.

Enter subject line and the body text. To tell mail that you have finished writing, press Ctrl+D and mail will send this email message for you.

To read incoming emails, just type mail.

mail

Here’s how to use the mail program to manage your mailbox.

  • To read the first email message, type 1. If only parts of the message is displayed, press Enter to show the remaining part of the message.
  • To display message headers starting from message 1, type h.
  • To show the last screenful of messages, type h$ or z.
  • To read the next email message, type n.
  • To delete message 1, type d 1.
  • To delete message 1, 2 and 3, type d 1 2 3.
  • To delete messages from 1 to 10, type d 1-10.
  • To replay to message 1, type reply 1.
  • To exit out of mail, type q.

Messages that have been opened will be moved from /var/mail/<username> to /home/<username>/mbox file. That means other mail clients can’t read those messages. To prevent this from happening, type x instead of q to exit out of mail.

How To Increase Attachment Size Limit

By default, the attachment cannot be larger than 10MB, which is indicated by the message_size_limit parameter.

postconf | grep message_size_limit

Output:

message_size_limit = 10240000

To allow attachment of 50MB in size, run the following command.

sudo postconf -e message_size_limit=52428800

When postconf command is invoked with the -e (edit) option, it will try to find the parameter (message_size_limit) in the Postfix main configuration file (/etc/postfix/main.cf) and change the value. If the parameter can’t be found, then it adds the parameter at the end of the file.

Note that the message_size_limit should not be larger than the mailbox_size_limit, whose default value is 51200000 bytes (about 48MB), as can be seen with:

postconf | grep mailbox_size_limit

Use postconf command to increase the value.

sudo postconf -e message_size_limit=52428800

Restart Postfix for the changes to take effect.

sudo systemctl restart postfix

Bonus Tip: Setting up Postfix as a Forward Only Mail Host

If you want your email server to forward every incoming email to another email service like Gmail. Then you can achieve that by creating a .forward file in the user’s home directory.

nano ~/.forward

and add an email address in the file.

[email protected]

postfix forward only setup

Save and close the file. That’s all you have to do.

Congrats! Now you have a basic Postfix email server up and running. You can send plain text email and read incoming emails using the command line. This setup also enables a website to send email messages such as password reset email to users. In the next part of this tutorial series, we will see how to install Dovecot IMAP server and enable TLS encryption. Stay tuned!

Rate this tutorial
[Total: 46 Average: 4.2]

21 Responses to “Build Your Own Email Server on Ubuntu: Basic Postfix Setup

  • Great article…looking forward to the second part of it.

  • Joe Genshlea
    3 years ago

    I’m looking to setup postfix on ubuntu 16.04 to simply relay a message to the gmail smtp server. Will that be discussed?

  • Julio Cesar Sanders
    3 years ago

    Very good !!

  • Julian Çuni
    1 year ago

    Setting up and configuring a mail server is kind of hard and boring task to do. I just started to read this article and I found this at the very beginning – “Have you heard that Hillary Clinton uses her private email server? Hillary used it for her evil purposes.”
    I couldn’t agree more. Also I couldn’t resist the temptation to comment before reading it all.

  • In which config file ??? thats not clear here !
    Set up DNS Records for Your Mail Server
    MX record

    An MX record tells other MTAs that your mail server mail.yourdomain.com is responsible for email delivery for your domain.

    MX record @ mail.linuxbabe.com

    A common name for a mail host is mail.yourdomain.com. You can specify more than one MX record and set priority for your mail servers. A lower number means higher priority.
    A record

    An A record maps a FQDN to an IP address.

    mail.linuxbabe.com

  • James Young
    1 year ago

    I’m having a lot of difficulty setting up an email server, because in /var/log/mail.log I always get messages like this:

    Sep 12 17:35:30 instance-1 postfix/smtp[19741]: connect to aspmx.l.google.com[2607:f8b0:400c:c02::1b]:25: Network is unreachable
    Sep 12 17:35:33 instance-1 postfix/smtps/smtpd[19735]: disconnect from x.x.x.x.isp.au[x.x.x.x] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
    Sep 12 17:35:35 instance-1 dovecot: imap-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=10.142.0.2, mpid=19743, TLS, session=
    Sep 12 17:36:00 instance-1 postfix/smtp[19741]: connect to aspmx.l.google.com[74.125.31.27]:25: Connection timed out
    Sep 12 17:36:00 instance-1 postfix/smtp[19741]: connect to alt2.aspmx.l.google.com[2a00:1450:400c:c06::1a]:25: Network is unreachable
    Sep 12 17:36:00 instance-1 postfix/smtp[19741]: connect to alt1.aspmx.l.google.com[2a00:1450:400b:c01::1a]:25: Network is unreachable
    Sep 12 17:36:10 instance-1 dovecot: imap([email protected]): Logged out in=30633 out=1715
    

    As far as I know, I’ve got the setup alright. I use MySQL and have virtual domains and virtual users. It seems to work fine and the test commands all work out.

    But now I get to the point where I set up Outlook at home, and add my new IMAP account. mail.mysite:993 and mail.mysite:465. This adds the account and a message from Outlook is dropped in /var/mail/.

    But when I go to send email from Outlook, which should go to my server and get passed on, I keep getting blocked. It must be the port 25 it’s trying to reach another server on. I don’t know really, that’s my guess. I want the mail server to connect and e.g. deliver mail over SSL/TLS to the recipient email server on port 465 or 587. How do I get this working, so my mail server will accept mail from me and deliver it?

    I’ve googled for hours and I’m making absolutely no progress!

  • Much appreciated. Well written article.

  • Brandon
    1 year ago

    This article would rate better if it did not include unrelated and unfounded commentary.

  • Thank you for the great article explaining what goes into an end-to-end email server. I am using mine now on Ubuntu 18.10.

  • Love the intro. Well founded if you’re not brain dead.

  • Great article. What would be useful too is how to set up specific email addresses to RECEIVE mail on the server. All the articles I’ve found deal with sending mail… which I can do, but when I try and send from gmail > myServer, I get “550 5.7.1 Relaying denied” email response ( ? )

  • Raymond Wu
    6 months ago

    Thank you for putting all these together. Very helpful!!!!!

  • Shibasis Patel
    2 months ago

    The first time I tried, it worked and I got a mail in my spam folder. The next time I tried, it didn’t send my email and said:

    1] Our system has detected an
        550-5.7.1 unusual rate of unsolicited mail originating from your IP
        address. To 550-5.7.1 protect our users from spam, mail sent from your IP
        address has been 550-5.7.1 blocked. Please visit 550-5.7.1
        https://support.google.com/mail/?p=UnsolicitedIPError to review our 550
        5.7.1 Bulk Email Senders Guidelines. q2si5578154pgd.28 - gsmtp (in reply to
        end of DATA command)
    
  • Auditor R.
    1 month ago

    Followed all the tutorial parts, everything is good and working.
    Learned a lot by doing from scratch. Big Thanks.
    Got one question. How can i add other domains, ex: [email protected], [email protected] ?

  • torvan
    6 days ago

    5 star writing! Very clear and informative and plain language for understanding. One shot then started as smoothly as expected. Continue learning Part 2 and Part 3.

  • G.R.Regis
    4 days ago

    I’ve alway heard that setting up your own email server with postfix and dovecot was a terrible pain and it was just best to use something like iRedmail or Modoba if you wanted to host your own. I’ve tried in the past using various tutorial and gave up used those other packages for a while. After being my go to for linux guides because they are always so easy to follow and just work, I decided to try Linuxbabe’s Postfix/Dovecot tutorial series (on Debian 10 instead) and it was a breeze. I highly recommend this entire series and any other tutorial on this site.

  • Nathaly
    2 hours ago

    Hello,
    Sorry for my bad English, I’m French and I use google translate.
    Super tutorial very well explained. Too bad he just use the Mbox format. Indeed, it is not very practical to have to create an account on the server for each email address without speaking that we can not, if I’m not mistaken, make aliases. (For example, to [email protected] and [email protected] in the container [email protected]).
    Do you want to follow this tutorial using the Maildir format?
    Otherwise, is it difficult to adapt this tutorial to switch to Maildir format and use MySQL to create postfix accounts?
    In any case, thank you again for this great tutorial!

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • If you ask me more than 5 questions, I expect you to make a donation, or I would stop answering your questions.