Complete Guide: Configure an Email Server on Ubuntu 24.04 with Postfix & Dovecot

Complete Guide: Configure an Email Server on Ubuntu 24.04 with Postfix & Dovecot
Photo by Mariia Shalabaieva / Unsplash

1. Domain Registration

Before setting up your mail server, you need a domain.

Steps

  1. Register a domain from a registrar:

    • Namecheap
    • GoDaddy
    • Cloudflare Registrar
    • Google Domains (if available in your region)
  2. Choose a domain like: example.com

  3. Ensure you have access to DNS management.


2. Server Requirements

You need an Ubuntu 24.04 server with:

  • Static public IP (important)
  • Open ports:
    • 25 (SMTP)
    • 587 (Submission)
    • 465 (SMTPS optional)
    • 143 (IMAP)
    • 993 (IMAPS)
    • 110 (POP3 optional)
    • 995 (POP3S optional)

3. Update System

sudo apt update && sudo apt upgrade -y

4. Install Postfix (SMTP Server)

Installation

sudo apt install postfix -y

During installation:

  • Select: Internet Site
  • Set system mail name: example.com

Configure Postfix

Edit:

sudo nano /etc/postfix/main.cf

Basic configuration:

myhostname = mail.example.com
mydomain = example.com
myorigin = /etc/mailname
inet_interfaces = all
inet_protocols = all

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
home_mailbox = Maildir/

smtpd_banner = $myhostname ESMTP

Enable SMTP authentication

Later we integrate with Dovecot:

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destination

5. Install Dovecot (IMAP/POP3 Server)

sudo apt install dovecot-core dovecot-imapd dovecot-pop3d -y

Configure Mailbox Format

Edit:

sudo nano /etc/dovecot/conf.d/10-mail.conf

Set:

mail_location = maildir:~/Maildir

Enable IMAP & POP3

Edit:

sudo nano /etc/dovecot/dovecot.conf

Ensure:

protocols = imap pop3

Configure Authentication Socket for Postfix

Edit:

sudo nano /etc/dovecot/conf.d/10-master.conf

Add:

service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}

6. Install OpenDKIM (Email Signing)

sudo apt install opendkim opendkim-tools -y

Generate DKIM key

sudo opendkim-genkey -s mail -d example.com

Move keys:

sudo mv mail.private /etc/opendkim/keys/example.com/

Configure OpenDKIM

Edit:

sudo nano /etc/opendkim.conf

Add:

Domain                  example.com
KeyFile                 /etc/opendkim/keys/example.com/mail.private
Selector                mail
Socket                  local:/var/spool/postfix/run/opendkim/opendkim.sock

Connect to Postfix

smtpd_milters = local:/var/spool/postfix/run/opendkim/opendkim.sock
non_smtpd_milters = local:/var/spool/postfix/run/opendkim/opendkim.sock

7. DNS Configuration (VERY IMPORTANT)

All DNS records must be configured correctly for deliverability.


7.1 A Record

mail.example.com → x.x.x.x

7.2 MX Record

example.com → mail.example.com (priority 10)

7.3 SPF (TXT record)

example.com TXT

v=spf1 mx ip4:x.x.x.x -all

7.4 DKIM Record

mail._domainkey.example.com TXT

v=DKIM1; k=rsa; p=PUBLIC_KEY_HERE

7.5 DMARC Record

_dmarc.example.com TXT

v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; adkim=s; aspf=s; pct=100

Recommended later:

p=reject

7.6 MTA-STS (Security)

DNS record:

_mta-sts.example.com TXT

v=STSv1; id=2026070501

Policy file:

Host:

https://mta-sts.example.com/.well-known/mta-sts.txt

Content:

version: STSv1
mode: enforce
mx: mail.example.com
max_age: 604800

7.7 TLS Reporting (TLS-RPT)

_smtp._tls.example.com TXT

v=TLSRPTv1; rua=mailto:tlsrpt@example.com

8. SSL/TLS Setup (Let’s Encrypt)

Install Certbot:

sudo apt install certbot -y

Generate certificate:

sudo certbot certonly --standalone -d mail.example.com

Configure Postfix TLS:

smtpd_tls_cert_file=/etc/letsencrypt/live/mail.example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.example.com/privkey.pem
smtpd_tls_security_level=may

Configure Dovecot TLS:

ssl = required
ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pem

9. Open Required Ports

sudo ufw allow 25
sudo ufw allow 587
sudo ufw allow 465
sudo ufw allow 143
sudo ufw allow 993
sudo ufw enable

10. Restart Services

sudo systemctl restart postfix
sudo systemctl restart dovecot
sudo systemctl restart opendkim

11. Testing Email Setup

Check DNS

dig MX example.com
dig TXT example.com

Check DKIM

opendkim-testkey -d example.com -s mail -vvv

Send test email

Use:

  • Gmail
  • Mail-Tester.com

Check:

  • SPF PASS
  • DKIM PASS
  • DMARC PASS

12. Deliverability Best Practices

To avoid spam filtering:

Always:

  • Use verified email lists
  • Enable unsubscribe links
  • Warm up IP gradually
  • Monitor bounce rates

Avoid:

  • Bulk sending immediately
  • Purchased email lists
  • High bounce rates

13. Production Architecture Recommendation

For better scalability:

Apps → Postfix (queue) → DKIM → SMTP → Internet
        ↓
   Dovecot (mailboxes)

For marketing:

  • Use separate domain or IP
  • Use rate limiting
  • Track engagement

14. Summary

A production email server requires:

  • Proper DNS (SPF, DKIM, DMARC)
  • Correct Postfix + Dovecot configuration
  • TLS encryption
  • IP reputation management
  • Controlled sending behavior

Final Note

Self-hosted email servers give full control but require careful management of:

  • reputation
  • deliverability
  • rate limits

For bulk marketing, consider separating transactional mail and marketing infrastructure to maintain inbox placement quality.

Read more