Email Service Configuration
Requirements for Email Services
To successfully set up an email server, ensure the following:
- A static IP address
- A domain with an MX (Mail Exchanger) record
- Proper firewall access
Example MX Record:
example.com 14400 IN MX example.com
Other A Records for Subdomains:
example.com 14400 IN A 12.34.56.78
mail.example.com 14400 IN A 12.34.56.78
smtp.example.com 14400 IN A 12.34.56.78
imap.example.com 14400 IN A 12.34.56.78
DNS Records for Email Delivery:
SPF Record (TXT Record for Gmail Delivery):
@ 14400 TXT example.com "v=spf1 ip4:12.13.56.78 ~all"
Reverse DNS (PTR Record for Validating Sending Server):
56.34.12.in-addr.arpa IN SOA example.com
78 IN PTR example.com
Additionally:
- Ensure your IP is not blacklisted (check via
mxtoolbox.com/blacklists.aspx) - Obtain a TLS certificate for email encryption
- Open TCP ports 25 (SMTP), 587 (Submission), 143 (IMAP) in your firewall (Port 25 may be blocked by some providers; contact support if necessary)
Email Components and Protocols
Postfix
- Manages mail submission, transport, and delivery
- Implements SMTP (Simple Mail Transfer Protocol)
Dovecot
- Provides mail access services
- Implements POP (Post Office Protocol) and IMAP (Internet Message Access Protocol)
Installing and Configuring Postfix
Install Postfix:
sudo apt install postfix
Configure Postfix:
Edit the main Postfix configuration file:
/etc/postfix/main.cf
Configure Firewall:
sudo ufw allow 25/tcp
Log Files:
/var/log/mail.log
/var/log/mail.err
Securing SMTP with TLS
SMTP is unencrypted by default. Use Dovecot’s SASL authentication to secure it.
Modify /etc/postfix/main.cf:
smtpd_tls_cert=path/to/cert.pem
smtpd_tls_key=path/to/key.pem
smtpd_use_tls=yes
smtpd_tls_auth_only=yes
smtpd_tls_security_level=may
Modify /etc/postfix/master.cf:
submission inet n - - - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_tls_wrappermode=no
-o smtpd_tls_security_level=encrypt
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o syslog_name=postfix/submission
-o milter_macro_daemon_name=ORIGINATING
Restart Postfix and Allow Port 587:
sudo systemctl restart postfix
sudo ufw allow 587/tcp
Installing and Configuring Dovecot
Dovecot provides mailbox access services:
- Local mail clients like Mutt, Pine
- Remote access via POP or IMAP
Install Dovecot:
sudo apt install dovecot-core dovecot-imapd
Configuration Files:
/etc/dovecot/
/etc/dovecot/conf.d/
Modify Dovecot Configuration:
/etc/dovecot/conf.d/10-mail.conf:
mail_location = maildir:~/Maildir
/etc/dovecot/conf.d/10-master.conf:
Uncomment the SMTP authentication block.
/etc/dovecot/conf.d/10-ssl.conf:
ssl = yes
ssl_cert = </path/to/cert.pem
ssl_key = </path/to/key.pem
Restart Dovecot and Allow Port 143:
sudo systemctl restart dovecot
sudo ufw allow 143/tcp
Configuring Mail Clients
A Mail User Agent (MUA) allows users to access their mailbox. Most modern email clients auto-configure settings, but some require manual setup.
- Incoming Mail Server:
- IMAP:
imap.example.com - POP3:
pop.example.com - Port: 143 (IMAP), 110 (POP3), 995 (POP3 over SSL)
- IMAP:
- Outgoing Mail Server (SMTP):
smtp.example.com- Port: 587 (SMTP over TLS), 465 (SMTP over SSL)
Setting Up Webmail with Roundcube
Roundcube is a PHP-based webmail client that requires a web server and a database.
Install Roundcube:
sudo apt install roundcube
Configuration Files:
/etc/apache2/conf-available/roundcube.conf
Conclusion
This guide provides a complete setup for a Linux email service, covering Postfix (SMTP), Dovecot (IMAP/POP), security enhancements, firewall settings, and webmail access via Roundcube. Configuring these services correctly ensures secure and efficient email communication on Linux servers.