install email server on raspberry pi

How to Install an Email Server on your Raspberry Pi?

There are many projects that require the ability to send emails, but creating a mail server can also be a project on its own.
So, we will see the different steps of setting up an email server, be it a simple SMTP or a complete suite with webmail.

Postfix is the main service to install on Raspberry Pi to host a mail server. It’ll send and receive emails.
Then other services can be added, like Dovecot for POP/IMAP support and Roundcube can be used as webmail.

We will now learn how to install everything in this step-by-step tutorial.

If you’re looking to quickly progress on Raspberry Pi, you can check out my e-book here. It’s a 30-day challenge where you learn one new thing every day until you become a Raspberry Pi expert. The first third of the book teaches you the basics, but the following chapters include projects you can try on your own.

Prerequisites

If you want to set up an SMTP server, the requirements are almost non-existent.
A Raspberry Pi and an SMTP server that will serve as a relay is sufficient (Gmail for example).

If you want to follow the tutorial until the end, you will need:

  • A Raspberry Pi: Any model should be fine, but I would recommend a Raspberry Pi 4 or at least a Raspberry Pi 3B+.
  • A micro-SD card or USB key: I tend to use SD cards less and less, and use this USB drive from SanDisk instead for all my experiments. But if you want to use an SD card you can, I did a benchmark of the most popular SD cards here.
  • A domain name (I will use domain.com in all the steps below, don’t forget to change it).
  • A static public IP address (or at least one dynamic DNS service, like No-Ip).

Also, know that I make this tutorial on Raspberry Pi OS, so I recommend installing Raspberry Pi OS first (Lite will be enough) by following this tutorial.

I suggest you use SSH to follow this tutorial from your usual computer and copy/paste commands and configurations (there are a lot of them!). If you need help to set up SSH on your Raspberry Pi, click on the link to learn everything about this protocol and how to use it.

Security warning

Creating your secure mail server is not straightforward.
It’s easy to miss the configuration and turn your server into an open SMTP relay for the world, or get spammed over.

So be sure to follow this tutorial precisely, and then monitor the system logs to make sure that you are the only one doing the actions that occur on your server.
Setting up additional security features such as a firewall or fail2ban service is also a good idea.

DNS Configuration

IP Address

In the next steps, we will change our domain name DNS settings to use our IP address as the mail server.

If you don’t have a static public IP address, you will need to use a free dynamic DNS service like No-IP to redirect a domain to your dynamic IP address.

You’ll have to install a tool to regularly give them your current IP address, and they will redirect a domain like myserver.ddns.net to your last known IP address (more details about this here).
If you don’t have a domain name, I think that you can use this alias directly.

It’s not the perfect option for an email server because you’ll have small downtimes when your IP changes, but if you’re not too serious about your emails, it should be fine.

DNS zone configuration

Now you need to go to your domain name registrar and change these zones to match your current IP address (or your dynamic DNS provider domain name):

  • MX
  • pop.domain.com
  • smtp.domain.com
  • imap.domain.com
  • mail.domain.com

MX is mandatory to receive email on your Raspberry Pi. The other ones are just easy-to-remember names for access to your emails.

Changes may take up to 24 hours before applying.
You can monitor the progress of the changes with an online tool like Network-Tools.com.
Choose “DNS” in the “Tool” dropdown, and type the domain or subdomain you want to check.

Let's Build a School Together
Just $75 can create educational opportunities for a child in need.

Your battle plan

If you need an overview of everything I’ll explain in this guide, here is a quick draw of everything we need:

It’s hard to put everything on the same schema without being too hard to read, but feel free to come back to this at anytime if you are a bit lost in the steps below.

Download Your Essential Linux Commands Guide!
It's a free PDF guide containing every Raspberry Pi Linux command you should know!
Download now

Install Postfix to send emails

Now let’s move on to the main things and to the installation of Postfix.

Postfix will be the base of our mail server.
It will allow us to send and receive emails corresponding to our domain name.
In this step, we’ll learn how to send emails.

Installation

As for any tutorial, start by doing the system updates if not already done:
sudo apt update
sudo apt upgrade

You can then install the Postfix package:
sudo apt install postfix

During the installation, you’ll have to choose these two configuration options:

  • The general type of mail configuration: Internet site
  • System mail name: domain.com

Now we will make two changes in the configuration that has been generated:

  • Open the configuration file:
    sudo nano /etc/postfix/main.cf
    If you are not used to nano, I would recommend reading this article first. I explain the basics as well as the most important shortcuts you can use in Nano.
  • Disable IPv6 management:
    • Replace:
      inet_protocols = all
    • With:
      inet_protocols = ipv4
  • Enter your domain name as myhostname:
    myhostname= domain.com
  • If you are on a local network, most of the Internet providers don’t allow sending emails directly.
    So, you may need to add a relay host in your configuration.
    Ask your provider for the server to use as a relay:
    relayhost = smtp.yourprovider.com
    You can also use Gmail as your relay (username and password will be required in your configuration file).
  • Save and exit (CTRL+O, Enter, CTRL+X).
  • Restart Postfix:
    sudo service postfix restart

At this point, the server should start properly without startup errors.
If this is not the case, look to solve these problems before continuing.

Are you a bit lost in the Linux command line?Β Check this article first for the most important commands to remember and a free downloadable cheat sheet so you can have the commands at your fingertips.

Testing

We’ll now make our first test by sending an email from the Raspberry Pi.

Telnet

For this test, we’ll use telnet to connect to postfix.

  • Install telnet:
    sudo apt install telnet
  • Connect to the SMTP server:
    telnet localhost 25
  • Enter this series of commands:
    • ehlo
    • mail from: you@domain.com
    • rcpt to: user@mail.com
    • data
    • Subject: test
    • Test
    • .
    • quit
  • This commands sequence will create an email and send it to user@mail.com (external email address).

Here is the full trace:

pi@raspberrypi:~ $ telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 domain.com ESMTP Postfix (Raspbian)
ehlo domain.com
250-domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
mail from: me@domain.com
250 2.1.0 Ok
rcpt to: youremail@gmail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: test
Test
.
250 2.0.0 Ok: queued as 44EAE1FE54
quit
221 2.0.0 Bye

Mailutils

If you are looking for a most friendly way to do this, you can install mailutils to use the mail command.

  • Install mailutils:
    sudo apt install mailutils
  • Send a test email with the mail command:
    echo 'Test' | mail -s "Test mail command" you@gmail.com

In both cases, you can follow the email sending in this log file: /var/log/mail.log

Debugging

Either way, you can check the log file /var/log/mail.log to see what happens if you didn’t receive the email.
If everything works correctly, you should see something like this:
Jul 1 04:14:32 raspberrypi postfix/local[5433]: 734AA1FF96: to=, relay=local, delay=0.09, delays=0.01/0.04/0/0.04, dsn=2.0.0, status=sent (delivered to mailbox)

Receive emails with Postfix

Now it’s time to edit our Postfix configuration to receive emails.

Configuration

We’ll do this by using the Maildir mailboxes format.
Maildir is a safe and easy way to store emails: each mailbox is a directory, and each email is a file.

  • Edit the configuration file:
    sudo nano /etc/postfix/main.cf
  • Add these lines at the end of the file:
    home_mailbox = Maildir/
    mailbox_command =

    This configuration will tell Postfix to create a Maildir folder for each system user.
    This folder will now host your new incoming emails.

Now we need to create the Maildir folder template by following these steps:

  • Install this packages:
    sudo apt install dovecot-common dovecot-imapd
  • Create folders in the template directory:
    sudo maildirmake.dovecot /etc/skel/Maildir
    sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts
    sudo maildirmake.dovecot /etc/skel/Maildir/.Sent
    sudo maildirmake.dovecot /etc/skel/Maildir/.Spam
    sudo maildirmake.dovecot /etc/skel/Maildir/.Trash
    sudo maildirmake.dovecot /etc/skel/Maildir/.Templates

These templates will be used when you add new users on your Raspberry Pi.
But for those already existing, you have to do it manually.

For example, you have to run these commands for your current user:
sudo cp -r /etc/skel/Maildir /home/$USER/
sudo chown -R $USER:$USER /home/$USER/Maildir
sudo chmod -R 700 /home/$USER/Maildir

Testing

You can now repeat the same kind ofΒ test as before, but put the user pi in the receiver:
echo "Test" | mail -s "Test" $USER@domain.com

And then check that the mail has arrived in the Maildir folder:

pi@raspberrypi:~ $ cat /home/$USER/Maildir/new/1625109614.Vb302I205f1M127492.raspberrypi
 Return-Path: 
 X-Original-To: pi@rpi.tips
 Delivered-To: pi@rpi.tips
 Received: by rpi.tips (Postfix, from userid 1000)
         id 1CC5A205F2; Thu,  1 Jul 2021 04:20:14 +0100 (BST)
 Subject: Test mail command
 To: pi@rpi.tips
 X-Mailer: mail (GNU Mailutils 3.5)
 Message-Id: 20210701032014.1CC5A205F2@rpi.tips
 Date: Thu,  1 Jul 2021 04:20:14 +0100 (BST)
 From: pi@raspberrypi
 Test

This is a random example, your file won’t be named this way.

You should have only one mail in the new folder, use tab auto-completion to find it.
As you can see the return path address is not correct, you have toΒ change your hostname to fix this:
sudo hostname domain.com
More details here on how to change the hostname on a Raspberry Pi (there is more to know).

But we have reached our goal for this step.
We received emails sent to our domain.

Secure the mail server

As I said at the beginning, there are some options to put in place to secure a minimum of the webserver.

  • Edit your configuration file:
    sudo nano /etc/postfix/main.cf
  • Add these lines at the end of the file:
    smtpd_helo_restrictions =
    permit_mynetworks =
    permit_sasl_authenticated =
    reject_invalid_helo_hostname =
    reject_non_fqdn_helo_hostname =
    reject_unknown_helo_hostname =
    check_helo_access =
    hash:/etc/postfix/helo_access =
  • This configuration will limit SMTP usage to the local network and reject people saying that they are from your domain name.
  • Create the helo_access file:
    sudo nano /etc/postfix/helo_access
    In this file, we need to put the list of domain names we want to block.
  • Paste these lines into it:
    X.X.X.X REJECT
    domain.com REJECT
    smtp.domain.com REJECT
    mail.domain.com REJECT

    Replace X.X.X.X with your public IP address.
  • Restart postfix daemon:
    sudo service postfix restart

Having a certain set of good practices in place to improve the overall security of the Raspberry Pi is also a good idea, especially if you are using this server for important email.
You can read my 17 security tips for Raspberry Pi here, and I also recommend setting up a backup system, as explained in this article.

Install Dovecot to allow POP and IMAP connections

We now have a functional and secure mail server.
So, we will move on to the next part, which is to make this mail server accessible to POP and IMAP clients via SASL authentication.

As you may have noticed, we already installed Dovecot in the previous step to create Maildir folders.
The only thing left to do is to finalize the configuration.

Download Your Essential Linux Commands Guide!
It's a free PDF guide containing every Raspberry Pi Linux command you should know!
Download now

Configuration

  • Open the Dovecot configuration file:
    sudo nano /etc/dovecot/dovecot.conf
  • Remove IPV6 support:
    • Replace:
      #listen = *, ::
    • With:
      listen = *
  • Open the Dovecot mail configuration file:
    sudo nano /etc/dovecot/conf.d/10-mail.conf
  • Edit the Maildir folder:
    • Replace:
      mail_location = mbox:~/mail:INBOX=/var/mail/%u
    • With:
      mail_location = maildir:~/Maildir
  • Open the Dovecot master configuration file:
    sudo nano /etc/dovecot/conf.d/10-master.conf
  • Tell Dovecot to listen for SASL authentification:
    • Comment all lines from the default service auth paragraph (add # before each line).
    • Add these lines at the end of the file:
      service auth {
      unix_listener /var/spool/postfix/private/auth {
      mode = 0660
      user = postfix
      group = postfix
      }
      }
  • Open the Dovecot auth configuration file:
    sudo nano /etc/dovecot/conf.d/10-auth.conf
  • Allow plaintext auth.
    • Uncomment and edit this line:
      #disable_plaintext_auth = yes
    • To become this one:
      disable_plaintext_auth = no
  • Edit this line too:
    auth_mechanisms = plain login
  • Edit the Postfix configuration file:
    sudo nano /etc/postfix/main.cf
  • Tell Postfix to use SASL (add these lines):
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
  • Restart Dovecot and Postfix:
    sudo service postfix restart
    sudo service dovecot restart

Keep an eye on the log files, and you can use “sudo service X status” to check that the service is running correctly. As I told you previously, a misconfiguration can happen fast. But we’ll do another test now to make sure everything is good.

Testing

To test that SASL authentication works well, we will create a test user and try to connect to the mail server with it.

User creation

Create a new user with a login test and the password you want:
sudo adduser test

Answer the questions related to the password (and remember it). The other questions are not mandatory (press Enter to skip them).

Get the encoded password

We need to get our password in a base64 encoded format.
You can get it with this command:
printf '\0%s\0%s' '[LOGIN]' '[PASSWORD]' | openssl base64

Replace [LOGIN] and [PASSWORD] in this command with the ones you choose during the adduser command.
In my case (test/password), the string displayed is AHRlc3QAcGFzc3dvcmQ=.

Log in

We can now retry a connection with telnet by specifying this string for identification.
The only change is that we need to use the AUTH PLAIN command to log in:

telnet localhost 25
ehlo
domain.com
AUTH PLAIN

You can quit after this if you get the “Authentication successful” message, or send another test email like the first time if you have any doubt.
Here is the full trace:

pi@raspberrypi:~ $ telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 domain.com ESMTP Postfix (Raspbian)
ehlo domain.com
250-domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AHRlc3QAcGFzc3dvcmQ=
235 2.7.0 Authentication successful
mail from: me@domain.com
250 2.1.0 Ok
rcpt to: youremail@gmail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: test
Test
.
250 2.0.0 Ok: queued as 44EAE1FE54
quit
221 2.0.0 Bye

Enable IMAPS

Dovecot allows us to connect with IMAP (telnet localhost 143).
But we now need to enable TLS for IMAP on the port 993.

  • Edit the Dovecot master configuration file:
    sudo nano /etc/dovecot/conf.d/10-master.conf
  • Enable listener on the port 993:
    The configuration should look like this (there are a few lines to uncomment):
    service imap-login {
    inet_listener imap {
    port = 143
    }
    inet_listener imaps {
    port = 993
    ssl = yes
    }
    }
  • Then edit the SSL configuration file:
    sudo nano /etc/dovecot/conf.d/10-ssl.conf
  • Make sure SSL is enabled at the beginning of the file:
    ssl = yes
  • The certificate locations should also be uncommented:
    ssl_cert = </etc/dovecot/private/dovecot.pem
    ssl_key = </etc/dovecot/private/dovecot.key
  • Finally, restart Dovecot server:
    sudo service dovecot restart

You can now check that your IMAPS server is working, with this command:
openssl s_client -connect localhost:993

The login syntax is:
a login [LOGIN] [PASSWORD]

The full trace should look something like this:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login pi password
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE] Logged in
b select inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 3 EXISTS
* 0 RECENT
* OK [UNSEEN 1] First unseen.
* OK [UIDVALIDITY 1536038369] UIDs valid
* OK [UIDNEXT 4] Predicted next UID
b OK [READ-WRITE] Select completed (0.000 + 0.000 secs).
b logout
* BYE Logging out
b OK Logout completed (0.000 + 0.000 secs).
closed

You can now connect to your IMAP server from any client on the LAN.
If you want to access your server from anywhere, don’t forget to open the needed ports in your router firewall.

Related article: Installing OpenSSL on Ubuntu/Linux: A step-by-step guide

Set up Roundcube to add a webmail access

Most of the work is done, but we will push a little more and add a Webmail server to our mail server on Raspberry Pi.
Roundcube is a modern free and open-source webmail software.

The big advantage of Roundcube compared to other webmails is that it’s available directly in the Debian and therefore Raspberry Pi OS repositories.

If you started from a blank Raspberry Pi OS, you would need to install a MySQL server first (MariaDB).

MySQL server

If you don’t have one yet, you need to install a MySQL server to store the Roundcube database:
sudo apt install mariadb-server

Then you need to follow these steps to set a root password, and create a Roundcube user:

  • Initialize the MySQL server by setting up a root password:
    sudo mysql_secure_installation
    You can keep all the default values (press Enter at each question), just enter a new password for “root” (the administrator).
  • Connect with root (we need sudo because only root can access):
    sudo mysql -uroot -p
    Type the password you just set to log in.
  • Create a new user for Roundcube:
    CREATE USER 'roundcube'@'localhost' IDENTIFIED BY 'password';
    Replace “password” with your chosen password
  • Create the Roundcube database.
    CREATE DATABASE roundcubemail;
  • Give all privileges to the Roundcube user on the Roundcube database:
    GRANT ALL PRIVILEGES ON roundcubemail.* to 'roundcube'@'localhost';
  • Quit the MySQL console:
    FLUSH PRIVILEGES;
    quit

Your database server is ready, move to the next step.

Roundcube

To install it, enter the following command:
sudo apt install roundcube roundcube-plugins

This will also automatically install all other dependencies (mainly Apache, PHP, and MySQL client).

Again, the installation wizard will ask you these questions about your MySQL server:

  • Configure database with dbconfig-common: yes.
  • MySQL application password for Roundcube: your Roundcube user password.
  • Database administrator password: your MySQL root password.
Note: I got a connection error at this step, but when choosing "retry" I could edit all settings including the database name, and it was OK after that.

Now edit the apache configuration for Roundcube to enable the web app:
sudo nano /etc/apache2/conf-enabled/roundcube.conf

Uncomment the first line:
Alias /roundcube /var/lib/roundcube

Then restart your web server:
sudo service apache2 restart
And go to http://[RASPBERRY-IP]/roundcube to see the web interface.

If you get any error, you can restart the installation wizard with this command:
sudo dpkg-reconfigure roundcube-core
It will also give you the chance to set a default server if you prefer.

You can now log in with your credentials created in the previous step, or with the account “pi”.
Enjoy your webmail now, and remember that it is possible to add many plugins on RoundCube to extend its features.

Logs and configuration file summary

So we saw how to set up a full mail server on Raspberry Pi.
If you have had any errors, or want to go further, here is the summary of the file locations.

Postfix

In this tutorial, we are using Postfix to send and receive emails, it’s the core of the mail server.

Configuration

  • /etc/postfix/main.cf: Main configuration for Postfix.
  • /etc/postfix/master.cf : Processes configuration for Postfix.

Log files

  • / var/log/mail.log: Here you can see all mail traces, and errors if there are any.

Dovecot

We installed Dovecot to manage IMAP connections with a SASL security layer.

Configuration

  • /etc/dovecot/dovecot.conf: The main configuration of Dovecot.
  • /etc/dovecot/conf.d/: This subfolder contains several files with each part of the configuration to easily know where the option you’re looking for is.

Log files

  • /var/log/syslog: Dovecot doesn’t have a specific log file, it’s using the main syslog file.

Apache

Apache is used in this tutorial to run Roundcube.
Normally you shouldn’t need to change something unless Roundcube is not accessible at all.

Configuration

  • /etc/apache2/apache2.conf: The main configuration file for apache2.
  • /etc/apache2/conf-enabled/: Here you will find the configuration for some Apache services (like Roundcube.conf).
  • /etc/apache2/sites-enabled/: Here you will find the configuration for any Apache website.

Log files

  • /var/log/apache/error.log: If you get any errors with Apache, you can find them here.
πŸ’° Make Money Sharing Your Raspberry Pi Expertise!
Help others navigate the world of Raspberry Pi with your insights.
Become a RaspberryTips Contributor!

Roundcube

And finally, we installed Roundcube to add webmail to our mail server.

Configuration

  • /etc/roundcube/config.inc.php: Here is the main configuration file for Roundcube.

Log files

  • /var/log/roundcube/errors: If you get some issue with Roundcube, you’ll find the errors in this file.
Download Your Essential Linux Commands Guide!
It's a free PDF guide containing every Raspberry Pi Linux command you should know!
Download now

Want to chat with other Raspberry Pi enthusiasts? Join the community, share your current projects and ask for help directly in the forums.

Conclusion

And here we are at the end of this tutorial.
You have learned to set up a complete mail server with:

  • Postfix for transport.
  • Dovecot for secure authentication.
  • Roundcube for web access to your emails.

As you may have noticed, it’s not a simple thing to set up. There are a lot of configuration options, and it can be a lot of work to put that in place at home.

I think in most cases, the first part with Postfix is the one that will interest you.
You are going to be able to send emails from your different projects, but not necessarily to set up all the other steps.

In any case, if you really need to install everything, you know how to do.

Download Your Essential Linux Commands Guide!
It's a free PDF guide containing every Raspberry Pi Linux command you should know!
Download now

Additional Resources

Not sure where to start?
Understand everything about the Raspberry Pi, stop searching for help all the time, and finally enjoy completing your projects.
Watch the Raspberry Pi Bootcamp course now.

Master your Raspberry Pi in 30 days
Don’t want the basic stuff only? If you are looking for the best tips to become an expert on Raspberry Pi, this book is for you. Learn useful Linux skills and practice multiple projects with step-by-step guides.
Download the e-book.

VIP Community
If you just want to hang out with me and other Raspberry Pi fans, you can also join the community. I share exclusive tutorials and behind-the-scenes content there. Premium members can also visit the website without ads.
More details here.

Need help building something with Python?
Create, understand, and improve any Python script for your Raspberry Pi.
Learn the essentials step-by-step without losing time understanding useless concepts.
Get the e-book now.

You can also find all my recommendations for tools and hardware on this page.


This tutorial doesn't work anymore? Report the issue here, so that I can update it!

Similar Posts

56 Comments

  1. keep getting “roundcube ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: NO)” have reinstalled but still the same

  2. Hi,

    You probably miss the Roundcube MySQL configuration during the installation
    The user name must be ’roundcube’ and the password ‘YourPassword’ if you followed exactly this tutorial

    You may try ‘dpkg-reconfigure roundcube’ to update the MySQL user and password

  3. Hi RaspberryTips.com,

    I wonder if you could post tutorial how to “SET UP A MAIL SERVER ON YOUR RASPBERRY PI” at home (using regular home internet cable service) which it behind CGNAT. Is it possible to use some sort of Ngrok. Serveo service ?.. or maybe in combination of Ngrok/Serveo service + Mailgun/mailjet ?… I’m a teacher at a high school at Semarang City Indonesia, I have many of my students asking me about this and i couldn’t find any.

    Thank you.

    1. Hi,
      Thanks for your comment
      Unfortunately I don’t have this kind of connection, so I can’t help you
      But maybe someone else will see this message and can help

      ngrok seems to be a good idea from what I can read on other forums

  4. Hi!
    First of all, thank you very much. After several attempts to create a mail server on my RP3, it is finally a success thanks to you. This tutorial is clear, easy and efficient.

    Just a few notes :
    – on my internet access, port 25 is blocked. I used dnsexit to solve the issue and reroute mails to my 8001 port. I edited master.cf file consequently and it works just fine.
    – after I created and edited the sudo nano /etc/postfix/helo_access file, I had to launch the command : postmap /etc/postfix/helo_access. This created a helo_access.db file so I edited main.cf consequently.
    – command sudo hostname domain.com will change hostname only until next reboot. I edited /etc/hostname and /etc/hosts to get it changed permanently

    Hope this can help other users ;o)

  5. hi,

    great tutorial but i keep getting a “Relay access denied” error when i try to send emails to my roundcube address from windows mail.

    i can send then from roundcube but i never receive any emails, i can only send them

  6. HI,

    I screwed up installation of mariadb or roundcube somewhere. At the end, I have no /etc/apache2/conf-enabled/roundcube.conf to edit…
    Is there a way to totally remove – files and all – both? I removed both using remove –auto-remove but when I reinstalled mariadb, I found that the database mysql and its users etc _stayed_ undeleted.

    thanks

    1. Hi,

      Thanks for your comment

      Did you try “apt-get –purge remove PACKAGE” ?

  7. Hi,

    apache does not give the Roundcube login page
    it gives the raw php like this:
    <?php
    /**
    +————————————————————————-+
    | Roundcube Webmail IMAP Client |
    | Vers—etc etc

    Is there a way to correct this?

    thanks

  8. …yes, in the end I did. Now I got up to Apache up, but it only shows the raw php code, not the login screen.
    I think it went wrong here:

    As you wrote —
    “sudo apt-get install roundcube roundcube-plugins
    This will also automatically install all other dependencies (mainly Apache, PHP and MySQL client)”

    This install stopped in the middle. I rerun the above entry, but Apache and php were _not_ installed – only when I installed them one by one. So I think apache has to be configured for roudcube manually but I dont know where….

      1. Hi RaspberryTips

        In the above reply you said: “I think that this post will give you the answer: https://raspberrytips.com/web-server-setup-on-raspberry-pi/. You probably miss the libapache2-mod-php package.”

        How can I interpret this?

        A) Did you install a LAMP before the tutorial “HOW TO SET UP A MAIL SERVER ON YOUR RASPBERRY PI?”using the tutorial first you mentioned as “https://raspberrytips.com/web-server-setup-on-raspberry-pi/” or

        B) Using this tutorial “HOW TO SET UP A MAIL SERVER ON YOUR RASPBERRY PI?”is there a need using the tutorial first you mentioned as “https://raspberrytips.com/web-server-setup-on-raspberry-pi/”

        C) Using this tutorial “HOW TO SET UP A MAIL SERVER ON YOUR RASPBERRY PI?”are there no dependencies exept your advise above “Also, know that I make this tutorial on Raspbian, so it I recommend to install Raspbian firs(lite will be enough) by following this tutorial” (link: https://raspberrytips.com/install-raspbian-raspberry-pi/)?

        Kind regards, Ludi

        1. Hum, not sure to see what you wanna say

          If you want to use the webmail part, you’ll need a working LAMP server
          shalacix had an issue with apache and php not working, so he needed to install libapache2-mod-php

          What is your question exactly?
          Have you an issue with the webmail installation?

          1. Hello RaspberryTips
            Thanks for the reply. I think you have really answered my (complicate) question: Especially when using Roundcube, I need a LAMP server first, you described in https://raspberrytips.com/web-server-setup-on-raspberry-pi/. But, since I have secured all my web servers with Let’s Encrypt Certificates, I just wanted to know if I can take one of these images which already has certs for i.e. domain.com, http://www.domain.com, and mail.domain.com which have

            https://www.ssllabs.com/ssltest/analyze.html?d=domain.com => A+
            https://www.ssllabs.com/ssltest/analyze.html?d=www.domain.com => A+
            https://www.ssllabs.com/ssltest/analyze.html?d=mail.domain.com => A+

            before installing “your” mail server described in https://raspberrytips.com/web-server-setup-on-raspberry-pi/?

            And another question is:
            It’s already the third time I’ve got exactly the same error using “telnet localhost 25”:
            535 5.7.8 Error: authentication failed:
            I would be very appreciated if you could help me coming out of this loop!

            Kind regards, Ludi

          2. Hi,

            Yes you can absolutely use your existing certs

            And the goal of the “telnet localhost 25” is to check if the SMTP server is running
            If it doesn’t answer, check that it’s running
            If it doesn’t start, check the log file to see if you have an error on start

  9. Hello,

    this one:

    ssl_key = </etc/dovecot/private/dovecot.pem

    should not be
    ssl_key = </etc/dovecot/private/dovecot.key

    ?

    1. Hi,

      Nope, it’s correct in the post

      • ssl_cert = < /etc/dovecot/dovecot.pem
      • ssl_key = < /etc/dovecot/private/dovecot.pem
  10. Hi again, Patrick,

    At the end of roundcube config it asks for the admin user, which is root. No password is asked, _but it would be needed_, as the process runs on an error (quoting the screen):

    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ Configuring roundcube-core β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
    β”‚ An error occurred while installing the database: β”‚
    β”‚ β”‚
    β”‚ ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: NO) . Your options are: β”‚
    β”‚ * abort – Causes the operation to fail; you will need to downgrade, β”‚
    β”‚ reinstall, reconfigure this package, or otherwise manually intervene β”‚
    β”‚ to continue using it. This will usually also impact your ability to β”‚
    β”‚ install other packages until the installation failure is resolved. β”‚
    β”‚ * retry – Prompts once more with all the configuration questions β”‚
    β”‚ (including ones you may have missed due to the debconf priority β”‚
    β”‚ setting) and makes another attempt at performing the operation. β”‚
    β”‚ * retry (skip questions) – Immediately attempts the operation again, β”‚
    β”‚ skipping all questions. This is normally useful only if you have β”‚
    β”‚ solved the underlying problem since the time the error occurred. β”‚
    β”‚ * ignore – Continues the operation ignoring dbconfig-common errors. β”‚
    β”‚ This will usually leave this package without a functional database. β”‚
    β”‚ β”‚
    β”‚ Next step for database installation: β”‚
    β”‚ β”‚
    β”‚ abort β”‚
    β”‚ retry β”‚
    β”‚ retry (skip questions) β”‚
    β”‚ ignore β”‚
    β”‚ β”‚
    β”‚ β”‚
    β”‚

    Is there a way to edit /etc/dbconfig-common/roundcube.conf for a root password afterwards?

    thank you very much

    Laszlo

    1. Hi shalacix,

      I think you need to set a Mysql password and reconfigure roundcube

      Maybe with dpkg –reconfigure or dbconfig-common

      If you don’t find it, I will try to redo the installation to answer your questions πŸ™‚

  11. Thanx

    I am using a pi, also arch on a rock64
    it looks like the Roundcube setup has changed – the questions during its install should be as these below, but are in reality not all are asked:

    OK: Imap Server: ssl://imap.domain.com:993
    OK: Default language: set it as you want
    not asked: Configure database with dbconfig-common: yes
    OK: MySQL application password for Roundcube: your Roundcube user password
    not asked: Database administrator password: your MySQL root password

    Also I suspect that sudo apt-get install roundcube roundcube-plugins
    does not install apache and php, or not all of them: if it did, sudo apt apache2 and sudo apt php would tell “nothing to do, all up to date’ — but they _do_ the full install instead.

    Then of course apache starts no problem but it either is dissociated from Roundcube or just displays the php code.

    It probably can be welded back together by conf files’ amendments, but I have no deep knowledge of linux, I am just hacking away :/

    1. Hi,

      The good command to reconfigure roundcube is “dpkg-reconfigure roundcube-core” (I give it in the post)

      With this you can change the mysql password
      Make sure to give the correct database name (roundcubemail in my post, roundcube by default)

      When I fixed this name, the issue with mysql root password disappeared

  12. i set up your mail server, and it was awesome

    BUT, when i send e-mails, they arrives in the junk email (on gmail and hotmail), and i didn’t receive the email sent to me.

    all the port is open, and i created cert with let’s encrypt, and i change the location of the files in the config files to fit with the new let’s encrypt cert.

    what’s goes wrong ?

    thanks !

  13. Hi have 2 very noob questions.

    1. During the installation of roundcube i did exit the installer by accident. How can i restart the installer? Remove and reinstall does not do the trick, because it does no longer kicks off the installer.

    2. i probally skipped or forgot something i cannot find what. but i keep getting this error when starting dovecot:
    configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can’t open file /etc/dovecot/dovecot.pem: No such file or direct. When i try to generate it i get this: writing new private key to ‘private/dovecot.pem’
    req: Can’t open “private/dovecot.pem” for writing, No such file or directory

    I have been trying to solve this myself, but after a week still stuck. So i thought lets try it this way.

  14. Hi RaspberryTips, I have the following situation:

    pi@ifit:~ $ cd /etc/dovecot
    pi@ifit:/etc/dovecot $ sudo openssl req -new -x509 -nodes -config /usr/share/dovecot/dovecot-openssl.cnf -out dovecot.pem -keyout private/dovecot.pem -days 365
    Generating a RSA private key
    ……………………………………………………………………………………….+++++
    …………………….+++++
    writing new private key to ‘private/dovecot.pem’
    —–
    pi@ifit:/etc/dovecot $ cd
    pi@ifit:~ $ sudo service dovecot restart

    Logfile entry in /var/log/mail.log:
    Jul 24 15:47:17 ifit dovecot: master: Warning: Killed with signal 15 (by pid=4053 uid=0 code=kill)
    Jul 24 15:47:18 ifit dovecot: master: Dovecot v2.2.27 (c0f36b0) starting up for imap (core dumps disabled)

    pi@ifit:~ $ openssl s_client -connect localhost:993
    1996460032:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:108:
    1996460032:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:109:
    1996460032:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:108:
    1996460032:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:109:
    connect:errno=111

    What is that? Never seen such messages!

    Regards, Ludi

    1. Hi Ludi,

      I don’t know what kind of issue could cause this error
      As you can see in my command output, it works fine during my tests

      If you think that everything before this part has been completed successfully on your side, try to check if these posts can help :

      https://support.google.com/cloudidentity/answer/9190869?hl=en
      https://github.com/mailcow/mailcow-dockerized/issues/2185

      You can also ask for help on the Raspberry Pi forum directly :
      https://www.raspberrypi.org/forums/viewforum.php?f=36

      Or even on a Linux forum as there is probably no difference between Debian and Raspbian about this

      As there are many questions here, I will try to do it again soon and check if it needs some updates
      But for now I can’t help you more

      Good luck

  15. Hi RaspberryTips

    Thanks a lot for constant efforts. But there must be something else because I have a strong suspicion that it’s the new Buster release of Raspbian. On which Raspbian release your tutorial has been layed on? And, I have a big uncertainty of my DNS entries at Alfahosting regarding your specific tutorial layout. Could you give some more hints or recommendations about the basic prerequisites (especially, issues behind a NAT router or a bridged Pi access, and/or DNS entries, how to get a PTR record, who is responsible for, what about more than one MX entries, and so on)? Thank very much in advance!

    Regards, Ludi

  16. Great tutorial!
    I could finish it much faster if i was ready instruction more carefully πŸ˜‰

    2 notes and 1 question:
    1. before roundcube setup you tell to create database “roundcubemail” – this probably cause a lot of people like me to have headache like ‘Access denied for user β€˜root’@’localhost’’ later. The reason is – by default roundcube’s install wizard propose to use ’roundcube’ database and until you get there you totally forgot about ’roundcubeemail’ name πŸ™‚ and press “Yes” πŸ™‚
    2. after editing “/etc/apache2/conf-enabled/roundcube.conf” file it better to note that you need to restart Apache server to apply changes. Otherwise it will show the 404 error page.

    and now question:
    /etc/postfix/helo_access there is X.X.X.X line with external IP. but this is good for static one, how to solve the problem when you have dynamic dns setup? is it possible at all?

    Thank you again for this tutorial and hope you can help with my question.

  17. Hi,

    I was getting along very well – not fast, but very well. Right up to just before setting up Roundcube. That’s when it went wrong for me.

    I’m trying to set it up on a RPi 4, and I appreciate that this tutorial was written long before the RPi 4 came out. This is what I found…

    In the “Enable IMAPS” section, the …/10-ssl.conf file doesn’t contain the line ‘ssl_protocols = !SSLv3’ to it couldn’t be uncommented. I added it though, which I hoped was the right thing to do.

    Immediately after that, generating the SSL certificate started out ok but didn’t work. I got the ‘Generating a RSA private key’ message and a long set of …. surounded by some +++. Then, ‘writing new private key to ‘private/dovecot.pem’, followed by:-
    Cannot write random bytes:
    3069276176:error:2407007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:183:Filename=/dev/urandom

    I checked the command line thoroughly and I don’t think it contains any mistakes. This is it copied:-
    sudo openssl req -new -x509 -nodes -config /usr/share/dovecot/dovecot-openssl.cnf -out dovecot.pem -keyout private/dovecot.pem -days 365

    And that was it. ‘openssl s_client -connect localhost:993’ couldn’t work and came back with 4 error lines.

    My guess is that one or two bits have changed since the tutorial was written and, of course, the RPi 4 didn’t exist at that time.

    Any thoughts on how i can complete the tutorial? Please? πŸ™‚

    1. Hey Phil,
      The ssl_protocols = !SSLv3 is old and it gives an error.
      ssl_min_protocol = SSLv3 should be used instead.

      I have the same problem with the key genaration. I Can not find a solution yet.
      I hope someone will know!
      I use latest image updated on RPi3

    2. I was able to finally find a workaround to this issue by editing :
      /usr/share/dovecot/dovecot-openssl.cnf

      and commenting out:
      RANDFILE = /dev/urandom

  18. getting this during roundcube-plugins command:
    sudo apt-get install roundcube roundcube-plugins

    ====
    ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: NO) . Your options are: β”‚
    β”‚ * abort – Causes the operation to fail; you will need to downgrade, β”‚
    β”‚ reinstall, reconfigure this package, or otherwise manually intervene β”‚
    β”‚ to continue using it. This will usually also impact your ability to β”‚
    β”‚ install other packages until the installation failure is resolved. β”‚
    β”‚ * retry – Prompts once more with all the configuration questions β”‚
    β”‚ (including ones you may have missed due to the debconf priority β”‚
    β”‚ setting) and makes another attempt at performing the operation. β”‚
    β”‚ * retry (skip questions) – Immediately attempts the operation again, β”‚
    β”‚ skipping all questions. This is normally useful only if you have β”‚
    β”‚ solved the underlying problem since the time the error occurred. β”‚
    β”‚ * ignore – Continues the operation ignoring dbconfig-common errors. β”‚
    β”‚ This will usually leave this package without a functional database. β”‚
    β”‚ β”‚
    β”‚ Next step for database installation: β”‚
    β”‚ β”‚
    β”‚ abort β”‚
    β”‚ retry β”‚
    β”‚ retry (skip questions) β”‚
    β”‚ ignore

    1. Hmmm, did you configure the MySQL user and password during the installation?

      Normally the apt wizard will ask you them, and then the connection should be ok
      Here it seems to use the default settings (root without password)

  19. 2020, Feb: Using a new image NOOBS 3.2, everything was going well until I added
    Edit the Postfix configuration file
    sudo nano /etc/postfix/main.cf

    Tell Postfix to use SASL (add these lines)

    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
    Restart Dovecot and Postfix

    sudo service postfix restart
    sudo service dovecot restart

    Now telnet fails (it worked before these changes and was sending emails outbound):
    telnet localhost 25

    Trying ::1…
    Trying 127.0.0.1…
    Connected to localhost.
    Escape character is ‘^]’.
    Connection closed by foreign host.

    Connection is closed. What is causing this, and how do I fix it?
    Thanks in advance.

  20. Which log files & where?
    In var/log/mail.err I have a couple of errors from postix:
    Feb 10 10:48:12 PiExp1 postfix/smtpd[3131]: error: open database /etc/postfix/helo_access.db: No such file or directory
    Feb 10 10:48:13 PiExp1 postfix/smtpd[3131]: fatal: no SASL authentication mechanisms
    Nothing that seems to indicate why telnet is no longer working…….

  21. I found the error. In syslog I found:
    dovecot[1614]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-master.conf line 123: Unexpected ‘}’
    in the conf file I found the extra “}”:

    service auth {
    unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
    }
    }

    # Postfix smtp-auth
    #unix_listener /var/spool/postfix/private/auth {
    # mode = 0666
    #}

    # Auth process is run as this user.
    #user = $default_internal_user
    }

    When I comment out the last “}”, save the file, restart dovecot, telnet now works!

    This error is also in NOOBS 3.3.
    Thanks you.

  22. Hiya,

    Thanks for these very detailed steps. How difficult is it to achieve this but for multiple domains? I am wanting to have an email server for say domain.com, mydomain.co.uk and anotherdomain.net is it even possible to do this and if so how?

    Cheers πŸ™‚

    1. Hi ChrisS,

      Thanks for your comment πŸ™‚
      I think you just have to put all domains in the configuration, separated with commas

      Something like myhostname = domain1.com, domain2.com, domain3.com

  23. I’m working through the great detailed tutorial. In the “Install Dovecot to allow POP and IMAP connections” section of the tutorial, I think I followed all of the configuration settings, then added a user called “test” with a password of “test”, created the base64 string “AFt0ZXN0XQBbdGVzdF0=”.

    The problem is, when I test this using telnet with “AUTH PLAIN AFt0ZXN0XQBbdGVzdF0=” I get an authentication fail:

    telnet localhost 25
    Trying ::1…
    Trying 127.0.0.1…
    Connected to localhost.
    Escape character is ‘^]’.
    220 xyz.com ESMTP Postfix (Raspbian)
    ehlo xyz.com
    250-xyz.com
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250-DSN
    250-SMTPUTF8
    250 CHUNKING
    AUTH PLAIN AFt0ZXN0XQBbdGVzdF0=
    535 5.7.8 Error: authentication failed:

    In the mail.log file I see: “warning: localhost[127.0.0.1]: SASL plain authentication failed: “, but no more info as to what is wrong. On the Pi itself, I can successfully login as test with the password of test.

    Any ideas as to what went wrong or what additional log files to review?

    Thanks in advance!

  24. Following on from my previous post, I started with a new sd image, and I have found a solution, but I don’t understand the difference.
    When I used the following:
    printf ‘\0%s\0%s’ ‘[test]’ ‘[password]’ | openssl base64

    I got the following result:
    AFt0ZXN0XQBbcGFzc3dvcmRd
    Which when I tested it, failed the authentication.

    I noticed that when using the id “test” with the password of “password”, I got a different result that in the tutorial.
    When I used the following to generate the key:
    echo -ne ‘\000test\000password’ | openssl base64,

    I got the following result which tallied with the tutorial:
    AHRlc3QAcGFzc3dvcmQ=
    When I tested the new key, it authenticated!!

    I hope this helps someone!

    The next issue I have run into, is when I run the command as documented in the tutorial:
    sudo openssl req -new -x509 -nodes -config /usr/share/dovecot/dovecot-openssl.cnf -out dovecot.pem -keyout private/dovecot.pem -days 365

    I get the following error:

    …………………………………………………………………………………………………………….+++++
    ..+++++
    writing new private key to ‘private/dovecot.pem’
    —–
    Cannot write random bytes:
    1995907088:error:2407007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:183:Filename=/dev/urandom

    If anyone has any ideas, I’m all ears!

    Thanks in advance.

  25. I have same error

    Cannot write random bytes:
    3070017552:error:2407007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:183:Filename=/dev/urandom
    pi@FamlundMail:/etc/dovecot $ client_loop: send disconnect: Broken pipe

    Please help with this step

  26. Hello,
    unfortunately my experiment stops immediately at the sending test after setting up postfix.
    Here is the log:

    Apr 18 14:34:34 ck postfix/postfix-script[1367]: stopping the Postfix mail system
    Apr 18 14:34:34 ck postfix/master[719]: terminating on signal 15
    Apr 18 14:34:35 ck postfix/postfix-script[1494]: warning: symlink leaves directory: /etc/postfix/./makedefs.out
    Apr 18 14:34:35 ck postfix/postfix-script[1536]: starting the Postfix mail system
    Apr 18 14:34:36 ck postfix/master[1538]: daemon started — version 3.4.8, configuration /etc/postfix
    Apr 18 14:34:58 ck postfix/pickup[1539]: 96B1C7F793: uid=1000 from=
    Apr 18 14:34:58 ck postfix/cleanup[1555]: 96B1C7F793: message-id=
    Apr 18 14:34:58 ck postfix/qmgr[1540]: 96B1C7F793: from=, size=312, nrcpt=1 (queue active)
    Apr 18 14:34:58 ck postfix/smtp[1557]: 96B1C7F793: to=, relay=smtp.fastwebnet.it[85.18.95.132]:25, delay=0.16, delays=0.07/0.02/0.07/0, dsn=4.0.0, status=deferred (host smtp.fastwebnet.it[85.18.95.132] refused to talk to me: 554 Service not available – access denied)

    What did I do wrong?
    Thanks in advance.
    Greetings, Carlo

    1. port 25 is probably blocked by your ISP. I had to call AT&T to get them to login to my router and open the port for me. They block it on residential lines.

  27. Here there Can you explain MX entry more.
    pop.domain.com
    smtp.domain.com
    imap.domain.com
    mail.domain.com
    are need in mxentry or the child namerserver entry.

    1. Hello,

      MX are DNS entries to add on your domain to tell where your mail server is

      For example, if G Suite is your mail server, you need to add this on your domain :
      https://support.google.com/a/answer/174125?hl=en

      If you are using your Raspberry Pi, you can add only one entry like mail.domain.com, where mail.domain.com redirect to the Raspberry Pi public address

      pop, smtp and imap are not MX entries but probably A or CNAME entries
      With only a Raspberry Pi as your mail server, you can just use mail.domain.com in all the configuration (server and clients)

  28. After following all steps I get

    imap-login: Disconnected (auth failed, 1 attempts in 4 secs): user=, method=PLAIN, rip=xxxxxx, lip=192.168.1.101, TLS: Disconnected, session=

    What am I doing wrong?

  29. Thank you for the website very useful.
    I am, however, struggling to get webmail working. I followed the instructions over but still get a 404 error trying to connect to http://pi/roundcube .. ive checked all the round cube and apache directories and it all looks good… any other suggestions?

    1. Morning All,

      I solved this issue by copying the /usr/share/roundcube directory to /var/www/html and then running:

      chown -R www-data:www-data /var/www/html/roundcube

      (Note you get a permissions error if you don’t run this as the copy operation sets the directory ownership to root)

  30. Enter series of command to test smtp is not clear. Could you explain further please?

Comments are closed.