Complete Guide: Configure an Email Server on Ubuntu 24.04 with Postfix & Dovecot
1. Domain Registration
Before setting up your mail server, you need a domain.
Steps
-
Register a domain from a registrar:
- Namecheap
- GoDaddy
- Cloudflare Registrar
- Google Domains (if available in your region)
-
Choose a domain like:
example.com -
Ensure you have access to DNS management.
2. Server Requirements
You need an Ubuntu 24.04 server with:
- Static public IP (important)
- Open ports:
- 25 (SMTP)
- 587 (Submission)
- 465 (SMTPS optional)
- 143 (IMAP)
- 993 (IMAPS)
- 110 (POP3 optional)
- 995 (POP3S optional)
3. Update System
sudo apt update && sudo apt upgrade -y
4. Install Postfix (SMTP Server)
Installation
sudo apt install postfix -y
During installation:
- Select: Internet Site
- Set system mail name:
example.com
Configure Postfix
Edit:
sudo nano /etc/postfix/main.cf
Basic configuration:
myhostname = mail.example.com
mydomain = example.com
myorigin = /etc/mailname
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP
Enable SMTP authentication
Later we integrate with Dovecot:
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
5. Install Dovecot (IMAP/POP3 Server)
sudo apt install dovecot-core dovecot-imapd dovecot-pop3d -y
Configure Mailbox Format
Edit:
sudo nano /etc/dovecot/conf.d/10-mail.conf
Set:
mail_location = maildir:~/Maildir
Enable IMAP & POP3
Edit:
sudo nano /etc/dovecot/dovecot.conf
Ensure:
protocols = imap pop3
Configure Authentication Socket for Postfix
Edit:
sudo nano /etc/dovecot/conf.d/10-master.conf
Add:
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
6. Install OpenDKIM (Email Signing)
sudo apt install opendkim opendkim-tools -y
Generate DKIM key
sudo opendkim-genkey -s mail -d example.com
Move keys:
sudo mv mail.private /etc/opendkim/keys/example.com/
Configure OpenDKIM
Edit:
sudo nano /etc/opendkim.conf
Add:
Domain example.com
KeyFile /etc/opendkim/keys/example.com/mail.private
Selector mail
Socket local:/var/spool/postfix/run/opendkim/opendkim.sock
Connect to Postfix
smtpd_milters = local:/var/spool/postfix/run/opendkim/opendkim.sock
non_smtpd_milters = local:/var/spool/postfix/run/opendkim/opendkim.sock
7. DNS Configuration (VERY IMPORTANT)
All DNS records must be configured correctly for deliverability.
7.1 A Record
mail.example.com → x.x.x.x
7.2 MX Record
example.com → mail.example.com (priority 10)
7.3 SPF (TXT record)
example.com TXT
v=spf1 mx ip4:x.x.x.x -all
7.4 DKIM Record
mail._domainkey.example.com TXT
v=DKIM1; k=rsa; p=PUBLIC_KEY_HERE
7.5 DMARC Record
_dmarc.example.com TXT
v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; adkim=s; aspf=s; pct=100
Recommended later:
p=reject
7.6 MTA-STS (Security)
DNS record:
_mta-sts.example.com TXT
v=STSv1; id=2026070501
Policy file:
Host:
https://mta-sts.example.com/.well-known/mta-sts.txt
Content:
version: STSv1
mode: enforce
mx: mail.example.com
max_age: 604800
7.7 TLS Reporting (TLS-RPT)
_smtp._tls.example.com TXT
v=TLSRPTv1; rua=mailto:tlsrpt@example.com
8. SSL/TLS Setup (Let’s Encrypt)
Install Certbot:
sudo apt install certbot -y
Generate certificate:
sudo certbot certonly --standalone -d mail.example.com
Configure Postfix TLS:
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.example.com/privkey.pem
smtpd_tls_security_level=may
Configure Dovecot TLS:
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pem
9. Open Required Ports
sudo ufw allow 25
sudo ufw allow 587
sudo ufw allow 465
sudo ufw allow 143
sudo ufw allow 993
sudo ufw enable
10. Restart Services
sudo systemctl restart postfix
sudo systemctl restart dovecot
sudo systemctl restart opendkim
11. Testing Email Setup
Check DNS
dig MX example.com
dig TXT example.com
Check DKIM
opendkim-testkey -d example.com -s mail -vvv
Send test email
Use:
- Gmail
- Mail-Tester.com
Check:
- SPF PASS
- DKIM PASS
- DMARC PASS
12. Deliverability Best Practices
To avoid spam filtering:
Always:
- Use verified email lists
- Enable unsubscribe links
- Warm up IP gradually
- Monitor bounce rates
Avoid:
- Bulk sending immediately
- Purchased email lists
- High bounce rates
13. Production Architecture Recommendation
For better scalability:
Apps → Postfix (queue) → DKIM → SMTP → Internet
↓
Dovecot (mailboxes)
For marketing:
- Use separate domain or IP
- Use rate limiting
- Track engagement
14. Summary
A production email server requires:
- Proper DNS (SPF, DKIM, DMARC)
- Correct Postfix + Dovecot configuration
- TLS encryption
- IP reputation management
- Controlled sending behavior
Final Note
Self-hosted email servers give full control but require careful management of:
- reputation
- deliverability
- rate limits
For bulk marketing, consider separating transactional mail and marketing infrastructure to maintain inbox placement quality.