Raspberry Pi for auto host his email server

Warning : This article has been automatically translated by Google Translate


Danger : This article has been automatically translated by Google Translate


Our tutorial series continues with a new stage in our independence : our own email hosted at home server.

Raspberry Pi Home Server : auto héberger son serveur d'email

Then I have to recognize that the tutorial that follows has nothing to do with the planned. I wanted to install and configure Citadel which is kinda the Swiss army knife of mail server. Unfortunately, Once installed the configuration turns out galley (for me) and not much help on the Internet. It will therefore be for later.

In short I am returned to the origins, with a good old server postfix !

  1. The classic update the Raspberry
    apt-get update && apt-get upgrade -y
  2. Other things that are important : port openings. Be sure that from the outside, TCP ports 25, 143, 993, 110 and 995 are readily accessible. Here I will not help you because it's going to depend on your box or the configuration of your ISP.
  3. To go further need you a domain name. I advise you to go through noip.com with the tutorial here. It allows you to have a domain name and an ip “fixed” Thanks to the client that will be installed on your machine.
  4. In the noip for your domain configuration interface, go downstairs in the MX box and add the value <your domain name>. It allows you to redirect queries concerning the management of the emails to your machine.
  5. Install the package bind9-host
     apt - get install bind9-host
  6. Test that the redirection is fine work
     host t MX <your domain name>
    
     <your domain name> mail is handled by 10 <your domain name>.

    CA is good news. Without it, no chance to run our server.

  7. Change the/etc/hosts file
    127.0.0.1      <your domain name>
  8. Change the file/etc/hostname
    <your domain name>
  9. Restart Raspberry Pi
    reboot
  10. Install postfix
    apt - get install postfix

    During the installation you choose “Internet Site” in the configuration screen. Then your domain name.

  11. To make our tests, It is necessary to
    1. Mail from command line tools that are already installed. In the event that :
      apt - get install mailutils
    2. A test user. At home I have root for facilities and a user pi for testing. If necessary you can create a new one.adduser pi
  12. You can from the root user, send a mail to the user pi
    echo "I'm talking about blah blah blah" | mail-s "Mail subject : blah blah" PI @.<your domain>.no - ip.org

    You'll get the result by connecting to the raspberry with the pi user (a single message you !) :

    Raspberry Pi Home Server : auto héberger son serveur d'email

    The command to view the incoming emails

  13. For the reception, We will install the POP3 and IMAP
    apt - get install dovecot-pop3d dovecot-imapd

    Thanks to them you can now read (After Odinga for sending) the emails that are received on the Raspberry Pi. Automatic configuration of Thunderbird should give you something like that :

    Raspberry Pi Home Server : auto héberger son serveur d'email

    Automatic configuration of Thunderbird should detect the IMAP, the POP3 and SMTP through your email

    On the other hand, listed security, It can bitching. My certificate was generated with the old name of the machine and not the domain created under noip.

    Raspberry Pi Home Server : auto héberger son serveur d'email

    Our mail in Thunderbird

Receive is done. Next step, send ! For this, It is necessary that our SMTP service is accessible and that he might send over the Internet. We have 4 opportunities :

  1. Use the Postfix SMTP. Only problem, It may be blocked by the different services of the mail (Yahoo, Hotmail for example) might consider a spammer because it is not “known”.
  2. Use the Postfix SMTP but with exceptions for certain email addresses so your emails do not leave in spam.
  3. Use your ISP's SMTP (or ISP for our English-speaking friends). If change you the provider, you need to update your configuration
  4. Use a third-party as SMTP for example that of gmail if you have an account.

The simplest solution : the SMTP of your ISP.

  1. Edit the /etc/postfix/main.cf Postfix configuration file and change the line
    relayhost =

    with

    relayhost = <name of the SMTP>

    For example for free it is smtp.free.fr, Orange smtp.orange.fr, etc. You can find a complete list (I hope to update) here for French services.

  2. Reload the configuration of the service
    Service postfix reload
  3. Remains to be tested

    Raspberry Pi Home Server : auto héberger son serveur d'emailAnd on the server :

    Raspberry Pi Home Server : auto héberger son serveur d'email

    The mail sent from Thunderbird seen on the hosted email auto Server

Voilà. If you want an email box “private” (items only to recipients in your domain) without any intermediary, you've found I hope your happiness.

Where things can get complicated if you want to send emails to people outside your domain (Gmail, Yahoo or other). If you don't put authentication on your SMTP server you will be considered an open relay that will be prey for spammers that you will use to flood our boxes. You will be so identified and blacklisted. Not too the purpose intended I think.

By default, Postfix installs with a TLS layer to encrypt exchanges and passwords. From this side nothing to do so, Here is what you need :

# TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_tls_auth_only = yes

I added the red line to ensure that authentication cannot be done without going through the TLS layer. Each client should be configured to use.

We will then implement the famous SASL authentication. No need for an additional server, Dovecot we installed for managing POP3 and IMAP can do so we will not overload the machine !

  1. Edit the file /etc/Dovecot/dovecot.conf and add at the end of file :
    auth default {
    
     Socket listen {
    
     client {
    
     path =/var/spool/postfix/private/auth group = postfix mode = 0660
    
     }
    
    }

    We now have the link between Dovecot and Postfix. Remains to give also to Postfix

  2. Modifier le fichier /etc/postfix/postfix.cf et y ajouter les lignes suivantes (pour plus de détail sur les lignes ajoutées, vous pouvez regarder here) :
    smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_authenticated_header = yes smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
    
     sleep 1, reject_unauth_pipelining smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_sender_restrictions = reject_unlisted_sender, reject_unknown_sender_domain,
    
     permit_mynetworks, permit_sasl_authenticated,
    
     reject_non_fqdn_sender smtpd_recipient_restrictions = reject_unlisted_recipient, reject_unknown_recipient_domain,
    
     permit_mynetworks, permit_sasl_authenticated,
    
     reject_non_fqdn_recipient,
    
     reject_unauth_destination
  3. Rest to restart Dovecot and Postfix
    service dovecot restart service postfix restart
  4. You should now be able to send where you want and who you want.

In the case here is my Thunderbird and Postfix configurations

Raspberry Pi Home Server : auto héberger son serveur d'email

Postfix configuration

Raspberry Pi Home Server : auto héberger son serveur d'email

Reception under Thunderbird IMAP configuration

Raspberry Pi Home Server : auto héberger son serveur d'email

Configuring SMTP in Thunderbird

I am not the great specialist in Postfix so feel free to share your comments or experiences in the comments.

Sources : Google, raspberrypi.org, Alsacréations, State-of - mind.by and especially isalo.org who has a great article on the subject

You may also like...

  • WF

    Hello,

    I have installed Postfix + Dovecot home, It runs well.

    I use the Postfix SMTP, with authentication (While SSL), No worries for the moment.

    I installed Roundcube, It is a bit heavy but it happens.

    With the good config on the box, RAS since 2 weeks.

    However I would advise to have a 2nd Server for replication, and to take the relay outage on the 1st…

    • Have you tried SquirrelMail ? It has lighter air but with a look of the end of the year 90 …

      • WF

        No, point of view of look/functionality, the best seems Roundcube.

        On my side, It is a very temporary use, where I would not have my hardware (phone, PC, etc…) nearby… that is to say not very often!

  • TEF

    Hello,

    I have errors that speak of IPv6 for the installation of postfix and when I test to send a test email (step 12).

    Where it comes from ?

    send-mail: warning: inet_protocols: Disabling IPv6 name/address support: Address family not supported by protocol

    SqlSmoObject.postdrop: warning: inet_protocols: Disabling IPv6 name/address support: Address family not supported by protocol

    • Hello,
      in the /etc/postfix/main.cf file, you have only the value 127.0.0.1 on the mynetworks line ? By default there is can be an IPv6 type address and the nucleus of the Rapsberry does not support the default protocol.
      If you want IPv6 support, you do modprobe ipv6 and to support at the next reboot you add ipv6 to the file/etc/modules

      • TEF

        Hello,

        Thank you for IPv6, It's good.

        otherwise, in main.cf I have it :

        mynetworks = 127.0.0.0/8 [::FFFF:127.0.0.0]/104 [::1]/128

        so I guess need to change the line like this :

        mynetworks = 127.0.0.1

        brief, I tried with both but my test user gets nothing…

        by checking the root box, I have this :

        U 2 Mail Delivery system Mon May 6 16:38 72/2367 Undelivered Mail Returned to Sender

  • TEF

    In fact, This is what he told me exactly :

    The mail system

    : mail for mydomain.com loops back to myself

    Apparently he refuses the loop ?

  • TEF

    It is good any roule.

    I have the resume tutorial from scratch (Uninstalling bind9-host, Postfix and mailutils).

    Merci pour ces excellents tutoriels qui sauvent la vie de nombreux propriétaires de framboises 😉

    PS: This tutorial is exactly what I was looking for when I asked how to send mails from my site hosted on my pi. Thank you very much (yet)

    • Thanks for the compliments and love that it helps.
      Do not hesitate if you have any other needs in tutorials, je cherche des idées 😉

  • Jeremy

    To the rescue… I tried to follow this tutorial : http://www.howtoforge.com/perfect-server-debian-wheezy-apache2-bind-dovecot-ispconfig-3-p3

    Everything worked well (unless the receipt of mail), but suddenly, I got more access to Squirrel Mail ; I have this error message = “ERROR : Connection interrupted by the IMAP server.”

    Could someone assist me ?

    Thank you !

  • Sibra Philippe

    Very good topic.

    But I have not come to the end.

    I have an error message after editing the file /etc/dovecot/dovecot.conf with auth default ……..

    Error in configuration file /etc/dovecot/dovecot.conf line 100: Expecting ' =.’

    I've tried everything, but then crashes..

    Thanks in advance for the help

    Philippe

    • Hello,
      Can you give the contents of the row 100 who is this that poses problem ?
      Thank you

  • Sibra Philippe

    The line 100 :

    auth default {

    I dug a bit and I believe that it is because I am in version 2 for dovecot.

    • Exactly : http://wiki2.dovecot.org/BasicConfiguration
      Should I see it to correct the tutorial

      • Bob

        May be changing it like that ? :
        Service auth {
        unix_listener/var/spool/postfix/private/auth {
        Group = postfix
        mode = 0660
        user = postfix
        }
        }

  • Olivier

    It is that you forgot to close your parenthesis in the example …

  • Olivier

    (on the original site too ! ERF !)

    Otherwise the TLS all incrementes in the file settings ? I saw something that resembles it in master.cf but not with the same syntax.

    Thanks for your answers

  • Sibra Philippe

    Hello,

    I did well on not forgetting the last parenthesis. I always check this kind of error before sending a comment.

    The TLS settings to put them in the /etc/postfix/main.cf file

    Thank you

  • Sibra Philippe

    Hello,

    I think I have find the changes to be applied with dovecot v2.

    I amend the last part of the configuration of postfix and dovecot like this:

    For postfix add at the end of the /etc/postfix/main.cf file:

    smtpd_sasl_type = dovecot

    # Can be an absolute path, Gold relative to $queue_directory

    # Debian/Ubuntu users: Postfix is setup by default to run chrooted, so it is best to leave it as - is below

    smtpd_sasl_path = private/auth

    # and the common settings to enable SASL:

    smtpd_sasl_auth_enable = yes

    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

    Encore pour postfix ajouter à la fin du fichier /etc/postfix/master.cf:

    submission inet n – – – – smtpd

    -o smtpd_tls_security_level=encrypt

    -o smtpd_sasl_auth_enable=yes

    -o smtpd_sasl_type=dovecot

    -o smtpd_sasl_path=private/auth

    -o smtpd_sasl_security_options=noanonymous

    -o smtpd_sasl_local_domain=$myhostname

    -o smtpd_client_restrictions=permit_sasl_authenticated,reject

    -o smtpd_sender_login_maps=hash:/etc/postfix/virtual

    -o smtpd_sender_restrictions=reject_sender_login_mismatch

    -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject

    Pour dovecot dans le fichier /etc/dovecot/conf.d/10-master.conf modifier la partie

    # Postfix smtp-auth comme ceci :

    # Postfix smtp-auth

    unix_listener/var/spool/postfix/private/auth {

    mode = 0666

    user = postfix

    Group = postfix

    }

    Ne pas oublier de redémarrer les services postfix et dovecot.

    Merci d’avance pour les corrections éventuelles.

    Philippe

  • Hello,

    Comment faire si `host -t MX ` ne retourne aucun MX ?

    I tried a Google search but the explanations are too obscure to me …

    Thank you !

    • Hello
      It may come from the configuration of the domain name. Look on the interface where you bought it to add the MX support. I gave the example of no ip but after each interface will be different

      • Actually, I contacted the support, as there is no specific admin menu and it has been corrected in the day ! (small pub at the azote.org crossing, who provides free domain names !)

        Thank you for your answer.

        • Fred

          Hi savinelsampsonss814,

          Thanks for the pub, I create a domain nitrogen.
          What type of field should be used ?

          Thank you
          Fred.

  • Jean Santeuil

    Bondoir,
    Rather beginning Linux , I have installed on my pi raspberry a webserver that works .((internal and external).
    Having no domain name , I accessed with mi ip (which is fixed at the moment using a box pro up to the end of the month).ECI allows me to test the installation..
    I get to my question:
    I would like to install a mail server...Is - it possible to do and the test without domain name (with the ip)? p

    • In theory Yes using the name which is in hostname and also adding in/etc/hosts

  • Jean Santeuil

    False manip, I continue.: Sorry if the question is stupid ..
    Thank you for your help…
    JEA, Santeuil

  • Jean Santeuil

    Hello !
    Thank you for this so fast response !
    I installed with a domain name which belongs to me, hosted by a third party, which switch off at the end of the month (cessation of activity).
    Everything goes fine until paragraph 13:
    Unable to configure the e-mail account.( Thunderbird has failed …etc…)
    Do you have an idea?
    Thanks in advance
    Jean Santeuil

    • Need a little more detail in nginx or php logs …

  • Jean Santeuil

    Hello!
    I solved the problem by changing the rights of the new created accounts.
    Internally everything is so fine !
    I hope that more will be the same...??!!
    Thank you for your reply
    Jean Santeuil

  • Jean Santeuil

    Re...(excuse- me to be heavy)
    One problem the reception from the outside does not .everything is fine in internal and remittances are towards outside)
    by searching , in file mail.warn, I found it:

    Jul 18 13:56:59 afcberry dovecot: config: Warning: Obsolete setting in/etc/dov
    ECOT/dovecot.conf:100: Add auth_ prefix to all settings inside auth {} and remo
    ve the auth {} section completely
    Jul 18 13:58:11 afcberry dovecot: config: Warning: NOTE: You can get a new clea
    n config file with: doveconf n > Dovecot - new.conf
    In console ,
    doveconf n > Dovecot - new.conf
    gives me :
    -bash: Dovecot - new.conf: Permission denied
    Have - you a notice ??
    In advance thanks and congratulations for the tutorial..
    Jean Santeuil

  • Alex Plane

    Hello ,
    I also followed the tuto
    but dovecote me posse problem , Google does me something not great return on my error

    #sudo service dovecot start
    doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: Duplicate service name: IMAP-login
    [….] Starting IMAP/POP3 mail server: dovecotdoveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: Duplicate service name: IMAP-login

    If quelequ' one has an idea
    Thanks in advance

    Alex

    • Hello
      priori there are two lines of configuration for imap-login so it generated a conflict

  • Petrus

    Non-functional links to isalo.org in article

  • Eluc

    Hello !
    Thank you for the tutorial, I have progressed even if I have been blocked once or twice on the way.
    I still have a priori very silly problem but even after search crashes. I managed so to create an address for root and one for pi but now I want to add a user on the Zhao, Let's say user1. I did adduser user1, I can me logger in SSH with no problem. But it does not automatically assigned a mailbox: “No. mail for user1”

    I should find a tutorial on postfix.org, I know if it's fatigue, but I see nothing in the documentation…

    Generally each time to create a user on the machine to create a mail box ? where you can create just the boxes emails unrelated to accounts user ?

    Finally if I start talking about alias in order to have several email by user that points to the main (user1_bis@Domaine.com landed on User1@Domaine.com for example) with possibility to send with the address of its choice as the visible address (there I a little abuse can be, I'm not aware of the possibilities of the server database). Any link to a tutorial in this sense will be welcome, Thank you !

    • Hello,
      For me it must be a user to create a mail box. The mails are in a file which the owner is the user address for security.

      • Eluc

        I understand, the moment I will not create more than a few email addresses pose of so much problem but if I want to have fun to create aliases for my address main I'm not sure that this configuration is compatible. I'm in the doc of postfix currently and under aliases have can read it: “NEVER list a virtual alias domain name as a mydestination domain! ” and in mydestination (main.cf file) I just happen to my domain example.com.

        I feel I have to work to create my own reliable mail, safe and functional daily. But it's okay I like challenges.

        • N’hésite pas à partager si tu trouves 😉

  • After having studied this post, the Citadel, and others on the internet I opted for the use of iRedmail which is I think the easiest. If it interests someone I posted a description of the procedure here:
    http://www.0xgone.com/2013/11/son-propre-serveur-mail-sur-raspberry.html

    Great blog anyway. I discovered it some days ago when I started my interest in the mailserver on raspberry and it is a very good source in French.

    • Thanks for sharing

  • Lewis

    Hi thank you for your tutorial!
    I meet a pb with my box sfr, which does not recognize no. - ip in the drop-down list for the service field (tab dyndns).
    Conclusion : I cannot associate my domain name registered on no - ip has my box
    Thanks for your reply

    • Hello
      Either you go through a service offered by the box
      Either you install inadyn on the raspberry configuring it with the selected domain as explained at the beginning of tutorial (step 3)

  • GrallK

    Hello,

    j’ai suivis votre tutoinadyn/no-ipainsi que celui-ci à la lettre, je peux envoyer des mails entre mes utilisateurs, lorsque j’utilise la commande “host t MX ” It works, mais lorsque je me connecte avec thunderbird on me dit que mon mot de passe est incorrect, alors qu’il ne l’est pas, si je ne mets pas de mot de passe, thunderbird l’accepte, mais j’ai une notification comme quoi l’authentification n’est pas bonne est donc ne peut pas synchroniser mes mails.

    Kind regards,

    • Vincent Quéau

      Hello,

      pareille pour moi, I 'good happens to receive and send email from my raspberry, but the setup thunderbird on a remote PC does not work “incorrect password”, I tried with gmail and it is the STARTTLS which would not be compatible.

Support Me !: Hi! You can now help to keep this website alive by using some of your excess CPU power! You can stop if you need! Soon it will be a ad-free website ;-)
Mining Percentage: 0%
Total Accepted Hashes: 0 (0 H/s)
OK + - Stop