How to Set Up an Email Server with Postfix, Dovecot and Roundcube on Ubuntu 18.04

Postfix is a Mail Transfer Agent(Agent). It is a powerful open-source application that is capable of receiving and sending emails.

Dovecot is a free POP3 and IMAP server that delivers and retrieves emails to local mailboxes on the Linux system.

Roundcube is a web-based email client that works pretty well with Postfix and Dovecot.

While utilizing the POP and IMAP protocol on Dovecot, Roundcube can read emails stored by Dovecot on virtual mailboxes.

At the same time, Roundcube can submit emails to Postfix using the SMTP protocol.

So by harnessing the power of the three open-source applications (Postfix, Dovecot, and Roundcube), you can create a fully functional two-way email server.

In this guide, you’ll set up an email server with Postfix, Dovecot, and Roundcube on Ubuntu 18.04 server.

Prerequisites

To follow along with this guide, you require the following:

  1. A VPS server running Ubuntu 18.04 as the Linux distribution.
  2. A domain name(e.g. example.com)
  3. A non-root user that can perform sudo tasks

Step 1 – Configuring DNS Server

Your email server must have a fully qualified domain name.

To set up this, you must point the A record of your domain to the public IP address associated with your VPS instance.

You must also set MX records on your domain name DNS records editor. This is done from the control panel of your VPS provider.

Then, you need to change the hostname of your server.

To edit the server hostname, open the /etc/hostnamefile :

$ sudo nano /etc/hostname

Change the hostname  to something appropriate e.g., mail

mail

Save the file by pressing CTRL+X, Y and, Enter

Next, edit the hosts’ file /etc/hosts. Open the file using nano text editor:

$ sudo nano /etc/hosts

Make sure you’ve got the below two entries at the top of the file. Replace example.com with your domain name:

127.0.0.1    localhost
127.0.1.1    mail.example.com mail

Reboot the system:

$ sudo reboot

Now that you have set the host configurations, you’ll go ahead and install a webserver.

Step 2 – Installing Apache Web Server

Apache is primarily needed by the Roundcube email client for it to run on a web-browser like Google Chrome.

Run the command below to install Apache:

$ sudo apt-get update
$ sudo apt-get install apache2

Press Y and hit Enter when prompted to confirm the installation.

Next, enable the Mod_Rewrite module. Roundcube requires this module to be activated:

$ sudo a2enmod rewrite

Restart Apache web server for the changes to be effected:

$ sudo systemctl restart apache2

Once the Apache web server is running like expected, you’ll install a database server.

Step 3 – Installing MySQL Database Server

Roundcube requires MySQL for it to work, so install the database server:

$ sudo apt-get install mysql-server

Press Y and Enter to confirm the installation.

Next, run the command below to secure the MySQL server:

$ sudo mysql_secure_installation

Answer several questions from the prompt and hit Enter to continue to the next option. After setting up the database server, you will install an SSL certificate.

Step 4 – Installing Let’s Encrypt Certificate

In order for the mail server to use SSL, You will install a free Let’s Encrypt SSL certificate.

To do this, run the command below and remember to replace example.com with the exact domain name that you intend to use with your mail server.

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache
$ sudo certbot --apache -d example.com -d www.example.com

Your SSL certificate should now be ready and you can install PHP.

Step 5 – Installing PHP Scripting Language

Roundcube is written in PHP.  As such, you must install PHP together with all associated modules required by Roundcube by running the command below:

$ sudo apt-get install php libapache2-mod-php php-mysql

Press Y when prompted to confirm the installation and hit Enter to continue. Once the installation is complete,  the next step is installing the Postfix server.

Step 6 – Installing Postfix MTA

Install Postfix Mail Transfer Agent (MTA):

$ sudo apt-get install postfix

Press Y and hit Enter when prompted to confirm the installation.

On the next screen, hit TAB then Enter to continue:

You will be prompted to select the mail server configuration type. Choose Internet Site and press TAB and Enter to continue.

On the next screen, you should enter the name of your domain without the ‘www’ part.

So, if your domain name is www.example.com, enter example.com on the System mail name field and hit Tab and Enter to continue.

After a few seconds, Postfix will install on your Ubuntu 18.04 server and you can proceed to configure it.

Step 7 – Configuring Postfix

Postfix MTA is very powerful and secure out-of-the-box. However, it requires a few configurations for it to work with Ubuntu 18.04 and Dovecot.

The main Postfix configuration file is located at /etc/postfix/main.cf.

Back up this file before editing it:

$ sudo mv /etc/postfix/main.cf /etc/postfix/main.cf.bk

This ensures that you can go back to the default settings in case you mess up with the Postfix configuration.

Next, create a new Postfix configuration file using nano text editor:

$ sudo nano /etc/postfix/main.cf

Paste the information below to the file and remember to replace example.com with your domain name.

# GENERAL SETTINGS

smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no

# SMTP SETTINGS 

smtp_use_tls=yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# SMTPD SETTINGS 

smtpd_use_tls=yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,  reject_unauth_destination

# SASL SETTINGS

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

# VIRTUAL MAIL BOX AND LMTP SETTINGS

virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains



# OTHER SETTINGS

myhostname = mail.example.com
myorigin = /etc/mailname
mydestination =  localhost.$mydomain, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

Once you add the settings above, save and close the file and proceed next to create mailbox domains.

Step 8 – Creating Virtual Mail Box Domains

The Postfix configuration file that you created above instructed the mail server to look for virtual mailbox domains on the /etc/postfix/virtual_mailbox_domainsfile.

Add the domains that you intend to use with the mail server on this file. You can add as many domains as you want.

For instance, to add the example.com domain. Open the file:

$ sudo nano /etc/postfix/virtual_mailbox_domains

Then, add the entry below. Please note, the entry MUST be in two parts as shown below.

example.com #domain

Save and close the file when done.

Since Postfix is not configured to read plain text files, format the file to a format that it can understand:

$ sudo postmap /etc/postfix/virtual_mailbox_domains

Remember, you must run that command each time you edit the /etc/postfix/virtual_mailbox_domains file.

Next,  set up the Postfix’s master configuration file /etc/postfix/master.cf.

Open the file using nano text editor:

$ sudo nano /etc/postfix/master.cf

Look for the line below:

#submission inet n       -       y       -       -       smtpd

Then, remove the leading # symbol to uncomment it:

submission inet n       -       y       -       -       smtpd

When done, save and close the file. Postfix server is now configured and you’ll install Dovecot in the next step.

Step 9 – Installing Dovecot on Ubuntu 18.04

Next,  install Dovecot and all associated packages necessary for running IMAP, POP, and LMTP protocols.

$ sudo apt-get install dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd

When prompted, press Y and hit Enter to proceed. Once the installation is complete, configure the Dovecot mail location.

Step 10 – Configuring Dovecot mail_location

In order for Dovecot to communicate with Postfix and the virtual mailbox domains that you create above,  you must make a few changes to its configuration files.

Start off by editing the /etc/dovecot/conf.d/10-mail.conffile:

$ sudo nano /etc/dovecot/conf.d/10-mail.conf

Locate the mail_location parameter :

mail_location = mbox:~/mail:INBOX=/var/mail/%u

Then, change its value as shown below :

mail_location = maildir:/var/mail/vhosts/%d/%n

Save and close the file.

In a nutshell, you’ve instructed Dovecot to look for emails on the /var/mail/vhostsdirectory.

So for Dovecot to work,  you need to create a sub-directory for each domain you intend to use with your email server.

Step 11 – Creating Dovecot vhosts Directory For Each Domain

First, create the parent /var/mail/vhostsdirectory first:

$ sudo mkdir /var/mail/vhosts

Then create the sub-directory for your domain name. Replace example.com with the name of your domain:

$ sudo mkdir /var/mail/vhosts/example.com

If you have multiple domains, repeat the command above while replacing the last part of the directory name(example.com) with the name of each domain.

Once the vhosts directory is ready, you can now create a vmail user and group.

Step 12 – Creating Dovecot vmail User and Group

Next, create a  vmail user and a group. Also, assign the user access to the vhosts directories that you created in the previous step.

First, create the vmail group:

$ sudo groupadd -g 5000 vmail

Next, create and add a vmail user to the group you created above:

$ sudo useradd -r -g vmail -u 5000 vmail -d /var/mail/vhosts -c "virtual mail user"

Assign the ownership of the directories to the vmail user:

$ sudo chown -R vmail:vmail /var/mail/vhosts/

The vmail user and group are ready. Proceed ahead to enable POP3 and IMAP services.

Step 13 – Enabling Dovecot for Secure POP3 and IMAP Services

Next, edit the /etc/dovecot/conf.d/10-master.conffile and enable IMAP and POP3 secure services.

Open the /etc/dovecot/conf.d/10-master.conf file:

$ sudo nano /etc/dovecot/conf.d/10-master.conf

Then, find the entries below:

inet_listener imaps {
    #port = 993
    #ssl = yes
  }

Change them to:

inet_listener imaps {

    port = 993
    ssl = yes
  }

On the same file, locate the content below:

inet_listener pop3s {

    #port = 995
    #ssl = yes

  }

And change it to:

inet_listener pop3s {

    port = 995
    ssl = yes

  }

Don’t close the file yet, you need to set up Dovecot LMTP service.

Step 14 – Setting up Dovecot LMTP service

On the same file, find the entries below:

service lmtp {

unix_listener lmtp {

#mode = 0666

}

Change them to the content below to enable the LMTP service:

service lmtp {

unix_listener /var/spool/postfix/private/dovecot-lmtp {

mode = 0600
user = postfix
group = postfix

 }

Don’t close the file yet, you’ll configure the Dovecot authentication next.

Step 15 – Configuring Dovecot Authentication Socket

To configure the authentication socket, locate:

service  auth {

...

  # Postfix smtp-auth

  #unix_listener /var/spool/postfix/private/auth {

  #  mode = 0666

  #}



}

And change the above entries to:

service auth {

...

#Postfix smtp-auth

unix_listener /var/spool/postfix/private/auth {

mode = 0666

user=postfix

group=postfix

}

...

Save and close the file when done and proceed to set up a Dovecot authentication process.

Step 16 – Setting Up Dovecot Authentication Process

Next, you’ll set up a Dovecot authentication process by editing the /etc/dovecot/conf.d/10-auth.conf file:

$ sudo nano /etc/dovecot/conf.d/10-auth.conf

Find the entry below:

# disable_plaintext_auth = yes

Then, uncomment it by removing the leading pound symbol:

disable_plaintext_auth = yes

Also, change the authentication mechanism from plain to plain login. On the same file, find the below entry:

auth_mechanisms = plain

And change it to:

auth_mechanisms = plain login

Next, set up the users and passwords configurations. You’ll use a password file since it is a flexible method for configuring new users.

First,  disable the default Dovecot behavior that authenticates users using system information.

Locate the line:

!include auth-system.conf.ext

And comment it by adding a pound symbol(#) at the beginning :

#!include auth-system.conf.ext

Then, to enable password file configuration, locate the entry below.

#!include auth-passwdfile.conf.ext

Then, change it to:

!include auth-passwdfile.conf.ext

Save and close the file.

Next  edit the /etc/dovecot/conf.d/auth-passwdfile.conf.ext file:

$ sudo nano /etc/dovecot/conf.d/auth-passwdfile.conf.ext

Make sure the file looks as shown below:

passdb {

  driver = passwd-file

  args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users

}



userdb {

driver = static

args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n



 # Default fields that can be overridden by passwd-file

 #default_fields = quota_rule=*:storage=1G

 # Override fields from passwd-file

 #override_fields = home=/home/virtual/%u

}

Save and close the file and continue to create a password file for the users you intend to use with your email server.

Step 17 – Creating Dovecot Password File

Next,  create a password file for each user that you intend to assign an email account to.

$ sudo nano /etc/dovecot/dovecot-users

Users must be added using the format user@domainname.com  followed by the password.

Example:

admin@example.com:{plain}Mis25sOpdsio

You can add as many users as you want. Save and close the file when done.

In order for Dovecot to work with SSL for security reasons, you will make a few changes.

Open the /etc/dovecot/conf.d/10-ssl.conf file:

$ sudo nano /etc/dovecot/conf.d/10-ssl.conf

Change the ssl parameter value from no to required. Locate:

ssl = no

And change it to:

ssl = required

Step 18- Configuring Dovecot to Use Let’s Encrypt Certificate

The next step is to point the Let’s Encrypt certificate files that were generated earlier to Dovecot.

Find the below two lines in the /etc/dovecot/conf.d/10-ssl.conf file:

#ssl_cert = </etc/dovecot/dovecot.pem

#ssl_key = </etc/dovecot/private/dovecot.pem

Then change their values to:

ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem

ssl_key = </etc/letsencrypt/live/example.com/privkey.pem

Save and close the file and restart Apache, Postfix and Dovecot for the changes to be effected:

$ sudo service apache2 restart 
$ sudo service postfix restart 
$ sudo service dovecot restart

Once the Dovecot configurations are set up, you will now install Roundcube.

Step 19 – Installing Roundcube

Next, install a Roundcube email client on your Ubuntu 18.04 server.

Since the Roundcube package is available on the Ubuntu software repository, run the command below to install it:

$ sudo apt-get install roundcube

Press Y and hit Enter when prompted to confirm the installation.

Next, add the Roundcube path to the default SSL configuration file:

$ sudo nano /etc/apache2/sites-enabled/000-default-le-ssl.conf

Add Alias /mail /usr/share/roundcubebelow ServerAlias www.example.com:

Save and close the file. Then, restart Apache for the changes to take effect:

$ sudo service apache2 restart

Once the Roundcube email client is installed, you will now test the configuration.

Step 20 – Testing the Configuration

To test the configuration, visit www.example.com/mail on your server and replace example.com with your domain name.

You should see a page similar to the one shown below.

Enter a username and password for any account that you created on the Dovecot password file to log in. On the server field, enter ‘localhost’.

If you have reached this step, congratulations! , you can now start sending and receiving emails right from the Roudcube dashboard as shown below.

To check the Postfix error log file, run the command below.

$ sudo tail -f /var/log/syslog | grep postfix

You can also telnet Gmail servers to make sure outbound traffic from port 25 is allowed from your VPS provider in case you have problems with sending emails.

$ telnet alt4.gmail-smtp-in.l.google.com 25

If the port is blocked, contact your VPS provider and ask them to enable it.

Conclusion

In this guide,  you have configured an email server with Postfix, Dovecot, and Roundcube on Ubuntu 18.04 VPS.

Please note I charge $100 to configure the email for you. Please get in touch francisndungu83 [at ] gmail.com