Raspberry Pi Email Server

raspberry-pi-email-server.png

The RasPi’s small size and low power consumption make it an ideal choice for use as a home email server. After trying a couple of different pieces of software, I finally found an excellent combination: Postfix with Dovecot and Squirrelmail, plus Spamasssassin and Sieve for spam filtering.

There are many, many tutorials out there for the first trilogy of programs, but since the configuration is slightly different for each distribution I kept coming unstuck when setting mine up on the Pi. Having finally got mine configured properly, I’ve put together a set of 5 tutorials, which will take you from a vanilla Raspbian image to a fully functioning email server in no time.

When writing the tutorial I made an effort to explain what each setting does instead of just dumping commands. With a bit of luck at the end of the process you’ll not only have a working server, you’ll understand how it works… without having to wade through reams of documentation like I did!

If you follow the tutorials from start to finish, here’s what you’ll end up with:

  1. An email server that you can run 24/7/365 for under £5 of electricity per year
  2. Personalised email address like you@yourdomain.com (requires you to have registered a domain name with a registrar like namecheap.com - see my DNS basics tutorial)
  3. The ability to connect from anywhere, and read & send email, using a secure IMAP connection on your phone, tablet or computer
  4. Log in to webmail using any web browser on a secure HTTPS connection, read & send email
  5. Complete control over your personal communication. Your emails are stored on YOUR server, and nobody is scanning them to sell you adverts.
  6. Smart spam filtering with Spamassassin
  7. Customisable mail sorting with Sieve rules

Postfix, the Mail Transfer Agent

Postfix Logo
Postfix is the program that lets you send and receive email using Simple Mail Transfer Protocol (SMTP). Whilst you, the user, may connect to your email server using IMAP (on port 143 or 993), or POP (on port 110 or 995), email servers talk to each other using SMTP on port 25.

So, this is the basic core of the server. Without it, you wouldn’t be able to send or receive any emails!

I’ve covered the setup here:
Raspberry Pi Email Server Part 1: Postfix

Dovecot, the POP/IMAP Server

dovecotLogo-300x130_0.png
Dovecot is used for two things:

  1. It provides you with IMAP functionality
  2. It checks that you are who you say you are using Simple Authentication and Security Layer (SASL) before you send or fetch mail

If you’re not interested in connecting with IMAP on your devices, you still need Dovecot. Not only is it doing SASL for you, but Squirrelmail connects using IMAP in order to provide you with webmail.

I’ve covered Dovecot installation and configuration here:
Raspberry Pi Email Server Part 2: Dovecot

Squirrelmail, for Webmail

Squirrelmail Logo
Squirrelmail is handy because it allows you to check your email in any browser, from anywhere.

Of the first three, it’s probably the easiest to configure. I’ve covered it here:
Raspberry Pi Email Server Part 3: Squirrelmail

Spamassassin, for Marking Spam

Spamassassin Logo
Spamassassin is the program that we will use to audit incoming mail and decide whether or not it’s spam. Spamassassin doesn’t actually sort the mail into the spam folder, it only changes information in the headers based on the results of the scan. I’ve covered it here: Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin.

LMTP & Sieve for Spam Sorting & Mailbox Organisation

After Spamassassin has checked incoming mail to see if it’s spam or not, we need another program to sort it into the right mail folder. This final step will be done with Dovecot’s Local Mail Transfer Protocol (LMTP) daemon and a Sieve plugin.

Sieve is a simple programming language that allows users to define what to do with incoming email based on a predefined set of rules – think “if the header contains this flag, put it in the spam folder” kind of thing and you’ll get the gist. Aside from spam filtering, Sieve can be used to automatically sort & de-clutter your inbox. These steps are covered in the final tutorial: Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve

Enjoy! I’d love to hear how you get on, so leave a comment below :)

Type: 

Comments

In html, the less than symbol is "& lt ;" without spaces, which is why everything after that point got cut off. I've edited your comment, it might be easier to use plain text in future if you're not going to use html tags.

You're correct, comment out and replace those lines (that's another "snakeoil" cert).

Sam

Ok I'm now to the point of setting up IMAP in Thunderbird and I'm at:
Select an IMAP connection
Your login is your username only (omit @yourdomain.com), and your password is…your password!

I remember setting up a password for testmail.

For my "real" email is my username the pi account username (/home/username)? And what is the password? Is the password my pi account password that corresponds to my /home/username? If so, this sounds dangerous.

Yep it's the password for your system login.

What makes you think it's dangerous?

Sam

Well, sending a pw over the internet is dangerous. But, as long as it's done through a secure connection, I guess it will be ok. I just need to make sure that the connection is secure?

My many, many, many passwords are so complicated that it would take me a long time to type in and get right (I use a password manager). I try to protect against all those dishonest people out there.

When it comes to communications, I use GPG as much as I can.

Thanks for responding to all my questions.

Your spam trigger has been giving me a lot a problems. I had to change several messages so that they will go through. Sometimes just copying and pasting to a new message works (I just did that here).

I'm up to getting Thunderbird to work. I put in settings according to the tutorial (I had to remove a period also) and get "Thunderbird failed to find settings for you email account."

I have ports 25, 465, 993 open on my router and forwarded to the pi email server. Do I need to open 143?

Where do I set my name joe, as allowed, for joe@mydomain.com? And what if I want to add jim@cloudsfree.com? Does this involve settings at namecheap?

You say "If you are having problems, be sure to check you’ve set up an mx record as well as your DNS records."

I've been searching for how to do this and what it means. How do I set up an mx record and DNS record?

If you haven't set up an MX record then the problem is probably that Thunderbird can't determine the WAN IP address of the server. You don't need to open 143, which is the port where you can do insecure IMAP or IMAP with STARTTLS.

MX records map domain names for email addresses to the host names of the mail server, and DNS A records map the host name of that server to its IP address. So when your email client or another server wants to know how to send you mail, it goes something like this:

"Which hostnames accept mail for yourdomain.com? (MX lookup)"
>mail.yourdomain.com
"What is the IP address of mail.yourdomain.com (DNS A lookup)"
>IP is 1.2.3.4
... and then the email client or server connects to the IP address 1.2.3.4 and starts the transaction.

My MX record has samhobbs.co.uk and backup.samhobbs.co.uk in it, and both of those hostnames have DNS A records that map them to the WAN IP addresses of my two servers. Your MX record will just have yourdomain.com in it since you just have one email server, and you just need the one DNS A record (for yourdomain.com).

You can change your DNS records with your DNS provider (e.g. Namecheap). I am planning on writing a tutorial for this but I haven't had the time lately - it's tricky because every DNS provider has a different web interface, but the basic principle is always the same.

To create a new user you can use the same command we used to create the test username in part 2. Logins for the email server are unix system accounts.

Sam

I keep getting "Your submission has triggered the spam filter and will not be accepted" when I try to reply.

I had to edit this several time to get it past your spam filter. I can't put in a complete message!

I checked that I had the proper keys and in the right place. Then I went to namecheap and set the following under Modify Domain/All Host Records:

And then I checked box "User (Mail Server's Host Name Required)"

Not sure which of these I needed but then I was able to send successfully from myexternal@gmail.com to pi@mydomain.com. Pi is my username.

Sending to joe@mydomain.com gives a "Delivery Status Notification (Failure)" in Thunderbird. "Google tried to deliver your message, but it was rejected by the server for the recipient domain mydomain.com by mydomain.com. [myIP]. This is probably because pi is the username on the pi and not joe.

Trying to send from pi@mydomain.com to myexternal@gmail.com in Thunderbird brings up a "Send Message Error: Sending of message failed. The message could not be sent using SMTP server mydomain.com for an unknown reason. Please verify that your SMTP server settings are correct and try again, or contact your network administrator."

Then a window pops up to "Add Security Exception" Server/Location: mydomain.com:465. Certificate Status: This site attempts to identify itself with invalid information. Unknown Identity: Certificate is not trusted, because it hasn't been verified by a recognized authority using a secure signature.

So it looks like I'm halfway there. Not sure what to do about the Send Message Error. Does this have something to do with my CACert key which I got, a while ago, for the ownCloud setup?

The spam filter is a 3rd party service (Mollom) and is a bit flaky at the best of times, quite a few people have been caught in it. Sorry I can't do anything much about it, I need some kind of filter to stop the huge amount of spam comments I get.

It probably sees you as spam because of the huge volume of comments you've been leaving :p ;)

Congrats on setting up your MX and DNS A records properly :)

Like I said in the previous comment, if you want to use joe@yourdomain.com you need to add the user joe with the adduser command:

sudo adduser joe

To get rid of that error message, you'll have to import the CAcert root certificate into Thunderbird so it is seen as a trusted CA that can sign valid certs. Screenshots look old but the principle will still be the same.

What is Thunderbird running on? Windows, Mac or Linux?

Sam

I've been able to send/receive email using Thunderbird with my pi email server.

Only problem I had is with AOL rejection.

Action: failed
Status: 5.2.1
Remote-MTA: dns; mailin-01.mx.aol.com
Diagnostic-Code: smtp; 521 5.2.1 : (CON:B1)
http://postmaster.info.aol.com/errors/554conb1.html

Thanks again for all your help!

The last few replies I tried to send were rejected by mollum.

Thanks Sam - I have everything working now with multiple email accounts. Your tutorial and replies to questions have been very helpful!

Now the backup issue. I want to back up all email, and email server settings.

Everyone of my 11 pi's run cron jobs and back themselves up to (several times per hour) to a backup pi, which crons a backup to my main computer which gets backed up to my onsite/offsite backup devices.

This is a bash script which is run as a cron job on my email server. As you can see, I'm backing up the home directory, the Maildir, /etc/postfix/ and some of /etc/dovecot to my backup pi@myip:....

I have one of these scripts for each account on the pi email server run as cron jobs.

#!/bin/sh

# this shell script syncs emailserver directories to homepibackup
rsync --delete-before -avh -e 'ssh -p 3122' /home/pi/ pi@myip:/home/pi/PiBackups/emailserver/home/pi
rsync --delete-before -avh -e 'ssh -p 3122' /home/pi/Maildir/ pi@myip:/home/pi/PiBackups/emailserver/home/pi/Maildir
rsync --delete-before -avh -e 'ssh -p 3122' /etc/postfix/ pi@myip:/home/pi/PiBackups/emailserver/etc/postfix
rsync --delete-before -avh -e 'ssh -p 3122' --exclude "*.ext" /etc/dovecot/*.* pi@myip:/home/pi/PiBackups/emailserver/etc/dovecot
rsync --delete-before -avh -e 'ssh -p 3122' /etc/dovecot/conf.d/ pi@myip:/home/pi/PiBackups/emailserver/etc/dovecot/conf.d

Can you tell me what other directories need to be backed up? Thanks.

I think you got everything, unless you want to back up squirrelmail config too.

I'm not familiar with rsync though so I don't think I'd necessarily spot any problems there.

Sam

If you haven't used rsync before, explore it - it's a great tool!

I've found a solution to keep track of email server settings changes: postfix, dovecot, spamassassin, etc (hey yeah ETC!). :)

I installed etckeeper on the pi email server and created a git repository for /etc. Then I modified my cron rsync script to backup the /etc/.git directory to my backup pi. Now I can keep track of all my changes to settings and can add folders that I don't want to track to the .gitignore file under etc.

I wish that I had installed etckeeper before I built the owncloud server and email servers :(

http://evilrouters.net/2011/02/18/using-etckeeper-with-git-on-ubuntu/

That's pretty cool, thanks for sharing! I'll check it out.

Sam

Sam,
Is an image available? I've spent a lot of neurons trying to get a mail server going and the only thing I got working really well was a fobia. ha..

After reading most of the comments, my best guess for cause of my failures would be isp port blocked, and trying to use ip address for mail server. The read has been very educational. Thanks for all your detailed work and most of all, your patience!

Tom

I probably could distribute an image, but I'd rather not. Poorly maintained SMTP servers quickly become sources of spam, so I take the view that it's best to only have your own mail server if you can understand what it's doing and how it has been configured.

If you're able to get a static IP address for a reasonable price, consider getting one, it makes all of this so much easier and running your own mail server is great fun :)

Thanks for your comment

Sam

My pi email server has been sending email to root@mydomain.com at 6:26AM each morning that says the following:

From: Cron Daemon
Subject: Cron test -x /usr/sbin/anacron || (cd / && run-parts -- report /etc/cron.daily)

/etc/cron.daily/spamassassin-learn:
/etc/cron.daily/spamassassin-learn: line 2: $'\302\240': command not found
/etc/cron.daily/spamassassin-learn: line 4: $'\302\240': command not found
/etc/cron.daily/spamassassin-learn: line 7: $'\302\240': command not found
/etc/cron.daily/spamassassin-learn: line 9: $'\302\240': command not found
/etc/cron.daily/spamassassin-learn: line 14: $'\302\240': command not found
/etc/cron.daily/spamassassin-learn: line 18: $'\302\240': command not found
/etc/cron.daily/spamassassin-learn: line 22: $'\302\240': command not found

I don't understand the message?

Cron emails the output of each script to the user it is running as, in this case it's the output for the spamassassin-learn script.

I expect whichever editor you are using has messed up the line encoding (since lines 2, 4, 7, 9, 14, 18 and 22 are blank lines) when you copied it into /etc/cron.daily/spamassassin-learn.

Which editor did you use? Were you on a windows machine at the time?

Open the file and make sure there are no expected characters and delete and recreate the newlines if necessary.

Related: raspi forum unix format vs dos format copy-paste issues.

Sam

I was on a Linux machine (I rarely use Windoze) with ssh in Konsole. Opened nano in console and copied from kate editor on Linux machine and paste to nano in Konsole.

I'll check out your "Related" link and try and get to the bottom of this.

Thanks for the direction.

The related links helped me solved the problem.

I used vi on pi (hey that rhymes) and didn't get the error email this morning.

You sure are a great teacher! Thanks for being so patient with a newbie.

Great!

You're welcome, teach someone else what you know and the circle will be complete ;)

Check your spamassassin-learn logfile to make sure the command is running properly.

Sam

Yep, the /var/log/spamassassin.log file is growing with entries for each day. It looks clean.

Now, I'll add the log file as one of the files that the email server pi backs up (with rsync) to my backup pi. My main Linux box gets and examines the backups of all the pi's and shows me status in a conky monitor window for the main box.

For example I can see all 13 devices (currently) "on line" at home and all 7 devices that are "on line" at a remote location. I use 3-24" Monitors, so I have lots of space. The conky monitor also shows me my home land line phone calls and the weather and furnace running status at the remote location. Conky is a great tool!

Thanks again!

All of my local and remote pi's (not email server - yet) send me informational text and email messages, with and without attachments, of their status. For example, my furnace controller / weather station pi sends me furnace status and run information, weather data, reboot times, if ip changes, arpwatch data, cpu temperature, etc. Some of this data is then displayed on my main Linux box conky status monitor.

I do this using other tutorials (I can't put links in here - spam filter prevents it)

How can I send email, with and without attachments, from bash scripts within my email server pi?

Thanks!

Ok, I see now from your link. The key is to use mutt. I've used mutt before on pi.

Thanks!

In addition to mutt, here are some other options for sending and receiving email from command line on pi email server.

mail, mailutils, heirloom-mailx, mpack

I tried a few of those when writing my script and found that mutt was by far the easiest to get working if you're sending attachments too. Are you sending attachments or just plain text emails?

Sam

I send both text messages and email with attachments from cron jobs.

There was no setup for mail or mpack.

echo "sample text" | mail -s "Subject" email@gmail.com

mpack -s "test" /home/pi/file email@gmail.com

Both of these work fine on pi email server.

Pages

Add new comment