How to Install and Configure a Secure Mail Server on Ubuntu 22.04
Running your own mail server gives you full control over email delivery, security, and customization. Whether you’re hosting corporate email or setting up a custom domain, Ubuntu 22.04 provides a stable foundation for building a reliable and secure mail service.
This step-by-step guide covers everything — from installing core packages to securing connections and testing your setup.
🚀 Why Run Your Own Mail Server?
- Full control over email policies and data privacy.
- Brand credibility by sending from your own domain (e.g.,
you@example.com). - Custom security with SPF, DKIM, DMARC, and encryption.
1. Update Your System
Start with a clean, updated server:
sudo apt update && sudo apt upgrade -y
2. Install Required Mail Packages
We’ll use Postfix (MTA), Dovecot (IMAP/POP3), OpenDKIM, and OpenDMARC for authentication and security.
sudo apt install -y postfix postfix-mysql dovecot-core dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-lmtpd opendkim opendkim-tools opendmarc mailutils certbot python3-certbot-nginx
When prompted during Postfix installation:
- Configuration type: Internet Site
- System mail name: Your domain (e.g.,
example.com)
3. Configure Firewall Rules (iptables)
Security is critical. Let’s allow only necessary ports for mail traffic.
Create and run a setup script:
vim iptables_smtp_setup.sh
Paste the following:
#!/bin/bash
sudo ufw disable
sudo apt update && sudo apt install -y iptables iptables-persistent
# Clear old rules
sudo iptables -F && sudo iptables -X
sudo iptables -t nat -F && sudo iptables -t nat -X
sudo iptables -t mangle -F && sudo iptables -t mangle -X
# Allow loopback & established connections
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Allow SMTP/IMAP/POP3 over SSL
sudo iptables -A INPUT -p tcp --dport 25 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 465 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 587 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 993 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 995 -j ACCEPT
# Default policy
sudo iptables -P INPUT DROP
sudo netfilter-persistent save
Run:
chmod +x iptables_smtp_setup.sh
sudo ./iptables_smtp_setup.sh
4. Configure Postfix
Edit the main configuration file:
sudo nano /etc/postfix/main.cf
Add or update:
myhostname = mail.example.com
mydestination = $myhostname, localhost, localhost.localdomain
mynetworks = 127.0.0.0/8 [::1]/128
smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem
smtpd_use_tls=yes
smtpd_tls_security_level=may
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
Restart Postfix:
sudo systemctl restart postfix
5. Install and Configure PostfixAdmin
PostfixAdmin provides a web interface to manage domains and mailboxes.
sudo apt install -y postfixadmin
- Configure MySQL/MariaDB and create a database for PostfixAdmin.
- Set up Nginx to serve the PostfixAdmin web interface.
6. Install Web Server (Nginx + PHP + MariaDB)
sudo apt install -y nginx php php-fpm php-mysql mariadb-server
sudo systemctl enable --now nginx php7.4-fpm mariadb
7. Secure with SSL Certificates
Use Let’s Encrypt for free HTTPS:
sudo certbot --nginx -d mail.example.com
8. Install and Configure Dovecot
Dovecot handles email retrieval over IMAP and POP3.
sudo apt install dovecot-core dovecot-imapd dovecot-pop3d -y
Edit mail location:
sudo nano /etc/dovecot/conf.d/10-mail.conf
Set:
mail_location = maildir:~/Maildir
Enable authentication:
sudo nano /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login
Restart:
sudo systemctl restart dovecot
9. Test Your Mail Server
- Check SMTP port:
telnet mail.example.com 25
- Verify MX record:
Use your DNS provider’s tools or:
dig MX example.com
-
Connect with an email client (Thunderbird, Outlook) using:
- IMAP (SSL):
993 - SMTP (STARTTLS):
587
- IMAP (SSL):
✅ Conclusion
You’ve now set up a fully functional, secure mail server on Ubuntu 22.04 — complete with encryption, authentication, and firewall protection.
Running your own mail server isn’t just about sending and receiving email — it’s about control, privacy, and professionalism.
Next step: Strengthen deliverability with SPF, DKIM, and DMARC to keep your messages out of spam folders.
🚀 Explore more guides on our blog 👉 blog.1it.pro
📧 Contact us: admin@1it.pro for expert IT guidance.
🌐 Explore more: Visit 1it.pro for top-tier IT solutions.