From ZhoubaWiki
Jump to navigation Jump to search

How to set up an incoming email server

Here is a guide on getting incoming email services running on Ubuntu using Postfix. This tutorial has been tested on Ubuntu 12.04. Please keep in mind that you have to be logged as root during the whole process.


Let’s get core email functionality going with Postfix.

aptitude install postfix

You will be asked a few questions. Unfortunately, the graphical configuration interface that was automatically launched was a condensed version. Confirm the defaults and run the full graphical configuration utility.

dpkg-reconfigure postfix

Again, you will be asked some questions:

  • General type of mail configuration: Internet Site
  • System mail name: mail.hostname.tld (Use the identity domain and replace the prefix as necessary)
  • Root and postmaster mail recipient: Leave blank (... or use your account name if you want to receive error reports)
  • Other destinations to accept mail for: hostname.tld, localhost (Use the identity domain)
  • Force synchronous updates on mail queue: No
  • Local networks: leave default
  • Use procmail for local delivery: Yes
  • Mailbox size limit (bytes): 0
  • Local address extension character? leave default
  • Internet protocols to use: all

One more tweak to finish Postfix configuration.

postconf -e 'home_mailbox = Maildir/'


Dovecot can act both as an IMAP server and a POP3 server with or without SSL. We will use secured versions of both protocols only. Install the package.

aptitude install dovecot-imapd dovecot-pop3d

To use IMAP and POP3 over SSL we need to create an SSL certificate to use with Dovecot. We'll use a self-signed certificate since this is not a public server and we would probably have a hard time getting a proper certificate from a trusted source. First we generate a private key for the certificate and make it readable only by root, and then we create the certificate itself:

openssl genrsa -out /etc/ssl/private/dovecot.key 2048
chmod 400 /etc/ssl/private/dovecot.key
openssl req -new -x509 -key /etc/ssl/private/dovecot.key -out /etc/ssl/certs/dovecot.pem -days 1095

Example input:

Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hostname
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:mail.hostname.tld
Email Address []:admin@hostname.tld

Make sure to provide the actual domain name of your mail server, e.g. mail.hostname.tld, when asked about the “Common Name”. Otherwise email clients will complain every time they connect to the server. Since this is a self-signed certificate not backed by a Certification Authority clients will complain the first time anyway, but if you save the certificate subsequent connects will go through silently.

(For Ubuntu 11 and older)

Edit the configuration file /etc/dovecot/dovecot.conf:

protocols = imaps pop3s
mail_location = maildir:~/Maildir
disable_plaintext_auth = yes
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.key

(For Ubuntu 12 and newer)

Edit the configuration file /etc/dovecot/conf.d/10-mail.conf:

mail_location = maildir:~/Maildir

Edit the configuration file /etc/dovecot/conf.d/10-auth.conf:

disable_plaintext_auth = yes

Edit the configuration file /etc/dovecot/conf.d/10-ssl.conf:

ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.key

Restart Dovecot with the new config:

sudo /etc/init.d/dovecot restart

Whitelist / Blacklist by sender

OPEN /etc/postfix/main.cf and add a rule (the rule must be somewhere top that it be processed first):

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

Next CREATE /etc/postfix/sender_access

  • There insert the domains which you want ban/allow.
  • Example:
user1@hostname.tld	   REJECT
user2@hostname.tld	   OK

Now you must rehash file for create dtb.

postmap /etc/postfix/sender_access

Restart postfix:

/etc/init.d/postfix restart

Script for add a banned domain to sender_access

CREATE /usr/local/bin/addtoblacklist and insert this:

if grep  -q "$1" /etc/postfix/sender_access; then
		echo "$1 already on sender_access"
		echo "$1\tREJECT" >> /etc/postfix/sender_access
		postmap /etc/postfix/sender_access

Example for adding domain:

addtoblacklist user1@hostname.tld

Script for add an allowed domain to sender_access

CREATE /usr/local/bin/addtowhitelist and insert this:

if grep  -q "$1" /etc/postfix/sender_access; then
		echo "$1 already on sender_access"
		echo "$1\tOK" >> /etc/postfix/sender_access
		postmap /etc/postfix/sender_access

Example for adding domain:

addtowhitelist user1@hostname.tld



Test is very simply. You can sent test-mail to user@[IP address for mail-server].

After sending the mail you just check Maildir of the user. If there is a new email, mail-server is works well.