Step-by-Step Setup of Postfix Mail Server on Ubuntu 22.04

Introduction

In this guide, we will set up a complete mail server on Ubuntu 22.04 using Postfix (SMTP server), Dovecot (IMAP/POP3), and OpenDKIM (email signing).
We will also secure the server with Let’s Encrypt SSL and configure the firewall.
Our example domain will be bitscentric.local.

Step 1: Set Hostname

Set a proper hostname for your mail server:

sudo hostnamectl set-hostname mail.bitscentric.local

Add it in /etc/hosts with your server IP:

SERVER_IP   mail.bitscentric.local

Step 2: Update System

Update your Ubuntu 22.04 system:

sudo apt update -y && sudo apt upgrade -y
sudo reboot

Step 3: Install Required Packages

Install Postfix, Dovecot, OpenDKIM, and SSL tool (Certbot):

sudo apt install -y postfix mailutils opendkim opendkim-tools \
  dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd \
  dovecot-managesieved dovecot-sieve dovecot-common certbot

Step 4: Configure Postfix

Backup the original configuration:

sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.bak

Edit Postfix config:

sudo nano /etc/postfix/main.cf

Important settings:

myhostname = mail.bitscentric.local
mydomain = bitscentric.local
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =
inet_interfaces = all
inet_protocols = ipv4

Step 5: Configure Dovecot

Backup and edit Dovecot config:

sudo cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.bak
sudo nano /etc/dovecot/dovecot.conf

Basic settings:

protocols = imap pop3 lmtp
listen = *

Edit SSL config:

sudo nano /etc/dovecot/conf.d/10-ssl.conf

Set:

ssl = required
ssl_cert = </etc/letsencrypt/live/mail.bitscentric.local/fullchain.pem
ssl_key  = </etc/letsencrypt/live/mail.bitscentric.local/privkey.pem

Step 6: Configure OpenDKIM

Create DKIM directory and keys:

sudo mkdir -p /etc/opendkim/keys/bitscentric.local
cd /etc/opendkim/keys/bitscentric.local
sudo opendkim-genkey -s default -d bitscentric.local
sudo chown opendkim:opendkim default.private

Edit /etc/opendkim.conf:

Syslog yes
UMask 002
Domain bitscentric.local
KeyFile /etc/opendkim/keys/bitscentric.local/default.private
Selector default
Socket inet:12301@localhost

Add DNS TXT record for DKIM (example):

default._domainkey.bitscentric.local IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBg..."

Step 7: Secure Server with SSL

Get SSL from Let’s Encrypt:

sudo certbot certonly --standalone --agree-tos --non-interactive \
  --email admin@bitscentric.local -d mail.bitscentric.local

Step 8: Configure Firewall

Allow required ports:

sudo ufw allow 22,25,80,465,587,993,995/tcp
sudo ufw --force enable
sudo ufw reload

Step 9: Restart Services

Restart Postfix, Dovecot, and OpenDKIM:

sudo systemctl restart postfix dovecot opendkim
sudo systemctl enable postfix dovecot opendkim

Step 10: Verify Services

Check running status:

systemctl status postfix
systemctl status dovecot
systemctl status opendkim

Best Practices for Mail Server Setup

  • Set correct DNS records (MX, SPF, DKIM, DMARC) for bitscentric.local.
  • Use reverse DNS (PTR) that matches your mail server hostname.
  • Enable TLS/SSL for all connections.
  • Monitor /var/log/mail.log for errors and delivery status.
  • Use spam filters (Rspamd or SpamAssassin) for better protection.
  • Limit relaying (do not allow open relay).

Conclusion

You have now set up a complete Postfix mail server on Ubuntu 22.04 with domain bitscentric.local.
The setup includes Postfix (SMTP), Dovecot (IMAP/POP3), OpenDKIM (signing), SSL security, and firewall rules.
With proper DNS records, this server is ready for production use in industry environments.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Trends

Prometheus and Grafana Interview Questions and Answers
Force Linux User to Change Password at First Login and Periodically on Rocky Linux/RHEL-8
Create Bulk Zimbra Users Using Shell Script
Setup NFS Server and Client in Rocky Linux 8