Raspberry Pi Email Server

raspberry-pi-email-server.png

The RasPi’s small size and low power consumption make it an ideal choice for use as a home email server. After trying a couple of different pieces of software, I finally found an excellent combination: Postfix with Dovecot and Squirrelmail, plus Spamasssassin and Sieve for spam filtering.

There are many, many tutorials out there for the first trilogy of programs, but since the configuration is slightly different for each distribution I kept coming unstuck when setting mine up on the Pi. Having finally got mine configured properly, I’ve put together a set of 5 tutorials, which will take you from a vanilla Raspbian image to a fully functioning email server in no time.

When writing the tutorial I made an effort to explain what each setting does instead of just dumping commands. With a bit of luck at the end of the process you’ll not only have a working server, you’ll understand how it works… without having to wade through reams of documentation like I did!

If you follow the tutorials from start to finish, here’s what you’ll end up with:

  1. An email server that you can run 24/7/365 for under £5 of electricity per year
  2. Personalised email address like you@yourdomain.com (requires you to have registered a domain name with a registrar like namecheap.com - see my DNS basics tutorial)
  3. The ability to connect from anywhere, and read & send email, using a secure IMAP connection on your phone, tablet or computer
  4. Log in to webmail using any web browser on a secure HTTPS connection, read & send email
  5. Complete control over your personal communication. Your emails are stored on YOUR server, and nobody is scanning them to sell you adverts.
  6. Smart spam filtering with Spamassassin
  7. Customisable mail sorting with Sieve rules

Postfix, the Mail Transfer Agent

Postfix Logo
Postfix is the program that lets you send and receive email using Simple Mail Transfer Protocol (SMTP). Whilst you, the user, may connect to your email server using IMAP (on port 143 or 993), or POP (on port 110 or 995), email servers talk to each other using SMTP on port 25.

So, this is the basic core of the server. Without it, you wouldn’t be able to send or receive any emails!

I’ve covered the setup here:
Raspberry Pi Email Server Part 1: Postfix

Dovecot, the POP/IMAP Server

dovecotLogo-300x130_0.png
Dovecot is used for two things:

  1. It provides you with IMAP functionality
  2. It checks that you are who you say you are using Simple Authentication and Security Layer (SASL) before you send or fetch mail

If you’re not interested in connecting with IMAP on your devices, you still need Dovecot. Not only is it doing SASL for you, but Squirrelmail connects using IMAP in order to provide you with webmail.

I’ve covered Dovecot installation and configuration here:
Raspberry Pi Email Server Part 2: Dovecot

Squirrelmail, for Webmail

Squirrelmail Logo
Squirrelmail is handy because it allows you to check your email in any browser, from anywhere.

Of the first three, it’s probably the easiest to configure. I’ve covered it here:
Raspberry Pi Email Server Part 3: Squirrelmail

Spamassassin, for Marking Spam

Spamassassin Logo
Spamassassin is the program that we will use to audit incoming mail and decide whether or not it’s spam. Spamassassin doesn’t actually sort the mail into the spam folder, it only changes information in the headers based on the results of the scan. I’ve covered it here: Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin.

LMTP & Sieve for Spam Sorting & Mailbox Organisation

After Spamassassin has checked incoming mail to see if it’s spam or not, we need another program to sort it into the right mail folder. This final step will be done with Dovecot’s Local Mail Transfer Protocol (LMTP) daemon and a Sieve plugin.

Sieve is a simple programming language that allows users to define what to do with incoming email based on a predefined set of rules – think “if the header contains this flag, put it in the spam folder” kind of thing and you’ll get the gist. Aside from spam filtering, Sieve can be used to automatically sort & de-clutter your inbox. These steps are covered in the final tutorial: Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve

Enjoy! I’d love to hear how you get on, so leave a comment below :)

Type: 

Comments

Hi,

It probably could handle the load, but the hardware is not something I would want to rely on for a business, it's quite easy to get SD card corruption etc. and lose everything.

You should be able to use this guide on any debian derivative (debian, raspbian, ubuntu) on any hardware though.

Sam

Hello,

I was thinking of setting up this emails server on my raspberry pi.. I have one question.

Is there a way to have the messages and attachments saved to an external drive ?? I have a 32G card on my pi now but it could fill up fast with a lot of emails and attachments. is there a way if I attach an external USB hard drive to the pi to have the messages and attachments saved in a folder on the external drive so I can have more storage ?

thanks for any help.

Hey Sam, Really good tutorial.
However when I send emails to my old gmail account, it says it wasn't encrypted.
I'm sending through port 587, and I have a letsencrypt certificate properly installed.
The logs don't show any errors.

Ben,

Well spotted, I've been meaning to add that to the tutorial (for years, actually!).

Set smtp_tls_security_level = may in /etc/postfix/main.cf.

A value of may means your server will use TLS if it is supported by the other server, encrypt means TLS is required and no email will be sent without TLS (which might mean you can't send email to some people).

The corresponding setting for incoming email is smtpd_tls_security_level.

Sam

Brilliant, thanks for that!

Of note, I noticed it said the smtpd_tls_security_level setting overrides the smtpd_use_tls setting set by the tutorial, so I removed that. it works great both ways.

That's weird. Are you logged in locally using a screen or via SSH?

You can try again with sudo dpkg-reconfigure postfix

Sam

i wish i would of done some of these tutorials a decade ago, but is not late.

Great job i hope a younger generation start adopting these tips ASAP

One question I would have is would it be possible to backup your email to a local NAS on a daily basis say? I wouldn't trust important email to be saved to an external HDD without adequate backup?

Sure, just copy the files with whatever utility you're using. Everything is stored in the home directory under ~/Maildir.

Sam

Hi Sam,

I've been getting the following error when trying to send emails via squirrelmail:

Connection refused
111 Can't open SMTP stream

I also can't send any emails via my phone or other devices.

I thought I went down the IMAP route when I set it up...

Looking online, some people think it might be a recent update to postfix or something and others think it may be to do with Plusnet itself. I know we're both with Plusnet and was wondering if you've had any issues recently or any idea what might be wrong.

Please advise.

Regards,

Jo

The internal connection from squirrelmail to your server is local (internal to the server) so that shouldn't be affected by ISP. I don't actually use squirrelmail any more, and I recently moved house so my personal server is currently running on a Scaleway VPS until I find the time to set it up again... limited help to you!

Is there anything relevant in the mail log?

Sam

Hi Sam,

Reading over your page and probably a stupid question but where does the actually user mailboxes get setup ?.

Thanks
Declan

Hi Declan,

You manually create them for existing users (covered in the tutorial), and new users get mailboxes automatically created for them (because of the files placed in /etc/skel, which are used as a template for new home directories).

Sam

constantly getting this error

postfix/postfix-script: warning: /var/spool/postfix/etc/resolv.conf and /etc/resolv.conf differ

not sure when is resetting the one in postfix dir

That's new to me. Resolv.conf is used to specify nameservers (for DNS resolution). Maybe Postfix takes a copy of resolv.conf when it starts up? If you restart postfix, does the error disappear?

Sam

nope i think that where it happens upon reboot , actually not sure here i haven't reboot and i got it again so something is changing it

how can i prevent that

soydepr@coqui:~$ sudo postfix check
[sudo] password for soydepr:
postfix/postfix-script: warning: /var/spool/postfix/etc/resolv.conf and /etc/resolv.conf diff

what is changing is /var/spool/postfix/etc/resolv.conf

true simple cp fixes it but why does /var/spool/postfix/etc/resolv.conf changes

Are you sure it's that file that changes? The warning/error only says that they are different, and /etc/resolv.conf could be updated by your network manager.

Sam

100%. When i check the file in /var is empty

postfix/postfix-script: warning: /var/spool/postfix/etc/resolv.conf and /etc/resolv.conf differ

hi sam,
my server can successfully sends email to yahoo rcpt.. but fails if the rcpt is gmail account

maybe you have some idea

here's the log..

something with the IP
May 14 12:35:23 telnet-20161112 postfix/pickup[25623]: EE8793F30D: uid=33 from=
May 14 12:35:23 telnet-20161112 postfix/cleanup[25744]: EE8793F30D: message-id=<20170514043523.EE8793F30D@telnet-20161112>
May 14 12:35:24 telnet-20161112 postfix/qmgr[25002]: EE8793F30D: from=, size=781, nrcpt=1 (queue active)
May 14 12:35:25 telnet-20161112 postfix/smtp[25746]: EE8793F30D: to=, relay=gmail-smtp-in.l.google.com[74.125.24.26]:25, delay=1.7, delays=0.06/0.02/0.57/1, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.24.26] said: 550-5.7.1 [116.87.187.48] The IP you're using to send mail is not authorized to 550-5.7.1 send email directly to our servers. Please use the SMTP relay at your 550-5.7.1 service provider instead. Learn more at 550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError l184si7361525pga.236 - gsmtp (in reply to end of DATA command))
May 14 12:35:25 telnet-20161112 postfix/cleanup[25744]: 9F9A13F30E: message-id=<20170514043525.9F9A13F30E@telnet-20161112>
May 14 12:35:25 telnet-20161112 postfix/bounce[25747]: EE8793F30D: sender non-delivery notification: 9F9A13F30E
May 14 12:35:25 telnet-20161112 postfix/qmgr[25002]: 9F9A13F30E: from=<>, size=3236, nrcpt=1 (queue active)
May 14 12:35:25 telnet-20161112 postfix/qmgr[25002]: EE8793F30D: removed
May 14 12:35:25 telnet-20161112 postfix/local[25748]: warning: maildir access problem for UID/GID=33/33: create maildir file /var/www/Maildir/tmp/1494736525.P25748.telnet-20161112: Permission denied
May 14 12:35:25 telnet-20161112 postfix/local[25748]: warning: perhaps you need to create the maildirs in advance

Yeah, either your ISP has marked the range of IP addresses you are using as residential and not for servers, or google has blocked it because of a spam problem. Can you get a static IP address from your ISP?

Also, the error about /var/www/Maildir is odd, have you tried to add email an account for www-data or something?

Sam

First of all thank you for your excellent tutorial. No way there's a better one. I'm saying this because I managed to get my e-mail working properly. The big issues were not getting blocked by gmail, but I was successful.

Next Steps (at least I will try):

- Fresh install in a Raspberry Pi Zero W, dedicated only to e-mail and even for the sake of energy consumption;
- Add a second Raspberry in another location to backup the main one;

Thank you again Sam!

Sounds like a good plan. Creating some sort of backup solution is smart, I got burned once when the USB flash drive that I was using as root on my pi got corrupted and I lost everything.

Sam

Pages

Add new comment