The RasPi’s small size and low power consumption make it an ideal choice for use as a home email server. After trying a couple of different pieces of software, I finally found an excellent combination: Postfix with Dovecot and Squirrelmail, plus Spamasssassin and Sieve for spam filtering. There are many, many tutorials out there for the first trilogy of programs, but since the configuration is slightly different for each distribution I kept coming unstuck when setting mine up on the Pi. Having finally got mine configured properly, I’ve put together a set of 5 tutorials, which will take you from a vanilla Raspbian image to a fully functioning email server in no time. When writing the tutorial I made an effort to explain what each setting does instead of just dumping commands. With a bit of luck at the end of the process you’ll not only have a working server, you’ll understand how it works… without having to wade through reams of documentation like I did! If you follow the tutorials from start to finish, here’s what you’ll end up with:
- An email server that you can run 24/7/365 for under £5 of electricity per year
- Personalised email address like email@example.com (requires you to have registered a domain name with a registrar like namecheap.com - see my DNS basics tutorial)
- The ability to connect from anywhere, and read & send email, using a secure IMAP connection on your phone, tablet or computer
- Log in to webmail using any web browser on a secure HTTPS connection, read & send email
- Complete control over your personal communication. Your emails are stored on YOUR server, and nobody is scanning them to sell you adverts.
- Smart spam filtering with Spamassassin
- Customisable mail sorting with Sieve rules
Postfix, the Mail Transfer Agent
Postfix is the program that lets you send and receive email using Simple Mail Transfer Protocol (SMTP). Whilst you, the user, may connect to your email server using IMAP (on port 143 or 993), or POP (on port 110 or 995), email servers talk to each other using SMTP on port 25. So, this is the basic core of the server. Without it, you wouldn’t be able to send or receive any emails! I’ve covered the setup here: Raspberry Pi Email Server Part 1: Postfix
Dovecot, the POP/IMAP Server
Dovecot is used for two things:
- It provides you with IMAP functionality
- It checks that you are who you say you are using Simple Authentication and Security Layer (SASL) before you send or fetch mail
If you’re not interested in connecting with IMAP on your devices, you still need Dovecot. Not only is it doing SASL for you, but Squirrelmail connects using IMAP in order to provide you with webmail. I’ve covered Dovecot installation and configuration here: Raspberry Pi Email Server Part 2: Dovecot
Squirrelmail, for Webmail
Squirrelmail is handy because it allows you to check your email in any browser, from anywhere. Of the first three, it’s probably the easiest to configure. I’ve covered it here: Raspberry Pi Email Server Part 3: Squirrelmail
Spamassassin, for Marking Spam
Spamassassin is the program that we will use to audit incoming mail and decide whether or not it’s spam. Spamassassin doesn’t actually sort the mail into the spam folder, it only changes information in the headers based on the results of the scan. I’ve covered it here: Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin.
LMTP & Sieve for Spam Sorting & Mailbox Organisation
After Spamassassin has checked incoming mail to see if it’s spam or not, we need another program to sort it into the right mail folder. This final step will be done with Dovecot’s Local Mail Transfer Protocol (LMTP) daemon and a Sieve plugin. Sieve is a simple programming language that allows users to define what to do with incoming email based on a predefined set of rules – think “if the header contains this flag, put it in the spam folder” kind of thing and you’ll get the gist. Aside from spam filtering, Sieve can be used to automatically sort & de-clutter your inbox. These steps are covered in the final tutorial: Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve Enjoy! I’d love to hear how you get on, so leave a comment below :)
So I started with you suggestion re: Mutt, and after toying with it a bit was able to determine you were right - it was IMAP related. So I checked my Dovecot settings and sure enough although I'd reconfigured mail_location I'd neglected to delete the default value. As a result, Dovecot appeared to be looking in that directory. All is running smoothly now.
Thank you again for your help. I'd convinced myself that Spamassassin was the culprit and would've never found this without your insight!
I have followed the 5 tutorials, and set up my new mailserver without any problems. Your documentation is not only accurate, but also educational. Most howto's are just a bunch of sudoing commands and config edits.
Your tutorials are excellent and it works!
I must say your postfix config with helo rules is brilliant, and has reduced the amount of spam that reaches spamassasin to a tiny fraction.
The future looks bright as My PI is now cloned, and the image kept safe together with regular /Maildir backups. So if it ever comes to a halt, I'll be up and tunning again in no time :)
Thanks again, Life is good
greetings from Norway
Does this tutorial still work?
Brilliant - sheer joy at the end. I made a bunch of rookie errors that had me tearing out my hair.
I used dynu.com as a relay and put a space before my password in the relay login field after the colon (username:password) so the first thing to fail was the relay.
The relay and postfix have been configured to use port 2525 because port 25 outgoing is blocked. But I made the mistake of not mapping port 25 incoming to port 2525 on my server in my router. This meant that nothing arrived from outside of my lan and of course this meant there was absolutely nothing to see in the logs. I am a bit confused by this because I believed that everything from outside would be using port 993. I wasted hours trying to troubleshoot this but it was not wasted time of course, it was learning time. No pain, no brain.
I even tried setting up citadel suite in a virtual machine instead at one point and learned a whole other bunch of stuff about things not working.
I struggled with registering to get a certificate, following your tutorial, because it asked if I owned the mail address that I wanted to use. So I guess this means that to register I need to give the mail address at my server. I could not do this because I could not receive mail at that point. Hopefully this will be fine now. I think the single hardest thing to get a clear handle on is the SSL certificate and request for signing (csr) shenanigans. I have a bunch of questions about how many certs I need - can I use the same one for my Apache https and my mail server? Can postfix and dovecot refer to the same certificate? I sort of get it that a wildcard certificate can be used for all virtual web hosts in the same domain and that these are more expensive from commercial providers. I am not sure if I understand why they should be more expensive though.
Am all set for squirrel mail and anti-spam now.
Thanks for your work in putting this all together. I am by nature lazy and I guess I will have to put some effort into learning the SSL methodology properly.
for me, the Mail server is working, i can send and receive emails.
But i just can log in via K9-Mail and not via Thunderbird.
Also i needed to accept, that the certificate i sunsafe, when i logged in via K9. (once for imap and once for smtp)
I created my certificate like in ur tutorial and added the correct paths into the postfix and dovecot configuration files.
What could be wrong here?
So if i understand that right i need to Use another Client for the Computer.
the CACert Root Certificate is installed to my Computer. Is it the Same one for Android Phones?
Ok, i installed the Ca-Cert Root Certificates on my Android Phone now. Then i tried logging in via K9 again.
I succeeded logging in, but again i got the Error, that the Certificate is not trusted.
What options do i need to check over in the configs of Postfix and Dovecot?
Maybe i did something wrong while creating the cert? The .key and the .crt File are in the correct location.
I've got another question, is it valuable to use this setup as my main Email Adress?
Sorry for my bad english ;)
Im creating a new cert now, i think i did paste the wrong thing at the CA-Cert Website.
I'll write back here if its working, it seems to last very long for the Cert to be accepted at the moment...
Thank you to this point :)
Hello, i did configure everything again with the new cert:
sise-it.crt is in /etc/ssl/certs
sise-it.key is in /etc/ssl/private
The CA-Cert Root Certificate ist installed to the Server and to my PC as Client. I did this again to verify.
The paths in the config files of Postfix and Dovecot are correct.
After that i did restart dovecot and postfix.
What could be the Problem now? I can give you more information if it helps to solve my Problem.
My Domain Name is sise-it.com
I would be very happy about any idea.
Have a nice day. :)
i wasnt working on the Mail Server, i did just edit some HTML Files of my Apache-Hosted Website. This shouldnt affect the Mail Server, right?
i checked the system load with "top" and my server is in idle most of the time....
Maybe its caused by my bad internet connection at home, i just have 16mbit download and about 1,5-2mbit upload.
I already planned to upgrade to 50mbit(10 upload) here.
Additionally im running a Website, a Nextcloud, a Emby Media Server and the Mail Server, maybe this is to heavy for my connection.
But anyway, how else could i check if im spammed with tons of requests, and how can i avoid that? Is cloudflare a good option?
But the thing with the certificate must be another problem, right?
Hope you are well.
I was wondering whether you would be able to shed some light on a strange issues i'm having. Recently my pi crashed and required rebooting, (i'm not sure what caused it and couldnt find anything obvious in the logs). I logged into my webmail and was able to check email - all OK, however on going to send an email within Squirrelmail I receive "554 5.7.1 : Relay access denied". I first thought perhaps spam filters, so went down that rabbit hole, only to find its not related. It turns out my outlook client on my mobile works fine for sending emails from this account. So the line in my postfix main.cf i'm questioning is mynetworks = 127.0.0.0/8 which is specified under smtpd_relay_restrictions = permit_mynetworks. This had worked before, so i'm unsure what has changed.
Nov 14 10:35:37 raspberrypi001 postfix/smtpd: connect from localhost[127.0.0.1]
Nov 14 10:35:37 raspberrypi001 postfix/smtpd: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=
Nov 14 10:35:37 raspberrypi001 postfix/smtpd: lost connection after RCPT from localhost[127.0.0.1]
Nov 14 10:35:37 raspberrypi001 postfix/smtpd: disconnect from localhost[127.0.0.1]
Could I again be chasing the wrong thing and simply need to restart a service?
Also, do you have any articles on setting up an additional mail server within the same network in case one is down a load balancer could take care of it?
permit_mynetworksin the restriction lists like you said. I don't think I ever configured it to use SMTP authentication when sending email, but can you check your current settings to see what it's doing? It would be worth comparing the settings to the sender, recipient, helo and relay restriction lists to see where it might be being rejected. As for your other question, you can use an MX backup for additional redundancy when one server is down. This helps ensure you receive incoming mail, but doesn't solve your outgoing mail issue. I've never investigated using load balancing servers. Sam
My Raspberry Pi email server has worked fine for the past year.
The Pi itself is running jessie. Should I upgrade this to stretch?
(I have had one attempt, but it was unsuccessful, and I had to restore the image backup.)
I have tried upgrading to Stretch but I then find that if I use xrdp to connect to the Pi all I get is a blank screen rather than the desktop.
Google does not know the answer to that problem!
Xrdp works fine on a fresh install of Stretch.
Any notes on how to copy the email configuration from one Pi to another would be appreciated.
Have come across your website a few days ago. I have also spent some time looking for other mail server solution on Raspberry Pi. I have been working on Citadel for the last few days, but it's not working properly and it won't login.
I want to consider your solution here, but I must first ask if this is still a good option to go with considering that this article been written a few years ago.
My main objective is to have my own mail server.