Postfix and dovecot on Ubuntu 16.04

5 minutes read
postfix Linux mta

Postfix and dovecot setup on Ubuntu 16.04

So, after running this server box for almost 2 years now, I finally set it up to work as my personal email server as well.

I have used it primarily to host my git repositories that I want to synchronise across devices and, well, to host this static website and some other projects.

All this time it felt like a waste that I didn’t set up email, but I thought I don’t really need it so why bother.

I finally got around it now, so what to do first: I added an MX record to my domain etbim.de as well as adding a new subdomain mail. and pointing them to my VPS.

Then off to install postfix which is pretty straightforward in the installation process. Just choose internet site if it’s an independent box like mine without any smart host functionality.

I went on to reuse most of what postfix came with

  • /etc/postfix/main.cf
  • /etc/postfix/master.cf

The templates were pretty usable and other than the obvious things like your domain name I adjusted mostly the TLS parameters in /etc/postfix/main.cf

# TLS parameters
smtpd_tls_cert_file=/etc/pathtocert/fullchain.pem
smtpd_tls_key_file=/etc/pathtocert/privkey.pem
smtp_use_tls=yes
smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may

Update Some of the other parameters in this file are pretty elementary to your mailserver, so it might be a good idea to read the manpage if in doubt about any one in particular.

Two very important ones are

myorigin = /etc/mailname
mydestination = $myhostname, etbim.de, mail.etbim.de, (...), localhost

myorigin is the name of your mailserver, ideally it should coincide with your hostname and if you didn’t yet bother about naming and your box’s fqdn now is a good time to revise those, for example check your /etc/hosts and get this in order too.

mydestination is everything postfix will accept as local mail, so your domain name should appear here.

On to /etc/postfix/master.cf

Here I uncommented most of the submission configuration for using STARTTLS and added some config for dovecot later on.

submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth

Things to be careful about in this section: - mind the space before the -o: there has to be at least one space at the start of each line. Those are parameters of submission and it won’t work without the space. - mind you that in the line smtpd_relay_restrictions=permit_sasl_authenticated,reject you could get to thinking this syntax is ugly, let’s insert a space before the “,reject” to make it look nicer. Don’t! I did that and it probably cost me 30 minutes at least to find out why my config wasn’t working.

dovecot

While postfix alone would be enough to send and receive (and relay..) email, I wanted to be able to access my mailboxes via IMAP and be able to send emails from the client of my choice.

So that’s where dovecot comes in. It’s a huge program, the amount of config it comes with can be a bit frightening. But in my experience, when you concentrate on what you want to do, it’s not all that much config files to deal with even if you stick to the default conf.d/ structure.

Install dovecot-core dovecot-imapd.

When installed fresh, dovecot will read all the default config files in /etc/dovecot/conf.d/ Those are a lot and it can get confusing, you can forget if you already changed one value in one file. Use doveconf -n to get a clean and concise output of all non-default values of your current config.

For my setup I did changes in

  • 10-auth.conf
  • 10-master.conf
  • 10-ssl.conf

  • 15-mailboxes.conf

    10-auth.conf
disable_plaintext_auth = yes

10-master.conf
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}

the adjustment in 10-master.conf is important because it tells dovecot to start postfix for smtp

Inside the 10-ssl.conf you add the ssl certificates once again

10-ssl.conf
ssl_cert = </etc/pathtocert/fullchain.pem
ssl_key = </etc/pathtocert/privkey.pem

And finally in 15-mailboxes.conf you can add some rules for the mailboxes. I added autocreate rules for some common folders, they are already in the template dovecot comes with. just add auto = create to the mailbox you’d like to have created with every new mailbox.

15-mailboxes.conf

mailbox Trash {
  special_use = \Trash
  auto = create
}

...

I think that was about it for the configuration of dovecot and postfix. Now you’ll need to restart both services. For postfix, you also have to postmap all config files you changed. Maybe a reload would do, but I just stop and start the service.

systemctl restart dovecot
systemctl stop postfix && systemctl start postfix

Some final things, new mailboxes for dovecot are as per default created in /var/mail/{mailbox} to be able to write your mail to this folder, the user should be part of the group mail. So add your user like so

usermod -a -G mail username

Also on to the fun stuff, you can define mailaddresses for your domain in /etc/aliases, some common ones already exist in there and some you should add.. I added mailer-daemon: postmaster, route postmaster to root and forward all of this to my basic user.

mailer-daemon: postmaster
postmaster: root
root: username

...
webmaster: root
admin: root

You can add more like these like webmaster or admin at the bottom. Changes to this file are read and applied with newaliases

Enjoy your own mail server :)

Write me a mail, and I can try and help you with your config :-P

Note: This setup uses your box’s unix users as mail accounts. You login with those accounts, if you want to create new email accounts just run adduser newuser and add them to the group mail. There is also the possibility to use PAM and use a different database for your user accounts.

More on this here