System environment (Hostname, DNS etc)

Setting up an email system is quite a complicated job. The standard programs include:

I have a tiny VPS which has only 256MB memory, 10GB disk. Also I have a free domain. So I decided to run a small mailserver on this VPS.

My VPS has Ubuntu 18.04 x64 OS installed. First I log into it and run the following commands for system update.

 sudo apt update
sudo apt upgrade

For running a mailserver, you need a valid domain. For example, my domain name is: Then you need to setup DNS entries (A records) in your DNS system:		300	IN	A 300 IN A

Here both and point to your VPS's IP address, giving a sample IP Their usage:

Additional steps for are follows, they are important too!

On DNS system we continue to setup MX record and SPF record for this mailserver.		300	IN	MX	5 300 IN TXT "v=spf1 a mx ?all"

As the records above, the first is MX, which tells other mailservers where to send email to you. The second is SPF, which tells other MTAs my messages sent from those addresses are leginal.

For email system DNS entries are very important. In above settings, all A, MX, SPF and PTR (reverse DNS) are needed. If you didn't make them done well, you won't have a functional mailserver.

Disable all iptables in your OS, otherwise you may have network issues.

Setup letsencrypt certificates

To fetch SSL certificate more smartly, we will install Apache webserver. This webserver will be used as Squirrel webmail as well.

Issue the commands below to install Apache, PHP and its expansions:

 sudo apt install apache2
sudo apt install php libapache2-mod-php
sudo apt install php-gd php-curl php-dom php-mbstring php-imagick php-zip php-xml php-json php-gnupg php-intl php-uuid php-mysql

After installation you will see HTTP port 80 is listening on the server.

Create configuration files for Apache, in which and should be used as server names. For example, the configuration files in /etc/apache2/sites-enabled/ have the following contents.

 $ cat
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

$ cat
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

Restart Apache webserver by issuing 'sudo service apache2 restart'.

The next, we install snapd from which letsencrypt certificates management tool will be installed automatically.

 sudo apt install snapd
sudo snap install core
sudo snap refresh core

Please notice: if you were using Ubuntu 20.04 and above, snapd will be default installed in the OS.

After snapd is installed, issue these commands to obtain the certificates from letsencrypt:

 sudo snap install --classic certbot
sudo certbot --apache

During the progress it will remind you to choose the domain. You should install certificates for both and domains.

After installing the certificates, you will see Apache webserver is listening on HTTP port 443 as well.

 tcp6       0      0 :::80                   :::*                    LISTEN      14566/apache2       
tcp6 0 0 :::443 :::* LISTEN 14566/apache2

And the certificates dir should be located in:


Setup Postfix as MTA server

Postfix is the most welcome MTA software, here we use it as our MTA server to send/receive messages.

Issue this command to install Postfix:

 sudo apt install -y postfix

Back up /etc/postfix/ file, and create a new one.

 sudo mv /etc/postfix/ /etc/postfix/
sudo vi /etc/postfix/

Put the following content entirely into

 smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no

# TLS parameters
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_cert_file = /etc/letsencrypt/live/
smtpd_tls_key_file = /etc/letsencrypt/live/
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains

myhostname =
myorigin = /etc/mailname
mydestination = localhost.$mydomain, localhost
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

In the above configuration, you should replace to your own domain.

Create this file for virtual domains:

 sudo vi /etc/postfix/virtual_mailbox_domains

The content is:

Here is your email domain. You can put multiple domains here, each one in each line.

The last, edit /etc/postfix/ and modify one line to enable SMTPd service.

This line should be uncommented out:

 submission inet n       -       y       -       -       smtpd

Restart Postfix to see if there is any error happens:

 sudo service postfix restart

Setup Dovecot as MDA server

Dovecot is the most popular MDA software on internet, here we install and setup it to delivery messages.

First install it:

 sudo apt install -y dovecot-core dovecot-imapd dovecot-lmtpd

Edit the file /etc/dovecot/conf.d/10-mail.conf to change one line to instruct Dovecot from the directory to look for mails.

Change this line:

 mail_location = mbox:~/mail:INBOX=/var/mail/%u   

to this new one:

 mail_location = maildir:/var/mail/vhosts/%d/%n

This changes the mail storage format from mbox to maildir, which is easier for management of domains and users.

Create the above maildir by manual:

 sudo mkdir -p /var/mail/vhosts/

If you have setup multi-domains, just repeat this command.

Then we want to create a vmail user and group for Dovecot service.

Create the vmail group:

 sudo groupadd -g 5000 vmail

Create a vmail user and add the user to the vmail group:

 sudo useradd -r -g vmail -u 5000 vmail -d /var/mail/vhosts -c "virtual mail user"

Assign the ownership of /var/mail/vhosts/ to vmail user and group:

 sudo chown -R vmail:vmail /var/mail/vhosts/

Edit the file /etc/dovecot/conf.d/10-master.conf to enable IMAPs for Dovecot.

The secure imap port and ssl options should be uncommented out as follows:

 inet_listener imaps {
port = 993
ssl = yes

We continue to edit the file /etc/dovecot/conf.d/10-master.conf, to enable lmtp service.

service lmtp section should be changed to:

 service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix

And, Dovecot authentication section should be changed to:

 #Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix

Next step, we will update the file /etc/dovecot/conf.d/10-auth.conf to use secure authentication.

Uncomment out this line to disable plain auth:

 disable_plaintext_auth = yes

Change the authentication mechanisms from plain to 'plain login':

 auth_mechanisms = plain login

Disable Dovecot default authentication behavior that requires user to have a valid system account. Just comment this line out:

 #!include auth-system.conf.ext

Uncomment out this line to enable Dovecot to use a password file:

 !include auth-passwdfile.conf.ext

Now we want to create the password database, by edition this file /etc/dovecot/conf.d/auth-passwdfile.conf.ext

The content in this file looks as:

 passdb {
driver = passwd-file
args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users

userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n

Create /etc/dovecot/dovecot-users file. This file is a plain text database that holds email users and passwords on your server.

 sudo vi /etc/dovecot/dovecot-users

Add email users to the file by following the format below. Replace EXAMPLE_PASSWORD with a strong password. Also, replace with your domain name.

 [email protected]:{plain}EXAMPLE_PASSWORD
[email protected]:{plain}EXAMPLE_PASSWORD

Configure Dovecot to use SSL Certificate. Open /etc/dovecot/conf.d/10-ssl.conf file.

Change this line:

 ssl = yes

to this one:

 ssl = required

Locate the following two entries:

 #ssl_cert = </etc/dovecot/dovecot.pem
#ssl_key = </etc/dovecot/private/dovecot.pem

Change them to the new values:

 ssl_cert = </etc/letsencrypt/live/
ssl_key = </etc/letsencrypt/live/

Here should be replaced with your own domain.

If you want to setup mailbox quota, then edit the following three files.

 # edit the following file and add a new line
$ sudo vi /etc/dovecot/conf.d/10-mail.conf
mail_plugins = $mail_plugins quota

# edit the following file too, add a new line
$ sudo vi /etc/dovecot/conf.d/20-imap.conf
mail_plugins = $mail_plugins imap_quota

# edit the following file by adding new lines
$ sudo vi /etc/dovecot/conf.d/90-quota.conf
quota = maildir:User quota
quota_rule = *:storage=200M
quota_rule2 = Trash:storage=+20M
quota_grace = 10%%
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"

Here I specify mailbox quota to 200M b/c I am having a small VPS. You can increase it if you have large storage.

Finally, restart both postfix and dovecot services to use the new settings.

 sudo service postfix restart 
sudo service dovecot restart

Setup Squirrelmail webmail

Squirrelmail is a simple webmail which doesn't require database to work. You can download the software from here:

Squirrelmail Download

Plese download the snapshots version, for instance, Stable version snapshots (1.4.23-svn).

After downloading, untar it and copy the entire dir to /usr/share/squirrelmail.

As shown below the dir should exist in system:

 ls /usr/share/squirrelmail/

Go to this dir and run the command for configuration:

 cd /usr/share/squirrelmail/
sudo ./configure

This is the setting interface:

 Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

We focus on setting up the second part: Server Settings.

Choose this section, then update IMAP and SMTP settings.

This is the IMAP setup:

 IMAP Settings
4. IMAP Server :
5. IMAP Port : 993
6. Authentication type : login
7. Secure IMAP (TLS) : TLS
8. Server software : other
9. Delimiter : detect

This is the SMTP setup:

 SMTP Settings
4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : none
8. Secure SMTP (TLS) : disabled
9. Header encryption key :

For the settings above, please notice:

After configuration, press "s" then "q" to save and exit the session.

Create the dir for squirrelmail mail storage and setup the permissions:

 sudo mkdir -p /var/local/squirrelmail/attach/
sudo mkdir -p /var/local/squirrelmail/data/
sudo chown -R www-data:www-data /var/local/squirrelmail

Now we copy these configuration:

    DocumentRoot /usr/share/squirrelmail
<Directory /usr/share/squirrelmail>
Options FollowSymLinks
<IfModule mod_php.c>
php_flag register_globals off

<IfModule mod_dir.c>
DirectoryIndex index.php

<Files configtest.php>
order deny,allow
deny from all
allow from

To put them in these two files:


The first file was created by us before. The second was created by certbot automatically. Both them are config files for Apache.

Please notice:

The last, restart Apache webserver:

 sudo service apache2 restart

All done now.

How to use the new mailserver

If you prefer webmail, just open browser and access this URL:

Squirrelmail login interface will appear here. Input the username and password you setup before to login.

If you want to access email from clients such as thunderbird, just use these settings:

 IMAP server:
IMAP port: 143
Secure Protocol: StartTLS

SMTP server:
SMTP port: 587
Secure Protocol: StartTLS

You should replace with your own domain name in settings above.

Following this guide, I hope you are doing well on setting up a new email server.

Return to home | Generated on 04/28/23