Question

Missing tutorial: setting up a mail server

Posted December 31, 2012 37.7k views
I'd like to thank you for the tutorials you have so far, they've been very helpful in setting up my machine. An important aspect that is missing in my opinion is a tutorial on how to setup a mail server, configure postfix, etc. Since Google Apps is not free anymore this becomes a more important issue.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
28 answers
Question on this subject, to setup postfix you have to enter a domain like "mail.example.com". If my domain is example.com, how do I setup mail.example.com? I mean do I add a "A record" in the control panel? what do I write for IP? or does it need to be another kind of record, like CNAME record.

Do I add mail.example.com as a virtual host in Apache? what config should that have?
Mail records are handled in DNS by the MX record.

Which means you do not need a mail.example.com subdomain.

You would just need to add an MX record to your domain that points to the IP of your server where your MTA (postfix) is running.

The most common way that is setup is by adding an MX record that points to mail.example.com.

Then adding an A record for mail.example.com that points to your servers IP, this way if you happen to move your email somewhere else the MX record doesn't need to be updated, just the A record for mail.example.com.
  • What if the question isn’t one of need with respect to mail.example.com? Is there any way to establish an MX record for mail.example.com if that’s simply what is desirable? At this point, it seems like digitalocean assumes @ (example.com) for me for the host name and only allows specification of the destination. Is that correct? Is there any way to establish an MX record for anything apart from @?

Thanks raiyu. What number should I enter in the "priority" field for the mx record?
10 is a standard for primary mail server, 20 can be used for backup. The lower the number the bigger the preference. So a priority of 1 is the best.
Thanks guys for the help.

I've installed postfix as per this guide http://www.pixelinx.com/2010/10/creating-a-mail-server-on-ubuntu-using-postfix-courier-ssltls-spamassassin-clamav-and-amavis/

But I think I'm running into issues with iptables, which I installed following your tutorial.

What rules should I have in iptables to allow email?

my current rules are these, and I'm not able to check mail:

Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports 16060
fail2ban-ssh tcp -- anywhere anywhere multiport dports 16060
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:16060
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW,ESTABLISHED
DROP all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:imaps state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:smtp state ESTABLISHED

Chain fail2ban-ssh (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
I've fixed this, my iptables firewall.

Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports 16060
fail2ban-ssh tcp -- anywhere anywhere multiport dports 16060
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:16060
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps state NEW,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW,ESTABLISHED
DROP all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:imaps state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:smtp state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:imap2 state ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain fail2ban-ssh (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere

Still can't receive email, get this in mail.log when I send myself an email from a gmail account, and the email bounces back

Jan 11 21:32:12 localhost postfix/smtpd[12962]: NOQUEUE: reject: RCPT from mail-ob0-f178.google.com[209.85.214.178]: 554 5.7.1 : Sender address rejected: Access denied; from= to= proto=ESMTP helo=
Jan 11 21:32:12 localhost postfix/smtpd[12962]: disconnect from mail-ob0-f178.google.com[209.85.214.178]
Nevermind, sorted it out using this http://ubuntuforums.org/showthread.php?t=1277902
What was missing from the previous config you posted that you fixed up?
In smtpd_recipient_restrictions I replaced "reject" by "reject _unauth_destination"
Previous 1 2 3 Next