Knowledgebase

How to Install Postfix, Dovecot, and Roundcube on Ubuntu 20.04 Print

  • 0

Introduction

Postfix is a Mail Transfer Agent(MTA) for routing and delivering electronic mail(email). Dovecot is a secure IMAP and POP3 Mail Delivery Agent(MDA). These two open-source applications work well with Roundcube, an email client primarily famous for its clever use of Ajax technology. In this guide, you'll install Postfix, Dovecot, and Roundcube on Ubuntu 20.04. This guide uses the domain example.com and the server name mail.example.com.

Prerequisites

Before you begin, make sure you have the following:

1. Install & Configure Postfix

  1. SSH to your server and install the Postfix server by running the command below.

     $ sudo apt update -y
     $ sudo apt install -y postfix
  2. You'll get the Postfix configuration screen, as shown below. Press Tab and Enter to continue.

    Postfix package configuration screen

  3. On the next screen, select Internet Site, then Tab and Enter.

    Postfix mail type configuration

  4. Enter the system mail name, which is your domain name. For instance, the server name is mail.example.com, so you'll enter example.com here.

    Postfix system mail name

  5. Back up the the /etc/postfix/main.cf file, and create a new one.

     $ sudo mv /etc/postfix/main.cf /etc/postfix/main.cf.bk
     $ sudo nano /etc/postfix/main.cf
  6. Enter the information below to the new file. Replace example.com with your domain name throughout the file. Make sure the value of smtpd_tls_cert_file and smtpd_tls_key_file point to your SSL certificate.

     smtpd_banner = $myhostname ESMTP $mail_name
     biff = no
     append_dot_mydomain = no
     readme_directory = no
    
     # TLS parameters
     smtp_use_tls = yes
     smtp_tls_security_level = may
     smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
     smtpd_use_tls = yes
     smtpd_tls_security_level = may
     smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
     smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem
     smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem
     smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,  reject_unauth_destination
    
     smtpd_sasl_auth_enable = yes
     smtpd_sasl_type = dovecot
     smtpd_sasl_path = private/auth
    
     virtual_transport = lmtp:unix:private/dovecot-lmtp
     virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains
    
     myhostname = mail.example.com
     myorigin = /etc/mailname
     mydestination =  localhost.$mydomain, localhost
     relayhost = 
     mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
     mailbox_size_limit = 0
     recipient_delimiter = +
     inet_interfaces = all
     inet_protocols = all
     alias_maps = hash:/etc/aliases
     alias_database = hash:/etc/aliases
  7. Save and close the file.

2. Create Virtual Mail Box Domains

  1. The main.cf configuration file instructs postfix to look for email domains in the /etc/postfix/virtual_mailbox_domains file. Create the file:

     $ sudo nano /etc/postfix/virtual_mailbox_domains
  2. Add the information below to the file and replace example.com with your domain name.

     example.com #domain
  3. Use the postmap command to change /etc/postfix/virtual_mailbox_domains to a format recognizable by Postfix. Run this command every time you edit the file, for instance, after adding more domains to the file.

     $ sudo postmap /etc/postfix/virtual_mailbox_domains
  4. Edit the /etc/postfix/master.cf configuration file to enable the SMTP service.

     $ sudo nano /etc/postfix/master.cf
  5. Find the entry below.

     ...
     #submission inet n       -       y       -       -       smtpd
     ...

    Remove the pound symbol at the beginning of the line.

     ...
     submission inet n       -       y       -       -       smtpd
     ...
  6. Save and close the file.

3. Install & Configure Dovecot

  1. Install the Dovecot package and all the dependency packages required to run the imap, pop3, and lmtp service.

     $ sudo apt install -y dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd
  2. Edit the /etc/dovecot/conf.d/10-mail.conf file to instruct Dovecot on the directory to look for mails.

     $ sudo nano /etc/dovecot/conf.d/10-mail.conf
  3. Find the entry below.

     mail_location = mbox:~/mail:INBOX=/var/mail/%u   

    Change to:

     mail_location = maildir:/var/mail/vhosts/%d/%n

    Save and close the file. The %d represents the domain, and %n represents the users. This means that you'll need to create a sub-directory in the /var/mail/vhosts for every domain receiving emails on your server.

  4. Create the first sub-directory and replace example.com with your domain name.

     $ sudo mkdir -p /var/mail/vhosts/example.com

    Repeat the command above for every other domain that you want to receive emails for in your server while replacing example.com with the domain name. For instance, if you also intend to receive emails for the example.net domain, run the command below.

     $ sudo mkdir -p /var/mail/vhosts/example.net
  5. Create a Vmail user and group for the Dovecot service.

    Create the vmail group.

     $ sudo groupadd -g 5000 vmail

    Create a vmail user and add the user to the vmail group.

     $ sudo useradd -r -g vmail -u 5000 vmail -d /var/mail/vhosts -c "virtual mail user"

    Assign the ownership of the /var/mail/vhosts/ to the vmail user and group.

     $ sudo chown -R vmail:vmail /var/mail/vhosts/
  6. Edit the Dovecot 10-master.conf file.

     $ sudo nano /etc/dovecot/conf.d/10-master.conf
  7. Locate the entries below.

     ...
     inet_listener imaps {
       #port = 993
       #ssl = yes
     }
     ...

    Remove the pound symbol before the port and ssl entries, as shown below, to allow Dovecot to use port 993 and SSL for secure IMAP.

     ...
     inet_listener imaps {
       port = 993
       ssl = yes
     }
     ...
  8. Locate the entries below.

     ...
     inet_listener pop3s {
       #port = 995
       #ssl = yes
     }
     ...

    Remove the pound symbol before the port = 995 and ssl = yes parameters.

     ...
     inet_listener pop3s {
       port = 995
       ssl = yes
     }
     ...
  9. Enable the lmtp service. Locate the entries below.

     ...
     service lmtp {
       unix_listener lmtp {
         #mode = 0666
       }
    
       # Create inet listener only if you can't use the above UNIX socket
       #inet_listener lmtp {
         # Avoid making LMTP visible for the entire internet
         #address =
         #port =
       #}
     }
     ...

    Change the configuration to:

     ...
     service lmtp {
       unix_listener /var/spool/postfix/private/dovecot-lmtp {
         mode = 0600
         user = postfix
         group = postfix
       }
     }
     ...
  10. Locate the Dovecot authentication socket configurations below.

    ...
    # Postfix smtp-auth
    #unix_listener /var/spool/postfix/private/auth {
    #  mode = 0666
    #}
    ...

    Change the configuration to:

    ...
    #Postfix smtp-auth
    unix_listener /var/spool/postfix/private/auth {
      mode = 0666
      user = postfix
      group = postfix
    }
    ...
  11. Save and close the file.

  12. Configure Dovecot to use secure authentication. Edit the Dovecot 10-auth.conf file.

    $ sudo nano /etc/dovecot/conf.d/10-auth.conf
  13. Find the entry below.

    # disable_plaintext_auth = yes

    Uncomment the setting above by removing the # character to disable plain text authorization.

    disable_plaintext_auth = yes
  14. Find the entry below.

    auth_mechanisms = plain

    Change the authentication mechanisms from plain to plain login.

    auth_mechanisms = plain login
  15. Disable the Dovecot default authentication behavior that requires users to have a system account to use the email service. Find the line:

    !include auth-system.conf.ext

    Add a pound symbol at the beginning of the line to comment it out.

    #!include auth-system.conf.ext
  16. Find the line:

    #!include auth-passwdfile.conf.ext

    Remove the # symbol at the beginning to enable Dovecot to use a password file.

    !include auth-passwdfile.conf.ext
  17. Save and close the file.

  18. Edit the Dovecot password file, auth-passwdfile.conf.ext.

    $ sudo nano /etc/dovecot/conf.d/auth-passwdfile.conf.ext

    The file looks similar to the one shown below.

    passdb {
      driver = passwd-file
      args = scheme=CRYPT username_format=%u /etc/dovecot/users
    }
    
    userdb {
      driver = passwd-file
      args = username_format=%u /etc/dovecot/users
    ...
    }

    Make the changes to the file, as shown below.

    passdb {
        driver = passwd-file
        args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
    }
    
    userdb {
        driver = static
        args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n    
    }

    Save and close the file.

  19. Create the /etc/dovecot/dovecot-users password file. This file is a plain text database that holds email users on your server.

    $ sudo nano /etc/dovecot/dovecot-users

    Add the users that you want to use the email service to the file by following the format below. Replace EXAMPLE_PASSWORD with a strong password. Also, replace example.com with your domain name.

    admin@example.com:{plain}EXAMPLE_PASSWORD
    info@example.com:{plain}EXAMPLE_PASSWORD
    billing@example.com:{plain}EXAMPLE_PASSWORD

    Save and close the file.

  20. Configure Dovecot to Use the SSL Certificate. Open the /etc/dovecot/conf.d/10-ssl.conf file.

    $ sudo nano /etc/dovecot/conf.d/10-ssl.conf

    Find the line:

    ssl = yes

    Change the ssl value from yes to required.

    ssl = required

    Locate the two entries below.

    #ssl_cert = </etc/dovecot/dovecot.pem
    #ssl_key = </etc/dovecot/private/dovecot.pem

    Change the two entries above and make sure they are pointing to the SSL certificate for your domain. For instance, if you are using the Let's Encrypt certificate, your entries will be similar to those shown below. Replace example.com with your domain name.

    ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
    ssl_key = </etc/letsencrypt/live/example.com/privkey.pem

    Save and close the file.
    Restart the postfix and dovecot services to use the new settings.

    $ sudo service postfix restart 
    $ sudo service dovecot restart

4. Install & Configure Roundcube

  1. To access Postfix and Dovecot servers, install Roundcube email client.

     $ sudo apt install -y roundcube
  2. Press Enter to configure the database for use with Roundcube.

    Configure database for Roundcube

  3. On the next screen, enter a MySQL password to use with Roundcube.

    Database password for Roudcube

    Press Tab and Enter.

    Repeat the same password then hit Tab and Enter to continue.

  4. Open your website SSL configuration file from the /etc/apache2/sites-enabled directory. Run the command below and replace example.com with your domain name.

     $ sudo nano /etc/apache2/sites-enabled/example.com-le-ssl.conf

    Your website configuration file will be similar to the one shown below.

     ...
     <VirtualHost *:443>
         ServerAdmin admin@franktek.space
         ServerName franktek.space  
     ...    
     </VirtualHost>
     ...

    Add the entry Alias /mail /usr/share/roundcube after the entry ServerName example.com as shown below.

     ...
     <VirtualHost *:443>
         ServerAdmin admin@example.com
         ServerName example.com
        Alias /mail /usr/share/roundcube  
     ...    
     </VirtualHost>
     ...

    Save and close the file.

  5. Restart Apache.

     $ sudo service apache2 restart

5. Test the Email Service

To login to the email server using Roundcube, enter the URL shown below and replace example.com with your domain name.

https://mail.example.com/mail

You should see a screen similar to the one shown below. Enter the username and password you defined in the Dovecot password file, and log in.

Roundcube login page

Once logged in, you can send and receive emails from the Roundcube dashboard.

Introduction Postfix is a Mail Transfer Agent(MTA) for routing and delivering electronic mail(email). Dovecot is a secure IMAP and POP3 Mail Delivery Agent(MDA). These two open-source applications work well with Roundcube, an email client primarily famous for its clever use of Ajax technology. In this guide, you'll install Postfix, Dovecot, and Roundcube on Ubuntu 20.04. This guide uses the domain example.com and the server name mail.example.com. Prerequisites Before you begin, make sure you have the following: An Ubuntu 20.04 server configured with a Fully Qualified Domain Name (FQDN). A non-root user with sudo privileges. A LAMP stack with an SSL certificate installed. This guide uses a free Let's Encrypt certificate. Verify the server's outbound port status. 1. Install & Configure Postfix SSH to your server and install the Postfix server by running the command below. $ sudo apt update -y $ sudo apt install -y postfix You'll get the Postfix configuration screen, as shown below. Press TAB and ENTER to continue. On the next screen, select Internet Site, then TAB and ENTER. Enter the system mail name, which is your domain name. For instance, the server name is mail.example.com, so you'll enter example.com here. Back up the the /etc/postfix/main.cf file, and create a new one. $ sudo mv /etc/postfix/main.cf /etc/postfix/main.cf.bk $ sudo nano /etc/postfix/main.cf Enter the information below to the new file. Replace example.com with your domain name throughout the file. Make sure the value of smtpd_tls_cert_file and smtpd_tls_key_file point to your SSL certificate. smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no readme_directory = no # TLS parameters smtp_use_tls = yes smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains myhostname = mail.example.com myorigin = /etc/mailname mydestination = localhost.$mydomain, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases Save and close the file. 2. Create Virtual Mail Box Domains The main.cf configuration file instructs postfix to look for email domains in the /etc/postfix/virtual_mailbox_domains file. Create the file: $ sudo nano /etc/postfix/virtual_mailbox_domains Add the information below to the file and replace example.com with your domain name. example.com #domain Use the postmap command to change /etc/postfix/virtual_mailbox_domains to a format recognizable by Postfix. Run this command every time you edit the file, for instance, after adding more domains to the file. $ sudo postmap /etc/postfix/virtual_mailbox_domains Edit the /etc/postfix/master.cf configuration file to enable the SMTP service. $ sudo nano /etc/postfix/master.cf Find the entry below. ... #submission inet n - y - - smtpd ... Remove the pound symbol at the beginning of the line. ... submission inet n - y - - smtpd ... Save and close the file. 3. Install & Configure Dovecot Install the Dovecot package and all the dependency packages required to run the imap, pop3, and lmtp service. $ sudo apt install -y dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd Edit the /etc/dovecot/conf.d/10-mail.conf file to instruct Dovecot on the directory to look for mails. $ sudo nano /etc/dovecot/conf.d/10-mail.conf Find the entry below. mail_location = mbox:~/mail:INBOX=/var/mail/%u Change to: mail_location = maildir:/var/mail/vhosts/%d/%n Save and close the file. The %d represents the domain, and %n represents the users. This means that you'll need to create a sub-directory in the /var/mail/vhosts for every domain receiving emails on your server. Create the first sub-directory and replace example.com with your domain name. $ sudo mkdir -p /var/mail/vhosts/example.com Repeat the command above for every other domain that you want to receive emails for in your server while replacing example.com with the domain name. For instance, if you also intend to receive emails for the example.net domain, run the command below. $ sudo mkdir -p /var/mail/vhosts/example.net Create a Vmail user and group for the Dovecot service. Create the vmail group. $ sudo groupadd -g 5000 vmail Create a vmail user and add the user to the vmail group. $ sudo useradd -r -g vmail -u 5000 vmail -d /var/mail/vhosts -c "virtual mail user" Assign the ownership of the /var/mail/vhosts/ to the vmail user and group. $ sudo chown -R vmail:vmail /var/mail/vhosts/ Edit the Dovecot 10-master.conf file. $ sudo nano /etc/dovecot/conf.d/10-master.conf Locate the entries below. ... inet_listener imaps { #port = 993 #ssl = yes } ... Remove the pound symbol before the port and ssl entries, as shown below, to allow Dovecot to use port 993 and SSL for secure IMAP. ... inet_listener imaps { port = 993 ssl = yes } ... Locate the entries below. ... inet_listener pop3s { #port = 995 #ssl = yes } ... Remove the pound symbol before the port = 995 and ssl = yes parameters. ... inet_listener pop3s { port = 995 ssl = yes } ... Enable the lmtp service. Locate the entries below. ... service lmtp { unix_listener lmtp { #mode = 0666 } # Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet #address = #port = #} } ... Change the configuration to: ... service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix } } ... Locate the Dovecot authentication socket configurations below. ... # Postfix smtp-auth #unix_listener /var/spool/postfix/private/auth { # mode = 0666 #} ... Change the configuration to: ... #Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } ... Save and close the file. Configure Dovecot to use secure authentication. Edit the Dovecot 10-auth.conf file. $ sudo nano /etc/dovecot/conf.d/10-auth.conf Find the entry below. # disable_plaintext_auth = yes Uncomment the setting above by removing the # character to disable plain text authorization. disable_plaintext_auth = yes Find the entry below. auth_mechanisms = plain Change the authentication mechanisms from plain to plain login. auth_mechanisms = plain login Disable the Dovecot default authentication behavior that requires users to have a system account to use the email service. Find the line: !include auth-system.conf.ext Add a pound symbol at the beginning of the line to comment it out. #!include auth-system.conf.ext Find the line: #!include auth-passwdfile.conf.ext Remove the # symbol at the beginning to enable Dovecot to use a password file. !include auth-passwdfile.conf.ext Save and close the file. Edit the Dovecot password file, auth-passwdfile.conf.ext. $ sudo nano /etc/dovecot/conf.d/auth-passwdfile.conf.ext The file looks similar to the one shown below. passdb { driver = passwd-file args = scheme=CRYPT username_format=%u /etc/dovecot/users } userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users ... } Make the changes to the file, as shown below. passdb { driver = passwd-file args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users } userdb { driver = static args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n } Save and close the file. Create the /etc/dovecot/dovecot-users password file. This file is a plain text database that holds email users on your server. $ sudo nano /etc/dovecot/dovecot-users Add the users that you want to use the email service to the file by following the format below. Replace EXAMPLE_PASSWORD with a strong password. Also, replace example.com with your domain name. admin@example.com:{plain}EXAMPLE_PASSWORD info@example.com:{plain}EXAMPLE_PASSWORD billing@example.com:{plain}EXAMPLE_PASSWORD Save and close the file. Configure Dovecot to Use the SSL Certificate. Open the /etc/dovecot/conf.d/10-ssl.conf file. $ sudo nano /etc/dovecot/conf.d/10-ssl.conf Find the line: ssl = yes Change the ssl value from yes to required. ssl = required Locate the two entries below. #ssl_cert = ServerAdmin admin@franktek.space ServerName franktek.space ... ... Add the entry Alias /mail /usr/share/roundcube after the entry ServerName example.com as shown below. ... ServerAdmin admin@example.com ServerName example.com Alias /mail /usr/share/roundcube ... ... Save and close the file. Restart Apache. $ sudo service apache2 restart 5. Test the Email Service To login to the email server using Roundcube, enter the URL shown below and replace example.com with your domain name. https://mail.example.com/mail You should see a screen similar to the one shown below. Enter the username and password you defined in the Dovecot password file, and log in. Once logged in, you can send and receive emails from the Roundcube dashboard.

Was this answer helpful?
Back

Powered by WHMCompleteSolution