First, make sure that the DNS is configured correctly, then install and configure Postfix, Dovecot, MariaDB, SpamAssassin and ClamAV in turn. 1. Set up the system host name and DNS record; 2. Install Postfix and configure virtual user support; 3. Install Dovecot and set mail storage and SSL; 4. Deploy SpamAssassin and ClamAV to achieve spam and virus filtering; 5. Test SMTP/IMAP service and continuously monitor logs, and finally ensure that the mail server runs safely and stably by correctly configuring TLS and authentication mechanisms.
Setting up a mail server on Linux can seem intimidating, but with the right tools and a clear plan, it's entirely manageable. A functional mail server lets you send and receive emails under your own domain, giving you full control over your email environment. This guide walks you through the essential steps using widely supported open-source software: Postfix (SMTP), Dovecot (IMAP/POP3), and MariaDB/MySQL (for user and domain management), along with SpamAssassin and ClamAV for spam and virus filtering.
Note: Hosting your own mail server requires careful attention to DNS, security, and delivery ability. Poor configuration can lead to emails being marked as spam or rejected outright.
1. Prerequisites and Initial Setup
Before installing any mail components, ensure your system is ready:
- A Linux server (Ubuntu 22.04 or Debian 12 recommended)
- Static IP address
- Fully qualified domain name (FQDN) like
mail.yourdomain.com - DNS records properly configured (A, MX, SPF, DKIM, DMARC)
Basic System Setup
# Update system sudo apt update && sudo apt upgrade -y # Set correct hostname sudo hostnamectl set-hostname mail.yourdomain.com
Update /etc/hosts :
127.0.0.1 localhost YOUR_SERVER_IP mail.yourdomain.com mail
Required DNS Records
| Type | Name | Value |
|---|---|---|
| A | mail.yourdomain.com | YOUR_SERVER_IP |
| MX | yourdomain.com | mail.yourdomain.com (priority 10) |
| txt | yourdomain.com | v=spf1 a mx ip4:YOUR_SERVER_IP ~all |
| txt | default._domainkey.yourdomain.com | (DKIM key, added later) |
2. Install and Configure Postfix (SMTP Server)
Postfix handles sending and receiving mail.
sudo apt install postfix mariadb-server mariadb-client -y
During installation, choose "Internet Site" and set the system mail name to your domain (eg, yourdomain.com ).
Edit Postfix Configuration
Edit /etc/postfix/main.cf :
myhostname = mail.yourdomain.com mydomain = yourdomain.com myorigin = $mydomain inet_interfaces = all mydestination = localhost, $mydomain, mail.$mydomain home_mailbox = Maildir/ # Enable virtual domains and users virtual_transport = virtual virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
Create MySQL Configuration Files
Create /etc/postfix/mysql-virtual-mailbox-domains.cf :
hosts = localhost user = mailuser password = yourpassword dbname = mailserver query = SELECT 1 FROM virtual_domains WHERE name='%s'
Repeat similarly for mysql-virtual-mailbox-maps.cf and mysql-virtual-alias-maps.cf (standard queries can be found in most mail server guidelines).
You'll need to create the database and tables for virtual domains, mailboxes, and aliases. Use a guide or script to set up the schema.
Restart Postfix:
sudo systemctl restart postfix
3. Install and Configure Dovecot (IMAP/POP3)
Dovecot allows users to retrieve mail.
sudo apt install dovecot-core dovecot-imapd dovecot-mysql -y
Configure Dovecot
Edit /etc/dovecot/dovecot.conf :
protocols = imap pop3 mail_location = maildir:/var/mail/vhosts/%d/%n
Set up authentication in /etc/dovecot/conf.d/auth-sql.conf.ext :
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
} Ensure the vmail user exists:
sudo groupadd -g 5000 vmail sudo useradd -g vmail -u 5000 vmail -d /var/mail/vhosts -s /sbin/nologin sudo mkdir -p /var/mail/vhosts sudo chown -R vmail:vmail /var/mail/vhosts
Enable SSL (strongly recommended):
Use Let's Encrypt:
sudo apt install certbot -y sudo certbot certonly --standalone -d mail.yourdomain.com
Then point Dovecot and Postfix to the certs in their config files:
ssl_cert = </etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.yourdomain.com/privkey.pem
Restart Dovecot:
sudo systemctl restart dovecot
4. Add Spam and Virus Filtering
Install SpamAssassin and ClamAV:
sudo apt install spamassassin clamav clamav-daemon -y
Enable SpamAssassin:
sudo systemctl enable spamassassin sudo systemctl start spamassassin
Integrate with Postfix via master.cf :
smtp inet n - y - - smtpd
-o content_filter=spamassassin
...
spamassassin unix - nn - pipe
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} ClamAV can be integrated similarly or used with amavisd-new for a more robust filter pipeline.
5. Test and Monitor Your Mail Server
Basic Testing
- Send a test email from an external account to your domain.
- Use
telnetorswaksto test SMTP:swaks --to user@yourdomain.com --from test@gmail.com --server mail.yourdomain.com
- Connect via Thunderbird or Outlook using:
- IMAP:
mail.yourdomain.com, port 993, SSL/TLS - SMTP:
mail.yourdomain.com, port 587, STARTTLS
- IMAP:
Check Logs
Monitor for issues:
sudo tail -f /var/log/mail.log
Look for delivery errors, authentication failures, or rejection messages.
Final Notes
Running a reliable mail server requires ongoing maintenance:
- Keep software updated
- Monitor blacklists (eg, via mxtoolbox.com)
- Rotate DKIM keys periodically
- Back up MySQL data and configs
- Consider using tools like OpenDKIM and OpenDMARC for better authentication
While self-hosting gives control, it also demands responsibility. Many small organizations opt for third-party services (like Fastmail or MXRoute) for better delivery ability and less overhead.
But if you're learning, experimenting, or need full control—setting up your own mail server is a valuable skill.
Basically, get DNS right, secure services with TLS, and validate each component step by step.
The above is the detailed content of A Guide to Setting Up a Mail Server on Linux. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Install LXC (Linux Containers) in RHEL, Rocky & AlmaLinux
Jul 05, 2025 am 09:25 AM
LXD is described as the next-generation container and virtual machine manager that offers an immersive for Linux systems running inside containers or as virtual machines. It provides images for an inordinate number of Linux distributions with support
Clear Linux Distro - Optimized for Performance and Security
Jul 02, 2025 am 09:49 AM
Clear Linux OS is the ideal operating system for people – ahem system admins – who want to have a minimal, secure, and reliable Linux distribution. It is optimized for the Intel architecture, which means that running Clear Linux OS on AMD sys
How to create a self-signed SSL certificate using OpenSSL?
Jul 03, 2025 am 12:30 AM
The key steps for creating a self-signed SSL certificate are as follows: 1. Generate the private key, use the command opensslgenrsa-outselfsigned.key2048 to generate a 2048-bit RSA private key file, optional parameter -aes256 to achieve password protection; 2. Create a certificate request (CSR), run opensslreq-new-keyselfsigned.key-outselfsigned.csr and fill in the relevant information, especially the "CommonName" field; 3. Generate the certificate by self-signed, and use opensslx509-req-days365-inselfsigned.csr-signk
7 Ways to Speed Up Firefox Browser in Linux Desktop
Jul 04, 2025 am 09:18 AM
Firefox browser is the default browser for most modern Linux distributions such as Ubuntu, Mint, and Fedora. Initially, its performance might be impressive, however, with the passage of time, you might notice that your browser is not as fast and resp
How to extract a .tar.gz or .zip file?
Jul 02, 2025 am 12:52 AM
Decompress the .zip file on Windows, you can right-click to select "Extract All", while the .tar.gz file needs to use tools such as 7-Zip or WinRAR; on macOS and Linux, the .zip file can be double-clicked or unzip commanded, and the .tar.gz file can be decompressed by tar command or double-clicked directly. The specific steps are: 1. Windows processing.zip file: right-click → "Extract All"; 2. Windows processing.tar.gz file: Install third-party tools → right-click to decompress; 3. macOS/Linux processing.zip file: double-click or run unzipfilename.zip; 4. macOS/Linux processing.tar
How to troubleshoot DNS issues on a Linux machine?
Jul 07, 2025 am 12:35 AM
When encountering DNS problems, first check the /etc/resolv.conf file to see if the correct nameserver is configured; secondly, you can manually add public DNS such as 8.8.8.8 for testing; then use nslookup and dig commands to verify whether DNS resolution is normal. If these tools are not installed, you can first install the dnsutils or bind-utils package; then check the systemd-resolved service status and configuration file /etc/systemd/resolved.conf, and set DNS and FallbackDNS as needed and restart the service; finally check the network interface status and firewall rules, confirm that port 53 is not
Install Guacamole for Remote Linux/Windows Access in Ubuntu
Jul 08, 2025 am 09:58 AM
As a system administrator, you may find yourself (today or in the future) working in an environment where Windows and Linux coexist. It is no secret that some big companies prefer (or have to) run some of their production services in Windows boxes an
How would you debug a server that is slow or has high memory usage?
Jul 06, 2025 am 12:02 AM
If you find that the server is running slowly or the memory usage is too high, you should check the cause before operating. First, you need to check the system resource usage, use top, htop, free-h, iostat, ss-antp and other commands to check CPU, memory, disk I/O and network connections; secondly, analyze specific process problems, and track the behavior of high-occupancy processes through tools such as ps, jstack, strace; then check logs and monitoring data, view OOM records, exception requests, slow queries and other clues; finally, targeted processing is carried out based on common reasons such as memory leaks, connection pool exhaustion, cache failure storms, and timing task conflicts, optimize code logic, set up a timeout retry mechanism, add current limit fuses, and regularly pressure measurement and evaluation resources.
