How To: Setup Email Services on Ubuntu Using Postfix (TLS+SASL) and Dovecot

Here is a guide on getting Email services running on Ubuntu Intrepid. I used Postfix for core services (SMTP wtih TLS and SASL) and Dovecot for fast IMAP and POP3. This tutorial has been tested on a bare bones Ubuntu 8.10 slice from Slicehost.

Preamble

Estimated Time Required: 10-15 minutes

This guide makes several assumptions. For example, it assumes that you will use Maildir. If you decide to make any changes, just keep an eye out for any subsequent changes that might be needed down the line. If you are upgrading from another system, such as Courier, please look at Appendix A.

If you prefer Postfix and Courier, refer to my older tutorial which is reported to work with Ubuntu Intrepid.

Postfix

Let’s get core email functionality going with Postfix:

You will be asked a few questions with a nice graphical interface. Here are the answers for some of them. Replace all occurrences of example.com with your root FQDN (e.g. jonsview.com), and server1.example.com with your server’s FQDN (e.g. swift.jonsview.com).

  • General type of mail configuration? Internet Site
  • System mail name? server1.example.com

Unfortunately, the graphical configuration interface that was automatically launched was a condensed version. You will need to run the full graphical configuration utility.

Again, you will be asked some questions:

  • General type of mail configuration? Internet Site
  • System mail name? server1.example.com
  • Root and postmaster mail recipient? Leave blank
  • Other destinations to accept mail for? server1.example.com, example.com, localhost.example.com, localhost
  • Force synchronous updates on mail queue? No
  • Local networks? Leave default (127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128)
  • Mailbox size limit (bytes)? 0
  • Local address extension character? Leave default (+)
  • Internet protocols to use? ipv4 (most likely)

Next, let’s take care of certificates for TLS. You will be asked several questions during this process. Fill them in as you see fit.

Finish configuring Postfix for TLS and SASL.

Finally, restart Postfix

SASL

Authentication will be done by saslauthd which will need to be configured to support a chrooted Postfix setup. Edit /etc/default/saslauthd and add or change the following settings so that they match:

Finish up SASL by creating the chroot directory, adding the postfix user to the sasl group, and then starting saslauthd.

Testing

At this point, core email services should be up and running. Let’s make sure that you’re in good shape before moving on. First, establish a connection with the mail server.

After establsihing a connection with the Postfix service, run:

You should see a few lines of output. Make sure that the two most important lines are there:

Type quit to get out.

Dovecot

Note: If you followed my last guide and are migrating from Courier, please see Appendix A before continuing.

Install and configure Dovecot.

If everything went smoothly you should now be in email nirvana. Each user has their own email account and you can move on to virtual accounts if you desire.

Appendix A: Courier to Dovecot Conversion

Please refer to this Dovecot wiki article for detailed information, but in a nutshell:

If everything looks good, then perform the actual conversion.

Note: Even if 0 mailbox changes are shown, the script may still be working. If there aren’t any explicit errors, run the conversion and then check the Maildirs for dovecot indexes.

For a transparent conversion you will need to setup Dovecot to use INBOX as the namespace for private mailboxes. Edit /etc/dovecot/dovecot.conf and uncomment the namespace private { block (and corresponding } ). Uncomment #prefix = and change to prefix = INBOX. (include the period). Finally, change #inbox = no to inbox = yes. In essence, it should look like the following, which has been stripped of comments for brevity.

Appendix B: SMTP Troubleshooting

If core email services and IMAP are working, but not SMTP, then it’s most likely that sasl is not set up properly. Log entries like the following in /var/log/mail.warn will confirm this:

Last words

I’ve always found setting up email services on Linux a pain, so hopefully this has helped you get up and running. Please let me know if you find any errors, or have suggestions that would make this guide easier to understand.

80 thoughts on “How To: Setup Email Services on Ubuntu Using Postfix (TLS+SASL) and Dovecot

  1. I’m trying to follow this on Ubunttu Server 10.04 LTS (I assume it should work and that not much has changed compatibility-wise over a year). However, when I get to the part where I run ‘ehlo localhost’ in the telnet session, I do not get the two lines you mentioned that are important. I copied and pasted everything as you posted it, and received no errors, but these two lines don’t show up.

    Any ideas?

    1. Jenkinbr, I’m running 10.04 LTS on this very server, but I’ve been upgrading along the way consistently. I took a quick look at the Postfix TLS Documentation and it appears that some of the configuration directives have changed. For example, smtpd_use_tls has been replaced, but it should still work.

      I would start by combing through the configuration file double checking everything related to TLS. It’s also possible that postfix is generating errors silently in /var/log, so check there. Also make sure that the saslauthd service is running and isn’t generating any errors saved to the logs.

      Let us know how it turns out. The guide probably needs a bit of updating.

  2. Im getting some issue while installing postfix on my Ubuntu server. Below find log for same. Can anyone help me out?

    apt-get install postfix Reading package lists… Done Building dependency tree Reading state information… Done Suggested packages: postfix-cdb postfix-ldap postfix-mysql postfix-pcre postfix-pgsql resolvconf sasl2-bin The following NEW packages will be installed: postfix 0 upgraded, 1 newly installed, 0 to remove and 993 not upgraded. 1 not fully installed or removed. Need to get 0B/1160kB of archives. After this operation, 2695kB of additional disk space will be used. Preconfiguring packages … Selecting previously deselected package postfix. (Reading database … 153695 files and directories currently installed.) Unpacking postfix (from …/postfix_2.5.1-2ubuntu1.2_i386.deb) … Setting up tomcat5.5 (5.5.25-5ubuntu1.2) … chown: tomcat55:adm': invalid group dpkg: error processing tomcat5.5 (--configure): subprocess post-installation script returned error exit status 1 Setting up postfix (2.5.1-2ubuntu1.2) ... chown:root:root’: invalid group dpkg: error processing postfix (–configure): subprocess post-installation script returned error exit status 1 Processing triggers for libc6 … ldconfig deferred processing now taking place Errors were encountered while processing: tomcat5.5 postfix E: Sub-process /usr/bin/dpkg returned an error code (1)

    1. Amit,

      Just a hunch, but it looks like you have unresolved issues with the package manager and Tomcat. Those need to be taken care of before installing new packages. For example force the abortion of the failing tomcat installation. This service is unrelated to this email setup guide.

  3. There’s no easy answer to that. It really depends on what you deem as safe and acceptable risk. I don’t know the gory details of that option but it does imply that the password is going to be sent in plaintext.

  4. I had to add this

    disable_plaintext_auth = no

    To my /etc/dovecot/dovecot.conf file to get pop3 working from gmail. Is this safe? I get the same

    250-STARTTLS 250-AUTH PLAIN LOGIN

    I assume this means my password is being transmitted in plaintext from gmail everytime it checks?

  5. Thanks for this. After trying a number of other tutorials without success, I finally got my mail server up and running. I had Postfix and Dovecot running, and I could send email from the command line, but I couldn’t connect with Thunderbird from another computer. Turns out it was SASL that I was missing.

    1. I have installed everything successfully. But I am still having trouble sending email from the command line. I am not sure if I am doing it right. Can anyone please explain me how to do this ? At the moment, I am just trying this: mail my@self.com < emailmessage.html mutt -e "set content_type=text/html" my@self.com < emailmessage.html I am a newbie, so please forgive me for my basic questions.

  6. At the bottom of my /var/log/mail.warn I get the error: dovecot: Killed with signal 15 (by pid=1793 uid=0 code=kill)

    I feel it’s so close to working!

  7. Hi, Do i have to go through each user’s directory and create the Maildir directory, or will they already be there when i setup dovecot for Maildir?

    1. If I recall correctly, the directories will be created for you the first time you setup the account for the user. You might want to refer to the dovecot wiki for confirmation.

  8. Hi, im a newbie.. using linux for the past three months.. currently working with django-postgresql application..

    i followed all the steps given by u, to set up email server in my machine. im using ubuntu9.04.. when i give ” telnet localhost 25 ” it shows me like this, Trying ::1… Trying ::1… Trying 127.0.0.1… Connected to localhost. Escape character is ‘^]’. Connection closed by foreign host. what could be the problem?

  9. Pingback: Setting up email server - 1 « Diary
  10. I just wondering where i can get ehlo tool coz I using ubuntu 9.04 server and istalled postfix separate or whats included in ubuntu package no socha thing as EHLO..

    1. ok never mind about ehlo i just discover another problem after ./courier-dovecot-migrate.pl –to-dovecot –recursive /home

      i’ve got error No maildirs found

      i justed fixed perl version.

      thx

      1. rossi, If you’re migrating from courier be sure to read the wiki for the latest information: http://wiki.dovecot.org/Migration/Courier.

        You only need to follow the instructions in Appendix A if you’re migrating from an existing setup. If this truly is the case, one possibility is that your courier configuration is using the older mailbox format rather than Maildir, but that migration is outside the scope of this article.

        1. is it any mail server program which would be easy to setup i mean without these mile long config files, some nice gui just add FQDNs, IP, users/passwd some mail dir quota, something loke that.

        2. GMail, MobileMe? You could always splurge for a control panel that will assist with some of this, but mile long config files are just a typical day in the life of a Linux systems administrator… Have you considered a managed service from someone like MediaTemple?

    1. Sorry, TLS is what I wanted.

      Seems that my virus-scanner doesnt support TLS, so i disabled scanning of outgoing messages.

      Everything works now!! wee

  11. Jon: I think that you saved me from institutionalization. Thank you very much for your help. If you need to learn how hard to push the power switch on a Pavilion, let me know: I (modestly) consider myself somewhat of an expert.

    blue

  12. Sam, you would use something like mail.mywebsite.org. For example, the hostname of the server running this blog is “bamboo” so I use the FQDN (bamboo.jonsview.com) in the Postfix configuration. Also keep in mind that the address used for email should match the reverse DNS and MX records, both of which use the same FQDN.

    Another little side tip: the hostname should not match any domain that is intended for use on the server. For example, if you wanted to use user@example.org, then the hostname should not be example.org but something unique such as server1.example.org.

    1. Ok, I set it up using mail.mywebsite.org (my website being http://www.mywebsite.org in this example).

      I wanted to do all of this so I could use mail on my phpbb forum hosted on my dedicated server. Basically mail wasn’t working (user authenticating emails and such). I’m not quite sure what settings to use now, though. I’ve set it up to work through the local smtp server, however there are 3 boxes I’m unsure what to put in.

      Authentication method for SMTP – options are PLAIN, LOGIN, CRAM-MD5, DIGEST-MD5, POP-BEFORE-SMTP – “Only used if a username/password is set, ask your provider if you are unsure which method to use.”

      SMTP username – “Only enter a username if your SMTP server requires it.”

      SMTP password – “Only enter a password if your SMTP server requires it.”

      Considering I did my install pretty much EXACTLY as you wrote above (with the exception of my own passkey in the ssl directory), what do you think my settings may be?

  13. Hi, thanks for a great tut.

    Where you said the stuff about setting it up with your root FQDN and server1.example.com (server FQDN), what if my slicehost server is simply mywebsite.org? I don’t have any subdomain for it. Would I set mywebsite.org in both cases, or did you mean for me to setup something like mywebsite.org as root and mail.mywebsite.org as the system mail name?

  14. Pingback: gruchalski.com » Archive » Configuring postfix as a relay for GMail
    1. The behavior of continually asking for the password seems to indicate that a connection is being made. I would head to the server logs which should indicate why the authorization is being rejected.

        1. Daniel, yes. In fact I wrote the guide walking through my x86_64 Ubuntu install. I would imagine that the Ubuntu setup and configuration would be the same for both 32 and 64-bit.

  15. David, Looks like I forgot to escape the forward slashes. Try this:

    [cc lang=”bash”]perl -pi -e ‘s/#mail_location =/mail_location = maildir:\/home\/\%u\/Maildir/’ /etc/dovecot/dovecot.conf[/cc]

    and then restart Dovecot.

  16. BTW, ignoring the errors above, I can use evaluation to send and receive the email from my configured server, but when I try to use Outlook Express in Windows, I can only send out email but can not receive one, the OE always prompt me about the password. What’s the problem in this case?

    Thanks!

  17. when I try to run this command “perl -pi -e ‘s/#mail_location =/mail_location = maildir:/home/%u/Maildir/’ /etc/dovecot/dovecot.conf”, I got an error and can not proceed. Here is the details: syntax error at -e line 1, near “s/#mail_location =/ mail_location = maildir:/home” Execution of -e aborted due to compilation errors.

    Can you give me some suggestions?

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.