Learn Simple Mailserver With Postfix, Dovecot, and Sieve on Debian 9
Table of Contents
- Step 1: Install the necessary packages
- Step 2: Configure Dovecot and Postfix
- Step 3: Configure startup services
- Step 4: Testing the server and installing SSL
- Step 5 (optional): Sending/receiving mail as an unprivileged user
Note: This article assumes you’re running a fresh Debian 9 installation. Additionally, you must have
root access to continue.
Step 1: Install the necessary packages
The first thing we need to do is install the packages for our mail server.
Execute the following as the
apt-get install postfix dovecot-imapd dovecot-managesieved sendmail mailutils -y
-y” is a parameter for
apt-get that allows us to accept the confirmations automatically.
When you’re greeted with the “Postfix Configuration” prompt, press the “
Tab” key followed by the “
Enter” key, and finally the “
Enter” key once more to set Postfix as an Internet Site.
You will then need to enter your primary domain and then hit the “
Step 2: Configure Dovecot and Postfix
We need to first configure the email address used by the system to send rejection emails (e.g. bounced mail).
Open the file
/etc/dovecot/conf.d/15-lda.conf in your favorite text editor, and find the line that looks like
#postmaster_address =. Change it to this.
postmaster_address = postmaster@%d
Save and exit.
Next, open up
/etc/postfix/main.cf. Scroll to the bottom, and append the following.
mailbox_command = /usr/lib/dovecot/deliver
Alternatively, you may enter this in your shell prompt.
echo 'mailbox_command = /usr/lib/dovecot/deliver' >> /etc/postfix/main.cf
Step 3: Configure startup services
Ideally, we’d like Postfix and Dovecot to start automatically.
Enter the following commands to tell
SystemD to start them automatically.
systemctl enable postfix systemctl enable dovecot
Now, let’s restart them to apply any configuration changes.
systemctl restart postfix systemctl restart dovecot
Step 4: Testing the server and installing SSL
Let’s test what we’ve done so far to make sure everything is working properly.
echo "Testmail!" | mail -s "Testmail!" root@localhost
You should find a message similar to the following one in
install postfix/local: A0B361DDA2: to=<root@localhost>, relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to command: /usr/lib/dovecot/deliver
Now that the basic service is working, there are two important things left to set up. The internet is not a friendly place, making encrypting as much as possible a necessity. In this case we will be using
SSL/TLS. Ideally you would have a certificate from a trusted CA – such as Let’s Encrypt, for example, where you can get a certificate for free. For private usage, a self-signed certificate is fine, too.
You can generate a self-signed certificate with the following command.
mkdir /etc/dovecot/private openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout /etc/dovecot/private/mykey.key -out /etc/dovecot/mycert.pem chmod 600 /etc/dovecot/private/*
Append the following to
smtpd_tls_cert_file = /etc/dovecot/private/mykey.pem smtpd_tls_key_file = /etc/dovecot/private/mycert.pem smtpd_use_tls = yes
Save, exit, and restart Postfix.
systemctl restart postfix
Now, open the
Change the values in the configuration file.
ssl = yes ssl_key = /etc/dovecot/private/mykey.pem ssl_cert = /etc/dovecot/private/mycert.pem
systemctl restart dovecot
Test the SSL functionality.
openssl s_client -starttls smtp -crlf -connect domainYouEnteredEarlierInStep1:25
If the answer contains both certificate and connection information, then everything is working properly. The last step of this tutorial is the configuration of Sieve. Open
/etc/dovecot/conf.d/15-lda.conf with your favorite text editor and edit the following line.
mail_plugins = $mail_plugins sieve
One last restart.
systemctl restart dovecot
Step 5 (optional): Sending/receiving mail as an unprivileged user
It’s considered unprofessional to send/receive emails with the
root user. To resolve this, we’ll create an unprivileged user.
useradd -m myUser #-m is a parameter that forces the creation of the home directory passwd myUser
Congratulations, you have setup a mailserver on your IT Web Services VPS.
Do you need help setting up this on your own service?
Please contact us and we’ll provide you the best possible quote!