Setting up Email Services on Ubuntu Hardy Using Postfix and Courier

I recently spent some quality time (read: 6 hours) setting up email services on my server with Ubuntu Hardy. Here’s a very quick mini-tutorial of the steps that got me up and running with IMAP, SMTP, TLS, and POP3.


For the most part I followed the instructions on The Perfect Setup but there are a few quirks to watch out for in this newest Ubuntu version. So let’s get down to business. You will probably want to do this as root so you can save your fingers from typing sudo multiple times.

Update 3/26/2009: People have reported that this works on Ubuntu Intrepid, however you may want to consider my newer guide using Postfix and Dovecot.


Let’s get core mail functionality going with postfix:

aptitude install libsasl2 sasl2-bin libsasl2-modules libdb-dev procmail

You will be asked a few questions. Here are the answers for some of them:

General type of configuration? <– Internet Site
Mail name? <–

Now run:

dpkg-reconfigure postfix

Again, you’ll be asked some questions:

General type of configuration? <– Internet Site
Where should mail for root go? <– Leave blank
Mail name? <–
Other destinations to accept mail for? <–,,, localhost
Force synchronous updates on mail queue? <– No
Local networks? <–
Use procmail for local delivery? <– Yes
Mailbox size limit? <– 0
Local address extension characters? <– +
Internet protocols to use? <– all

Now add some configuration directives to the postfix configuration file:

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf

Now take care of the certificates for TLS. You will be asked several questions for each certficate, fill them in as you feel best:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Now configure Postfix for TLS:

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname ='

Restart Postfix:

/etc/init.d/postfix restart

Authentication will be done by saslauthd. We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have to do the following:

mkdir -p /var/spool/postfix/var/run/saslauthd

Now you have to edit /etc/default/saslauthd in order to activate saslauthd. Remove # in front of START=yes and add the line
OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd”
Note: The OPTIONS line may already exist with a different setting.

vi /etc/default/saslauthd

Now set the run directory using dpkg-statoverride

dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd

And add the postfix user to the sasl group:

adduser postfix sasl

Finally start saslauthd:

/etc/init.d/saslauthd start


Test to make sure that mail and SMTP is now working. Here are some quick tips:

To see if SMTP-AUTH and TLS work properly:

telnet localhost 25

After you have established the connection to your Postfix mail server, type:

ehlo localhost

If you see the lines

250-STARTTLS and 250-AUTH then everything is fine and you can return to the system’s shell.



We’re on the home stretch now. Run this to install Courier-IMAP/Courier-IMAP-SSL and Courier-POP3/Courier-POP3-SSL:

aptitude install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0

You will be asked some questions:

Create directories for web-based administration? <– No
SSL Certificate required? <– Ok

Now let’s tell Postfix to use Maildir:

postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart

Email Nirvana

If everything went smoothly you should now be in email nirvana. Each user has their own email account and you can move on to setting up virtual accounts if you desire.


I have always found setting up mail services on servers the most finicky. In the event of trouble the best place to head is /var/log and take a look at the mail logs. If your connection is getting to the server those will tell you what’s going on.

Let me know if this helped you or if I made an omission.

21 comments… add one
  • Gubatron Oct 29, 2009 Link Reply

    The miracle guide to setting up a mail server.

    First time in 5 years I can set up a mail server with absolutely no headaches. I followed this article step by step, and everything was working at once. Took me less than 20 minutes.

    Thanks a lot Jon

  • michael May 28, 2009 Link Reply

    I’m at the following command:
    vi /etc/default/saslauthd
    The file appears to be empty. Any idea of where I may have gone wrong?

    • Jon Stacey May 28, 2009 Link Reply

      Michael, I’d try purging the three sasl packages and then reinstalling them. Hopefully that should get the default configuration in there. Another option is to pull it from another system, but a basic configuration has always been provided upon install for me.

      • michael May 28, 2009 Link Reply

        Thanks for the quick response! I just tried to install them again and realized that it couldn’t find any of the packages. I’ve done the test prescribed above though and all seems to be working. Should I worry about it? I’m frightfully new to server setup so please excuse me if this is a ridiculous question.

        • Jon Stacey May 28, 2009 Link

          I believe, based on my installation on Ubuntu Intrepid/Jaunty, that only the sasl2-bin package is required.

          If you’ve tested and everything is working to your satisfaction, then “if it’s not broken, don’t fix it,” or so the saying goes. You’ll want to perform real tests with email accounts and authentication. Just because starttls and auth are listed in the ehlo doesn’t mean that it’s working. The service could be available, but if not properly configured then you won’t be able to authenticate.

          If this is a new install you might want to consider starting fresh with the latest version of Ubuntu and using my Postfix+Dovecot guide. Dovecot should give you much better performance on large mail boxes compared to Courier.

  • Kenny Mar 10, 2009 Link Reply


    You are a savior! I’ve been struggling with the SASL config for an extended period of time. Thank you for sharing a recipe that actually works.

  • Elvin Feb 17, 2009 Link Reply

    Oh ya, and:
    Great guide – works perfectly for the rest. Kinda rare for an email guide to work that smoothly. Thanks!

    • Jon Stacey Feb 17, 2009 Link Reply

      I’m glad to hear that things went smoothly. I did a little searching this morning and it does look like libdb3 was removed in favor of libdb4.6. There does appear to be a difference between db4.6 and libdb4.6 in that libdb only contains the runtime package for use by other programs. Since everything is working, my guess is that db-util also encompasses the runtime package.

      I’ve updated the instructions to use libdb-dev which should pull down the latest version as part of the dependencies (theoretically).

  • Elvin Feb 16, 2009 Link Reply

    the package “libdb3-util” that is referred to in the first code-line does not exist in hardy. Can it be replaced by “db4.3-util” without any subsequent changes?

    • Jon Stacey Feb 17, 2009 Link Reply


      Give libdb-dev and its dependency, libdb4.6-dev, a shot. Let me know if that works and I’ll adjust the instructions.

      • Elvin Feb 17, 2009 Link Reply

        I’m sorry, I’m too inexperienced to give a feedback on this. I followed your guide using db4.3-util and adding postfix itself to the line in question and everything works perfectly. I can’t justify more downtime to the staff to replicate the scenario with libdb4.6 – sorry.

  • Chris Feb 12, 2009 Link Reply

    thank you! I was having issues like no other! THANKS!

  • nigel ferguson Jan 31, 2009 Link Reply

    you have a spare > in the third line down of now configure postfix for tls

    postconf -e ‘smtp_tls_note_starttls_offer = yes’>

    but overall it works on ubuntu 8.10

  • Jon Stacey Sep 30, 2008 Link Reply

    @Jason – I would try removing everything and attempt the installation again–the configuration can be very particular I’ve found. It seems as if the SASL and TLS parts are not installed or configured properly….

  • Jason Sep 26, 2008 Link Reply

    Everything seems fine until I reach the test section

    I try

    ehlo localhost

    and I get the following output Hello localhost.localdomain [], pleased to meet you

    Any suggestions of what is wrong?


  • Daveosx Sep 13, 2008 Link Reply

    Thanks This one actually worked
    I spent the last week trying different schemes to get the sasl working under Hardy this one is the only one I found that changed the saslauthd permissions correctly. Now I can finally get some sleep.
    I am going to put a tag so that Google can find you better.


  • Jon Stacey Jul 20, 2008 Link Reply

    @RoyBot, Removing the -f argument should get you going.

    I’m actually not sure why I put that in there… I double checked my config and I’m not using it so I’ve removed it from the instructions.

  • RoyBot Jul 20, 2008 Link Reply

    Great article… Not quite working for me yet. I’m on Debian and it seems like it choked at:

    OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -f”

    and kicked out of the restart unable to interpret the “-f”


  • Jon Jul 18, 2008 Link Reply

    Thanks for the heads up on that! It seems like my double hyphens were automatically being converted to ellipses. I put all of the commands in pre tags so that they’re preserved.

  • Jonny Jul 18, 2008 Link Reply

    Thanks for putting this together Jon! Great article! I wish I had this the first time around!

    One correction though:
    dpkg-statoverride –add root sasl 710 /var/spool/postfix/var/run/saslauthd

    should be…

    dpkg-statoverride -–add root sasl 710 /var/spool/postfix/var/run/saslauthd

Leave a Comment

Time limit is exhausted. Please reload CAPTCHA.