Creating A Personal Email Server With Postfix + Dovecot
Contents
Intro
A problem I've faced lately was finding proper documentation for setting up a simple one domain email server. In the past I've setup FTP, SFTP, SSH, and Web Servers, but I've never had the chance to properly setup an email server so why not try it out during this time of quarantine.
Please note, this post is not just for people that just need a personal email server it's also for idividuals or businesses that want to maintain their own properties with their own domain and user accounts. See Resources at the bottom of the post for more info as to why you'd want this
Updates
- March 6th 2021: If you're having trouble with LetsEncrypt Certificates please remember to install/run certbot for those.
The Reason
My reasoning for doing this is to have an email that can be used on whatever client, has offline capability, and I'm in control what happens with it. I got tired of ProtonMail and other providers costing so much just to add on a domain, when in reality all that does is point that email to your ProtonMail one. For my business I need a catchall webmaster one, and some ones for people that are at my company.
If you're trying to learn how to work with email servers or just create your own for the sake of privacy, this guide is meant for anyone wanting to create an email server.
I want to create something fast, secure, and overall inexpensive while also being able to scale when needed.
What to Expect
First off, cost comparison for of setting up your own server vs going through a provider like ProtonMail to use your own domain. This is important to note because everywhere I've seen it costs around $5 just to add a domain to another person's server, which makes no sense to me because you could easily implement your own for less.
Below I'm going to list the comparison of different providers to show you what they provide. I will only list the base monthly costs with notes at the bottom explaining some of the caveats. This chart is the data at a glance, please click the link to each site to get a better idea for what they offer.
Custom Domain means the minimum monthly cost to get one custom domain
FSF Recommended means that it's listed here on the FSF site
| Cost Comparison Chart | ||||||
|---|---|---|---|---|---|---|
| Provider | Custom Domain* | Additional Accounts | Additional Domains | Storage | FSF Recommended* | Personal Recommended |
| Proton Mail | ~€5/mo | + €5 | + €2 | 5GB | ❌ | ❌ |
| Tutanota | ~€1.20/mo | ? | ? | 1GB | ✅ | ✅ |
| FastMail | $5/mo | ? | ? | 1GB | ❌ | ❌ |
| SafeMail | ~$12.50/mo | ? | ? | 200MB | ✅ | ❌ |
| VFEmail | $24.95 OneTime Payment/mo | ? | ? | 1GB | ✅ | ✅ |
| TuffMail | $2/mo | + $2 | $0 | 1GB | +$1/GB | ✅ | ✅ |
Resources for other providers
*I do not recomend ProtonMail for hosting private emails. Yes they are encrypted using their own methods, but treat this as if though it were any other proprietary email service as there's no guarantee that the other user's email with adhere to your privacy.
*Use PGP Keys for secure comunications and for people you trust. Learn more here about PGP.
My Opinion: No serious business that deals with sensitive data (or otherwise) should be using Google, Microsoft, Yandex, Apple, etc. Products as they all use your data to target ads towards and against you, what that means is if your work involves something those companies don't agree with they hold the rights to not show you on their Maps applications or have customers not see your ads or links anymore, unless of course you pay more money.
Sources
- A letter to all my Gmail-using friends...
- Google's Software is Malware
- Apple's Operating Systems Are Malware
- Proprietary Software Is Often Malware
What You'll Need?
Prerequisites
Here's some things you'll need to understand going forward, considering this is for more advanced users I'd recommend having some prior knowledge using.
- Knowledge of Linux and the Command Line
- Minimal knowledge over Vi/Vim*
- Knowledge of SSH and server-side computing
- The Linux PAM system (or just basic use management)
- Knowledge of PGP/GPG encryption and how to
- A domain chosen and purchased
- An email application to use such as ThunderBird
Choosing Your Hardware
We begin by choosing a VPS provider, and please remember the not above, this isn't for just personal use, it's if you want a custom domain with your own rules and such so a VPS or private server is the way to go, and of course if your company has your own setup of servers you can very well use those.
| Cost Comparison Chart | ||
|---|---|---|
| Provider | Monthly Cost | Min Storage |
| Vultr | $2.50 - $3.50 Depending on if you need IPV4 | 25GB |
| Linode | $5/mo | 25GB |
| Digital Ocean | $5/mo | 25GB |
| Kamatera | $4/mo | 25GB |
| PRGMR | $5/mo | 15GB |
| Gandi | $3.50/mo (first Year)| $7.50/mo (After The First Year) | 25GB |
| Njalla | €15 | 15GB |
*Transfer limits between services are usually around 1 TB
With all these remember to look out for promo codes to get $10-50 off your subscription, they provide them all the time through podcasts and youtubers trying to make a buck. I'm not providing any, I'm just giving the numbers for what the sites say.
Resources for other providers
Now We Start
So for this I'm going to choose Vultr with a Debian instance for about $3.50 since I require IPV4 to use emails. You'll want to setup your RSA keys for all computers you'll be logging in with, this is important considering we're going to remove root altogether as well as password logins, if you're wondering why I'd recomend doing so here's an article going over why. If you mess up the server at any point you can reinstall from a backup or reinstall the OS altogether.
Some Prerequisites
First Things:
- Have a domain already purchased and make sure you're able to ping it
- Name your instance something like
box.yourdomain.tld - Link all your SSH keys Once the server is setup lets ssh into it:
ssh root@<your server IP here>
Once we're in let's run another update to make sure we have the latest of everything.
sudo apt upgrade
If you want to have automatic updates read this article over the matter.
Now that you've done so let's get to the meat of what we're doing, setting up postfix, dovecot, and spamassassin. Thankfully Luke Smith has provided an easy-to-use script for doing so we don't have to reinvent the wheel (or read 100 different pages regarding postfix/dovecot documentation), to which I recomend everyone using for this guide. EmailWiz is simple, just curl -LO lukesmith.xyz/emailwiz.sh and you're good to go with this. However, please read over all the documentation in the script as to what it's doing, some email server will require some different settings that you'll have to tweak in the script.
What this does is it sets up all that you'll need for the email server. Once you've run the script make sure to copy over the two codes it will give you to use in your DNS panel for the domain you have.
| Setup the DNS | |||||
|---|---|---|---|---|---|
| Name | Record | Value | |||
| box.yourdomain.tld | A | Your Static IP | |||
| yourdomain.tld | MX | box.yourdomain.tld | |||
| mail.yourdomain.tld | A | Your Static IP | |||
| domain.tld | TXT | SPF1 Code That EmailWiz Gives You | |||
| mail._domainkey.yourdomain.tld | A | DKIM Code That EmailWiz Gives You | |||
*Notice that this is where you'll link the mail.yourdomain.tld at, this is so you can use thunderbird and other software to login
Make sure by this point that you've setup all the above before moving forward.
Now your domain isn't going to magically work right off the bat, I'd recomend giving your server and domain registrar 24 hours to properly propigate the changes so that way it'll work correctly on all platforms.
Once you've waited, it's time to setup your users. So assuming that you've already setup a basic admin user or whatever account will act as a sustitute for root now you'll want to setup other users, do so by creating them the linux way:
sudo useradd USERNAME This should prompt you with a password and all info for the user
Move that new user over to the mail group, dovecot I believe created this during install:
sudo usermod -aG mail USERNAME
Now you user should be created and with access to emails. You can test this out by going into ThunderBird to log into your email with the credentials created. On the initial setup this should create the INBOX, TRASH, etc. to use with emails.
That's about it for setting up emails. Not that difficult, just a lot of prep work and research involved before chosing a provider and such that works with what you need.
Let's Emcrypt Certs
Ensure you have a lets encrypt certificate for the domain you're using, use certbot for the domain as that is fairly simple to use.
Optional
Aliases
I've seen a few guides online for setting up aliases, but here's an easy and quick way to do so.
Go onto your server as a superuser with sudo access and open up the aliases file:
'sudo vim /etc/aliases'
Now you can route where emails go to, and even have a catch all one for use with things like admin or webmaster to go to root@yourdomain.tld
Here's what an alias file can look like.
mailer-daemon: root
admin: root
webmaster: root
nobody: root
...
Make sure once you're done editing to refresh the aliases
newaliases
Running this command refreshes the database that postfix uses for aliases. Linux also will adhere to these aliases, so keep that in mind because that means logins can be altered this way.
Note that aliases are useful when you have a name that might commonly be misspelled, so you can have aliases that catch that email and send it to the right one, that's something you can't do with a free serverice. Make as many aliases as you need, they're useful and easy to setup.
Extras
If there's anything incorrect or something you'd like to add just shoot me an email at materialfuture at andrasmedia DOT org
If you believe I've misrepresented something on here or there's anything that doesn't make sense please let me know and I'll be quick to change it.
Something not working for your system? Let me know and I can update the docs or can make a fork of Emailwiz for that since that would be useful.
Updates
- Update January 2022 - If you're thinking of doing this please be aware that your email can be sent to spam due to your email not being from a trusted regisrar. If you're just sending email occasionally to people you know or only people that also self-host and use PGP then go right ahead as it's a great solution.
- Update December 2021 - If there are issues with Let's Encrypt certs then remember to renew your certs. Setting up a systemd or cronjob for this will help with renewals: https://devcoops.com/certbot-auto-renew-ssl-certificate-cron-job/
Resources
Below are more resources where you can learn about emails.