Why run your own email server? Perhaps you have a website, which needs to send emails to users, or maybe you want to store your emails on your own server to protect your privacy. However, building your own email server can be a pain in the butt because there are so many software components you need to install and configure properly. To make this journey easy for you, I’m creating a tutorial series on how to build your own email server on Ubuntu.
I’m confident to say that this is the best and most comprehensive tutorial series about building an email server from scratch on the Internet. Not only will you have a working email server, but also you will have a much better understanding of how email works. This tutorial series is divided into 10 parts.
- Setting up a basic Postfix SMTP server
- Set up Dovecot IMAP server and TLS encryption
- Create Virtual Mailboxes with PostfixAdmin (Ubuntu 18.04, Ubuntu 20.04)
- Creating SPF and DKIM record to get through spam filters
- Setting Up DMARC to protect your domain reputation
- How to Stop Your Email From Being Marked as Spam
- How to Host Multiple Mail Domains in PostfixAdmin
- Blocking Email Spam with Postfix
- Blocking Email Spam with SpamAssassin
- Setting Up Amavis and ClamAV on Ubuntu Mail Server
- (optional) Enable and Configure Postscreen in Postfix to Block Spambots
I know this seems to be a very daunting task. However, based on what you want to achieve, you might not need to follow all of them. My articles are easy to follow, so if you dedicate some time to it, you will have a working email server.
Hint: If you don’t want to build an email server from scratch, which is a long and tedious process, you can use iRedMail to quickly and easily set up a full-featured mail server.
This article is part 1 of this tutorial series. In this article, I will show you how to set up a very basic Postfix SMTP server, also known as an MTA (message transport agent). Once you finish this article, you should be able to send and receive emails with your own email domain on your own email server. This tutorial is tested on Ubuntu 20.04 and Ubuntu 18.04 server.
Postfix is a state-of-the-art message transport agent (MTA), aka SMTP server, which serves two purposes.
- It’s responsible for transporting email messages from a mail client/mail user agent (MUA) to a remote SMTP server.
- It’s also used to accept emails from other SMTP servers.
Postfix was built by Wietse Venema who is a Unix and security expert. It’s easy to use, designed with security and modularity in mind, with each module running at the lowest possible privilege level required to get the job done. Postfix integrates tightly with Unix/Linux and does not provide functionalities that Unix/Linux already provides. It’s reliable in both simple and stressful conditions.
Postfix was originally designed as a replacement for Sendmail – the traditional SMTP server on Unix. In comparison, Postfix is more secure and easier to configure. It is compatible with Sendmail, so if you uninstall Sendmail and replace it with Postfix, your existing scripts and programs will continue to work seamlessly.
In this tutorial, you will learn how to configure Postfix for a single domain.
In order to send emails from your server, port 25 (outbound) must be open. Many ISPs and hosting providers such as DigitalOcean block port 25 to control spam and they would not unblock it. I recommend using Hostwinds VPS (virtual private server), because it doesn’t block port 25 (outbound), so you can send unlimited emails with no extra cost. Before you buy a VPS, you can ask them if port 25 is blocked. Here’s a transcript of a live chat with hostwinds.
Once you have a hostwinds server, install Ubuntu on it and follow the instructions below.
You also need a domain name. I registered my domain name from NameCheap because the price is low and they give you whois privacy protection free for life.
Things To Do Before Installing Postfix
To make Postfix perform better and get the most out of Postfix, you need to properly set up your Ubuntu server.
Set A Correct Hostname for Ubuntu Server
By default, Postfix uses your server’s hostname to identify itself when communicating with other MTAs. Hostname can have two forms: a single word and FQDN.
The single word form is used mostly on personal computers. Your Linux home computer might be named
ubuntu etc. FQDN (Fully Qualified Domain Name) is commonly used on Internet-facing servers and we should use FQDN on our mail servers. It consists of two parts: a node name and a domain name. For example:
is an FQDN.
linuxbabe.com is the domain name. FQDN will appear in the smtpd banner. Some MTAs reject messages if your Postfix does not provide FQDN in smtpd banner. Some MTAs even query DNS to see if FQDN in the smtpd banner resolves to the IP of your mail server.
Enter the following command to see the FQDN form of your hostname.
If your Ubuntu server doesn’t have an FQDN yet, you can use
hostnamectl to set one.
sudo hostnamectl set-hostname
A common FQDN for mail server is
mail.yourdomain.com. You need to log out and log back in to see this change at the command prompt.
Set Up DNS Records for Your Mail Server
You need to go to your DNS hosting service (usually your domain registrar) to set up DNS records
An MX record tells other MTAs that your mail server
mail.yourdomain.com is responsible for email delivery for your domain name.
MX record @ mail.linuxbabe.com
A common name for the MX host is
mail.yourdomain.com. You can specify more than one MX record and set priority for your mail servers. A lower number means higher priority. Here we only use one MX record and set
0 as the priority value. (0 – 65355)
Note that when you create the MX record, you should enter
@ or your apex domain name in the name field like below. An apex domain name is a domain name without any sub-domain.
An A record maps an FQDN to an IP address.
If your server uses IPv6 address, it’s also a good idea to add AAAA record for
Hint: If you use Cloudflare DNS service, you should not enable the CDN (proxy) feature when creating A and AAAA record for
mail.your-domain.com. Cloudflare does not support SMTP or IMAP proxy.
A pointer record, or PTR record, maps an IP address to an FQDN. It’s the counterpart to the A record and is used for reverse DNS (rDNS) lookup.
Reverse resolution of IP address with PTR record can help with blocking spammers. Many MTAs accept email only if the server is really responsible for a certain domain. You should definitely set a PTR record for your email server so your emails have a better chance of landing in the recipient’s inbox instead of the spam folder.
To check the PTR record for an IP address, you can use the following command.
dig -x <IP> +short
PTR record isn’t managed by your domain registrar. It’s managed by the person who gives you an IP address. Because you get IP address from your hosting provider, not from your domain registrar, so you must set PTR record for your IP address in your hosting provider’s control panel. Its value should be your mail server’s hostname:
mail.your-domain.com. If your server uses IPv6 address, then add a PTR record for your IPv6 address as well.
To edit the reverse DNS record for your Hostwinds VPS, log into Hostwinds client area, select
Manage rDNS, Then you can edit the reverse DNS record for both IPv4 and IPv6 addresses.
Note: Gmail will actually check the A record of the hostname specified in the PTR record. If the hostname resolves to the same IP address, Gmail will accept your email. Otherwise, it will reject your email.
After all of the above is done, let’s play with Postfix.
On your ubuntu server, run the following two commands.
sudo apt-get update sudo apt-get install postfix -y
You will be asked to select a type for mail configuration. Normally, you will want to select the second type:
No configurationmeans the installation process will not configure any parameters.
Internet Sitemeans using Postfix for sending emails to other MTAs and receiving email from other MTAs.
Internet with smarthostmeans using postfix to receive email from other MTAs, but using another smart host to relay emails to the recipient.
Satellite systemmeans using smart host for sending and receiving email.
Local onlymeans emails are transmitted only between local user accounts.
Next, enter your domain name for the system mail name, i.e. the domain name after @ symbol. For example, my email address is [email protected], so I entered
linuxbabe.com for the system mail name. This domain name will be appended to addresses that doesn’t have a domain name specified.
Once installed, Postfix will be automatically started and a
/etc/postfix/main.cf file will be generated. Now we can check Postfix version with this command:
On Ubuntu 18.04, the Postfix version is 3.3.0, and Ubuntu 20.04 ships with version 3.4.10.
mail_version = 3.4.10
netstat utility tells us that the Postfix master process is listening on TCP port 25. (If your Ubuntu server doesn’t have the
netstat command, you can run
sudo apt install net-tools command to install it.)
sudo netstat -lnpt
Postfix ships with many binaries under the
/usr/sbin/ directory, as can be seen with the following command.
dpkg -L postfix | grep /usr/sbin/
/usr/sbin/postalias /usr/sbin/postcat /usr/sbin/postconf /usr/sbin/postdrop /usr/sbin/postfix /usr/sbin/postfix-add-filter /usr/sbin/postfix-add-policy /usr/sbin/postkick /usr/sbin/postlock /usr/sbin/postlog /usr/sbin/postmap /usr/sbin/postmulti /usr/sbin/postqueue /usr/sbin/postsuper /usr/sbin/posttls-finger /usr/sbin/qmqp-sink /usr/sbin/qmqp-source /usr/sbin/qshape /usr/sbin/rmail /usr/sbin/sendmail /usr/sbin/smtp-sink /usr/sbin/smtp-source
Open Port 25 (inbound) in Firewall
Ubuntu doesn’t enable a firewall by default. If you have enabled the UFW firewall, you need to open port 25 (inbound) with the following command, so Postfix can receive emails from other SMTP servers.
sudo ufw allow 25/tcp
Then we can use
nmap to scan open ports on our server. Run the following command on a separate computer such as your personal computer. (I assume you are reading this tutorial on a Linux computer.) Replace
your-server-ip with actual IP.
sudo nmap your-server-ip
You can see from the above screenshot that TCP port 25 is open on my server.
nmap can be installed on Linux with one of the following commands, depending on your Linux distro.
sudo apt install nmap sudo yum install nmap sudo zypper install nmap sudo pacman -S nmap
Checking If Port 25 (outbound) is blocked
Run the following command on your mail server to check if port 25 (outbound) is blocked.
telnet gmail-smtp-in.l.google.com 25
If it’s not blocked, you would see messages like below, which indicates a connection is successfully established. (Hint: Type in
quit and press Enter to close the connection.)
Trying 184.108.40.206... Connected to gmail-smtp-in.l.google.com. Escape character is '^]'. 220 mx.google.com ESMTP y22si1641751pll.208 - gsmtp
If port 25 (outbound) is blocked, you would see something like:
Trying 2607:f8b0:400e:c06::1a... Trying 220.127.116.11... telnet: Unable to connect to remote host: Connection timed out
In this case, your Postfix can’t send emails to other SMTP servers. Ask your ISP/hosting provider to open the outbound port 25 for you. If they refuse your request, you need to set up SMTP relay to bypass port 25 blocking or use a VPS like Hostwinds that doesn’t block port 25.
Some folks might be asking, “Can I change port 25 to another port to bypass blocking”? The answer is no. Changing the port works only when you control both the server-side and client-side. When Postfix sends emails, it acts as the SMTP client. The recipient’s mail server acts as the SMTP server. You don’t have control over the receiving SMTP server. SMTP servers are listening on port 25 to receive emails. They expect SMTP clients to hit port 25. There’s no other port for receiving emails. If you don’t connect to port 25 of the receiving SMTP server, you won’t be able to send emails.
Sending Test Email
As a matter of fact, we can now send and receive email from the command line. If your Ubuntu server has a user account called
user1, then the email address for this user is
[email protected]. You can send an email to root user
[email protected]. You can also send emails to Gmail, yahoo mail or any other email service.
When installing Postfix, a sendmail binary is placed at
/usr/sbin/sendmail, which is compatible with the traditional Sendmail SMTP server. You can use Postfix’s sendmail binary to send a test email to your Gmail account like this:
echo "test email" | sendmail [email protected]
In this simple command, sendmail reads a message from standard input and make “test email” as the message body, then send this message to your Gmail account. You should be able to receive this test email in your Gmail inbox (or spam folder). You can see that although we didn’t specify the from address, Postfix automatically append a domain name for the from address. That’s because we added our domain name in system mail name when installing Postfix.
Note: The From: domain name is determined by the
myorigin parameter in Postfix, not by the
You can try to reply to this test email to see if Postfix can receive email messages. It’s likely that emails sent from your domain are labeled as spam. Don’t worry about it now. We will solve this problem in later parts of this tutorial series.
The inbox for each user is located at
/var/mail/<username> file. If you are unsure where to look for the inbox, use this command.
The Postfix mail log is stored at
Using the mail program to Send and Read Email
Now let’s install a command-line MUA (mail user agent).
sudo apt-get install mailutils
To send email, type
mail [email protected]
[email protected]:~$ mail [email protected] Cc: Subject: 2nd test email I'm sending this email using the mail program.
Enter the subject line and the body text. To tell
Ctrl+D and mail will send this email message for you.
To read incoming emails, just type
Here’s how to use the
- To read the first email message, type
1. If only parts of the message is displayed, press
Enterto show the remaining part of the message.
- To display message headers starting from message 1, type
- To show the last screenful of messages, type
- To read the next email message, type
- To delete message 1, type
- To delete message 1, 2 and 3, type
d 1 2 3.
- To delete messages from 1 to 10, type
- To replay to message 1, type
- To exit out of mail, type
Messages that have been opened will be moved from
/home/<username>/mbox file. That means other mail clients can’t read those messages. To prevent this from happening, type
x instead of
q to exit out of the mail.
How To Increase Attachment Size Limit
By default, the attachment cannot be larger than 10MB, which is indicated by the
postconf | grep message_size_limit
message_size_limit = 10240000
This parameter defines the size limit for emails originating from your own mail server and for emails coming to your mail server.
To allow attachment of 50MB in size, run the following command.
sudo postconf -e message_size_limit=52428800
When postconf command is invoked with the
-e (edit) option, it will try to find the parameter (
message_size_limit) in the Postfix main configuration file (
/etc/postfix/main.cf) and change the value. If the parameter can’t be found, then it adds the parameter at the end of the file.
Note that the
message_size_limit should not be larger than the
mailbox_size_limit, otherwise Postfix might not be able to receive emails. The default value of
mailbox_size_limit is 51200000 bytes (about 48MB) in the upstream Postfix package. On Ubuntu, the default value is set to 0, as can be seen with
postconf | grep mailbox_size_limit
mailbox_size_limit = 0
This means that the mailbox has no size limit, which is great.
Restart Postfix for the changes to take effect.
sudo systemctl restart postfix
When sending an email with large attachments from your mail server, you should also beware of the receiving server’s attachment size limit. For example, You can not send an attachment larger than 25MB to a Gmail address.
Setting the Postfix Hostname
By default, Postfix SMTP server uses the OS’s hostname. However, the OS hostname might change, so it’s a good practice to set the hostname directly in Postfix configuration file. Open the Postfix main configuration file with a command-line text editor, such as Nano.
sudo nano /etc/postfix/main.cf
myhostname parameter and set
mail.yourdomain.com as the value. It’s not recommended to use the apex domain
myhostname. Technically you can use the apex domain, but it will create problems in later parts of this tutorial series.
myhostname = mail.yourdomain.com
Save and close the file. (To save a file in Nano text editor, press
Ctrl+O, then press
Enter to confirm. To exit, press
Ctrl+X.) Restart Postfix for the change to take effect.
sudo systemctl restart postfix
Creating Email Alias
There are certain required aliases that you should configure when operating your mail server in a production environment. You can add email alias in the
/etc/aliases file, which is a special Postfix lookup table file using a Sendmail-compatible format.
sudo nano /etc/aliases
By default, there are only two lines in this file.
# See man 5 aliases for format postmaster: root
The first line is a comment. The second line is the only definition of an alias in this file. The left-hand side is the alias name. The right-hand side is the final destination of the email message. So emails for [email protected] will be delivered to [email protected] The postmaster email address is required by RFC 2142.
Normally we don’t use the root email address. Instead, the postmaster can use a normal login name to access emails. So you can add the following line. Replace
username with your real username.
Using IPv4 Only
By default, Postfix uses both IPv4 and IPv6 protocols, as can been seen with:
inet_protocols = all
If your mail server doesn’t have a public IPv6 address, it’s better to disable IPv6 in Postfix to prevent unnecessary IPv6 connections. Simply run the following command to disable IPv6 in Postfix.
sudo postconf -e "inet_protocols = ipv4"
Then restart Postfix.
sudo systemctl restart postfix
Congrats! Now you have a basic Postfix email server up and running. You can send plain text emails and read incoming emails using the command line. In the next part of this tutorial series, we will learn how to install Dovecot IMAP server and enable TLS encryption, which will allow us to use a desktop mail client like Mozilla Thunderbird to send and receive emails. Stay tuned!