How to set up a mail server on your Raspberry Pi?

how to install mail server raspberry pi

There are a lot of projects where you need to be able to send emails, but creating a mail server can also be a project in its own
So we will see the different steps of setting up a web server, be it a simple SMTP or a complete suite with a webmail

How to set up a mail server on your Raspberry Pi?
The installation of a mail server on Raspberry Pi must be done in several steps:

  • Install Postfix to send emails
  • Set up Postfix to receive emails
  • Add Dovecot for POP / IMAP management
  • Install Roundcube as webmail

We will now see each one of these steps in detail


If you want to set up an SMTP server, the requirements are almost non-existent
A Raspberry Pi and an SMTP server that will serve as a relay is sufficient (Gmail for example)

If you want to follow the tutorial until the end you will need:

  • A Raspberry Pi
  • A domain name (I will use in all the steps below, don’t forget to change it)
  • A static public IP address (or at least one dynamic DNS service)

Also, know that I make this tutorial on Raspbian, so it I recommend to install Raspbian first (lite will be enough) by following this tutorial
I suggest you to use SSH to follow this tutorial from your usual computer and copy/paste commands and configurations

Security warning

Creating your secure mail server is not always easy
It’s easy to miss a setup and turn your server into an open SMTP relay for the world, or get spammed over

So be sure to follow this tutorial precisely and then monitor the system logs to make sure that you are the only one doing the actions that are happening on your server
Setting up additional security features such as a firewall or fail2ban service can also be a good idea

DNS Configuration

IP Address

In the next steps, we will change our domain name DNS settings to use our IP address as the mail server

If you don’t have a static public IP address, you will need to use a free dynamic DNS service like No-IP to redirect a domain to your dynamic IP address
You’ll have to install a tool to give them regularly your current IP address, and they will redirect a domain like to your last known IP address
Also if you don’t have a domain name, I think that you can use this alias directly

For an email server, it’s not a perfect option, because you’ll have small downtimes when your IP change, but if you’re not too serious about your emails, it’s going to be fine

DNS zone configuration

Now you need to go to your domain name registrar and change this zones to match your current IP address (or your dynamic DNS provider domain name):

  • MX

The MX one is mandatory to receive email on your Raspberry Pi

The other ones are just easy to remember names for access to your emails

Changes may take up to 24 hours before applying
You can monitor the progress of the changes with an online tool like

Send emails with Postfix

Now let’s move on to the main things and so to the installation of Postfix

Postfix will be the base of our mail server.
It will allow us to send and receive emails corresponding to our domain name
In this step, we’ll see how to send emails


Start by installing the Postfix package:

sudo apt-get install postfix

During the installation you’ll have to choose this two configuration options:

  • The general type of mail configuration: Internet site
  • System mail name:

Now we will make two changes in the configuration that has been generated

  • Open the configuration file
    sudo nano /etc/postfix/
  • Disable IPv6 management
    • Replace
      inet_protocols = all
    • By
      inet_protocols = ipv4
  • Enter your domain name as myhostname
  • If you are on a local network, most of the Internet providers don’t allow to send emails directly
    So you may need to add a relay host in your configuration
    Ask your provider for the server to use as a relay
    relayhost =
  • Save and exit (CTRL+O, Enter, CTRL+X)
  • Restart Postfix
    sudo service postfix restart

At this point, the server should start properly without startup errors
If this is not the case, look to solve these problems before continuing


We’ll now make our first test by sending an email from the Raspberry Pi


For this test, we’ll use telnet to connect to postfix

  • Install telnet
    sudo apt-get install telnet
  • Connect to the SMTP server
    telnet localhost 25
  • Enter this series of commands
    • ehlo
    • mail from:
    • rcpt to:
    • data
    • Subject: test
    • Test
    • .
    • quit
  • This commands sequence will create an email and send it to (external email address)

Here is the full trace:

pi@raspberrypi:~ $ telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 ESMTP Postfix (Raspbian)
250-SIZE 10240000
mail from:
250 2.1.0 Ok
rcpt to:
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
Subject: test
250 2.0.0 Ok: queued as 44EAE1FE54
221 2.0.0 Bye


If you are looking for a most friendly way to do this, you can install mailutils to use the mail command

  • Install mailutils
    sudo apt-get install mailutils
  • Send a test email with the mail command
    echo 'Test' | mail -s "Test mail command"

In both cases, you can follow the email sending in this log file: /var/log/mail.log

Receive emails with Postfix

Now it’s time to edit our Postfix configuration to receive emails


We’ll do this by using the Maildir mailboxes format
Maildir is a safe and easy way to store emails: each mailbox is a directory, and each email is a file

  • Edit the configuration file
    sudo nano /etc/postfix/
  • Add these lines at the end of the file
    home_mailbox = Maildir/
    mailbox_command =

    This configuration will tell Postfix to create a Maildir folder for each system user
    This folder will now host your new incoming emails

Now we need to create the Maildir folder template by following these steps

  • Install this packages
    sudo apt-get install dovecot-common dovecot-imapd
  • Create folders in the template directory
    sudo maildirmake.dovecot /etc/skel/Maildir
    sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts
    sudo maildirmake.dovecot /etc/skel/Maildir/.Sent
    sudo maildirmake.dovecot /etc/skel/Maildir/.Spam
    sudo maildirmake.dovecot /etc/skel/Maildir/.Trash
    sudo maildirmake.dovecot /etc/skel/Maildir/.Templates

These templates will be used for the next users you will create
But for those already existing, you have to do it manually

For example, you have to run this commands for pi:

sudo cp -r /etc/skel/Maildir /home/pi/
sudo chown -R pi:pi /home/pi/Maildir
sudo chmod -R 700 /home/pi/Maildir


You can now repeat the same kind of test as before, but put the user pi in the receiver

echo "Test" | mail -s "Test"

And then check that the mail has arrived in the Maildir folder

pi@raspberrypi:~ $ cat /home/pi/Maildir/new/1535959347.Vb302I3dc1bM266961.raspberrypi
Return-Path: <pi@raspberrypi>
Received: by (Postfix, from userid 1000)
        id 26B5020423; Mon,  3 Sep 2018 07:22:27 +0000 (UTC)
Subject: Test
To: <>
X-Mailer: mail (GNU Mailutils 3.1.1)
Message-Id: <>
Date: Mon,  3 Sep 2018 07:22:27 +0000 (UTC)
From: pi@raspberrypi


You should have only one mail in the new folder, use tab auto-completion to find it
As you can see the return path address is not correct, you have to change your hostname to fix this

sudo hostname

But we reach our goal for this step.
We receive emails sent to our domain

Secure the mail server

As I said at the beginning, there are some options to put in place to secure a minimum of the web server

  • Edit your configuration file
    nano /etc/postfix/
  • Add these lines at the end of the file
    smtpd_helo_restrictions =
            check_helo_access hash:/etc/postfix/helo_access

    This configuration will limit SMTP usage to the local network and reject people saying that they are from your domain name

  • Create the helo_access file
    sudo nano /etc/postfix/helo_access

    In this file, we need to put the list of domain name we want to block

  • Paste these lines into it

    Replace X.X.X.X with your public IP address

  • Restart postfix daemon
    sudo service postfix restart

Install Dovecot to allow POP and IMAP connections

We now have a functional and secure mail server
So we will move on to the next part, which is to make this mail server accessible to POP and IMAP clients via SASL authentication.

As you may have noticed, we already installed Dovecot in the previous step to create Maildir folders
The only thing left to do is to finalize the configuration


  • Open the Dovecot configuration file
    sudo nano /etc/dovecot/dovecot.conf
  • Remove IPV6 support
    • Replace
      #listen = *, ::
    • By
      listen = *
  • Open the Dovecot mail configuration file
    sudo nano /etc/dovecot/conf.d/10-mail.conf
  • Edit the Maildir folder
    • Replace
      mail_location = mbox:~/mail:INBOX=/var/mail/%u
    • By
      mail_location = maildir:~/Maildir
  • Open the Dovecot master configuration file
    sudo nano /etc/dovecot/conf.d/10-master.conf
  • Tell Dovecot to listen for SASL authentification
    • Comment all lines from the default service auth paragraph (add # before each line)
    • Add these lines a the end of the file
      service auth {
              unix_listener /var/spool/postfix/private/auth {
                      mode = 0660
                      user = postfix
                      group = postfix
  • Open the Dovecot auth configuration file
    sudo nano /etc/dovecot/conf.d/10-auth.conf
  • Allow plaintext auth
    • Uncomment and edit this line
      #disable_plaintext_auth = yes
    • To become this one
      disable_plaintext_auth = no
  • Edit this line too
    auth_mechanisms = plain login
  • Edit the Postfix configuration file
    sudo nano /etc/postfix/
  • Tell Postfix to use SASL (add these lines)
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
  • Restart Dovecot and Postfix
    sudo service postfix restart
    sudo service dovecot restart


To test that SASL authentication works well, we will create a test user and try to connect to the mail server with it

User creation

Create a new user with login test and the password you want

adduser test

Get the encoded password

We need to get our password in a base64 encoded format
You can get it with this command:

printf '\0%s\0%s' '[LOGIN]' '[PASSWORD]' | openssl base64

In my case (test/password), the string displayed is AHRlc3QAcGFzc3dvcmQ=

Log in

We can now retry a connection with telnet by specifying this string for identification
The only change is that we need to use the AUTH PLAIN command to log in

pi@raspberrypi:~ $ telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 ESMTP Postfix (Raspbian)
250-SIZE 10240000
250 DSN
235 2.7.0 Authentication successful
mail from:
250 2.1.0 Ok
rcpt to:
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
Subject: test
250 2.0.0 Ok: queued as 44EAE1FE54
221 2.0.0 Bye

Enable IMAPS

Dovecot allow us to connect with IMAP (telnet localhost 143)
But we now need to enable TLS for IMAP on the port 993

  • Edit the Dovecot master configuration file
    sudo nano /etc/dovecot/conf.d/10-master.conf
  • Enable listener on the port 993
    The configuration should look like this
    service imap-login {
      inet_listener imap {
        port = 143
      inet_listener imaps {
        port = 993
        ssl = yes
  • Then edit the SSL configuration file
    sudo nano /etc/dovecot/conf.d/10-ssl.conf
  • Enable SSL by editing the first line of the file
    ssl = yes
  • Then uncomment the certificate locations
    ssl_cert = </etc/dovecot/dovecot.pem
    ssl_key = </etc/dovecot/private/dovecot.pem
  • You also have to uncomment the ssl_protocols options to deny SSLv3
    ssl_protocols = !SSLv3
  • Finally, restart Dovecot server
    sudo service dovecot restart

Dovecot is now responding on the port 993, but if you try to connect you will get an error:

imap-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PE

We need to generate our SSL certificate with these commands

cd /etc/dovecot
sudo openssl req -new -x509 -nodes -config /usr/share/dovecot/dovecot-openssl.cnf -out dovecot.pem -keyout private/dovecot.pem -days 365

You can now check that your IMAPS server is working, with this command:

openssl s_client -connect localhost:993

The login syntax is: a login [LOGIN] [PASSWORD]

The full trace should look something like this:

a login pi password
b select inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* OK [UNSEEN 1] First unseen.
* OK [UIDVALIDITY 1536038369] UIDs valid
* OK [UIDNEXT 4] Predicted next UID
b OK [READ-WRITE] Select completed (0.000 + 0.000 secs).
b logout
* BYE Logging out
b OK Logout completed (0.000 + 0.000 secs).

You are now able to connect to your IMAP server from any clients in the LAN
If you want to access your server from anywhere, don’t forget to open the needed ports in your router firewall

Set up Roundcube to add a webmail access

Most of the work is done, but we will push a little more and add a Webmail server to our mail server on Raspberry Pi
Roundcube is a modern free and open source webmail software

The big advantage of Roundcube compared to other webmails is that it’s available directly in the Debian and therefore Raspbian repositories.

If you started from a blank Raspbian, you would need to install a MySQL server first (MariaDB)

MySQL server

If you don’t have one yet, you need to install a MySQL server to store the Roundcube database:

sudo apt-get install mariadb-server

Then you need to follow these steps to set a root password, and create a Roundcube user:

  • Connect with root (we need sudo because only root can access)
    sudo mysql -uroot
  • Set the root password
    use mysql;
    UPDATE user SET password=PASSWORD('YourPassword'), plugin='' WHERE User='root' AND Host = 'localhost';

    Don’t forget to replace “YourPassword” with a secure password

  • Create a new user for Roundcube
    CREATE USER 'roundcube'@'localhost' IDENTIFIED BY 'password';

    Replace “password” with your chosen password

  • Create the Roundcube database
    CREATE DATABASE roundcubemail;
  • Give all privileges to the Roundcube user on the Roundcube database
    GRANT ALL PRIVILEGES ON roundcubemail.* to 'roundcube'@'localhost';
  • Quit the mysql console

Your database server is ready, move to the next step


To install it, enter the following command:

sudo apt-get install roundcube roundcube-plugins

This will also automatically install all other dependencies (mainly Apache, PHP and MySQL client)

Again, the installation wizard will ask you these questions about your MySQL server:

  • Imap Server: ssl://
  • Default language: set it as you want
  • Configure database with dbconfig-common: yes
  • MySQL application password for Roundcube: your Roundcube user password
  • Database administrator password: your MySQL root password

Now edit the apache configuration for Roundcube to enable the web app

sudo nano /etc/apache2/conf-enabled/roundcube.conf

Uncomment the first line

Alias /roundcube /var/lib/roundcube

Then go to http://[RASPBERRY-IP]/roundcube to see the web interface

roundcube login screen

If you get any error, you can restart the installation wizard with this command:

sudo dpkg-reconfigure roundcube-core

You can now log in with your credentials created in the previous step, or with the account “pi”
Enjoy your webmail now, and remember that it is possible to add many plugins on RoundCube to extend its functionality

Logs and configuration file summary

So we saw how to set up a full mail server on Raspberry Pi
If you have had any errors, or want to go further, here is the summary of the file locations


In this tutorial we are using Postfix to send and receive emails, it’s the core of the mail server


  • /etc/postfix/ Main configuration for Postfix
  • /etc/postfix/ : Processes configuration for Postfix

Log files

  • / var/log/mail.log: Here you can see all mail traces, and errors if there are


We installed Dovecot to manage IMAP connections with a SASL security layer


  • /etc/dovecot/dovecot.conf: The main configuration of Dovecot
  • /etc/dovecot/conf.d/: This subfolder contains several files with each part of the configuration to know easily where’s the option that you’re looking for

Log files

  • /var/log/syslog: Dovecot doesn’t have a specific log file, it’s using the main syslog file


Apache is used in this tutorial to run Roundcube
Normally you shouldn’t need to change something unless Roundcube is not accessible at all.


  • /etc/apache2/apache2.conf: The main configuration file for apache2
  • /etc/apache2/conf-enabled/: Here you will find the configuration for some Apache services (like Roundcube.conf)
  • /etc/apache2/sites-enabled/: Here you will find the configuration for any Apache website

Log files

  • /var/log/apache/error.log: If you get any errors with Apache, you can find them here


And finally, we installed Roundcube to add webmail to our mail server


  • /etc/roundcube/ Here is the main configuration file for Roundcube

Log files

  • /var/log/roundcube/errors: If you get some issue with Roundcube, you’ll find the errors in this file


And here we are at the end of this tutorial
You have learned to set up a complete mail server with:

  • Postfix for transport
  • Dovecot for secure authentication
  • Roundcube for web access to your emails

As you may have noticed, it’s not a simple thing to set up, there’s still a lot of configuration options and it can be a lot of work to put that in place at home

I think in most cases, the first part with Postfix is the one that will interest you
You are going to be able to send emails from your different projects, but not necessarily to set up all the other steps

In any case if you really need to install everything you know how to do

raspberry pi mail server

How to setup a mail server on Raspberry Pi?


  1. Toe Reply

    keep getting “roundcube ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: NO)” have reinstalled but still the same

  2. RaspberryTips Post authorReply


    You probably miss the Roundcube MySQL configuration during the installation
    The user name must be ’roundcube’ and the password ‘YourPassword’ if you followed exactly this tutorial

    You may try ‘dpkg-reconfigure roundcube’ to update the MySQL user and password

  3. Harry Reply


    I wonder if you could post tutorial how to “SET UP A MAIL SERVER ON YOUR RASPBERRY PI” at home (using regular home internet cable service) which it behind CGNAT. Is it possible to use some sort of Ngrok. Serveo service ?.. or maybe in combination of Ngrok/Serveo service + Mailgun/mailjet ?… I’m a teacher at a high school at Semarang City Indonesia, I have many of my students asking me about this and i couldn’t find any.

    Thank you.

    • RaspberryTips Post authorReply

      Thanks for your comment
      Unfortunately I don’t have this kind of connection, so I can’t help you
      But maybe someone else will see this message and can help

      ngrok seems to be a good idea from what I can read on other forums

  4. Heydrickx Reply

    First of all, thank you very much. After several attempts to create a mail server on my RP3, it is finally a success thanks to you. This tutorial is clear, easy and efficient.

    Just a few notes :
    – on my internet access, port 25 is blocked. I used dnsexit to solve the issue and reroute mails to my 8001 port. I edited file consequently and it works just fine.
    – after I created and edited the sudo nano /etc/postfix/helo_access file, I had to launch the command : postmap /etc/postfix/helo_access. This created a helo_access.db file so I edited consequently.
    – command sudo hostname will change hostname only until next reboot. I edited /etc/hostname and /etc/hosts to get it changed permanently

    Hope this can help other users ;o)

  5. toejam Reply


    great tutorial but i keep getting a “Relay access denied” error when i try to send emails to my roundcube address from windows mail.

    i can send then from roundcube but i never receive any emails, i can only send them

  6. shalacix Reply


    I screwed up installation of mariadb or roundcube somewhere. At the end, I have no /etc/apache2/conf-enabled/roundcube.conf to edit…
    Is there a way to totally remove – files and all – both? I removed both using remove –auto-remove but when I reinstalled mariadb, I found that the database mysql and its users etc _stayed_ undeleted.


    • RaspberryTips Post authorReply


      Thanks for your comment

      Did you try “apt-get –purge remove PACKAGE” ?

  7. shalacix Reply


    apache does not give the Roundcube login page
    it gives the raw php like this:
    | Roundcube Webmail IMAP Client |
    | Vers—etc etc

    Is there a way to correct this?


  8. shalacix Reply

    …yes, in the end I did. Now I got up to Apache up, but it only shows the raw php code, not the login screen.
    I think it went wrong here:

    As you wrote —
    “sudo apt-get install roundcube roundcube-plugins
    This will also automatically install all other dependencies (mainly Apache, PHP and MySQL client)”

    This install stopped in the middle. I rerun the above entry, but Apache and php were _not_ installed – only when I installed them one by one. So I think apache has to be configured for roudcube manually but I dont know where….

      • Ludi Reply

        Hi RaspberryTips

        In the above reply you said: “I think that this post will give you the answer: You probably miss the libapache2-mod-php package.”

        How can I interpret this?

        A) Did you install a LAMP before the tutorial “HOW TO SET UP A MAIL SERVER ON YOUR RASPBERRY PI?”using the tutorial first you mentioned as “” or

        B) Using this tutorial “HOW TO SET UP A MAIL SERVER ON YOUR RASPBERRY PI?”is there a need using the tutorial first you mentioned as “”

        C) Using this tutorial “HOW TO SET UP A MAIL SERVER ON YOUR RASPBERRY PI?”are there no dependencies exept your advise above “Also, know that I make this tutorial on Raspbian, so it I recommend to install Raspbian firs(lite will be enough) by following this tutorial” (link:

        Kind regards, Ludi

  9. shalacix Reply


    this one:

    ssl_key = </etc/dovecot/private/dovecot.pem

    should not be
    ssl_key = </etc/dovecot/private/dovecot.key


    • RaspberryTips Post authorReply


      Nope, it’s correct in the post

      • ssl_cert = < /etc/dovecot/dovecot.pem
      • ssl_key = < /etc/dovecot/private/dovecot.pem
  10. shalacix Reply

    Hi again, Patrick,

    At the end of roundcube config it asks for the admin user, which is root. No password is asked, _but it would be needed_, as the process runs on an error (quoting the screen):

    ┌─────────────────────────────────────┤ Configuring roundcube-core ├──────────────────────────────────────┐
    │ An error occurred while installing the database: │
    │ │
    │ ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: NO) . Your options are: │
    │ * abort – Causes the operation to fail; you will need to downgrade, │
    │ reinstall, reconfigure this package, or otherwise manually intervene │
    │ to continue using it. This will usually also impact your ability to │
    │ install other packages until the installation failure is resolved. │
    │ * retry – Prompts once more with all the configuration questions │
    │ (including ones you may have missed due to the debconf priority │
    │ setting) and makes another attempt at performing the operation. │
    │ * retry (skip questions) – Immediately attempts the operation again, │
    │ skipping all questions. This is normally useful only if you have │
    │ solved the underlying problem since the time the error occurred. │
    │ * ignore – Continues the operation ignoring dbconfig-common errors. │
    │ This will usually leave this package without a functional database. │
    │ │
    │ Next step for database installation: │
    │ │
    │ abort │
    │ retry │
    │ retry (skip questions) │
    │ ignore │
    │ │
    │ │

    Is there a way to edit /etc/dbconfig-common/roundcube.conf for a root password afterwards?

    thank you very much


    • RaspberryTips Post authorReply

      Hi shalacix,

      I think you need to set a Mysql password and reconfigure roundcube

      Maybe with dpkg –reconfigure or dbconfig-common

      If you don’t find it, I will try to redo the installation to answer your questions 🙂

  11. shalacix Reply


    I am using a pi, also arch on a rock64
    it looks like the Roundcube setup has changed – the questions during its install should be as these below, but are in reality not all are asked:

    OK: Imap Server: ssl://
    OK: Default language: set it as you want
    not asked: Configure database with dbconfig-common: yes
    OK: MySQL application password for Roundcube: your Roundcube user password
    not asked: Database administrator password: your MySQL root password

    Also I suspect that sudo apt-get install roundcube roundcube-plugins
    does not install apache and php, or not all of them: if it did, sudo apt apache2 and sudo apt php would tell “nothing to do, all up to date’ — but they _do_ the full install instead.

    Then of course apache starts no problem but it either is dissociated from Roundcube or just displays the php code.

    It probably can be welded back together by conf files’ amendments, but I have no deep knowledge of linux, I am just hacking away :/

    • RaspberryTips Post authorReply


      The good command to reconfigure roundcube is “dpkg-reconfigure roundcube-core” (I give it in the post)

      With this you can change the mysql password
      Make sure to give the correct database name (roundcubemail in my post, roundcube by default)

      When I fixed this name, the issue with mysql root password disappeared

  12. Felix Paquin Reply

    i set up your mail server, and it was awesome

    BUT, when i send e-mails, they arrives in the junk email (on gmail and hotmail), and i didn’t receive the email sent to me.

    all the port is open, and i created cert with let’s encrypt, and i change the location of the files in the config files to fit with the new let’s encrypt cert.

    what’s goes wrong ?

    thanks !

  13. Messor Reply

    Hi have 2 very noob questions.

    1. During the installation of roundcube i did exit the installer by accident. How can i restart the installer? Remove and reinstall does not do the trick, because it does no longer kicks off the installer.

    2. i probally skipped or forgot something i cannot find what. but i keep getting this error when starting dovecot:
    configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can’t open file /etc/dovecot/dovecot.pem: No such file or direct. When i try to generate it i get this: writing new private key to ‘private/dovecot.pem’
    req: Can’t open “private/dovecot.pem” for writing, No such file or directory

    I have been trying to solve this myself, but after a week still stuck. So i thought lets try it this way.

  14. Ludi Reply

    Hi RaspberryTips, I have the following situation:

    pi@ifit:~ $ cd /etc/dovecot
    pi@ifit:/etc/dovecot $ sudo openssl req -new -x509 -nodes -config /usr/share/dovecot/dovecot-openssl.cnf -out dovecot.pem -keyout private/dovecot.pem -days 365
    Generating a RSA private key
    writing new private key to ‘private/dovecot.pem’
    pi@ifit:/etc/dovecot $ cd
    pi@ifit:~ $ sudo service dovecot restart

    Logfile entry in /var/log/mail.log:
    Jul 24 15:47:17 ifit dovecot: master: Warning: Killed with signal 15 (by pid=4053 uid=0 code=kill)
    Jul 24 15:47:18 ifit dovecot: master: Dovecot v2.2.27 (c0f36b0) starting up for imap (core dumps disabled)

    pi@ifit:~ $ openssl s_client -connect localhost:993
    1996460032:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:108:
    1996460032:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:109:
    1996460032:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:108:
    1996460032:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:109:

    What is that? Never seen such messages!

    Regards, Ludi

  15. Ludi Reply

    Hi RaspberryTips

    Thanks a lot for constant efforts. But there must be something else because I have a strong suspicion that it’s the new Buster release of Raspbian. On which Raspbian release your tutorial has been layed on? And, I have a big uncertainty of my DNS entries at Alfahosting regarding your specific tutorial layout. Could you give some more hints or recommendations about the basic prerequisites (especially, issues behind a NAT router or a bridged Pi access, and/or DNS entries, how to get a PTR record, who is responsible for, what about more than one MX entries, and so on)? Thank very much in advance!

    Regards, Ludi

  16. Serhii Reply

    Great tutorial!
    I could finish it much faster if i was ready instruction more carefully 😉

    2 notes and 1 question:
    1. before roundcube setup you tell to create database “roundcubemail” – this probably cause a lot of people like me to have headache like ‘Access denied for user ‘root’@’localhost’’ later. The reason is – by default roundcube’s install wizard propose to use ’roundcube’ database and until you get there you totally forgot about ’roundcubeemail’ name 🙂 and press “Yes” 🙂
    2. after editing “/etc/apache2/conf-enabled/roundcube.conf” file it better to note that you need to restart Apache server to apply changes. Otherwise it will show the 404 error page.

    and now question:
    /etc/postfix/helo_access there is X.X.X.X line with external IP. but this is good for static one, how to solve the problem when you have dynamic dns setup? is it possible at all?

    Thank you again for this tutorial and hope you can help with my question.

  17. Phil Craven Reply


    I was getting along very well – not fast, but very well. Right up to just before setting up Roundcube. That’s when it went wrong for me.

    I’m trying to set it up on a RPi 4, and I appreciate that this tutorial was written long before the RPi 4 came out. This is what I found…

    In the “Enable IMAPS” section, the …/10-ssl.conf file doesn’t contain the line ‘ssl_protocols = !SSLv3’ to it couldn’t be uncommented. I added it though, which I hoped was the right thing to do.

    Immediately after that, generating the SSL certificate started out ok but didn’t work. I got the ‘Generating a RSA private key’ message and a long set of …. surounded by some +++. Then, ‘writing new private key to ‘private/dovecot.pem’, followed by:-
    Cannot write random bytes:
    3069276176:error:2407007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:183:Filename=/dev/urandom

    I checked the command line thoroughly and I don’t think it contains any mistakes. This is it copied:-
    sudo openssl req -new -x509 -nodes -config /usr/share/dovecot/dovecot-openssl.cnf -out dovecot.pem -keyout private/dovecot.pem -days 365

    And that was it. ‘openssl s_client -connect localhost:993’ couldn’t work and came back with 4 error lines.

    My guess is that one or two bits have changed since the tutorial was written and, of course, the RPi 4 didn’t exist at that time.

    Any thoughts on how i can complete the tutorial? Please? 🙂

    • Treloz Reply

      Hey Phil,
      The ssl_protocols = !SSLv3 is old and it gives an error.
      ssl_min_protocol = SSLv3 should be used instead.

      I have the same problem with the key genaration. I Can not find a solution yet.
      I hope someone will know!
      I use latest image updated on RPi3

Leave a Reply

Your email address will not be published. Required fields are marked *