Raspberry Pi Email Server

raspberry-pi-email-server.png

The RasPi’s small size and low power consumption make it an ideal choice for use as a home email server. After trying a couple of different pieces of software, I finally found an excellent combination: Postfix with Dovecot and Squirrelmail, plus Spamasssassin and Sieve for spam filtering.

There are many, many tutorials out there for the first trilogy of programs, but since the configuration is slightly different for each distribution I kept coming unstuck when setting mine up on the Pi. Having finally got mine configured properly, I’ve put together a set of 5 tutorials, which will take you from a vanilla Raspbian image to a fully functioning email server in no time.

When writing the tutorial I made an effort to explain what each setting does instead of just dumping commands. With a bit of luck at the end of the process you’ll not only have a working server, you’ll understand how it works… without having to wade through reams of documentation like I did!

If you follow the tutorials from start to finish, here’s what you’ll end up with:

  1. An email server that you can run 24/7/365 for under £5 of electricity per year
  2. Personalised email address like you@yourdomain.com (requires you to have registered a domain name with a registrar like namecheap.com - see my DNS basics tutorial)
  3. The ability to connect from anywhere, and read & send email, using a secure IMAP connection on your phone, tablet or computer
  4. Log in to webmail using any web browser on a secure HTTPS connection, read & send email
  5. Complete control over your personal communication. Your emails are stored on YOUR server, and nobody is scanning them to sell you adverts.
  6. Smart spam filtering with Spamassassin
  7. Customisable mail sorting with Sieve rules

Postfix, the Mail Transfer Agent

Postfix Logo
Postfix is the program that lets you send and receive email using Simple Mail Transfer Protocol (SMTP). Whilst you, the user, may connect to your email server using IMAP (on port 143 or 993), or POP (on port 110 or 995), email servers talk to each other using SMTP on port 25.

So, this is the basic core of the server. Without it, you wouldn’t be able to send or receive any emails!

I’ve covered the setup here:
Raspberry Pi Email Server Part 1: Postfix

Dovecot, the POP/IMAP Server

dovecotLogo-300x130_0.png
Dovecot is used for two things:

  1. It provides you with IMAP functionality
  2. It checks that you are who you say you are using Simple Authentication and Security Layer (SASL) before you send or fetch mail

If you’re not interested in connecting with IMAP on your devices, you still need Dovecot. Not only is it doing SASL for you, but Squirrelmail connects using IMAP in order to provide you with webmail.

I’ve covered Dovecot installation and configuration here:
Raspberry Pi Email Server Part 2: Dovecot

Squirrelmail, for Webmail

Squirrelmail Logo
Squirrelmail is handy because it allows you to check your email in any browser, from anywhere.

Of the first three, it’s probably the easiest to configure. I’ve covered it here:
Raspberry Pi Email Server Part 3: Squirrelmail

Spamassassin, for Marking Spam

Spamassassin Logo
Spamassassin is the program that we will use to audit incoming mail and decide whether or not it’s spam. Spamassassin doesn’t actually sort the mail into the spam folder, it only changes information in the headers based on the results of the scan. I’ve covered it here: Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin.

LMTP & Sieve for Spam Sorting & Mailbox Organisation

After Spamassassin has checked incoming mail to see if it’s spam or not, we need another program to sort it into the right mail folder. This final step will be done with Dovecot’s Local Mail Transfer Protocol (LMTP) daemon and a Sieve plugin.

Sieve is a simple programming language that allows users to define what to do with incoming email based on a predefined set of rules – think “if the header contains this flag, put it in the spam folder” kind of thing and you’ll get the gist. Aside from spam filtering, Sieve can be used to automatically sort & de-clutter your inbox. These steps are covered in the final tutorial: Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve

Enjoy! I’d love to hear how you get on, so leave a comment below :)

Type: 

Comments

Hi Sam,

Thanks a lot for getting back to me.

Can the mail server, configured by the combination of postfix/dovecot be accessed using other email applications? Such as Microsoft Outlook, or from mobile devices, or even Thunderbird?

I am asking this just to make sure there would be an alternative if Squirrelmail is out of the list.

Saeed

Saeed,

Yes, you can use any mail client that supports SMTP and IMAP (outlook should be fine). Some people using Thunderbird on Windows have reported TLS issues so I wouldn't recommend it any more. K9 mail on Android is great, mail clients on other devices should work fine too.

Squirrelmail is a web app though, so none of those are really a like-for-like replacement for it. Roundcube and rainloop are alternatives for webmail.

Sam

Hi Sam,

Thanks again for you prompt reply.

I have finished the postfix configuration. However, there is one thing that didn't work as expected, and that's the ssl certificate configuration.

After running the command below:
openssl s_client -connect localhost:465 -quiet -CApath /etc/ssl/certs
I still got the error: 'verify error:num=18:self signed certificate'.

Everything before the command above, resulted as expected. Can you please advise?

Kind regards,
Saeed

That's the expected output if you're using a self-signed cert, as explained in the tutorial:

We got some errors because the certificate is self-signed (it's not signed by a certificate that is in the trusted root store on the server) but this is OK because we're just using the certificate for testing for now. When you come back later to set up a proper certificate, you can use this command to verify it. The -CApath option tells openssl where the trusted certificates are stored on your system:

Sam

Hey Sam -

Great tutorial, very easy to follow. I can receive emails with no issues. I have setup imap to receive and send emails with no issues. However, I am unable to send emails. The /var/log/mail.log provides the following output:

postfix/smtp[16475]: connect to fmailhost01.isp.att.net[204.127.217.101]:25: Connection timed out

As you can see, I am using the following relay: relayhost = fmailhost01.isp.att.net (my interest is att, following their instructions from https://www.att.com/esupport/postmaster/mail-servers/index.jsp)

If i leave the relayhost blank it provides a similar error.

postfix/smtp[16540]: connect to alt1.gmail-smtp-in.l.google.com[209.85.232.26]:25: Connection timed out

I called at&t and they indicated that port 25 is not being filtered on their end. Any ideas on how to fix this?

Michael

Sorry, I don't know. Looks like port blocking to me.

Is your setup fairly standard (simple home router & modem with mostly default settings?). I'm wondering if you could have a firewall on your router that is blocking outbound traffic as well as the usual setup, which is to block incoming.

Sam

I usually use Publisher to send out mass emails. What program would i use on the Rasberry Pi? Thanking you in advance.

Hi Sam,

I hosted my domain with Google Domains and have forwarded custom email addresses to my Gmail. I want to fully implement SPF, DKIM, and DMARC, which I did with services like SendinBlue's SMTP server. The DMARC auth_results for both SPF and DKIM pass but the SPF failed under policy_evaluated due to the difference in Mail From and Header From. I would like to enforce DMARC to pass with both SPF and DKIM evaluated as pass, so I am considering implementing my own SMTP server for sending mail only. In this case, do I only need to set up Postfix?

Regards,
Anson

Many thanks for your tutorial. Is there a way to check email attachments for viruses or malware - I want to collect some resumes via blog form, but keep the replies segregated, so I'd like to keep and clean the email attachments on the Pi 3B+ - does making the pi an email server and sending the responses to Gmail or Squirrel on the Pi help with that, or is it overkill? Thanks again

Hi Ed,

Spamassassin doesn't do antivirus at all, it just ranks the spamminess of emails. There's some overlap, but in theory a sender with a low spamminess could send you a virus.

I wouldn't worry about it if all your machines run linux, but if you have email clients on windows then you might want to look at using amavis instead of spamassassin on its own. Amavis can be configured to run the open source virus checker clamav as well as spamassassin.

Sam

After many years your tutorial is still very useful! 100% working!!! :D Thank you very much! There are, indeed, other tutorials , but... One tiny thing. You could also create an Archive folder in /etc/skel/...

Hi Sam,

My email server has been running great for a few years now. I saw tonight that I couldn't send any emails...they kept being returned. I saw that it was a spamhaus block...like I had a few years ago. I followed the instructions and got it unblocked.

After the 30 minute wait I still couldn't send emails. I decided to restart the Pi. It wouldn't restart properly...kept going into a blank screen with flashing cursor. After about an hour of trying I finally got back in, but this time I can't send or receive emails.

I saw in the log that apache was down, so I restarted it. Still nothing. I reloaded the services (dovecot/postfix)...but still nothing.

Any ideas?

Thank you.

Jo

Jo,

Sorry for the late reply. Could it be a DNS or port forwarding problem? I can't remember if you have a static or dynamic IP address.

Other than that, you'll have to look at the logs and run through some of the tests to see what the problem is.

Kind regards,

Sam

Please help me ! I have installed postxfix and then dovecot , If I want save all mail on mounted usb disk, for example: /mnt/dati/Maildir
what should i do?
If I write postfix main.cf : home_mailbox = /mnt/dati/Mail - but not work !!
If I write dovecot 10-mail.conf : mail_location = /mnt/dati/Mail - but not work !!
where am I wrong ??
thank

In these times dynamic ips (those from ISP) are blocked and blacklisted. Most ports are blocked by ISP as well. Fortunately there is a solution. In order to get past the port block, try MXGuardDog. You can forward your emails to a non standard port for receiving. For sending, you need an relay. SendInBlue offers a free relay (with messages marked at bottom). I will not provide the links, as this is not my page, but a simple search will find both.

Sam

Have you encountered this when using your email server?

The mail system

: host
hotmail-com.olc.protection.outlook.com[104.47.9.33] said: 550 5.7.1
Unfortunately, messages from [103.xxx.xxx.xxx] weren't sent. Please contact
your Internet service provider since part of their network is on our block
list (S3150). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[VE1EUR03FT005.eop-EUR03.prod.protection.outlook.com] (in reply to MAIL
FROM command)

I have this a lot when sending to hotmail accounts, due to the low volume from my server, its marked as untrusted and not delivered.

Any tips on how to resolve this.

tks Darrin

Hi Darrin,

Sorry to keep you waiting. "You", or more likely the whole range of (presumably) dynamically assigned IP addresses you could have with your ISP, are likely blacklisted because email providers don't expect to be receiving legitimate email from those addresses.

Does your ISP let you request a static IP address? Sometimes the dynamic IP addresses are blacklisted and the static IP addresses aren't. Some providers are much better than others in this regard.

Sam

Thanks Sam.

I didn't think about the entire subnet being on the black list. Yes I have a static IP address from my provider, but it must still be on the black list. I will try changing providers, as I am having some issues with them, apart from this.

Tks Darrin.

I'm tempted to do a completely new set of tutorials to be honest, they could do with an update as they have a lot of historical baggage, although the principles are still the same.

Can't do it right now though, I'm crazy busy. Sorry :)

You should be able to install roundcube using pretty much any tutorial you like, though. I quite like Rainloop, too.

Sam

Hi Sam. Working through your tutorials is teaching me a lot. Thanks for the massive amount of effort you've obviously put into them! I'm on my third pass, as everything works until I get halfway through the Dovecot installation, but I'm not giving up, and I learn a bit more with each try. I think my main problem is that I haven't been able to validate my self signed certificate, as I don't have an email set up with the domain name I've just bought, but I'll figure it out eventually.

Tony,

Glad the tutorials are still of use. Which error are you getting when testing Dovecot?

You may want to look at LetsEncrypt for a free signed certificate when you come to it. The certbot site has customised instructions for installation (for example, apache on debian buster for your setup if you're using raspbian buster).

Sam

Pages

Add new comment