Learn Simple Mailserver With Postfix, Dovecot, and Sieve on Debian 9

October 26, 2019

Table of Contents

Note: This article assumes you’re running a fresh Debian 9 installation. Additionally, you must have root access to continue.

Step 1: Install the necessary packages

The first thing we need to do is install the packages for our mail server.

Execute the following as the root user.

apt-get install postfix dovecot-imapd dovecot-managesieved sendmail mailutils -y 

-yis a parameter for apt-get that allows us to accept the confirmations automatically.

When you’re greeted with the “Postfix Configuration” prompt, press the “Tab” key followed by the “Enter” key, and finally the “Enter” key once more to set Postfix as an Internet Site.

You will then need to enter your primary domain and then hit the “Enter” key.

Step 2: Configure Dovecot and Postfix

We need to first configure the email address used by the system to send rejection emails (e.g. bounced mail).

Open the file /etc/dovecot/conf.d/15-lda.conf in your favorite text editor, and find the line that looks like #postmaster_address =. Change it to this.

postmaster_address = postmaster@%d

Save and exit.

Next, open up /etc/postfix/main.cf. Scroll to the bottom, and append the following.

mailbox_command = /usr/lib/dovecot/deliver

Alternatively, you may enter this in your shell prompt.

echo 'mailbox_command = /usr/lib/dovecot/deliver' >> /etc/postfix/main.cf

Step 3: Configure startup services

Ideally, we’d like Postfix and Dovecot to start automatically.
Enter the following commands to tell SystemD to start them automatically.

systemctl enable postfix
systemctl enable dovecot

Now, let’s restart them to apply any configuration changes.

systemctl restart postfix
systemctl restart dovecot

Step 4: Testing the server and installing SSL

Let’s test what we’ve done so far to make sure everything is working properly.

echo "Testmail!" | mail -s "Testmail!" root@localhost

You should find a message similar to the following one in /var/log/mail.log.

install postfix/local[10309]: A0B361DDA2: to=<root@localhost>, relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to command: /usr/lib/dovecot/deliver

Now that the basic service is working, there are two important things left to set up. The internet is not a friendly place, making encrypting as much as possible a necessity. In this case we will be using SSL/TLS. Ideally you would have a certificate from a trusted CA – such as Let’s Encrypt, for example, where you can get a certificate for free. For private usage, a self-signed certificate is fine, too.

You can generate a self-signed certificate with the following command.

mkdir /etc/dovecot/private
openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout /etc/dovecot/private/mykey.key -out /etc/dovecot/mycert.pem
chmod 600 /etc/dovecot/private/*

Append the following to /etc/postfix/main.cf.

smtpd_tls_cert_file = /etc/dovecot/private/mykey.pem
smtpd_tls_key_file = /etc/dovecot/private/mycert.pem
smtpd_use_tls = yes

Save, exit, and restart Postfix.

systemctl restart postfix

Now, open the ./etc/dovecot/conf.d/10-ssl.conf file.

Change the values in the configuration file.

ssl = yes
ssl_key = /etc/dovecot/private/mykey.pem
ssl_cert = /etc/dovecot/private/mycert.pem

Restart Dovecot.

systemctl restart dovecot

Test the SSL functionality.

openssl s_client -starttls smtp -crlf -connect domainYouEnteredEarlierInStep1:25

If the answer contains both certificate and connection information, then everything is working properly. The last step of this tutorial is the configuration of Sieve. Open /etc/dovecot/conf.d/15-lda.conf with your favorite text editor and edit the following line.

mail_plugins = $mail_plugins sieve

One last restart.

systemctl restart dovecot

Step 5 (optional): Sending/receiving mail as an unprivileged user

It’s considered unprofessional to send/receive emails with the root user. To resolve this, we’ll create an unprivileged user.

useradd -m myUser #-m is a parameter that forces the creation of the home directory
passwd myUser


Congratulations, you have setup a mailserver on your IT Web Services VPS.

Need help?

Do you need help setting up this on your own service?
Please contact us and we’ll provide you the best possible quote!