Set Up Email Server on Ubuntu VPS: Postfix + Dovecot + SSL

Prerequisites and Server Preparation

Before you set up email server on Ubuntu VPS, verify your server meets these basic requirements. You need a fresh Ubuntu 22.04 or 24.04 server with at least 2GB RAM and root access.

Configure proper DNS records first—this step is critical.

Set these DNS records for your domain:

• A record: mail.yourdomain.com pointing to your server IP
• MX record: yourdomain.com with priority 10 pointing to mail.yourdomain.com
• PTR record: Reverse DNS from your hosting provider (essential for deliverability)

Skip the DNS setup and your emails will land in spam folders or get rejected outright.

Hostperl VPS includes PTR record management and reliable networking that simplifies this setup process.

Installing and Configuring Postfix Mail Transfer Agent

Postfix handles incoming and outgoing mail delivery. Update your system and install the required packages:

sudo apt update
sudo apt install postfix dovecot-imapd dovecot-pop3d dovecot-lmtpd

During Postfix installation, select "Internet Site" and enter your domain name.

Edit the main configuration file:

sudo nano /etc/postfix/main.cf

Replace the default configuration with these settings:

myhostname = mail.yourdomain.com
mydomain = yourdomain.com
myorigin = /etc/mailname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

The home_mailbox = Maildir/ setting uses the more reliable Maildir format instead of the older mbox format.

Dovecot IMAP/POP3 Server Configuration

Dovecot provides IMAP and POP3 access for email clients.

Configure the main settings file:

sudo nano /etc/dovecot/dovecot.conf

Enable the protocols you need:

protocols = imap pop3 lmtp

Configure mail location in /etc/dovecot/conf.d/10-mail.conf:

sudo nano /etc/dovecot/conf.d/10-mail.conf

Set the mail location to match Postfix:

mail_location = maildir:~/Maildir

Configure authentication in /etc/dovecot/conf.d/10-auth.conf:

sudo nano /etc/dovecot/conf.d/10-auth.conf

Verify these settings are active:

disable_plaintext_auth = yes
auth_mechanisms = plain login

Configure the authentication socket that Postfix will use in /etc/dovecot/conf.d/10-master.conf:

sudo nano /etc/dovecot/conf.d/10-master.conf

Find the service auth section and modify it:

service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
}

SSL Certificate Installation for Secure Email

Email servers require SSL certificates for secure IMAP/SMTP connections.

Install Certbot for Let's Encrypt certificates:

sudo apt install certbot

Generate certificates for your mail server:

sudo certbot certonly --standalone -d mail.yourdomain.com

Configure Dovecot to use SSL certificates in /etc/dovecot/conf.d/10-ssl.conf:

sudo nano /etc/dovecot/conf.d/10-ssl.conf

Update the SSL configuration:

ssl = required
ssl_cert = 

Configure Postfix for SSL by adding these lines to /etc/postfix/main.cf:

smtpd_tls_cert_file=/etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.yourdomain.com/privkey.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes

This configuration mirrors the approach used in our SSL certificate auto-renewal tutorial, keeping your email security current.

Creating Email Users and Testing Access

Create system users for email accounts. Each Linux user becomes an email address:

sudo useradd -m -s /bin/bash john
sudo passwd john

This creates john@yourdomain.com with a mailbox at /home/john/Maildir.

Restart both services to apply all configurations:

sudo systemctl restart postfix
sudo systemctl restart dovecot

Test SMTP functionality by sending a test email:

echo "Test email body" | mail -s "Test Subject" john@yourdomain.com

Check that the email arrived in the user's mailbox:

sudo ls /home/john/Maildir/new/

Test IMAP access using telnet:

telnet mail.yourdomain.com 143

Firewall Configuration and Port Management

Configure UFW to allow email traffic through the necessary ports:

sudo ufw allow 25/tcp   # SMTP
sudo ufw allow 143/tcp  # IMAP
sudo ufw allow 993/tcp  # IMAPS
sudo ufw allow 110/tcp  # POP3
sudo ufw allow 995/tcp  # POP3S

Verify your firewall rules:

sudo ufw status

Test external connectivity to confirm your ISP or hosting provider doesn't block these ports. Many residential ISPs block port 25 outbound.

Mail Security Hardening and Anti-Spam Measures

Enhance security by restricting relay access and enabling additional authentication checks.

Add these security settings to /etc/postfix/main.cf:

smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname
smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

These restrictions prevent unauthorized relay usage and reduce spam.

Install and configure Fail2Ban to protect against brute force attacks:

sudo apt install fail2ban

Create a jail configuration for Postfix and Dovecot:

sudo nano /etc/fail2ban/jail.local

Add these jail configurations:

[postfix-sasl]
enabled = true
port = smtp
filter = postfix-sasl
logpath = /var/log/mail.log
maxretry = 3
bantime = 3600

[dovecot]
enabled = true
port = imap,imaps,pop3,pop3s
filter = dovecot
logpath = /var/log/mail.log
maxretry = 3
bantime = 3600

Email Client Configuration and Connection Testing

Configure email clients using these server settings:

IMAP Settings:

• Server: mail.yourdomain.com
• Port: 993 (SSL) or 143 (STARTTLS)
• Security: SSL/TLS
• Authentication: Normal password

SMTP Settings:

• Server: mail.yourdomain.com
• Port: 587 (submission with STARTTLS)
• Security: STARTTLS
• Authentication: Normal password

Test email delivery to external providers like Gmail and Yahoo.

Check spam folders initially—new email servers often face deliverability challenges without proper reputation building.

Frequently Asked Questions

Why are my emails going to spam folders?

New email servers lack sending reputation with major providers. Configure proper SPF, DKIM, and DMARC records.

Start with low sending volumes and gradually increase as reputation improves.

Can I use this setup for multiple domains?

Yes, add additional domains to the mydestination parameter in Postfix configuration.

Create corresponding DNS records for each domain and verify SSL certificates cover all mail subdomains.

How do I backup email data?

Email data lives in /home/username/Maildir directories.

Regular filesystem backups using rsync or tar preserve all email content. Consider automated backup solutions for production environments.

What if port 25 is blocked by my ISP?

Many residential ISPs block outbound port 25. Business hosting providers like Hostperl typically allow all email ports.

You may need a commercial hosting solution or email relay service for reliable delivery.

How much RAM does an email server need?

A basic email server runs comfortably on 2GB RAM for small user bases.

Plan for additional memory as user count and email volume increase. Database-backed configurations require more resources.