How to Install Postfix, Dovecot, and Roundcube on Ubuntu 20.04

Last Updated: Fri, Jul 10, 2020
Email Ubuntu

Introduction

Postfix is a Mail Transfer Agent(MTA) for routing and delivering electronic mail(email). Dovecot is a secure IMAP and POP3 Mail Delivery Agent(MDA). These two open-source applications work well with Roundcube, an email client primarily famous for its clever use of Ajax technology. In this guide, you'll install Postfix, Dovecot, and Roundcube on Ubuntu 20.04. This guide uses the domain example.com and the server name mail.example.com.

Prerequisites

Before you begin, make sure you have the following:

1. Install & Configure Postfix

  1. SSH to your server and install the Postfix server by running the command below.

    $ sudo apt update -y
    $ sudo apt install -y postfix
    
  2. You'll get the Postfix configuration screen, as shown below. Press TAB and ENTER to continue.

    Postfix package configuration screen

  3. On the next screen, select Internet Site, then TAB and ENTER.

    Postfix mail type configuration

  4. Enter the system mail name, which is your domain name. For instance, the server name is mail.example.com, so you'll enter example.com here.

    Postfix system mail name

  5. Back up the the /etc/postfix/main.cf file, and create a new one.

    $ sudo mv /etc/postfix/main.cf /etc/postfix/main.cf.bk
    $ sudo nano /etc/postfix/main.cf
    
  6. Enter the information below to the new file. Replace example.com with your domain name throughout the file. Make sure the value of smtpdtlscert_file and smtpdtlskey_file point to your SSL certificate.

    smtpd_banner = $myhostname ESMTP $mail_name
    biff = no
    append_dot_mydomain = no
    readme_directory = no
    
    # TLS parameters
    smtp_use_tls = yes
    smtp_tls_security_level = may
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    smtpd_use_tls = yes
    smtpd_tls_security_level = may
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem
    smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem
    smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,  reject_unauth_destination
    
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    
    virtual_transport = lmtp:unix:private/dovecot-lmtp
    virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains
    
    myhostname = mail.example.com
    myorigin = /etc/mailname
    mydestination =  localhost.$mydomain, localhost
    relayhost = 
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    
  7. Save and close the file.

2. Create Virtual Mail Box Domains

  1. The main.cf configuration file instructs postfix to look for email domains in the /etc/postfix/virtual_mailbox_domains file. Create the file:

    $ sudo nano /etc/postfix/virtual_mailbox_domains
    
  2. Add the information below to the file and replace example.com with your domain name.

    example.com #domain
    
  3. Use the postmap command to change /etc/postfix/virtual_mailbox_domains to a format recognizable by Postfix. Run this command every time you edit the file, for instance, after adding more domains to the file.

    $ sudo postmap /etc/postfix/virtual_mailbox_domains
    
  4. Edit the /etc/postfix/master.cf configuration file to enable the SMTP service.

    $ sudo nano /etc/postfix/master.cf
    
  5. Find the entry below.

    ...
    #submission inet n       -       y       -       -       smtpd
    ...
    

    Remove the pound symbol at the beginning of the line.

    ...
    submission inet n       -       y       -       -       smtpd
    ...
    
  6. Save and close the file.

3. Install & Configure Dovecot

  1. Install the Dovecot package and all the dependency packages required to run the imap, pop3, and lmtp service.

    $ sudo apt install -y dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd
    
  2. Edit the /etc/dovecot/conf.d/10-mail.conf file to instruct Dovecot on the directory to look for mails.

    $ sudo nano /etc/dovecot/conf.d/10-mail.conf
    
  3. Find the entry below.

    mail_location = mbox:~/mail:INBOX=/var/mail/%u   
    

    Change to:

    mail_location = maildir:/var/mail/vhosts/%d/%n
    

    Save and close the file. The %d represents the domain, and %n represents the users. This means that you'll need to create a sub-directory in the /var/mail/vhosts for every domain receiving emails on your server.

  4. Create the first sub-directory and replace example.com with your domain name.

    $ sudo mkdir -p /var/mail/vhosts/example.com
    

    Repeat the command above for every other domain that you want to receive emails for in your server while replacing example.com with the domain name. For instance, if you also intend to receive emails for the example.net domain, run the command below.

    $ sudo mkdir -p /var/mail/vhosts/example.net
    
  5. Create a Vmail user and group for the Dovecot service.

    Create the vmail group.

    $ sudo groupadd -g 5000 vmail
    

    Create a vmail user and add the user to the vmail group.

    $ sudo useradd -r -g vmail -u 5000 vmail -d /var/mail/vhosts -c "virtual mail user"
    

    Assign the ownership of the /var/mail/vhosts/ to the vmail user and group.

    $ sudo chown -R vmail:vmail /var/mail/vhosts/
    
  6. Edit the Dovecot 10-master.conf file.

    $ sudo nano /etc/dovecot/conf.d/10-master.conf
    
  7. Locate the entries below.

    ...
    inet_listener imaps {
      #port = 993
      #ssl = yes
    }
    ...
    

    Remove the pound symbol before the port and ssl entries, as shown below, to allow Dovecot to use port 993 and SSL for secure IMAP.

    ...
    inet_listener imaps {
      port = 993
      ssl = yes
    }
    ...
    
  8. Locate the entries below.

    ...
    inet_listener pop3s {
      #port = 995
      #ssl = yes
    }
    ...
    

    Remove the pound symbol before the port = 995 and ssl = yes parameters.

    ...
    inet_listener pop3s {
      port = 995
      ssl = yes
    }
    ...
    
  9. Enable the lmtp service. Locate the entries below.

    ...
    service lmtp {
      unix_listener lmtp {
        #mode = 0666
      }
    
      # Create inet listener only if you can't use the above UNIX socket
      #inet_listener lmtp {
        # Avoid making LMTP visible for the entire internet
        #address =
        #port =
      #}
    }
    ...
    

    Change the configuration to:

    ...
    service lmtp {
      unix_listener /var/spool/postfix/private/dovecot-lmtp {
        mode = 0600
        user = postfix
        group = postfix
      }
    }
    ...
    
  10. Locate the Dovecot authentication socket configurations below.

    ...
    # Postfix smtp-auth
    #unix_listener /var/spool/postfix/private/auth {
    #  mode = 0666
    #}
    ...
    

    Change the configuration to:

    ...
    #Postfix smtp-auth
    unix_listener /var/spool/postfix/private/auth {
      mode = 0666
      user = postfix
      group = postfix
    }
    ...
    
  11. Save and close the file.

  12. Configure Dovecot to use secure authentication. Edit the Dovecot 10-auth.conf file.

    $ sudo nano /etc/dovecot/conf.d/10-auth.conf
    
  13. Find the entry below.

    # disable_plaintext_auth = yes
    

    Uncomment the setting above by removing the # character to disable plain text authorization.

    disable_plaintext_auth = yes
    
  14. Find the entry below.

    auth_mechanisms = plain
    

    Change the authentication mechanisms from plain to plain login.

    auth_mechanisms = plain login
    
  15. Disable the Dovecot default authentication behavior that requires users to have a system account to use the email service. Find the line:

    !include auth-system.conf.ext
    

    Add a pound symbol at the beginning of the line to comment it out.

    #!include auth-system.conf.ext
    
  16. Find the line:

    #!include auth-passwdfile.conf.ext
    

    Remove the # symbol at the beginning to enable Dovecot to use a password file.

    !include auth-passwdfile.conf.ext
    
  17. Save and close the file.

  18. Edit the Dovecot password file, auth-passwdfile.conf.ext.

    $ sudo nano /etc/dovecot/conf.d/auth-passwdfile.conf.ext
    

    The file looks similar to the one shown below.

    passdb {
      driver = passwd-file
      args = scheme=CRYPT username_format=%u /etc/dovecot/users
    }
    
    userdb {
      driver = passwd-file
      args = username_format=%u /etc/dovecot/users
    ...
    }
    

    Make the changes to the file, as shown below.

    passdb {
        driver = passwd-file
        args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users
    }
    
    userdb {
        driver = static
        args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n    
    }
    

    Save and close the file.

  19. Create the /etc/dovecot/dovecot-users password file. This file is a plain text database that holds email users on your server.

    $ sudo nano /etc/dovecot/dovecot-users
    

    Add the users that you want to use the email service to the file by following the format below. Replace EXAMPLE_PASSWORD with a strong password. Also, replace example.com with your domain name.

    admin@example.com:{plain}EXAMPLE_PASSWORD
    info@example.com:{plain}EXAMPLE_PASSWORD
    billing@example.com:{plain}EXAMPLE_PASSWORD
    

    Save and close the file.

  20. Configure Dovecot to Use the SSL Certificate. Open the /etc/dovecot/conf.d/10-ssl.conf file.

    $ sudo nano /etc/dovecot/conf.d/10-ssl.conf
    

    Find the line:

    ssl = yes
    

    Change the ssl value from yes to required.

    ssl = required
    

    Locate the two entries below.

    #ssl_cert = </etc/dovecot/dovecot.pem
    #ssl_key = </etc/dovecot/private/dovecot.pem
    

    Change the two entries above and make sure they are pointing to the SSL certificate for your domain. For instance, if you are using the Let's Encrypt certificate, your entries will be similar to those shown below. Replace example.com with your domain name.

    ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
    ssl_key = </etc/letsencrypt/live/example.com/privkey.pem
    

    Save and close the file.
    Restart the postfix and dovecot services to use the new settings.

    $ sudo service postfix restart 
    $ sudo service dovecot restart
    

4. Install & Configure Roundcube

  1. To access Postfix and Dovecot servers, install Roundcube email client.

    $ sudo apt install -y roundcube
    
  2. Press ENTER to configure the database for use with Roundcube.

    Configure database for Roundcube

  3. On the next screen, enter a MySQL password to use with Roundcube.

    Database password for Roudcube

    Press TAB and ENTER.

    Repeat the same password then hit TAB and ENTER to continue.

  4. Open your website SSL configuration file from the /etc/apache2/sites-enabled directory. Run the command below and replace example.com with your domain name.

    $ sudo nano /etc/apache2/sites-enabled/example.com-le-ssl.conf
    

    Your website configuration file will be similar to the one shown below.

    ...
    <VirtualHost *:443>
        ServerAdmin admin@franktek.space
        ServerName franktek.space  
    ...    
    </VirtualHost>
    ...
    

    Add the entry Alias /mail /usr/share/roundcube after the entry ServerName example.com as shown below.

    ...
    <VirtualHost *:443>
        ServerAdmin admin@example.com
        ServerName example.com
       Alias /mail /usr/share/roundcube  
    ...    
    </VirtualHost>
    ...
    

    Save and close the file.

  5. Restart Apache.

    $ sudo service apache2 restart
    

5. Test the Email Service

To login to the email server using Roundcube, enter the URL shown below and replace example.com with your domain name.

https://mail.example.com/mail

You should see a screen similar to the one shown below. Enter the username and password you defined in the Dovecot password file, and log in.

Roundcube login page

Once logged in, you can send and receive emails from the Roundcube dashboard.

Want to contribute?

You could earn up to $300 by adding new articles