Pin Me

How to Build a Linux Server: E-mail Server

written by: Tolga BALCI•edited by: Lamar Stonecypher•updated: 6/2/2011

In a continuation of our series looking at building a Linux server, we discuss communications and building e-mail server architecture.

  • slide 1 of 4


    Managed vs. outsourced e-mail solutions are always in debate. As always both have pros and cons, but throughout the article we will go for a managed solution and build an e-mail server step by step.

    If you have read the article about building a network server, we have emphasized that the requirements for a server are not too high. We will implement our e-mail server on the same hardware. We will consider a small business case, but all the information that is presented in the article is infinitely scalable; you can run an ISP with the same programs or you can manage your family’s e-mails.

    Before getting our hands dirty, we must first understand some definitions. A Mail Transfer Agent (MTA) is a program which accepts and sends e-mail messages from the Internet. A Mail Delivery Agent (MDA) on the other hand allows your employees to send and receive e-mails from other locations. Therefore, implementing a MDA is essentially building a POP3/SMTP server.

  • slide 2 of 4

    Mail Transfer Agent

    Since retrieving messages from the Internet is the key, we must first set up a Mail Transfer Agent. Different distributions have different default MTA, for example Ubuntu and openSuSE have Postfix as the default MTA, whereas Red Hat implements Sendmail. The configurations of the programs are more or less the same for the experienced users, but for the sake of easiness, we will assume an Ubuntu Server installation with Postfix to get you going without changing the default MTA configuration.


    Make sure that you have the root account access, or you will not be able to save what we do here.


    Before we get our hands dirty with configuration, we have to make a note of our system mail name. I will assume and also we can send/receive mails from,, and localhost. The address for localhost is with Netmask ( for short.) The easiest way to configure Postfix will be to go through the /etc/postfix/ file. Before changing anything, back up the configuration file with cp /etc/postfix/ /etc/postfix/ so that if we mess something up, we can easily revert to the original file.


    Let’s define our system mail configuration:

    myhostname =

    alias_maps = hash:/etc/aliases

    alias_database = hash:/etc/aliases

    myorigin = /etc/mailname

    mydestination =,, localhost,, localhost

    relayhost =

    mynetworks =


    To secure our e-mail sending, we proceed to add SMTP (Simple Mail Transfer Protocol) Authentication:

    smtpd_sasl_local_domain =

    smtpd_sasl_auth_enable = yes

    smtpd_sasl_security_options = noanonymous

    broken_sasl_auth_clients = yes

    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

    smtpd_tls_auth_only = no

    But we need to edit the /etc/postfix/sasl/smtpd.conf file also. This is simple: append the following configuration parameters at the end of the file:

    pwcheck_method: saslauthd

    mech_list: plain login

    And we configure Postfix to impose TLS encryption both to incoming and outgoing e-mails:

    smtp_tls_security_level = may

    smtpd_tls_security_level = may

    smtp_tls_note_starttls_offer = yes

    smtpd_tls_key_file = /etc/ssl/private/smtpd.key

    smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt

    smtpd_tls_CAfile = /etc/ssl/cacert.pem

    smtpd_tls_loglevel = 1

    smtpd_tls_received_header = yes

    smtpd_tls_session_cache_timeout = 3600s

    tls_random_source = dev:/dev/urandom

    After making all the configurations, give Postfix a restart by /etc/init.d/postfix restart.  

  • slide 3 of 4

    Mail Delivery Agent

    After we complete our tasks with the MTA, we will go on with the Mail Delivery Agent. We will use Dovecot for this purpose. To configure Dovecot, we will edit the configuration file in /etc/dovecot.conf. We will again make a back up to be safe with cp /etc/dovecot.conf /etc/dovecot.conf.old.

    To make our users’ lives easier, we will let them use UNIX username and passwords as their e-mail username and passwords. For this, we will go with the Pluggable Application Modules (PAM) and authenticate the users by checking their shadow passwords.

    In addition, we will decide on whether to use maildir or mbox folders. Both have their pros and cons but we will go maildir option.

    Now, open up the /etc/dovecot.conf file and amend the following lines:

    protocols = imap imaps pop3 pop3s

    imap_listen = *

    pop3_listen = *

    imaps_listen = *

    pop3s_listen = *

    OK, we have enabled the POP3, IMAP and Secure POP3 for Dovecot. Amend the following line to enable maildir:

    mail_location = maildir:/home/%u/Maildir

    We must make our Postfix aware of using maildir, so we go back to edit our /etc/postfix/ file and set home_mailbox to Maildir/ (home_mailbox = Maildir/). You can set up user’s default mail folders such as Inbox, Sent, Trash, Drafts and Templates. I will point you to Dovecot’s website to go through the configuration and to experiment yourself to some extent.

    Finally, we make our configuration for the PAM. Insert the following lines into /etc/pam.d/dovecot:

    passdb pam


    # use /etc/pam.d/imap and /etc/pam.d/pop3

    args = *


    passdb pam {

    # use /etc/pam.d/mail

    args = mail


    And the following to your /etc/dovecot.conf file:

    passdb pam


    args = session=yes dovecot


  • slide 4 of 4


    If you are running a small business, I definitely suggest you to outsource your e-mail management. In-house e-mail management sounds too good to be true but keep in mind that the possible down times that will occur will be intolerable. Add regular e-mail backups to this picture and you will be starting a very difficult and very costly adventure.

Building a Linux Server

In this series we look at building and configuring a Linux server from scratch. We will look at configuration in detail and we will determine ways to keep our server as secure as possible.
  1. How to Build a Linux Server: Secure Server and Secure Network
  2. How to Build a Linux Server: Network, File, Print and Proxy Servers
  3. How to Build a Linux Server: E-mail Server
  4. How to Build a Linux Server: Collaboration
  5. How to Build a Linux Server: Anti-malware and Anti-spam Protection