Here’s a minimal and reliable setup for Postfix + Dovecot on Ubuntu Server 24.04 LTS (Noble Numbat).
This covers local delivery, IMAP/SMTP auth, and TLS.
1. Install packages
sudo apt update
sudo apt install postfix dovecot-imapd dovecot-pop3d dovecot-lmtpd
During setup, choose:
-
General type of mail configuration: Internet Site
-
System mail name: your domain (e.g.
example.com)
2. Configure Postfix
Edit /etc/postfix/main.cf:
sudo nano /etc/postfix/main.cf
Ensure these key lines exist or modify accordingly:
myhostname = mail.example.com
myorigin = /etc/mailname
mydestination = localhost
relayhost =
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
mailbox_command =
smtpd_banner = $myhostname ESMTP
# TLS
smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_security_level = may
# Authentication via Dovecot
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
Reload:
sudo systemctl restart postfix
sudo systemctl enable postfix
3. Configure Dovecot
Edit /etc/dovecot/dovecot.conf:
protocols = imap pop3 lmtp
Edit /etc/dovecot/conf.d/10-mail.conf:
mail_location = maildir:~/Maildir
Edit /etc/dovecot/conf.d/10-auth.conf:
disable_plaintext_auth = yes
auth_mechanisms = plain login
!include auth-system.conf.ext
Edit /etc/dovecot/conf.d/10-master.conf:
Uncomment and modify the unix_listener for Postfix:
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
Edit /etc/dovecot/conf.d/10-ssl.conf:
ssl = required
ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/example.com/privkey.pem
Restart:
sudo systemctl restart dovecot
sudo systemctl enable dovecot
4. Create a Mail User
sudo adduser mailuser
sudo mkdir -p /home/mailuser/Maildir
sudo chown -R mailuser:mailuser /home/mailuser/Maildir
5. Test
-
IMAP:
openssl s_client -connect mail.example.com:993 -crlf -
SMTP Auth:
telnet mail.example.com 587 -
Or use a mail client with IMAP (993 SSL/TLS) and SMTP (587 STARTTLS).
6. (Optional) TLS via Let’s Encrypt
If not already done:
sudo apt install certbot
sudo certbot certonly --standalone -d mail.example.com
Set auto-renew:
sudo crontab -e
Add:
0 3 * * * certbot renew --quiet && systemctl reload postfix dovecot
Would you like the configuration extended to handle virtual domains/users via MySQL or just system accounts only?