Setup mail server with posfix and dovecot in ubuntu 14.04

This tutorial explains how to setup mail server on ubuntu 14.04 using postfix and dovecot.
Postfix for outgoing

Dovecot for incoming

Here i have used mail.raj.com for hostname and raj.com for Domain . please replace with your domain .

Assign static IP and hostname and add a host entry for the host name .

Assign hostname in /etc/hostname

mail.raj.com

Add a hostentry in /etc/hosts

mail.raj.com

127.0.0.1 localhost

127.0.1.1 mail.raaz.com

Update the repositories.

Sudo Apt-get update

Install postfix and dependencies . Press enter for all prompted questions during installation. we will do that in the next step.

Sudo apt-get install postfix

After installation issue the below command to configure postfix.

sudo dpkg-reconfigure postfix

* Stopping Postfix Mail Transport Agent postfix [ OK ]

setting synchronous mail queue updates: false

setting myorigin

setting destinations: raj.com, localhost.localdomain, localhost

setting relayhost:

setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24

clearing mailbox_command

setting mailbox_size_limit: 0

setting recipient_delimiter: +

setting inet_interfaces: all

setting inet_protocols: all

WARNING: /etc/aliases exists, but does not have a root alias.

Postfix is now set up with the changes above. If you need to make changes, edit

/etc/postfix/main.cf (and others) as needed. To view Postfix configuration

values, see postconf(1).

After modifying main.cf, be sure to run ‘/etc/init.d/postfix reload’.

Running newaliases

* Stopping Postfix Mail Transport Agent postfix [ OK ]

* Starting Postfix Mail Transport Agent postfix [ OK ]

Processing triggers for libc-bin (2.19-0ubuntu6.7) …

Now configure Postfix for SMTP-AUTH using Dovecot SASL by adding the below lines to postfix config file /etc/postfix/main.cf

home_mailbox = Maildir/

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination, check_policy_service unix:private/policy-spf

smtp_tls_security_level = may

smtpd_tls_security_level = may

smtp_tls_note_starttls_offer = yes

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

Now generate a digital certificate for tls. Issue the commands one by one and provide details as per your domain.

openssl genrsa -des3 -out server.key 2048

Generating RSA private key, 2048 bit long modulus

……………………………………………+++

………………………………………………………+++

e is 65537 (0x10001)

Enter pass phrase for server.key:

Verifying – Enter pass phrase for server.key:

openssl rsa -in server.key -out server.key.insecure

Enter pass phrase for server.key:

writing RSA key :

mv server.key server.key.secure

mv server.key.insecure server.key

openssl req -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [AU]:NP

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:siddhipur

Organization Name (eg, company) [Internet Widgits Pty Ltd]:anyany

Organizational Unit Name (eg, section) []:amyamy

Common Name (e.g. server FQDN or YOUR name) []:mail.raj.com

Email Address []:[email protected]

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Signature ok

subject=/C=NP/ST=Some-State/L=siddhipur/O=anyany/OU=amyamy/CN=ns2.raj.com/[email protected]

Getting Private key

cp server.crt /etc/ssl/certs

cp server.key /etc/ssl/private/

Now generate a digital certificate for tls. Issue the commands one by one and provide details as per your domain.

sudo postconf -e ‘smtpd_tls_key_file = /etc/ssl/private/server.key’

sudo postconf -e ‘smtpd_tls_cert_file = /etc/ssl/certs/server.crt’ clear

Openfile and uncomment below lines to enable smtps ( 465 ) and submission ( 587 ) .

vim /etc/postfix/master.cf

smtp inet n – – – – smtpd

submission inet n – – – – smtpd

-o syslog_name=postfix/submission

-o smtpd_tls_security_level=encrypt

-o smtpd_sasl_auth_enable=yes

-o smtpd_relay_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

smtps inet n – – – – smtpd

-o syslog_name=postfix/smtps

-o smtpd_tls_wrappermode=yes

-o smtpd_sasl_auth_enable=yes

Now install Dovecot SASL by typing the below command.

apt-get install dovecot-common

apt-get install dovecot-common

Reading package lists… Done

Building dependency tree

Reading state information… Done

Note, selecting ‘dovecot-core’ instead of ‘dovecot-common’

dovecot-core is already the newest version.

0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.

Make changes to the files as follows.

vim /etc/dovecot/conf.d/10-master.conf find postfix smtp-auth line no 95

95 # Postfix smtp-auth

96 unix_listener /var/spool/postfix/private/auth {

97 mode = 0660

98 user = postfix

99 group = postfix

100 }

Openfile and find (line no:100)

vim /etc/dovecot/conf.d/10-auth.conf

auth_mechanisms = plain

replace with

auth_mechanisms = plain login

Restart postfix and dovecot services

sudo service postfix restart

* Stopping Postfix Mail Transport Agent postfix [ OK ]

* Starting Postfix Mail Transport Agent postfix [ OK ]

sudo service dovecot restart

dovecot stop/waiting

dovecot start/running, process 8586

t

Now test SMTP-AUTH and smtp/pop3 port access .
Type the below command and should get below response.

elnet localhost smtp

Trying 127.0.0.1…

Connected to localhost.

Escape character is ‘^]’.

220 raj.com ESMTP Postfix (Ubuntu)

ehlo localhost

250-raj.com

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-STARTTLS

250-AUTH PLAIN LOGIN

250-AUTH=PLAIN LOGIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

quit to exit

telnet localhost 587

Trying 127.0.0.1…

Connected to localhost.

Escape character is ‘^]’.

220 raj.com ESMTP Postfix (Ubuntu)

ehlo localhost

250-raj.com

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-STARTTLS

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

quit to exit

Install dovecot using the below command

sudo apt-get install dovecot-imapd dovecot-pop3d

Reading package lists… Done

Building dependency tree

Reading state information… Done

dovecot-pop3d is already the newest version.

dovecot-imapd is already the newest version.

0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.

 Now configure mailbox. Open /etc/dovecot/conf.d/10-mail file and find (Line no:30 )

mail_location = mbox:~/mail:INBOX=/var/mail/%u

replace with

mail_location = maildir:~/Maildir

Now change pop3_uidl_format . Open /etc/dovecot/conf.d file and find and uncomment the below line ( Line no : 50 )

pop3_uidl_format = %08Xu%08Xv

Now enable SSL . Open /etc/dovecot/conf.d/10-ssl.conf file and find and uncomment the below line ( Line no : 6 )

ssl = yes

sudo service dovecot restart

dovecot stop/waiting

dovecot start/running, process 8839

telnet localhost 110

Trying 127.0.0.1…

Connected to localhost.

Escape character is ‘^]’.

+OK Dovecot (Ubuntu) ready.

To execute

quit

+OK Logging out

Repeat the same for 995,993,143 ports.

telnet localhost 995

Trying 127.0.0.1…

Connected to localhost.

Escape character is ‘^]’.

telnet localhost 993

Trying 127.0.0.1…

Connected to localhost.

Escape character is ‘^]’.

telnet localhost 143

Trying 127.0.0.1…

Connected to localhost.

Escape character is ‘^]’.

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready.

OR check for listening ports using netstat command .

Netstat -ntl4

you should get the result like below.

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN

tcp 0 0.0.0.0:22 0.0.0.0:* LISTEN

Rajkishor Maharjan has written 17 articles