Run Your Own Email Server on CentOS 8/RHEL 8 – Postfix SMTP Server

Why run your own email server? Perhaps you have a website, which needs to send emails to users, or maybe you want to store your emails on your own server to protect your privacy. However, building your own email server from scratch can be a pain in the butt because there are so many software components you need to install and configure properly. To make this journey easy for you, I’m creating a tutorial series on how to build your own email server on CentOS 8/RHEL 8.

Run Your Own Email Server on CentOS – Postfix SMTP Server

I’m confident to say that this is the best and most comprehensive tutorial series about building an email server from scratch on the Internet. Not only will you have a working email server, but also you will have a much better understanding of how email works. This tutorial series is divided into 14 parts:

  1. Setting up a basic Postfix SMTP server
  2. Set up Dovecot IMAP server and TLS encryption
  3. Create Virtual Mailboxes with PostfixAdmin
  4. Creating SPF and DKIM record to get through spam filters
  5. Setting up DMARC to protect your domain reputation
  6. How to Stop Your Emails From Being Marked as Spam
  7. How to Host Multiple Mail Domains in PostfixAdmin
  8. Blocking Email Spam with Postfix
  9. Blocking Email Spam with SpamAssassin
  10. Setting Up Amavis and ClamAV to Check Viruses in Email Messages
  11. How to Secure Email Server Against Hacking with Self-hosted VPN Server
  12. How to Bypass Email Blacklists
  13. (optional) Enable and Configure Postscreen in Postfix to Block Spambots
  14. 🔥 Automatic IP and Domain Warm-up For Your Email Server

I know this seems to be a very daunting task. However, based on what you want to achieve, you might not need to follow all of them. My articles are easy to follow, so if you dedicate some time to it, you will have a working email server.

Hint: If you don’t want to build an email server from scratch, which is a long and tedious process, you can use Scalahosting managed VPS to set up a full-featured mail server quickly and easily.

This article is part 1 of this tutorial series. In this article, I will show you how to set up a basic Postfix SMTP server, also known as an MTA (message transport agent). Once you finish this article, you should be able to send and receive emails with your own email domain on your own email server.

About Postfix

Postfix is a state-of-the-art message transport agent (MTA), aka SMTP server, which serves two purposes.

  • It’s responsible for transporting email messages from a mail client/mail user agent (MUA) to a remote SMTP server.
  • It’s also used to accept emails from other SMTP servers.

Postfix was built by Wietse Venema who is a Unix and security expert. It’s easy to use, designed with security and modularity in mind, with each module running at the lowest possible privilege level required to get the job done. Postfix integrates tightly with Unix/Linux and does not provide functionalities that Unix/Linux already provides. It’s reliable in both simple and stressful conditions.

Postfix was originally designed as a replacement for Sendmail – the traditional SMTP server on Unix. In comparison, Postfix is more secure and easier to configure. It is compatible with Sendmail, so if you uninstall Sendmail and replace it with Postfix, your existing scripts and programs will continue to work seamlessly.

In this tutorial, you will learn how to configure Postfix for a single domain.

Choosing the Right Hosting Provider

It’s not an easy task to find a VPS (Virtual Private Server) provider suitable for email hosting. Many hosting companies like DigitalOcean blocks port 25. DigitalOcean would not unblock port 25, so you will need to set up SMTP relay to bypass blocking, which can cost you additional money. If you use Vultr VPS, then port 25 is blocked by default. They can unblock it if you open a support ticket, but they may block it again at any time if they decide your email sending activity is not allowed. Vultr actually may re-block it if you use their servers to send newsletters.

Another problem is that big well-known hosting providers like DigitalOcean or Vultr are abused by spammers. Often the server IP address is on several blacklists. Vultr has some entire IP ranges blacklisted.

Kamatera VPS is a very good option to run a mail server because

  • They don’t block port 25.
  • The IP address isn’t on any email blacklist. (At least this is true in my case. I chose the Dallas data center.) You definitely don’t want to be listed on the dreaded Microsoft Outlook IP blacklist or the SpamRats blacklist. Some blacklists block an entire IP range and you have no way to delist your IP address from this kind of blacklists.
  • You can edit PTR record to improve email deliverability.
  • They allow you to send newsletters to your email subscribers with no hourly limits or daily limit, whatsoever. Note that you are not allowed to send spam, also known as unsolicited bulk email. If the recipient doesn’t explicitly give you permission to send emails, and you send emails to them, that’s unsolicited email.
  • You can order multiple IP addresses for a single server. This is very useful for folks who need to send a large volume of emails. You can spread email traffic on multiple IP addresses to achieve better email deliverability.

I recommend following the tutorial linked below to properly set up a Linux VPS server on Kamatera.

You also need a domain name. I registered my domain name from NameCheap because the price is low and they give you whois privacy protection free for life.

Things To Do Before Installing Postfix

To make Postfix perform better and get the most out of Postfix, you need to properly set up your CentOS 8/RHEL 8 Server.

Set A Correct Hostname for CentOS 8/RHEL 8 Server

By default, Postfix uses your server’s hostname to identify itself when communicating with other MTAs. Hostname can have two forms:

  • a single word
  • FQDN

The single word form is used mostly on personal computers. Your Linux home computer might be named linux, debian, ubuntu etc. FQDN (Fully Qualified Domain Name) is commonly used on Internet-facing servers and we should use FQDN on our mail servers. It consists of two parts: a node name and a domain name. For example:

mail.linuxbabe.com

is an FQDN. mail is the nodename, linuxbabe.com is the domain name. FQDN will appear in the smtpd banner. Some MTAs will reject your emails if your Postfix does not provide FQDN in smtpd banner. Some MTAs even query DNS to see if FQDN in the smtpd banner resolves to the IP of your mail server.

Enter the following command to see the FQDN form of your hostname.

hostname -f

If your CentOS 8/RHEL 8 server doesn’t have an FQDN yet, you can use hostnamectl to set one.

sudo hostnamectl set-hostname mail.yourdomain.com

A common FQDN for mail server is mail.yourdomain.com. You need to log out and log back in to see this change at the command prompt.

Create DNS Records for Your Mail Server

You need to go to your DNS hosting service (usually your domain registrar like NameCheap) to create DNS records.

MX record

An MX record tells other MTAs that your mail server mail.yourdomain.com is responsible for email delivery for your domain name.

MX record    @           mail.linuxbabe.com

A common name for the MX host is mail.yourdomain.com. You can specify more than one MX record and set priority for your mail servers. A lower number means higher priority. Here we only use one MX record and set 0 as the priority value. (0 – 65355)

Note that when you create the MX record, you should enter @ or your apex domain name in the name field like below. An apex domain name is a domain name without any sub-domain.

email server MX record

A record

An A record maps an FQDN to an IP address.

mail.linuxbabe.com        <IP-address>

AAAA record

If your server has a public IPv6 address, it’s also a good idea to add AAAA record for mail.yourdomain.com.

mail.linuxbabe.com        <IPv6-address>

Hint: If you use Cloudflare DNS service, you should not enable the CDN feature when creating A and AAAA record for mail.your-domain.com. Cloudflare does not support SMTP proxy.

PTR record

A pointer record, or PTR record, maps an IP address to an FQDN. It’s the counterpart to the A record and is used for reverse DNS (rDNS) lookup.

Reverse resolution of IP address with PTR record can help with blocking spammers. Many MTAs accept email only if the server is really responsible for a certain domain. You should definitely set a PTR record for your email server so your emails have a better chance of landing in the recipient’s inbox instead of the spam folder.

To check the PTR record for an IP address, you can use the following command.

dig -x <IP> +short

or

host <IP>

PTR record isn’t managed by your domain registrar. It’s managed by the person who gives you an IP address. Because you get IP address from your hosting provider, not from your domain registrar, so you must set PTR record for your IP address in your hosting provider’s control panel. Its value should be your mail server’s hostname: mail.your-domain.com. If your server uses IPv6 address, then add a PTR record for your IPv6 address as well.

To edit the reverse DNS record for your Kamatera VPS, log into the Kamatera client area, then open a support ticket and tell them to add PTR record for your server IP addresss to point the IP address to mail.your-domain.com. It’s not convenient, you might think, but this is to keep spammers away from the platform, so legitimate email senders like us will have a great IP reputation.

After all of the above is done, let’s play with Postfix.

Installing Postfix

On your CentOS 8/RHEL 8 server, run the following two commands.

sudo dnf update

sudo dnf install postfix -y

Once it’s installed, start Postfix SMTP server.

sudo systemctl start postfix

And enable auto-start at boot time.

sudo systemctl enable postfix

Now you can check its status with:

systemctl status postfix

centos postfix

As you can see, Postfix is now active (running) and auto-start at boot time is enabled. You can check Postfix version with this command:

postconf mail_version

CentOS 8/RHEL 8 ships with Postfix v3.3.1.

mail_version = 3.3.1

Postfix ships with many binaries under the /usr/sbin/ directory, as can be seen with the following command.

rpm -ql postfix | grep /usr/sbin/

Output:

/usr/sbin/postalias
/usr/sbin/postcat
/usr/sbin/postconf
/usr/sbin/postdrop
/usr/sbin/postfix
/usr/sbin/postkick
/usr/sbin/postlock
/usr/sbin/postlog
/usr/sbin/postmap
/usr/sbin/postmulti
/usr/sbin/postqueue
/usr/sbin/postsuper
/usr/sbin/sendmail
/usr/sbin/sendmail.postfix
/usr/sbin/smtp-sink
/usr/sbin/smtp-source

The ss utility (socket statistics) tells us that the Postfix master process is listening on TCP port 25 of the localhost. (If your CentOS 8/RHEL 8 server doesn’t have the ss command, you can run sudo dnf install iproute command to install it.)

sudo ss -lnpt | grep master

centos8-mail-server

Configuring Postfix

Listening on the public IP address

We can also use the following command to see which interface Postfix is listening on. Postconf is a Postfix configuration utility that can display the value of parameters in Postfix main configuration file (/etc/postfix/main.cf).

postconf inet_interfaces

Output:

inet_interfaces = localhost

We need to run the following command to configure Postfix to listen on the public IP address so it will be able to receive emails from other SMTP servers. The -e option enables postconf to edit the Postfix main configuration file.

sudo postconf -e "inet_interfaces = all"

Setting the Postfix hostname

By default, Postfix SMTP server uses the OS’s hostname. You can display the current Postfix hostname with the following command.

postconf myhostname

Postfix uses this hostname to identify itself when communicating with other SMTP server. However, the OS hostname might change, so it’s a good practice to set the hostname directly in Postfix configuration file with the following command.

sudo postconf -e "myhostname = mail.yourdomain.com"

Note: It’s not recommended to use the apex domain yourdomain.com as myhostname. Technically you can use the apex domain, but it will create problems in later parts of this tutorial series.

Setting $mydomain Parameter

The $mydomain parameter specifies the local internet domain name. The default is to use $myhostname minus the first component. You can display the current value of $mydomain with:

postconf mydomain

It should be your apex domain name, like

linuxbabe.com

If it’s not displaying your apex domain name, then set the $mydomain parameter with:

sudo postconf -e "mydomain = yourdomain.com"

Setting $myorigin Parameter

The $myorigin parameter specifies the default domain name that will be appended to sender and recipient addresses that have no @domain part. The default is to use the value of $myhostname, as can be seen with:

postconf myorigin

Output:

myorigin = $myhostname

You need to change its value to yourdomain.com, so a sender on your mail server will have @yourdomain.com address.

sudo postconf -e "myorigin = yourdomain.com"

Setting $mydestination Parameter

The $mydestination parameter specifies the list of domains that your server considers itself the final destination for. You can display the current value of $mydestination with:

postconf mydestination

Output

mydestination = $myhostname, localhost.$mydomain, localhost

The default value allows your Postfix SMTP server to receive emails coming for [email protected], [email protected] and someone@localhost, but it won’t allow you Postfix SMTP server to receive emails coming for [email protected]. In order to achieve that, add yourdomain.com to the list of domains.

sudo postconf -e "mydestination = yourdomain.com, \$myhostname, localhost.\$mydomain, localhost"

Restarting Postfix

Finally, we need to restart Postfix for the changes to take effect.

sudo systemctl restart postfix

Open TCP Port 25 (inbound) in Firewall

The inbound TCP port 25 needs to be open, so Postfix can receive emails from other SMTP servers. Run the following commands to open the inbound TCP port 25.

sudo firewall-cmd --permanent --add-port=25/tcp

sudo systemctl reload firewalld

If your CentOS server doesn’t have the firewall-cmd command, then you need to install FirewallD beforehand.

sudo dnf install firewalld

sudo systemctl start firewalld

sudo systemctl enable firewalld

Then we can scan open ports on the mail server with an online port scanner. Enter your mail server’s public IP address and select scan all common ports.

build your own email server ubuntu

You can see from the above screenshot that TCP port 25 is open on my mail server.

Checking If Port 25 (outbound) is blocked

The outbound TCP port 25 needs to be open, so Postfix can send emails to other SMTP servers. The outbound TCP port 25 is controlled by your hosting provider, we can install the telnet utility to check if it’s open or blocked.

sudo dnf install telnet -y

Run the following command on your mail server.

telnet gmail-smtp-in.l.google.com 25

If it’s not blocked, you would see messages like below, which indicates a connection is successfully established. (Hint: Type in quit and press Enter to close the connection.)

Trying 74.125.68.26...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP y22si1641751pll.208 - gsmtp

If port 25 (outbound) is blocked, you would see something like:

Trying 2607:f8b0:400e:c06::1a...
Trying 74.125.195.27...
telnet: Unable to connect to remote host: Connection timed out

In this case, your Postfix can’t send emails to other SMTP servers. Ask your ISP/hosting provider to open it for you. If they refuse your request, you need to set up SMTP relay to bypass port 25 blocking or use a VPS like Kamatera that doesn’t block port 25.

Some folks might be asking, “Can I change port 25 to another port to bypass blocking”? The answer is no. Changing the port works only when you control both the server-side and client-side. When Postfix sends emails, it acts as the SMTP client. The recipient’s mail server acts as the SMTP server. You don’t have control over the receiving SMTP server. SMTP servers are listening on port 25 to receive emails. They expect SMTP clients to hit port 25. There’s no other port for receiving emails. If you don’t connect to port 25 of the receiving SMTP server, you won’t be able to send emails.

Sending Test Email

As a matter of fact, we can now send and receive email from the command line. If your CentOS 8/RHEL 8 server has a user account called user1, then the email address for this user is [email protected]. You can send an email to root user [email protected]. You can also send emails to Gmail, yahoo mail or any other email service.

When installing Postfix, a sendmail binary is placed at /usr/sbin/sendmail, which is compatible with the traditional Sendmail SMTP server. You can use Postfix’s sendmail binary to send a test email to your Gmail account like this:

echo "test email" | sendmail [email protected]

In this simple command, sendmail reads a message from standard input and make “test email” as the message body, then send this message to your Gmail account.

You should be able to receive this test email in your Gmail inbox (or spam folder). It’s likely that emails sent from your domain are labeled as spam. Don’t worry, we will tackle it in part 4 and part 6 of this tutorial series.

You can see that although we didn’t specify the From: address, Postfix automatically append a domain name for the From: address. That’s because we have set the $myorigin parameter. Also, you can try to reply to this test email to see if Postfix can receive email messages.

Note: The From: domain name is determined by the myorigin parameter in Postfix, not by the myhostname parameter.

The inbox for each user is located at /var/spool/mail/<username> or /var/mail/<username> file. If you are unsure where to look for the inbox, use this command.

postconf mail_spool_directory

The Postfix mail log is stored at /var/log/maillog.

Still Can’t Send Email?

If port 25 (outbound) is not blocked, but you still can’t send emails from your own mail server to your other email address like Gmail, then you should open the mail log (/var/log/maillog) with a command-line text editor, such as Nano. Run the following command to install Nano.

sudo dnf install nano

Then open the mail log file.

sudo nano /var/log/maillog

For example, some folks might see the following lines in the file.

host gmail-smtp-in.l.google.com[2404:6800:4003:c03::1b] said: 550-5.7.1 [2a0d:7c40:3000:b8b::2] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information

This means your mail server is using IPv6 to send the email, but you didn’t set up IPv6 records. You should go to your DNS manager, set AAAA record for mail.your-domain.com, then you should also set PTR record for your IPv6 address. (PTR record is managed by the organization that gives you an IP address.)

To save a file in Nano text editor, press Ctrl+O, then press Enter to confirm. To exit, press Ctrl+X.

Using the mail program to Send and Read Email On the Command Line

Now let’s install a command-line MUA (mail user agent).

sudo dnf install mailx

To send email, type

mail [email protected]
user@mail:~$ mail [email protected]
Cc: 
Subject: 2nd test email
I'm sending this email using the mail program.

Enter the subject line and the body text. To tell mail that you have finished writing, press Ctrl+D and mail will send this email message for you.

To read incoming emails, just type mail.

mail

Here’s how to use the mail program to manage your mailbox.

  • To read the first email message, type 1. You will see both the email headers and email body. If only parts of the message is displayed, press Enter to show the remaining part of the message.
  • To display message headers starting from message 1, type h.
  • To show the last screenful of messages, type h$ or z.
  • To read the next email message, type n.
  • To delete message 1, type d 1.
  • To delete message 1, 2 and 3, type d 1 2 3.
  • To delete messages from 1 to 10, type d 1-10.
  • To replay to message 1, type reply 1.
  • To exit out of mail, type q.

Messages that have been opened will be moved from /var/mail/<username> to /home/<username>/mbox file. That means other mail clients can’t read those messages. To prevent this from happening, type x instead of q to exit out of the mail.

How To Increase Attachment Size Limit

By default, the attachment cannot be larger than 10MB, which is indicated by the message_size_limit parameter.

postconf message_size_limit

Output:

message_size_limit = 10240000

This parameter defines the size limit for emails originating from your own mail server and for emails coming to your mail server. To allow attachment of 50MB in size, run the following command.

sudo postconf -e message_size_limit=52428800

Note that the message_size_limit should not be larger than the mailbox_size_limit, otherwise Postfix might not be able to receive emails. The default value of mailbox_size_limit is 51200000 bytes (about 48MB), as can be seen with

postconf mailbox_size_limit

Output:

mailbox_size_limit = 51200000

Set the value to 0, so mailbox has no size limit.

sudo postconf -e mailbox_size_limit=0

Restart Postfix for the changes to take effect.

sudo systemctl restart postfix

When sending an email with large attachments from your mail server, you should also beware of the receiving server’s attachment size limit. For example, You can not send an attachment larger than 25MB to a Gmail address.

Creating Email Alias

There are some required aliases that you should configure when operating your mail server in a production environment. You can add email alias in the /etc/aliases file, which is a special Postfix lookup table file using a Sendmail-compatible format. Install the Nano command-line text editor and open this file.

sudo dnf install nano

sudo nano /etc/aliases

By default, the Postfix package on CentOS 8 defines many aliases, such as

postmaster: root

The left-hand side is the alias name. The right-hand side is the final destination of the email message. So emails for [email protected] will be delivered to [email protected]. The postmaster email address is required by RFC 2142.

Normally we don’t use the root email address. Instead, the postmaster can use a normal login name to access emails. So you can add the following line. Replace username with your real username.

root:   username

This way, emails for [email protected] will be delivered to [email protected]. Now you can save and close the file. Then rebuild the alias database with the newaliases command

sudo newaliases

Using IPv4 Only

By default, Postfix uses both IPv4 and IPv6 protocols, as can been seen with:

postconf inet_protocols

Output:

inet_protocols = all

Postfix will try IPv6 first if the receiving SMTP server has an IPv6 address. If your mail server doesn’t have a public IPv6 address, it’s better to disable IPv6 in Postfix to prevent unnecessary IPv6 connections. Simply run the following command to disable IPv6 in Postfix.

sudo postconf -e "inet_protocols = ipv4"

You can also make Postfix use IPv4 first with the following command.

sudo postconf -e "smtp_address_preference = ipv4"

Then restart Postfix for the changes to take effect.

sudo systemctl restart postfix

Postfix Automatic Restart

If for any reason your Postfix process is killed, you need to run the following command to restart it.

sudo systemctl restart postfix

Instead of manually typing this command, we can make Postfix automatically restart by editing the postfix.service systemd service unit. To override the default systemd service configuration, we create a separate directory.

sudo mkdir -p /etc/systemd/system/postfix.service.d/

Then create a file under this directory.

sudo nano /etc/systemd/system/postfix.service.d/restart.conf

Add the following lines in the file, which will make Postfix automatically restart 5 seconds after a failure is detected.

[Service]
Restart=on-failure
RestartSec=5s

Save and close the file. Then reload systemd.

sudo systemctl daemon-reload

To check if this would work, kill Postfix with:

sudo pkill master

Then check Postfix status. You will find Postfix automatically restarted.

systemctl status postfix

Wrapping Up

Congrats! Now you have a basic Postfix email server up and running. You can send plain text emails and read incoming emails using the command line. In the next part of this tutorial series, we will learn how to install Dovecot IMAP server and enable TLS encryption, which will allow us to use a desktop mail client like Mozilla Thunderbird to send and receive emails. Stay tuned!

Rate this tutorial
[Total: 21 Average: 5]

57 Responses to “Run Your Own Email Server on CentOS 8/RHEL 8 – Postfix SMTP Server

  • Piter yong
    4 years ago

    First, thanks for great tutorial…
    I have one quick question, I have successfully configured postfix server to follow this tutorial, now I have others servers in my infrastructure like nagios core, gitlab and big data cluster how they will send email notification to an email address???

    • Xiao Guoan (Admin)
      4 years ago

      Most web applications provide SMTP settings. Check each application’s documentation to find where’s the SMTP settings.

      In the SMTP setting, normally you need to enter

      mail server address:   mail.example.com
      username:              [email protected]
      password:              your_password
      port number:           587
      Encryption:            STARTTLS (or SSL, TLS)
      
      • Piter yong
        4 years ago

        Okay, I have minimal CentOS installed and it takes backup of several applications based on crontab scheduled and I would like to get a notification when backup get completed so where I need to set SMTP setting to get the notification.

    • Xiao Guoan (Admin)
      4 years ago

      You can set up SMTP relay between the two servers with Postfix.
      Set Up SMTP Relay Between 2 Postfix SMTP Servers on CentOS/RHEL

  • Excellent guide – great work. I’ve used this exact setup for years based on an older, somewhat outdated guide for Centos 7. I run everything on a 1 GiB RAM / 8 GiB storage cloud instance and it works flawlessly.

    Note that you really must use DMARC and DKIM along with a DNS TXT SPF record if you don’t want your outgoing mail marked as spam. It takes a while running it and sending emails before others recognize your outgoing mail as legitimate.

  • You are correct. This is the best tutorial I’ve seen on the internet about CentOS 8 and email.

  • zuardin
    3 years ago

    Hi, thanks for this tutorial,

    can you tell me how if i only need send email without receive mail?

    Regards.

  • SELinux is an issue once that was turned off, it stopped coughing, I was getting TLS cannto be started due to a local problem, most likely was the certificates I had were not being read..

    Otherwise very good article, thanks for posting

    • Xiao Guoan (Admin)
      3 years ago

      My mail server runs fine with SELinux.

      It’s a very bad idea to turn off SELinux. The error you got was probably due to careless mistakes, like syntax errors.

  • Cidy Long
    3 years ago

    How to configure postfix/dovecot to make postfix and dovecot use same mail location to enable dovecot access user’s email under unix account holder directory?

    For Centos 8 linux, typically postfix delivery user mail under user directory as: /home/$username/Maildir, but dovecot will try to retrieve user mails under /home/vmail/$domainname/$username/Maildir. So dovecot never find right mails for users.

    • Xiao Guoan (Admin)
      3 years ago

      If you follow my tutorial, you will know the answer.

      By default, incoming emails are delivered to the message store with Postfix. In part 2, there’s instructions for setting up LMTP, which makes the system to use Dovecot as LDA (local delivery agent). So there’s no need to set mail_location in Postfix.

  • Tanner Wilcox
    3 years ago

    So when I send emails with this method it comes out as [email protected] instead of my [email protected]. I figure I can change that with myhostname but you said that’s a bad idea. Are you saying we should just settle with using mail.mydomain.com?

    • Xiao Guoan (Admin)
      3 years ago

      The domain used in the From: email address is determined by the Postfix myorigin parameter, not by the hostname. Did you change the myorigin parameter?

      sudo postconf -e "myorigin = yourdomain.com"
  • Good day Xiao Guoan,

    Thank you for these marvelous tutorials!

    Will you be able to guide me with this request ?

    I have nginx server install on centos 7 from a dedicated server i rent from Vultr. Right now i have couple websites running on that server.
    1) I have created several scripts to update my WordPress themes and plugins
    2) I have a script to backup the content those sites as well as the database
    3) I have a script to update the server daily, another script to renew my certificates for those sites

    to accomplish those tasks, i have create several “cron jobs”.

    I am planning to fire up another server so i can setup a mail server where i can use that mail server to receive cron job notification from my webserver.

    I just want to received email notifications about those cron job.

    Where do you suggest i start ?

    Thank you in advanced

  • Hi Xiao,

    I would like to say thank you and congrulations on posting the tutorial with detailed step by step instructions. I know it is extremly hard work, so thank you.

    There is one thing that I would like to ask, if it’s possible and if you do have any time, maybe you can add to your agenda to post a few more tutorials that would make an extremely great addition to these steps on setting up your own email server. I currently have and mainain my own mailserver on CentOS 7 and looking to move to CentOS 8.

    I’m looking for integrating this type of setup with LDAP/LDAPS, more specifically freeIPA or Redhat IDM on CentOS 8.
    Another subject to touch on the LDAP integration for authentication is how to add multiple domains to be relayed to the mail server.
    Maybe even add Keycloak in the mix to enable Single Sign On for RoundCube or Rainloop.

    The second tutorial would be how to integrate it with RSPAMD. I also have spamassassin and think it is a great product but somehow outdated for 2020, with no good web interface for releasing quarantine emails, easily editable blacklist/whitelist.

    The third tutorial would be on how to keep everything updated.

    Thanks,
    Mihai

  • haidarvm
    3 years ago

    Greatest Tutorial, Thanks

  • If anyone is running this on Centos 7 like I am and they’re having issues with sending the test email and get the following error:

    sendmail RCPT 550 relay not permitted

    You need to run this command:

    alternatives --set mta /usr/sbin/sendmail.postfix
  • Jonas Lindström
    3 years ago

    Excellent tutorial!

    Any reason why you have

    sudo firewall-cmd --permanent --add-port=25/tcp

    instead of

    sudo firewall-cmd --permanent --add-service=smtp

    Does it matter or is it just a question of style?

    • Xiao Guoan (Admin)
      3 years ago

      They are meant to do the same thing. It’s a matter of personal preference.

  • Dick Valentine
    3 years ago

    Dear Xiao Guoan — After updating my trusty CENTOS web server & firewall host to version 8, and making the move from iptables to firewal-cmd, I carefully went through all eight chapters of your postfix (etc) tutorial. These materials have clarified specifics and answered questions I’ve wanted answered for years. Your claim to have the BEST linux mailserver setup tutorial on the web is WELL justified. Thank you so very much for all your hard work.

  • fanyigle
    3 years ago

    detailed and sufficient,
    peaceful reading ,thanks!

  • Madouik
    3 years ago

    Hello,
    Thank you for this tutorial, I followed the first part of tutorial.
    I succeeded to send email but I don’t receive email from my gmail account.

    When I check var/mail I don’t find the username directory (root for my case)

    • Xiao Guoan (Admin)
      3 years ago

      Possible causes of not receiving emails.

      1. Your MX record is wrong or not propagated to the Internet yet.
      2. Your mail server hostname doesn’t have DNS A record or not propagated to the Internet yet.
      3. Your firewall doesn’t allow incoming connections to port 25. Maybe your mail server is behind a NAT?
      4. Postfix isn’t listening on the public IP address.
      5. Check the mail log (/var/log/maillog) to find out if there are other errors in your Postfix and Dovecot configuration.

      You can use the Network Tools Email Checker to test if your SMTP server is reachable from the Internet. Just enter your domain email address and click the Go button. As you can see from the screenshot below, it successfully found my domain’s MX record and my SMTP server is reachable from the Internet.

      email checker

      If your SMTP servers isn’t reachable from the Internet, then you have a problem in the first 4 items. If your SMTP server is reachable from the Internet, but you still can’t receive emails, check the mail log (/var/log/maillog) to find out if there is any errors in your Postfix and Dovecot configuration.

      • madouik
        3 years ago

        Thanks for your response I will check log and record.

  • 大哥,我按你文章装了postfix+postfixadmin+dovecot,使用roundcube和 thunderbird测试收发邮件正常,但发现有个问题是只要telnet 邮件服务器25端口就可以匿名发送邮件,而不需要验证用户身份,怎么解决这问题,在哪里配置?谢谢

  • Brilliant Tutorial

    Thanks,
    John.

  • DAVID ROUSSAT
    3 years ago

    Hello!

    I would like to have a first VM as a mail server and 2 other VMs that can send mails to each other via this server.
    If I follow this tutorial for my first VM, what should be the configuration of the 2 other VMs?

  • Hi,

    Suddenly I am unable to receive outside email on my CentOS 8 server. I can receive internal email, I can send email to my gmail account. Just can’t receive outside email.

    I have following DNS records as:

    MX @ @(priority: 0)
    CNAME myserver.com @

    When I open and close dovecot, I can see /var/log/maillog shows login and logout messages. When I send email to my gmail account, it also shows the email is sent message. But when I send email from my gmail to my server, nothing happens, no log is recorded. When I send internal email from one account to another, it receive as normal with mail log recorded as normal.

    I have dovecot, postfix installed.

    Following ports are open: 143/tcp 587/tcp 25/tcp

    telnet to 25 is successful.

    What can cause this problem? Please help.

    Thank you.

    • Error message returned by gmail is “Address not found” with 550 5.1.1 Recipient not found

    • Xiao Guoan (Admin)
      3 years ago

      If there’s no messages in /var/log/mail.log file when trying to send from Gmail to your own domain email, it could mean

      1. Your MX record is wrong or not propagated to the Internet yet.
      2. Your mail server hostname doesn’t have DNS A record or not propagated to the Internet yet.
      3. Your firewall doesn’t allow incoming connections to port 25. Maybe your mail server is behind a NAT?
      4. Postfix isn’t listening on the public IP address.

      Please use the recommended MX record. Set mail.yourdomain.com as the MX host.

      MX record    @           mail.yourdomain.com 

      Then create a DNS A record for mail.yourdomain.com.

      • Thank you for reply.

        Out of desperation, I uninstalled dovecot, postfix, and fail2ban, then reinstalled them. Nothing else was changed. It all works again now.

        Very strange. Don’t know why.

  • Onyeibo
    3 years ago
    $ mail 
    /var/spool/mail/username: Permission denied 

    Did you address this? The user with “username” cannot read mails.

  • Linux Dan
    3 years ago

    In following your multiple tutorials, I am confused as to the proper place in the sequence to install Roundcube. From references in the Roundcube tutorial, it would have to be after PostfixAdmin, but are there any other tutorials that should be done ?

    • Xiao Guoan (Admin)
      3 years ago

      Yes, it’s best to follow the Roundcube tutorial after Postfixadmin.

      1. Postfix
      2. Dovecot
      3. PostfixAdmin
      4. Roundcube
      5. SPF and DKIM

  • Linux Dan
    3 years ago

    Many thanks.
    BTW, awesome tutorials.

  • Giacomo
    2 years ago

    Dear mr Xiao,

    just a question:

    i am using “your-domain.com” (e.g. linuxbabe.com) for my spf, and it is my domain as sender (eg. from: xiao AT linuxbabe.com).

    but you configured rDNS as “mail.your-domain.com” (e.g. mail.linuxbabe.com).

    i tried https://www.mail-tester.com

    and it said 10/10 but i had a warning about rDNS:

    Your reverse DNS does not match with your sending domain.
    Your IP address xxx is associated with the domain mail.your-domain.com
    Nevertheless your message appears to be sent from your-domain.com

    i set

    return path
    from
    helo

    they are all your-domain.com

    what am I missing?

    thank you!

    • Xiao Guoan (Admin)
      2 years ago

      Set the Postfix hostname to mail.your-domain.com.

      sudo postconf -e "myhostname = mail.your-domain.com"

      Then restart Postfix.

      sudo systemctl restart postfix
      • Unfortunately it is already like that..

        [giacomino@mail ~]$ postconf myhostname
        myhostname = mail.tuffoserver.tk

        🙁

  • Great article, great work, it works on my rehdat 7 after following this tutorial, have been spending a lot of time configuring my own email server, saves me a lot of time, thank you so much!

  • Hi Xiao, can you tell me if these tutorials are ok for almalinux 8 also?

    • Xiao Guoan (Admin)
      2 years ago

      Yes. You can also use Alma Linux 8 or Rocky Linux 8.

  • Hi Xiao,
    I am new at this.
    I have a server with it own IP4, as well as two domains and two external IPs4.
    I want to configure postfix to only send mail for each domain through its external ip4 without touching the server ip4.
    How should I setup postfix?
    Maybe there is a link for this particular case?
    Thank you

  • Martin Larsen
    2 years ago

    Hi,

    This is a really informative tutorial. Thanks!

    One question though: How do I add another email address to Postfix? It’s on a completely different domain.

    Best,
    Martin

  • Thank you for this detailed tutorial.
    I’d like to know if it is advisable to change the default port 25 to something else, for security purposes? and if so, how we can achieve that, assuming I have followed all the steps as mentioned here by you. Regards. -Ali

    • Xiao Guoan (Admin)
      1 year ago

      You can’t change port 25 and you should not change it.

  • Deniz Gezmis
    1 year ago

    Excellent write up. Much appreciated.

  • Hi,

    Thanks for your nice tutorial!

    But one question though: Because my hosting provider blocked port 25, so I use Sendinblue to relay(just follow your other tutorial), but I failed for “530 Error: authentication Required (in reply to MAIL FROM command)”. Can you give me some hints?

    Best,
    Shawn

  • Find, I solved it. Also thanks for yours!

  • Excellent website. Plenty of helpful info here. I am sending it to
    a few buddies ans also sharing in delicious. And certainly,
    thanks on your effort!

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here