Set up a Postfix mail server with Dovecot and Squirrelmail on Ubuntu

Firewall access

You will need to set your firewall(s) to allow access to the following ports:

• SMTP: 25
• POP3: 110
• IMAP: 143
• SMTP Secure: 465
• MSA: 587
• IMAP Secure: 993
• POP3 Secure: 995

By default, the Cloud Panel Firewall denies access to all but the most commonly-used ports.

Install Postfix

To install Postfix, first update your packages:

sudo apt-get update

Then install Postfix:

sudo apt-get install postfix

Postfix is installed by default on most Ubuntu 16.04 systems, so this command will most likely exit with a message that postfix is already the newest version (3.1.0-3)..

If Postfix continues with an installation, simply accept all of the defaults at each prompt to complete the process.

Configure Postfix

After the installation is complete, run the command to configure Postfix:

sudo dpkg-reconfigure postfix

Enter the following values at the prompts, replacing example.com with your own domain name. Use the up arrow and down arrow to move up and down to highlight answers, and Enter to select your answer.

1. Select OK to proceed.
2. Choose Internet Site.
3. System Mail Name: example.com
4. Root and postmaster mail recipient: root
5. Other destinations for mail: example.com, localhost.example.com, localhost
6. Force synchronous updates on mail queue?: No
7. Local networks: 127.0.0.0/8
8. Use procmail for local delivery?: No
9. Mailbox size limit (bytes): 0
10. Local address extension character: +
11. Internet protocols to use: all

After the initial Postfix configuration has been done, you can change Postfix settings with the command:

sudo postconf -e '[new setting]'

Create an SSL certificate

We will create a self-signed SSL certificate to secure incoming and outgoing email connections:

sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout mailserver.key -out mailserver.crt -nodes -days 365

sudo openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Answer the questions at the prompts, or just hit [Enter] to leave an answer blank. This command will create two files: mailserver.key and mailserver.crt.

Create a folder for the SSL certificate files:

sudo mkdir /etc/postfix/ssl

Then move the files into this folder:

sudo mv mailserver.key /etc/postfix/ssl
sudo mv mailserver.crt /etc/postfix/ssl
sudo mv cakey.pem /etc/postfix/ssl
sudo mv cacert.pem /etc/postfix/ssl

Set up SMTP AUTH

SMTP AUTH is a basic method of securing your mail server. We strongly recommend the use of SMTP AUTH on all mail servers.

To begin, use the following commands to configure Postfix to use SMTP AUTH:

sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_recipient_restrictions =  permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'

Replace example.com with your own domain name:

sudo postconf -e 'myhostname = example.com' 

Next, create the file /etc/postfix/sasl/smtpd.conf and open it for editing:

sudo nano /etc/postfix/sasl/smtpd.conf

Add the following content:

pwcheck_method: saslauthd
mech_list: plain login

After you have finished configuring Postfix, restart the Postfix daemon with the command:

sudo systemctl restart postfix

Install SASL

Postfix will use SASL to handle the authentication with SMTP AUTH. Now that Postfix has been configured to use SMTP AUTH, install SASL with the command:

sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules

After the installation is done, edit /etc/default/saslauthd:

sudo nano /etc/default/saslauthd

Scroll down to the line:

# Should saslauthd run automatically on startup? (default: no)
START=no

Change START to yes:

# Should saslauthd run automatically on startup? (default: no)
START=yes

Below that line, add the following three lines:

PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"

Scroll down to the bottom of the file to the line:

OPTIONS="-c -m /var/run/saslauthd"

Change the last line to read:

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Save and exit the file.

Next, run the following command to update the dpkg state:

sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

Note: If you get an error message that /var/spool/postfix/var/run/saslauthd does not exist, ignore it. This directory will be created when you start the SASL daemon.

Create a symlink for the config file:

sudo ln -s /etc/default/saslauthd /etc/saslauthd

And finally, start the SASL daemon:

sudo /etc/init.d/saslauthd start