DEV Community

loading...
Cover image for Setup your own email server with Postfix on Ubuntu

Setup your own email server with Postfix on Ubuntu

bogkonstantin profile image Konstantin Bogomolov Originally published at bogomolov.tech ・4 min read

I was needed to send emails for my new project. I have explored SaaS services first. Free packages provided by them have a small amount of sending emails. So as long as I am a programmer, I decided to host my own sending email server.

After some research, I decided to stay with Postfix send-only configuration. Continue to read how to install and configure SMTP server to send emails and not send them to a spam folder.

Prerequisites

I used a single-core VPS with Ubuntu 18.04 for just 2.5 USD per month. My main app uses a table in DB as an email queue, so I have two NodeJS apps: one to handle the queue and second to get delivery status and update it in the main app DB. Tell me if you want to see it. Here is only the Postfix part.

I also have a domain. Let it be example.com here. Since it will be used for a website, I am using a subdomain email.example.com for the email server.

Postfix installation

Install Postfix using commands below:

sudo apt-get update
sudo apt install mailutils
Enter fullscreen mode Exit fullscreen mode

During installation, select Internet Site option for type of mail configuration. As a System mail name enter your domain, e.g. example.com.

You can see domain later with this command:

cat /etc/mailname
Enter fullscreen mode Exit fullscreen mode

Server configuration

Open the main config file with an editor:

sudo nano /etc/postfix/main.cf
Enter fullscreen mode Exit fullscreen mode

Find inet_interfaces parameter and change it to loopback-only. With that parameter, Postfix will not listen for any connection from outside of VPS.

inet_interfaces = loopback-only
Enter fullscreen mode Exit fullscreen mode

Other parameters and values to change for now:

mydestination = $myhostname, localhost.$mydomain, localhost
Enter fullscreen mode Exit fullscreen mode

Set your mail domain as a server hostname:

sudo hostnamectl set-hostname email.example.com
Enter fullscreen mode Exit fullscreen mode

Check the hostname with the command:

hostname --f
Enter fullscreen mode Exit fullscreen mode

Edit /etc/hosts file and add that subdomain with your remote IP:

1.2.3.4    email.example.com email
Enter fullscreen mode Exit fullscreen mode

Command to restart Postfix after configuration change:

sudo systemctl restart postfix
Enter fullscreen mode Exit fullscreen mode

Command to check current configuration:

postconf -d
Enter fullscreen mode Exit fullscreen mode

Create DKIM signature

Install DKIM tools:

sudo apt-get install opendkim opendkim-tools
Enter fullscreen mode Exit fullscreen mode

Add the user to the group:

sudo gpasswd -a postfix opendkim
Enter fullscreen mode Exit fullscreen mode

Open configuration file /etc/opendkim.conf:

sudo nano /etc/opendkim.conf
Enter fullscreen mode Exit fullscreen mode

Then add or update parameters below in the configuration file:

Socket              inet:8892@localhost
Canonicalization    simple
Mode                sv
SubDomains          no
AutoRestart         yes
AutoRestartRate     10/1M
Background          yes
DNSTimeout          5
SignatureAlgorithm  rsa-sha256
UserID              opendkim
KeyTable            refile:/etc/opendkim/key.table
SigningTable        refile:/etc/opendkim/signing.table
ExternalIgnoreList  /etc/opendkim/trusted.hosts
InternalHosts       /etc/opendkim/trusted.hosts
Enter fullscreen mode Exit fullscreen mode

Create a folder for DKIM keys:

sudo mkdir -p /etc/opendkim/keys
Enter fullscreen mode Exit fullscreen mode

Change folder permissions:

sudo chown -R opendkim:opendkim /etc/opendkim
sudo chmod go-rw /etc/opendkim/keys
Enter fullscreen mode Exit fullscreen mode

Create opendkim signing table:

sudo nano /etc/opendkim/signing.table
Enter fullscreen mode Exit fullscreen mode

With content inside:

*@example.com    default._domainkey.example.com
Enter fullscreen mode Exit fullscreen mode

Then create key table:

sudo nano /etc/opendkim/key.table
Enter fullscreen mode Exit fullscreen mode

With content inside:

default._domainkey.example.com     example.com:default:/etc/opendkim/keys/example.com/default.private
Enter fullscreen mode Exit fullscreen mode

Add trusted hosts:

sudo nano /etc/opendkim/trusted.hosts
Enter fullscreen mode Exit fullscreen mode

With content inside:

127.0.0.1
localhost
*.example.com
Enter fullscreen mode Exit fullscreen mode

Create keys folder:

sudo mkdir /etc/opendkim/keys/example.com
Enter fullscreen mode Exit fullscreen mode

Then generate keys:

sudo opendkim-genkey -b 2048 -d example.com -D /etc/opendkim/keys/example.com -s default -v
Enter fullscreen mode Exit fullscreen mode

Change the private key file owner:

sudo chown opendkim:opendkim /etc/opendkim/keys/example.com/default.private
Enter fullscreen mode Exit fullscreen mode

Then restart opendkim service:

sudo service opendkim restart
Enter fullscreen mode Exit fullscreen mode

Check the key:

sudo opendkim-testkey -d example.com -s default -vvv
Enter fullscreen mode Exit fullscreen mode

Now add or update parameters in the Postfix configuration file (/etc/postfix/main.cf):

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8892
non_smtpd_milters = inet:localhost:8892
Enter fullscreen mode Exit fullscreen mode

Then restart Postfix:

sudo systemctl restart postfix
Enter fullscreen mode Exit fullscreen mode

DNS configuration

You need to configure some DNS records. With that configuration, email services will not treat your emails as spam.

Add A record for the email.example.com:

Type: A
Name: email.example.com
Value: 1.2.3.4
Enter fullscreen mode Exit fullscreen mode

Add SPF record:

Type: TXT
Name: example.com
Value: v=spf1 mx ~all
Enter fullscreen mode Exit fullscreen mode

Add DMARC record:

Type: TXT
Name: _dmarc
Value: v=DMARC1; p=none
Enter fullscreen mode Exit fullscreen mode

Add DKIM record. Use previously generated DKIM signature (/etc/opendkim/keys/example.com/default.txt):

Type: TXT
Name: default._domainkey
Value: v=DKIM1; h=sha256; k=rsa; p=you-key-here-without-spaces
Enter fullscreen mode Exit fullscreen mode

Set PTR record (rDNS). You need to set it in your hosting provider's control panel.

Set email.example.com as a hostname and 4.3.2.1.in-addr.arpa as IP address. IP should be in reversed order.

Check if it set correctly with the command below:

host 1.2.3.4
Enter fullscreen mode Exit fullscreen mode

Email encryption

Install Certbot:

sudo apt install certbot
Enter fullscreen mode Exit fullscreen mode

Then generate keys:

sudo certbot certonly --standalone -d email.example.com
Enter fullscreen mode Exit fullscreen mode

Configure Postfix to use that keys. Add or edit parameters below in /etc/postfix/main.cf:

smtpd_tls_cert_file = /etc/letsencrypt/live/email.example.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/email.example.com/privkey.pem
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/letsencrypt/live/email.example.com
smtp_tls_security_level=may
Enter fullscreen mode Exit fullscreen mode

Then restart Postfix:

sudo service postfix restart
Enter fullscreen mode Exit fullscreen mode

Test

Send a test email with command:

echo "This is the body of the email" | mail -r test@example.com -s "This is the subject" your_email@gmail.com
Enter fullscreen mode Exit fullscreen mode

Check spam score with online services, e.g.: https://www.mail-tester.com/ (not an ad).

Discussion (0)

pic
Editor guide