Raspberry Pi Email Server

Powered by Drupal

raspberry-pi-email-server.png

The RasPi’s small size and low power consumption make it an ideal choice for use as a home email server. After trying a couple of different pieces of software, I finally found an excellent combination: Postfix with Dovecot and Squirrelmail, plus Spamasssassin and Sieve for spam filtering. There are many, many tutorials out there for the first trilogy of programs, but since the configuration is slightly different for each distribution I kept coming unstuck when setting mine up on the Pi. Having finally got mine configured properly, I’ve put together a set of 5 tutorials, which will take you from a vanilla Raspbian image to a fully functioning email server in no time. When writing the tutorial I made an effort to explain what each setting does instead of just dumping commands. With a bit of luck at the end of the process you’ll not only have a working server, you’ll understand how it works… without having to wade through reams of documentation like I did! If you follow the tutorials from start to finish, here’s what you’ll end up with:

  1. An email server that you can run 24/7/365 for under £5 of electricity per year
  2. Personalised email address like you@yourdomain.com (requires you to have registered a domain name with a registrar like namecheap.com - see my DNS basics tutorial)
  3. The ability to connect from anywhere, and read & send email, using a secure IMAP connection on your phone, tablet or computer
  4. Log in to webmail using any web browser on a secure HTTPS connection, read & send email
  5. Complete control over your personal communication. Your emails are stored on YOUR server, and nobody is scanning them to sell you adverts.
  6. Smart spam filtering with Spamassassin
  7. Customisable mail sorting with Sieve rules

Postfix, the Mail Transfer Agent

Postfix Logo

Postfix is the program that lets you send and receive email using Simple Mail Transfer Protocol (SMTP). Whilst you, the user, may connect to your email server using IMAP (on port 143 or 993), or POP (on port 110 or 995), email servers talk to each other using SMTP on port 25. So, this is the basic core of the server. Without it, you wouldn’t be able to send or receive any emails! I’ve covered the setup here: Raspberry Pi Email Server Part 1: Postfix

Dovecot, the POP/IMAP Server

dovecotLogo-300x130_0.png

Dovecot is used for two things:

  1. It provides you with IMAP functionality
  2. It checks that you are who you say you are using Simple Authentication and Security Layer (SASL) before you send or fetch mail

If you’re not interested in connecting with IMAP on your devices, you still need Dovecot. Not only is it doing SASL for you, but Squirrelmail connects using IMAP in order to provide you with webmail. I’ve covered Dovecot installation and configuration here: Raspberry Pi Email Server Part 2: Dovecot

Squirrelmail, for Webmail

Squirrelmail Logo

Squirrelmail is handy because it allows you to check your email in any browser, from anywhere. Of the first three, it’s probably the easiest to configure. I’ve covered it here: Raspberry Pi Email Server Part 3: Squirrelmail

Spamassassin, for Marking Spam

Spamassassin Logo

Spamassassin is the program that we will use to audit incoming mail and decide whether or not it’s spam. Spamassassin doesn’t actually sort the mail into the spam folder, it only changes information in the headers based on the results of the scan. I’ve covered it here: Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin.

LMTP & Sieve for Spam Sorting & Mailbox Organisation

After Spamassassin has checked incoming mail to see if it’s spam or not, we need another program to sort it into the right mail folder. This final step will be done with Dovecot’s Local Mail Transfer Protocol (LMTP) daemon and a Sieve plugin. Sieve is a simple programming language that allows users to define what to do with incoming email based on a predefined set of rules – think “if the header contains this flag, put it in the spam folder” kind of thing and you’ll get the gist. Aside from spam filtering, Sieve can be used to automatically sort & de-clutter your inbox. These steps are covered in the final tutorial: Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve Enjoy! I’d love to hear how you get on, so leave a comment below :)

Comments

Hi Sam.

I've just spent quite a lot of time (days, not weeks) struggling to get an email server working on my RPi4. I kept having problems when following this and other tutorials, and I thought it was because the tutorials were written years before the RPi4 came out, and the RPi4 is different to the previous Pis, and also because some of the software had changed through the years. I even asked a question here, which you kindly answered.

But, after spending a lot of frustrated time on it, I've finally learned that I could never have set up an email server without one particular thing which no tutorial mentioned - a static IP address. Spam checkers, such as Spamhaus, have a policy to blacklist pools of dynamic IP addresses, which meant that my, and probably most people's, Pis can't become a full email server by simply following the tutorials.

The reason I'm writing this is to suggest that you include the necessity of a static IP address at the start of the tutorial. And also a small section on setting the DNS end of things (MX record). It would have saved me a lot of time.

Mike Weaver

Sun, 03/15/2020 - 07:01

Hi Sam - I followed your excellent articles some years ago, and have had a home email server running on a Pi very satisfactorily since then. I use Thunderbird to read and write email on a Win10 laptop and that too has been great. Then, all of a sudden, I can't read any mail. In addition, if I try to send mail I get a dialog "Sending of the message failed. Certificate type not approved for application. The configuration related to must be corrected." If I open the mail directories on the Pi directly, I can see the mail is being both received and sent ie For example, I can send using telnet as per instructions and see a reply from a webmail account. I just can't use Thunderbird all of a sudden! I've spent a few hours trying to find the problem - checked certificates etc and configurations of Postfix and Dovecote and all seems to be OK. Do you have any clues as to what it might be? (I can see in my log I've had someone from Russia (and I'm in Australia) trying to access the system, but it also shows they haven't had any success - thanks to your advice!) Thanks in advance! - Mike

Hi mike, Sorry for the very late reply. I have a hunch it's something to do with certain versions of TLS being deprecated, thunderbird may not support the newer versions (which may be the only ones offered on port 993 for example). Where do you get your version of thunderbird from? I think it only receives maintenance updates these days (not new features). A different client should work fine, but i expect you would like to stick with thunderbird if you're used to it! The other option is to amend the dovecot config to do STARTTLS on port 143 and change your connection settings in thunderbird. Sam

Thanks, Sam! Don't apologise - I'm as much to blame as your reply went to my Junk folder, and I've only just seen it. I have more information that may help others. I used CA certificates, as you suggested. However, there was a problem with the CA infrastructure, and the admins couldn't fix it due to covid19 restrictions. So, as I'd really worked out that my problem was a 'certificate' issue, I did some research and used 'Let's Encrypt' instead. I will happily tell you what I did if you wish - it took a few attempts and a bit of messing around to get the certificates, but when I did, after modifying the Postfix 'main.cf' and the Dovecot '10-ssl.conf' files, to point to the Let's Encrypt (LE) certificate and key, it all worked. It's very topical as I have just, in the last two days, had to rebuild my email server on a different system. Now that the CA infrastructure is working again, I used their updated certificates for my domain - and they didn't work!! So, back to LE; again making sure to modify the pointers to those cert and key files in the Postfix and Dovecot config files, and everything works. With Thunderbird! (which I must admit to rather liking..... :-) ) I must say that printing the pages of explanation all those years ago on how to build the server may have been one of my better moves!! If this is still a 'current' explanation, it might be worth adding a section on using Let's Encrypt rather than using CA Cert? I have a friend here in Perth who is a CA Cert 'assurer' and he tells me he really hasn't seen much action for a few years now?

I'm actually using LE myself now for lots of different things (this site, another site, email, prosody IM server) and I think it's great! Had a bit of a faff when my configuration stopped working after I upgraded to a new release of Ubuntu (what actually happened is I upgraded, didn't notice the old config wasn't working any more, and then had a panic when they sent me an email reminder that the cert was about to expire!). My fault. If I get the chance I will write a guide, although I found the docs for certbot are pretty good. I've been meaning to do a complete refresh of my email server guide since it has been so long and the default config files have changed a bit... life gets in the way though! I'm not surprised CAcert are quiet nowadays, LE kind of ate their lunch... Sam

Is it possible to use Sendmail instead of Postfix in your tutorial and how would one go about that?

https://samhobbs.co.uk/raspberry-pi-email-server

I'm looking to setup a "clone", if you will, to do some email testing before doing the actual changes on our actual email server which is on CentOS 7 and not Ubuntu. Since both are Linux, I didn't think the OS would/should matter too much however I would like to use Sendmail instead of Postfix.

There's no reason why you can't use sendmail as MTA but it will affect the config in quite a few different parts of the tutorial. Is there a reason you want to use sendmail? My boss said he used to use it and configuration was a pig. Sam

Been using your fantastic tutorial for a few years now. Have even used it to implement a mail server for our company on a Linode VPS. Works perfectly.

However, can you maybe give us some pointers regards the following returned email we have received in the last few days, when attempting to mail users who have outlook.com or hotmail.com addresses?

"Action: failed
Final-Recipient: rfc822;foo@hotmail.com
Status: 5.0.0
Remote-MTA: dns; hotmail-com.olc.protection.outlook.com
Diagnostic-Code: smtp; 550 5.7.1 Unfortunately, messages from [xxx.xx.xxx.xxx] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [BN8NAM11FT026.eop-nam11.prod.protection.outlook.com]"

Any advice would be most appreciated.

hello. could you add a tutorial on how to add fail2ban on your email server?

Hey,
Has this tutorial stood the test of time? - is this stack still effective?

And I’m looking at setting this up on a Pi4, should I go for the 2gb or 4gb (ram) one?

Hi Sam,

Hope you are well.

I've had a spamhaus issue and according to them it's a bot that is spamming as me from one of my computers. Their solution is to close port 25 permanently and use a secure SMTP (which I do - SMTP over SSL port 465).

Would that be ok? Would I have to comment out any settings I did when setting up my email server?

Please advise.

Regards,

Jo

Bob Breece

Mon, 07/12/2021 - 18:08

Thank you for the guide, everything working as it should, But spam emails sent from/to the same local user are getting through..
E.g From: Spammer@(mydomain).co.uk To: Spammer@(mydomain).co.uk

Now i would have thought this would be resolved with:
(mydomain).co.uk REJECT Get lost - you're lying about who you are
mail.(mydomain).co.uk REJECT Get lost - you're lying about who you are

Any help would be appreciated.

Add new comment

The content of this field is kept private and will not be shown publicly.

Filtered HTML

  • Web page addresses and email addresses turn into links automatically.
  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.