Raspberry Pi Email Server

raspberry-pi-email-server.png

The RasPi’s small size and low power consumption make it an ideal choice for use as a home email server. After trying a couple of different pieces of software, I finally found an excellent combination: Postfix with Dovecot and Squirrelmail, plus Spamasssassin and Sieve for spam filtering.

There are many, many tutorials out there for the first trilogy of programs, but since the configuration is slightly different for each distribution I kept coming unstuck when setting mine up on the Pi. Having finally got mine configured properly, I’ve put together a set of 5 tutorials, which will take you from a vanilla Raspbian image to a fully functioning email server in no time.

When writing the tutorial I made an effort to explain what each setting does instead of just dumping commands. With a bit of luck at the end of the process you’ll not only have a working server, you’ll understand how it works… without having to wade through reams of documentation like I did!

If you follow the tutorials from start to finish, here’s what you’ll end up with:

  1. An email server that you can run 24/7/365 for under £5 of electricity per year
  2. Personalised email address like you@yourdomain.com (requires you to have registered a domain name with a registrar like namecheap.com - see my DNS basics tutorial)
  3. The ability to connect from anywhere, and read & send email, using a secure IMAP connection on your phone, tablet or computer
  4. Log in to webmail using any web browser on a secure HTTPS connection, read & send email
  5. Complete control over your personal communication. Your emails are stored on YOUR server, and nobody is scanning them to sell you adverts.
  6. Smart spam filtering with Spamassassin
  7. Customisable mail sorting with Sieve rules

Postfix, the Mail Transfer Agent

Postfix Logo
Postfix is the program that lets you send and receive email using Simple Mail Transfer Protocol (SMTP). Whilst you, the user, may connect to your email server using IMAP (on port 143 or 993), or POP (on port 110 or 995), email servers talk to each other using SMTP on port 25.

So, this is the basic core of the server. Without it, you wouldn’t be able to send or receive any emails!

I’ve covered the setup here:
Raspberry Pi Email Server Part 1: Postfix

Dovecot, the POP/IMAP Server

dovecotLogo-300x130_0.png
Dovecot is used for two things:

  1. It provides you with IMAP functionality
  2. It checks that you are who you say you are using Simple Authentication and Security Layer (SASL) before you send or fetch mail

If you’re not interested in connecting with IMAP on your devices, you still need Dovecot. Not only is it doing SASL for you, but Squirrelmail connects using IMAP in order to provide you with webmail.

I’ve covered Dovecot installation and configuration here:
Raspberry Pi Email Server Part 2: Dovecot

Squirrelmail, for Webmail

Squirrelmail Logo
Squirrelmail is handy because it allows you to check your email in any browser, from anywhere.

Of the first three, it’s probably the easiest to configure. I’ve covered it here:
Raspberry Pi Email Server Part 3: Squirrelmail

Spamassassin, for Marking Spam

Spamassassin Logo
Spamassassin is the program that we will use to audit incoming mail and decide whether or not it’s spam. Spamassassin doesn’t actually sort the mail into the spam folder, it only changes information in the headers based on the results of the scan. I’ve covered it here: Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin.

LMTP & Sieve for Spam Sorting & Mailbox Organisation

After Spamassassin has checked incoming mail to see if it’s spam or not, we need another program to sort it into the right mail folder. This final step will be done with Dovecot’s Local Mail Transfer Protocol (LMTP) daemon and a Sieve plugin.

Sieve is a simple programming language that allows users to define what to do with incoming email based on a predefined set of rules – think “if the header contains this flag, put it in the spam folder” kind of thing and you’ll get the gist. Aside from spam filtering, Sieve can be used to automatically sort & de-clutter your inbox. These steps are covered in the final tutorial: Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve

Enjoy! I’d love to hear how you get on, so leave a comment below :)

Type: 

Comments

Hi Sam,

Apologies if this is in the wrong section.

Since the last issue with spamassassin not loading, I've been checking systemctl regularly and have noticed that a systemd service is not loading. I've also noticed that at startup it shows something like kernel failed to load...here's an output from systemctl:

● systemd-modules-load.service loaded failed failed Load Kernel Modules

Is this something I should be concerned about?

Regards,

Jo

Hi Sam, love the tutorial. Long story short i have my dns on a third party server. I need to change some info to update for the pi. Under the MX (Mail Exchanger) section it has two addresses mailstore1.secureserver.net, and smpt.secureserver.net. What would those be updated too for the pi. I'm very grateful for any help thank you.

Hi Mitch,

You should delete those entries and replace them with a single record pointing to yourdomain.com. The existing records are so that your DNS provider can forward emails sent to your domain to whichever email address you registered with.

Sam

Hi Sam, could you point me in the right direction to locate the proper address. i tried smtp.mydomain.co, but i got a dns error

Here's the output for the error. (I changed my real address with "mydomain")
Delivery to the following recipient failed permanently:

testmail@mydomain.co

Technical details of permanent failure:
DNS Error: 7818058 DNS type 'mx' lookup of mydomain.co responded with code NXDOMAIN
Domain name not found: mydomain.co

But if I type mydomian.co into a browser it will load the default webpage, even on another computer

Not sure what you mean by "locate the proper address". What's your actual domain name?

If you got that response then you didn't create an MX record for your domain properly.

Sam

Hi Sam,

How would a novice like myself go about creating a valid MX record?

Hi Sam,

I changed the info on my godaddy(feel free to edit) account (for dns only), still waiting for the info to be updated. But I had another question.

When I openssl s_client -connect localhost:465 -quiet, here is the output.

depth=0 CN = raspberrypi
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = raspberrypi
verify return:1
220 freehandhealth.co ESMTP Postfix (Debian/GNU)
quit
221 2.0.0 Bye

The CN still says raspberry pi instead of freehandhealth.co. I must have missed something, could you lend me another hand. thank you very much

Hi there,
I was hoping you could provide some guidance for what I'm trying to do.
I test all kinds of networking protocols, and need to test e-mail delivery between clients on each side of a network (all in a lab)
I was looking at using a Raspberry Pi as the email server, using Postfix and Dovecot. The clients will connect via the network being tested
to the server. I'll use Thunderbird as the email client. There is no internet connection.
I presume I'm correct using mail transfer agent(postfix) for SMTP and mail delivery agent(Dovecot) for POP3. I'm not interested in http access directly to the server for checking mail delivery, so no squirrelmail. The key question is - can I set this up using a domain like - mail.test.com localhost.com. There is no DNS, so I had just planned on configuring the /etc/hosts file with the domain name with the servers IP 192.168.0.14 mail.test.com and localhost 127.0.0.1
Thoughts, ideas appreciated, cheers
Quentin.

Do you have a local DNS server? You might need to create an MX record for mail.test.com, although I think I read somewhere that if there is no MX record most devices fall back to using the DNS A record, so it might work with just the entries in /etc/hosts.

Sam

Hi there,
I just wanted to let you know that this works and one can use the RPI as a mail server (postfix+dovecot) without a local DNS server. It does mean configuring the /etc/hosts file on the RPI and the same file on the email clients, both Windows PC's running Thunderbird client.
Works like a charm. The is purely a test environment with the requirement to test Malware protection feature.

cheers
Quentin

Hi Sam,

This is it :

Jun 21 12:28:41 server postfix/qmgr[2305]: 007AC2A63: removed
Jun 21 12:28:41 server postfix/local[2642]: 1911B2A77: to=, relay=local, delay=0.14, delays=0.03/0.09/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Jun 21 12:28:41 server postfix/qmgr[2305]: 1911B2A77: removed
Jun 21 12:29:02 server dovecot: imap-login: Login: user=, method=PLAIN, rip=86.35.33.159, lip=192.168.1.113, mpid=2644, TLS, session=
Jun 21 12:29:14 server postfix/qmgr[2305]: D67382890: from=, size=414, nrcpt=1 (queue active)
Jun 21 12:29:44 server postfix/smtp[2639]: connect to externalemail.com[192.64.147.236]:25: Connection timed out
Jun 21 12:29:45 server postfix/smtp[2639]: D67382890: to=, relay=none, delay=261221, delays=261190/0.01/30/0, dsn=4.4.1, status=deferred (connect to externalemail.com[192.64.147.236]:25: Connection timed out)
Jun 21 12:31:58 server postfix/anvil[2636]: statistics: max connection rate 1/60s for (smtps:86.35.33.159) at Jun 21 12:28:25
Jun 21 12:31:58 server postfix/anvil[2636]: statistics: max connection count 1 for (smtps:86.35.33.159) at Jun 21 12:28:25
Jun 21 12:31:58 server postfix/anvil[2636]: statistics: max cache size 1 at Jun 21 12:28:25
Jun 21 12:37:07 server postfix/smtps/smtpd[2672]: connect from unknown[86.35.33.159]
Jun 21 12:37:08 server postfix/smtps/smtpd[2672]: 743BA2A72: client=unknown[86.35.33.159], sasl_method=PLAIN, sasl_username=mh
Jun 21 12:37:08 server postfix/cleanup[2678]: 743BA2A72: message-id=
Jun 21 12:37:08 server postfix/qmgr[2305]: 743BA2A72: from=, size=592, nrcpt=1 (queue active)
Jun 21 12:37:08 server postfix/smtps/smtpd[2672]: disconnect from unknown[86.35.33.159]
Jun 21 12:37:10 server postfix/smtp[2679]: 743BA2A72: to=, relay=gmail-smtp-in.l.google.com[64.233.184.27]:25, delay=2, delays=0.08/0.09/0.42/1.4, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[64.233.184.27] said: 550-5.7.1 [86.35.33.159] The IP you're using to send mail is not authorized to 550-5.7.1 send email directly to our servers. Please use the SMTP relay at your 550-5.7.1 service provider instead. Learn more at 550 5.7.1 https://support.google.com/mail/answer/10336 n204si3578304wmg.19 - gsmtp (in reply to end of DATA command))
Jun 21 12:37:10 server postfix/cleanup[2678]: 80F252A79: message-id=<20160621123710.80F252A79@mydomain.com>
Jun 21 12:37:10 server postfix/qmgr[2305]: 80F252A79: from=<>, size=3129, nrcpt=1 (queue active)
Jun 21 12:37:10 server postfix/bounce[2680]: 743BA2A72: sender non-delivery notification: 80F252A79
Jun 21 12:37:10 server postfix/qmgr[2305]: 743BA2A72: removed
Jun 21 12:37:10 server postfix/local[2682]: 80F252A79: to=, relay=local, delay=0.14, delays=0.03/0.09/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
Jun 21 12:37:10 server postfix/qmgr[2305]: 80F252A79: removed

Help please.
Thank You.

"550-5.7.1 The IP you're using to send mail is not authorized to send email directly to our servers

Looks like your ISP has registered your IP address block as for domestic use and said users shouldn't be sending mail directly from it. Unfortunately, you'll have to get a static IP address, which shouldn't have this restriction.

Sam

Hello,
Thank you very much for your tutorial which is fully adapted to Rapsbian !
Do you plan to complete it with DKIM, DMARC and SPF configuration ?

Hi Sam, good to see you are still here with you great web-site.
My rpi email server has been running well for over a year now, until my modem/router failed and I had to replace it. I have reprogrammed the port forwarding data and my clients see the server, and I can access the email system through squirrel as well. I can send emails using the rpi server, but emails don't seem to arrive at the server. When I try to send an email to the server now I get an error "The recipient's e-mail address was not found in the recipient's e-mail system....The following organization rejected your message: alt4.aspmx.l.google.com"

I thought perhaps I was getting that error because I used a gmail account as a backup when I set up the MX records, so I deleted the gmail account from the MX records. I waited half a day for the MX records to filter through any caching going on in the internet but still get the problem. I wonder if you have any idea about this? I doubt it's an rpi problem, but then this new difficulty I am having just seems to highlight the gaps in my knowledge about how emails work on the internet.

Double check to make sure your pi has a static IP on your LAN - its IP may have changed since you set up the port forwards if you are using DHCP.

Then check the port forwards, and finally verify that your MX record has the correct IP address. Do you have a static IP or are you using dynamic DNS? If dynamic, was the dynamic DNS done on your old router?

Sam

Hi Sam, following on from my previous message, I just used mxtoolbox and it tells me the dmarc record is missing and failed to connect to the smtp server. Not sure why that should be the case since the MX records are part of the DNS system and why the router should have caused this issue. I'll keep exploring, any suggestions you might have would be most appreciated.

Thanks for your suggestions. I actually checked all of those before I wrote to you, so those aren't the problem. I am using a static IP address and it is the same as before and the port forwarding has been programmed the same way as before and the IP addresses in my LAN are all the same etc. There are a couple of other possibilities I am exploring. One is that I had an incorrect setup to a backup email server. I was actually trying to use the Gmail server as a backup and the original errors I was getting were from Gmail. So I have removed gmail from the server list. The other is that (correct me if I have this wrong) the TTL is set to 86400, which I now realise is 24 hours for the changes to go live. So it hasn't been 24 hours yet since I removed the Gmail account. What does surprise me is that when I run Outlook and run the 'test settings' in outlook it sends and receives emails. So I can send and receive emails from and to my own server using outlook and my phones and ipad. The problem only happens when I try to receive emails from other servers. Any other suggestions you have are welcome. At the moment I am waiting for the changes to take effect.

Any luck?

If you'd like me to double check your DNS and try to connect to your server, post your current WAN IP address and domain name.

Sam

Hi Sam,

It's been a while since I needed your help, but I'm slightly stuffed right now AND desperately need advice/guidance!!! I tried to access my Owncloud and saw there was a problem with the path or database...I haven't touched the pi for more than a month or two, because the email server was working great for many months now. I then decided to update and upgrade and because I haven't rebooted the pi for so long I thought it a good idea to reboot it.

During the reboot it said something like 'Starting a job for dev-sda1.device' or something like that for 1 min 30 sec...I assumed it was for my external harddrive where the Owncloud is...which may have an issue.

By the end of the boot sequence it goes into emergency mode as root@pi-box:~# and I can't get into admin@pi-box:~# to go into the GUI (startx)

Please help if you can...I don't care about the Owncloud as such I just want to access the mail server again.

Thx in advance.

Jo

Hi Jo,

Maybe the drive failed and the pi was doing a fsck? Is sda1 definitely your external hdd? If so, comment out that line in your /etc/fstab for now and disable apache2 so owncloud isn't running - then you should be able to boot without the drive.

Check the drive in a desktop machine to see if it's failing. Could also be a dodgy power supply depending on the drive type.

Sam

Thx Sam, you're a life saver!!!

sda1 is my external drive and I was able to comment out the line, but I couldn't disable apache2. I tried "sudo a2dismod apache2" and it says "ERROR: Module apache2 does not exist!" I rebooted anyway and it went in to the GUI fine and I can access the emails again...

Any ideas?

Regards,

Jo

Pages

Add new comment