Learn How To Installing Postal on Ubuntu 16.04
Table of Contents
- Step 1: Installing Postal
- Step 2: Replace the SSL certificate (Optional)
- Step 3: Setup domain settings
- Step 4: Enable email over SSL
- Step 5: Enable spam and virus checking using SpamAssassin
Postal is a self-hosted mail server which has a strong focus on outgoing email and can be used for newsletters and the like. It could even be compared to SendGrid.
Before we begin, it should be mentioned that installing Postal on an existing setup will most likely conflict with other software. Therefore, you should install Postal on a blank and separate cloud instance.
Spin up a new Ubuntu 16.04 cloud instance on IT Web Services, log into the server as root and follow the steps below.
Step 1: Installing Postal
Postal has an easy to use installer script. It takes one command only. Note that an installation from the script is not complete, additional steps are required.
Execute:
curl https://raw.githubusercontent.com/atech/postal/master/script/install/ubuntu1604.sh | sh
After the installation has been finished, we need to create a new user. Execute:
postal make-user
This command requires user input in order to determine the email address, name, and other user properties. Enter this information so that the user is created. Note that this command will create an admin user, so if you don’t want a user to have admin privileges, you shouldn’t create their account(s) through this command.
Next, navigate to the server IP address or any DNS mapping to the IP address in your browser in order to login. You might get to see an SSL certificate warning, but we can ignore that for now as Postal uses a self-signed certificate by default.
Attempt to login to the web interface. If that works, proceed to the next step.
Step 2: Replace the SSL certificate (Optional)
Like mentioned, Postal uses a self-signed certificate by default. Although not required, it might be a good idea to replace this certificate with a Let’s Encrypt one; especially if others will use the web interface, it could come across oddly if there’s a certificate error.
Furthermore, Let’s Encrypt is required for the tracking domains functionality to work.
Execute:
postal register-lets-encrypt example@ example.com
Step 3: Setup domain settings
Some DNS records should be added in order to prevent e-mail from being flagged as spam. Open the file /opt/postal/config/postal.yml and navigate to the dns section, which should look like this:
dns:
# Specifies the DNS record that you have configured. Refer to the documentation at
# https://github.com/atech/postal/wiki/Domains-&-DNS-Configuration for further
# information about these.
mx_records:
- mx.example.com
smtp_server_hostname: postal.example.com
spf_include: spf.example.com
return_path: rp.postal.example.com
route_domain: routes.postal.example.com
track_domain: track.postal.example.com
The DNS records for *.postal.example.com should be created in order for Postal to function correctly.
Furthermore, you should create an SPF record that’s “include-able” by other domain names (spf.example.com). The settings specified here will be shown to users upon the creation of a new domain name. Postal has a built-in function which checks if all DNS records specified above have been added to a domain name.
Aside from these, a DKIM record will be shown upon creation as well. As a DKIM record is unique, naturally, it will not be shown here.
Change these values to reflect the correct settings.
Step 4: Enable email over SSL
Although this step is optional, you should definitely (re)consider possible security-related issues if you don’t enable encryption. I recommend enabling (START)TLS.
By default, the mail server deployed alongside Postal doesn’t support SSL. There is no native functionality for enabling the mail server with SSL / TLS compatibility on ports 465 or 587.
However, it’s possible to configure port 25 to support STARTTLS, allowing for encryption as well. In order to activate this, add the following block to the configuration file (/opt/postal/config/postal.yml):
smtp_server:
tls_enabled: true
tls_certificate_path: config/fast_server.cert
tls_private_key_path: config/fast_server.key
In case this block already exists, you’ll want to compare their contents and merge them, considering a duplicate block could lead to conflicts.
Save the changes and restart Postal:
postal restart
Next, we’re going to setup a telnet session in order to verify if our changes took effect and if STARTTLS is enabled. Replace 0.0.0.0 with your IT Web Services cloud instance IP address.
server$ telnet 0.0.0.0 25
Trying 0.0.0.0...
Connected to postal.example.com.
Escape character is '^]'.
220 postal.example.com ESMTP Postal/NYNI5I
Greet the mail server. Replace postal.example.com with your Postal mail server name. This should be the value after “Connected to”.
ehlo postal.example.com
The following output will be returned after:
250-My capabilities are
250-STARTTLS
250 AUTH CRAM-MD5 PLAIN LOGIN
As you can see, 250-STARTTLS was returned, so the mail server supports STARTTLS on port 25.
Step 5: Enable spam and virus checking using SpamAssassin
Postal integrates with SpamAssassin and ClamAV in order to take care of spam and virus checking, both incoming and outgoing. The functionality is disabled by default as some mail servers don’t need this, but I definitely recommend enabling it in most cases.
First off, install SpamAssassin. There is no need to add an alternative repository:
apt-get install spamassassin
Open the SpamAssassin configuration file, /etc/default/spamassassin, and alter the following values:
ENABLED=1
CRON=1
Next, restart SpamAssassin for the changes to take effect:
systemctl restart spamassassin
SpamAssassin is now installed, but Postal isn’t sending any e-mail its way. Add the following block in the postal.yml configuration file:
spamd:
enabled: true
host: 127.0.0.1
port: 783
Finally, restart Postal:
postal restart
Postal has now been configured to use SpamAssassin and ClamAV for incoming and outgoing e-mail messages. You can specify how e-mail marked as spam should be dealt with per route (mark, quarantine or fail).
You now have a fully functional Postal server. For settings related to the mail (server) configuration, you should take a look in the Postal interface.
That concludes my Postal tutorial, thank you.
Need help?
Do you need help setting up this on your own service?
Please contact us and we’ll provide you the best possible quote!