Set up a Postfix mail server with Dovecot and Squirrelmail on Ubuntu 16.04

Learn how to set up a email server on a Cloud Server running Ubuntu 16.04. This tutorial features Postfix as an SMTP server, Dovecot for POP/IMAP functionality, and Squirrelmail as a webmail program for users to check and receive email from a web browser.

The tutorial will also walk you through the process of creating and using a self-signed SSL certificate for use in securing incoming and outgoing email connections.

    Email Archiving

    Never lose an email again! With IONOS, automatic email archiving can be added to your mailbox at the click of a button. 

    Professional
    Automatic
    Securely stored

    Requirements

    • A Cloud Server running Ubuntu 16.04.
    • A valid domain name pointing to the server.

    Firewall access

    You will need to set your firewall(s) to allow access to the following ports:

    • SMTP: 25
    • POP3: 110
    • IMAP: 143
    • SMTP Secure: 465
    • MSA: 587
    • IMAP Secure: 993
    • POP3 Secure: 995

    By default, the Cloud Panel Firewall denies access to all but the most commonly-used ports.

    Install Postfix

    To install Postfix, first update your packages:

    sudo apt-get update

    Then install Postfix:

    sudo apt-get install postfix

    Postfix is installed by default on most Ubuntu 16.04 systems, so this command will most likely exit with a message that postfix is already the newest version (3.1.0-3)..

    If Postfix continues with an installation, simply accept all of the defaults at each prompt to complete the process.

    Configure Postfix

    After the installation is complete, run the command to configure Postfix:

    sudo dpkg-reconfigure postfix

    Enter the following values at the prompts, replacing example.com with your own domain name. Use the up arrow and down arrow to move up and down to highlight answers, and Enter to select your answer.

    1. Select OK to proceed.
    2. Choose Internet Site.
    3. System Mail Name: example.com
    4. Root and postmaster mail recipient: root
    5. Other destinations for mail: example.com, localhost.example.com, localhost
    6. Force synchronous updates on mail queue?: No
    7. Local networks: 127.0.0.0/8
    8. Use procmail for local delivery?: No
    9. Mailbox size limit (bytes): 0
    10. Local address extension character: +
    11. Internet protocols to use: all

    After the initial Postfix configuration has been done, you can change Postfix settings with the command:

    sudo postconf -e '[new setting]'
    Tip

    Set up your own professional email server in the blink of an eye. You benefit from large and expandable storage space, your own domain, automatic encryption as well as calendar and office functions or email archiving. IONOS also offers the highest security standards in ISO-certified data centers.

    Create an SSL certificate

    We will create a self-signed SSL certificate to secure incoming and outgoing email connections:

    sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout mailserver.key -out mailserver.crt -nodes -days 365
    
    sudo openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

    Answer the questions at the prompts, or just hit [Enter] to leave an answer blank. This command will create two files: mailserver.key and mailserver.crt.

    Create a folder for the SSL certificate files:

    sudo mkdir /etc/postfix/ssl

    Then move the files into this folder:

    sudo mv mailserver.key /etc/postfix/ssl
    sudo mv mailserver.crt /etc/postfix/ssl
    sudo mv cakey.pem /etc/postfix/ssl
    sudo mv cacert.pem /etc/postfix/ssl

    SSL certificates from IONOS

    Protect your domain and gain visitors' trust with an SSL-encrypted website!

    Easy activation
    Proven safety
    24/7 assistance

    Set up SMTP AUTH

    SMTP AUTH is a basic method of securing your mail server. We strongly recommend the use of SMTP AUTH on all mail servers.

    To begin, use the following commands to configure Postfix to use SMTP AUTH:

    sudo postconf -e 'smtpd_sasl_local_domain ='
    sudo postconf -e 'smtpd_sasl_auth_enable = yes'
    sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
    sudo postconf -e 'broken_sasl_auth_clients = yes'
    sudo postconf -e 'smtpd_recipient_restrictions =  permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
    sudo postconf -e 'inet_interfaces = all'
    sudo postconf -e 'smtp_tls_security_level = may'
    sudo postconf -e 'smtpd_tls_security_level = may'
    sudo postconf -e 'smtpd_tls_auth_only = no'
    sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
    sudo postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key'
    sudo postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt'
    sudo postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
    sudo postconf -e 'smtpd_tls_loglevel = 1'
    sudo postconf -e 'smtpd_tls_received_header = yes'
    sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
    sudo postconf -e 'tls_random_source = dev:/dev/urandom'

    Replace example.com with your own domain name:

    sudo postconf -e 'myhostname = example.com' 

    Next, create the file /etc/postfix/sasl/smtpd.conf and open it for editing:

    sudo nano /etc/postfix/sasl/smtpd.conf

    Add the following content:

    pwcheck_method: saslauthd
    mech_list: plain login

    After you have finished configuring Postfix, restart the Postfix daemon with the command:

    sudo systemctl restart postfix

    Install SASL

    Postfix will use SASL to handle the authentication with SMTP AUTH. Now that Postfix has been configured to use SMTP AUTH, install SASL with the command:

    sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules

    After the installation is done, edit /etc/default/saslauthd:

    sudo nano /etc/default/saslauthd

    Scroll down to the line:

    # Should saslauthd run automatically on startup? (default: no)
    START=no

    Change START to yes:

    # Should saslauthd run automatically on startup? (default: no)
    START=yes

    Below that line, add the following three lines:

    PWDIR="/var/spool/postfix/var/run/saslauthd"
    PARAMS="-m ${PWDIR}"
    PIDFILE="${PWDIR}/saslauthd.pid"

    Scroll down to the bottom of the file to the line:

    OPTIONS="-c -m /var/run/saslauthd"

    Change the last line to read:

    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

    Save and exit the file.

    Next, run the following command to update the dpkg state:

    sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

    Note: If you get an error message that /var/spool/postfix/var/run/saslauthd does not exist, ignore it. This directory will be created when you start the SASL daemon.

    Create a symlink for the config file:

    sudo ln -s /etc/default/saslauthd /etc/saslauthd

    And finally, start the SASL daemon:

    sudo /etc/init.d/saslauthd start

    Test Postfix with Telnet

    To test Postfix we will telnet to the server and perform a basic "handshake protocol," just as an email program would.

    First, install Telnet:

    sudo apt-get install telnet

    Once Telnet is installed, use it to connect to the server's SMTP port:

    telnet localhost 25

    The server will respond with:

    [user@localhost ~]$ telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    220 localhost.localdomain ESMTP Postfix (Ubuntu)

    This indicates that Postfix is up and running.

    Next, greet the server:

    ehlo localhost

    The server will respond with:

    250-localhost.localdomain
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN

    The following lines indicate that SMTP AUTH is working:

    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN

    Start by telling the server who the mail is being sent from:

    mail from: some-person@some-other-server.com

    Then tell the server who you are sending mail to, replacing user@example.com with your own username and domain name:

    rcpt to: root@example.com

    Now add a simple message. Tell the server your message body starts here:

    data

    Type the message, then follow it with [Enter], a period ., and [Enter]:

    hello world 
    .

    Close the session by typing quit and hitting Enter.

    If you are successful, your test message will appear in /root/Maildir/new. You can view this message with the command:

    ll /root/Maildir/new

    To read the message, copy and paste the name of the file (it will be a long name like 1482257384.Vfc00I60512M258205.localhost.localdomain) and read it with more:

    sudo more  1482257384.Vfc00I60512M258205.localhost.localdomain

    You will see the email message, along with all of the header information:

    From some-person@some-other-server.com  Thu Dec  8 19:43:10 2016
    Return-Path: <some-person@some-other-server.com>
    X-Original-To: root@example.com
    Delivered-To: root@example.com
    Received: from localhost (localhost [127.0.0.1])
            by mail.example.com (Postfix) with SMTP id 6CFD589184
            for <root@example.com>; Thu,  8 Dec 2016 19:42:33 +0000 (UTC)
    Message-Id: <20161208194238.6CFD589184@mail.oxnardindustries.com>
    Date: Thu,  8 Dec 2016 19:42:33 +0000 (UTC)
    From: some-person@some-other-server.com
    
    hello world

    Hosted Exchange with IONOS

    The prefect solution for your business! Get the world’s leading email and calendar solution together with secure hosting from a single source!

    25 GB email
    Free domain
    24/7 support

    Install and configure Dovecot

    Dovecot is the default POP3/IMAP server for Ubuntu, and is installed on most Ubuntu 16.04 servers by default. Update Dovecot and install the imapd package with the command:

    sudo apt-get install dovecot-core dovecot-imapd

    You can check on the status of Dovecot with the command:

    sudo systemctl status dovecot

    If Dovecot is running, you will see output similar to:

    [user@mail dovecot]$ sudo systemctl status dovecot -l
    ● dovecot.service - Dovecot IMAP/POP3 email server
       Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled; vendor preset: disabled)
       Active: active (running) since Thu 2016-12-08 21:04:48 UTC; 3s ago
      Process: 8985 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
     Main PID: 8989 (dovecot)
       CGroup: /system.slice/dovecot.service
               ├─8989 /usr/sbin/dovecot -F
               ├─8992 dovecot/anvil
               ├─8993 dovecot/log
               └─8995 dovecot/config
    
    Dec 08 21:04:48 example.com systemd[1]: Starting Dovecot IMAP/POP3 email server...
    Dec 08 21:04:48 example.com systemd[1]: Started Dovecot IMAP/POP3 email server.
    Dec 08 21:04:48 example.com dovecot[8989]: master: Dovecot v2.2.10 starting up for imap (core dumps disabled)

    Note the line that reads:

    Active: active (running) since Thu 2016-12-08 21:04:48 UTC; 3s ago

    This means that Dovecot is installed and running.

    Set the permissions on the /var/mail directory so that Dovecot can create folders for new users:

    sudo chmod 777 /var/mail

    Install and configure Squirrelmail

    Install Squirrelmail with the command:

    sudo apt-get install squirrelmail

    You will need to edit your Apache configurations to add an alias for Squirrelmail. This directive will need to be inserted inside the VirtualHost command block in the site's main Apache configuration file.

    By common convention, this Apache configuration file is usually /etc/apache2/sites-available/example.com.conf on Ubuntu.

    Note: The location and filename of a site's Apache configuration file can vary.

    Edit this file with your editor of choice, for example with the command:

    sudo nano /etc/apache2/sites-available/example.com.conf

    Scroll through the file until you find the VirtualHost command block, which will look like:

    <VirtualHost *:80>
    ServerName example.com
        <Directory "/var/www/example.com/html">
        AllowOverride All
        </Directory>
    </VirtualHost>

    Add the following to VirtualHost command block:

    Alias /squirrelmail /usr/share/squirrelmail

    Be sure to put these lines outside any Directory command blocks. For example:

    <VirtualHost *:80>
    ServerName example.com
    
    Alias /squirrelmail /usr/share/squirrelmail
    
        <Directory "/var/www/example.com/html">
        AllowOverride All
        </Directory>
    </VirtualHost>

    Save and exit the file, then restart Apache for the changes to take effect:

    sudo systemctl restart apache2

    After Apache restarts, you can test Squirrelmail by visiting the URL http://example.com/squirrelmail in a browser.

    Professional Email Address & Personal Domain Name

    Get an email address as professional and unique as you are including a free matching domain!

    Address book
    Calendar
    Virus protection