Learn How To Installing Postal on Ubuntu 16.04

February 7, 2019

Table of Contents

Postal is a self-hosted mail server which has a strong focus on outgoing email and can be used for newsletters and the like. It could even be compared to SendGrid.

Before we begin, it should be mentioned that installing Postal on an existing setup will most likely conflict with other software. Therefore, you should install Postal on a blank and separate cloud instance.

Spin up a new Ubuntu 16.04 cloud instance on IT Web Services, log into the server as root and follow the steps below.

Step 1: Installing Postal

Postal has an easy to use installer script. It takes one command only. Note that an installation from the script is not complete, additional steps are required.


curl https://raw.githubusercontent.com/atech/postal/master/script/install/ubuntu1604.sh | sh

After the installation has been finished, we need to create a new user. Execute:

postal make-user

This command requires user input in order to determine the email address, name, and other user properties. Enter this information so that the user is created. Note that this command will create an admin user, so if you don’t want a user to have admin privileges, you shouldn’t create their account(s) through this command.

Next, navigate to the server IP address or any DNS mapping to the IP address in your browser in order to login. You might get to see an SSL certificate warning, but we can ignore that for now as Postal uses a self-signed certificate by default.

Attempt to login to the web interface. If that works, proceed to the next step.

Step 2: Replace the SSL certificate (Optional)

Like mentioned, Postal uses a self-signed certificate by default. Although not required, it might be a good idea to replace this certificate with a Let’s Encrypt one; especially if others will use the web interface, it could come across oddly if there’s a certificate error.

Furthermore, Let’s Encrypt is required for the tracking domains functionality to work.


postal register-lets-encrypt example@ example.com

Step 3: Setup domain settings

Some DNS records should be added in order to prevent e-mail from being flagged as spam. Open the file /opt/postal/config/postal.yml and navigate to the dns section, which should look like this:

  # Specifies the DNS record that you have configured. Refer to the documentation at
  # https://github.com/atech/postal/wiki/Domains-&-DNS-Configuration for further
  # information about these.
    - mx.example.com
  smtp_server_hostname: postal.example.com
  spf_include: spf.example.com
  return_path: rp.postal.example.com
  route_domain: routes.postal.example.com
  track_domain: track.postal.example.com

The DNS records for *.postal.example.com should be created in order for Postal to function correctly.

Furthermore, you should create an SPF record that’s “include-able” by other domain names (spf.example.com). The settings specified here will be shown to users upon the creation of a new domain name. Postal has a built-in function which checks if all DNS records specified above have been added to a domain name.

Aside from these, a DKIM record will be shown upon creation as well. As a DKIM record is unique, naturally, it will not be shown here.

Change these values to reflect the correct settings.

Step 4: Enable email over SSL

Although this step is optional, you should definitely (re)consider possible security-related issues if you don’t enable encryption. I recommend enabling (START)TLS.

By default, the mail server deployed alongside Postal doesn’t support SSL. There is no native functionality for enabling the mail server with SSL / TLS compatibility on ports 465 or 587.

However, it’s possible to configure port 25 to support STARTTLS, allowing for encryption as well. In order to activate this, add the following block to the configuration file (/opt/postal/config/postal.yml):

  tls_enabled: true
  tls_certificate_path: config/fast_server.cert
  tls_private_key_path: config/fast_server.key

In case this block already exists, you’ll want to compare their contents and merge them, considering a duplicate block could lead to conflicts.

Save the changes and restart Postal:

postal restart

Next, we’re going to setup a telnet session in order to verify if our changes took effect and if STARTTLS is enabled. Replace with your IT Web Services cloud instance IP address.

server$ telnet 25
Connected to postal.example.com.
Escape character is '^]'.
220 postal.example.com ESMTP Postal/NYNI5I

Greet the mail server. Replace postal.example.com with your Postal mail server name. This should be the value after “Connected to”.

ehlo postal.example.com

The following output will be returned after:

250-My capabilities are

As you can see, 250-STARTTLS was returned, so the mail server supports STARTTLS on port 25.

Step 5: Enable spam and virus checking using SpamAssassin

Postal integrates with SpamAssassin and ClamAV in order to take care of spam and virus checking, both incoming and outgoing. The functionality is disabled by default as some mail servers don’t need this, but I definitely recommend enabling it in most cases.

First off, install SpamAssassin. There is no need to add an alternative repository:

apt-get install spamassassin

Open the SpamAssassin configuration file, /etc/default/spamassassin, and alter the following values:


Next, restart SpamAssassin for the changes to take effect:

systemctl restart spamassassin

SpamAssassin is now installed, but Postal isn’t sending any e-mail its way. Add the following block in the postal.yml configuration file:

  enabled: true
  port: 783

Finally, restart Postal:

postal restart

Postal has now been configured to use SpamAssassin and ClamAV for incoming and outgoing e-mail messages. You can specify how e-mail marked as spam should be dealt with per route (mark, quarantine or fail).

You now have a fully functional Postal server. For settings related to the mail (server) configuration, you should take a look in the Postal interface.

That concludes my Postal tutorial, thank you.

Need help?

Do you need help setting up this on your own service?
Please contact us and we’ll provide you the best possible quote!