Install and Configure Postfix with Dovecot on Ubuntu VPS

Prerequisites for Email Server Setup

Before you install and configure Postfix with Dovecot, your Ubuntu VPS needs several key components in place. You'll need a fully qualified domain name (FQDN) pointing to your server's IP address. Check that ports 25, 587, 993, and 995 are open in your firewall.

Most importantly, verify your hosting provider doesn't block outbound port 25. Many providers block this port to prevent spam. This will break your mail server's ability to send messages.

Your server should have at least 1GB RAM and sufficient disk space for email storage. A basic Hostperl VPS configuration handles small to medium email volumes without issue.

Set up proper DNS records before proceeding. Create an MX record pointing to your server. Configure reverse DNS (PTR record) through your hosting provider. Without these records, your emails will end up in spam folders.

Installing Postfix Mail Transfer Agent

Update your Ubuntu system packages first:

sudo apt update && sudo apt upgrade -y

Install Postfix:

sudo apt install postfix -y

During installation, you'll see a configuration wizard. Select "Internet Site" when prompted for the general type of mail configuration. Enter your fully qualified domain name (like mail.yourdomain.com) as the system mail name.

If you missed the wizard or need to reconfigure later:

sudo dpkg-reconfigure postfix

Configuring Postfix Main Settings

Edit the main Postfix configuration file:

sudo nano /etc/postfix/main.cf

Add or modify these essential settings:

myhostname = mail.yourdomain.com
mydomain = yourdomain.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost = 
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
home_mailbox = Maildir/

The home_mailbox = Maildir/ setting tells Postfix to store emails in Maildir format. Dovecot handles this more efficiently than the default mbox format.

For better security, add these anti-spam measures:

disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit

Installing and Setting Up Dovecot

Install Dovecot IMAP and POP3 server:

sudo apt install dovecot-imapd dovecot-pop3d -y

Configure Dovecot's main settings:

sudo nano /etc/dovecot/dovecot.conf

Uncomment and modify this line:

protocols = imap pop3 lmtp

Edit the mail location settings:

sudo nano /etc/dovecot/conf.d/10-mail.conf

Set the mail location to match Postfix:

mail_location = maildir:~/Maildir

Configure authentication:

sudo nano /etc/dovecot/conf.d/10-auth.conf

Ensure these settings are active:

disable_plaintext_auth = yes
auth_mechanisms = plain login

Connecting Postfix and Dovecot

Configure Dovecot to handle LMTP delivery from Postfix. Edit the LMTP service:

sudo nano /etc/dovecot/conf.d/20-lmtp.conf

Enable the LMTP service:

protocol lmtp {
  mail_plugins = $mail_plugins
}

Configure Dovecot's master configuration:

sudo nano /etc/dovecot/conf.d/10-master.conf

Add the LMTP service configuration:

service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}

Now configure Postfix to use Dovecot for local delivery. Add this to your /etc/postfix/main.cf:

virtual_transport = lmtp:unix:private/dovecot-lmtp

Setting Up SSL/TLS Encryption

Email security requires proper SSL/TLS certificates. If you haven't already, set up Let's Encrypt certificates for your mail server.

Install Certbot:

sudo apt install certbot -y

Generate certificates for your mail domain:

sudo certbot certonly --standalone -d mail.yourdomain.com

Configure Postfix TLS settings in /etc/postfix/main.cf:

smtpd_tls_cert_file = /etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.yourdomain.com/privkey.pem
smtpd_tls_security_level = may
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = may

Configure Dovecot SSL:

sudo nano /etc/dovecot/conf.d/10-ssl.conf

Set these SSL parameters:

ssl = required
ssl_cert = 

Configuring SMTP Authentication

Enable SMTP authentication so users can send emails securely. Edit Postfix master configuration:

sudo nano /etc/postfix/master.cf

Uncomment or add the submission service:

submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Configure SASL authentication in /etc/postfix/main.cf:

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous

Configure Dovecot's authentication service:

sudo nano /etc/dovecot/conf.d/10-master.conf

Add the authentication socket for Postfix:

service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}

Testing Your Email Server Configuration

Restart both services to apply all configurations:

sudo systemctl restart postfix dovecot

Check service status:

sudo systemctl status postfix dovecot

Test local delivery by creating a test user:

sudo adduser testuser

Send a test email:

echo "Test email body" | mail -s "Test Subject" testuser@yourdomain.com

Verify the email arrived in the Maildir:

sudo ls -la /home/testuser/Maildir/new/

Test SMTP authentication using telnet or a mail client. Configure your email client with these settings:

• IMAP: port 993 (SSL/TLS)
• SMTP: port 587 (STARTTLS)
• Username: full email address
• Password: system user password

Monitoring and Maintenance

Monitor your email server logs for issues:

sudo tail -f /var/log/mail.log

Set up log rotation to prevent disk space problems:

sudo nano /etc/logrotate.d/rsyslog

Regular maintenance includes monitoring disk space in mail directories. Check for failed authentication attempts. Consider implementing Fail2ban protection for additional security.

For production use, implement proper backup procedures for your mail directories and configuration files. The automated backup strategies we've covered can be adapted for email data.

Frequently Asked Questions

How do I add multiple domains to my Postfix configuration?

Add additional domains to the mydestination parameter in /etc/postfix/main.cf, separated by commas. For complex multi-domain setups, consider using virtual domains with separate user databases instead of system users.

Why are my emails going to spam folders?

Email deliverability depends on proper DNS configuration, including SPF, DKIM, and DMARC records. Ensure your server's IP has good reputation and isn't listed on blacklists. Many hosting providers block port 25 by default, which affects deliverability.

How can I secure my email server against attacks?

Implement rate limiting, use strong passwords, enable Fail2ban, and keep your server updated. Configure proper firewall rules and consider using tools like SpamAssassin for content filtering. Regular security audits help identify potential vulnerabilities.

What's the difference between Maildir and mbox formats?

Maildir stores each email as a separate file, making it more reliable and faster for IMAP access. Mbox stores all emails in a single file, which can become corrupted and is slower for large mailboxes. Maildir is the recommended format for modern email servers.

How do I troubleshoot connection issues?

Check service status with systemctl status postfix dovecot, review logs in /var/log/mail.log, and verify port accessibility with netstat -tlnp. Test connectivity from external sources and ensure firewall rules allow the required ports.