- Mail server
- Software
- Ports
- MX record
- Authentication
- Sender Policy Framework
- Sender Rewriting Scheme
- DKIM
- Testing
- Dedicated tools
- Dedicated websites
- Tips and tricks
- Removing IP addresses from emails
- Scanning emails for viruses
- Spam filtering
- Webmail
- See also
- How to Run a Linux Mail Server
- What is an SMTP Server?
- How to Run a Mail Server on Linux
Mail server
A mail server consists of multiple components. A mail transfer agent (MTA) receives and sends emails via SMTP. Received and accepted emails are then passed to a mail delivery agent (MDA), which stores the mail in a mailbox (usually in mbox or Maildir format). If you want users to be able to remotely access their mail using email clients (MUA), you need to run a POP3 and/or IMAP server.
Software
This article or section needs expansion.
- Add mailutils somewhere.
- Addition of mailing list software
- Find article or guide on how to create a «simple» mailing list with Postfix
- Differentiate between POP3 and IMAP servers (Dovecot etc.) and clients (fdm etc.)
Below is a table containing all mail servers with the features they support.
Note: In most cases not a single software in the table provides the complete suit of support you require, an MTA such as postfix needs to be paired with a MDA such as dovecot.
| Name | Mail transfer agent | Mail delivery agent | Sendmail | Mailing list | Notes | ||
|---|---|---|---|---|---|---|---|
| Sending | Receiving | POP3 | IMAP | ||||
| dma | Yes | Yes | – | – | No | – | Does not support email domains; limited MTA receiving (see Use Google SMTP) |
| Exim | Yes | Yes | – | – | Yes | – | – |
| OpenSMTPD | Yes | Yes | – | – | Yes | – | – |
| Postfix | Yes | Yes | – | – | Yes | Partially, through alias feature | – |
| Courier | Yes | Yes | Yes | Yes | No | Yes | Includes a web client |
| Cyrus IMAP | – | – | Yes | Yes | – | – | Can be installed from cyrus-imapd AUR |
| Dovecot | – | – | Yes | Yes | – | – | – |
| UW IMAP | Yes using c-client AUR | – | Yes | Yes | Yes c-client AUR has same capabilities | – | Project is abandoned |
| msmtp | Yes | No | – | – | Yes msmtp has same capabilities | – | – |
| Sendmail | Yes | No | – | – | Yes | – | Sendmail implementation is deprecated |
| sSMTP | Yes | No | – | – | Yes | – | – |
| fdm | – | – | Yes | Yes | – | – | Can also fetch mail from standard input (stdin) |
| Procmail | – | – | Partially, see module [1] | No | – | – | Only reads mail through standard input (stdin), upstream is unmaintained |
| Maildrop | – | – | No | No | – | – | Only supports receiving emails over standard input (stdin) |
- Sendmail executables are command line tools which allow the sending of emails over SMTP.
- «Sending» and «Receiving» columns refer to the ability to send emails over SMTP and receive emails over SMTP.
- «Mailing list» software, allow for the creation of mailing lists, see Mailing lists.
Ports
| Purpose | Port | Protocol | Encryption |
|---|---|---|---|
| Accept mail from other MTAs. | 25 | SMTP | STARTTLS |
| Accept submissions from MUAs. | 587 | SMTP | STARTTLS |
| 465 | SMTPS | implicit TLS | |
| Let MUAs access mail. | 110 | POP3 | STARTTLS |
| 995 | POP3S | Implicit TLS | |
| 143 | IMAP | STARTTLS | |
| 993 | IMAPS | implicit TLS |
- Implicit TLS is more secure than STARTTLS because the latter is vulnerable to man-in-the-middle attacks. For more information, see [2] and RFC:8314.
- The table above contains the generic ports to be used, however mail servers could use other ports, ensure to check with your mail provider to ensure the ports are correct. The only port which remains constant is port 25, the relay port is expected to be open otherwise emails will not be relayed through a specific server (However some software does support setting custom relay ports).
MX record
Hosting a mail server requires a domain name with an MX record pointing to the domain name of your mail transfer agent. The domain name used as the value of the MX record must map to at least one address record (A, AAAA) and must not have a CNAME record to conform with RFC 2181, otherwise you may not get mail from some mail servers. Configuring DNS records is usually done from the configuration interface of your domain name registrar.
Authentication
This article or section is a candidate for merging with Mail server#Software.
Notes: This section can be merged with the list of mail server software above. (Discuss in Talk:Mail server)
There are various email authentication techniques.
Sender Policy Framework
Sender Policy Framework (SPF) is an email validation protocol designed to detect and block email spoofing by providing a mechanism to allow receiving mail exchangers to verify that incoming mail from a domain comes from an IP Address authorized by that domain’s administrators.
To allow other mail exchangers to validate mails apparently sent from your domain, you need to set a DNS TXT record as explained in the Wikipedia article (there is also an online wizard). To validate incoming mail using SPF you need to configure your mail transfer agent to use a SPF implementation. There are several SPF implementations available: libspf2 , perl-mail-spf and perl-mail-spf-query .
| Courier | Yes, built-in |
|---|---|
| Postfix | Yes |
| Sendmail | through Milter and spfmilter-acme AUR |
| Exim | Yes, requires libspf2 |
| OpenSMTPD | No |
The following websites let you validate your SPF record:
Tip: SPF can even be helpful for domains not used to send email. Publishing a policy like v=spf1 -all makes any mail server enforcing SPF reject emails from your domain name, thus preventing misuse.
Sender Rewriting Scheme
The Sender Rewriting Scheme (SRS) is a secure scheme to allow forwardable bounces for server-side forwarded emails without breaking the Sender Policy Framework.
DKIM
DomainKeys Identified Mail (DKIM) is a domain-level email authentication method designed to detect email spoofing.
Available DKIM implementations are OpenDKIM and perl-mail-dkim .
Testing
There are several options to help you test DNS records, deliver ability, and encryption support.
Dedicated tools
Dedicated websites
There are several handy web sites that can help you testing.
Tips and tricks
Removing IP addresses from emails
Most mail servers can be configured to strip users’ IP addresses and user agents from outgoing mail.
Scanning emails for viruses
See ClamAV for email antivirus scanning.
Spam filtering
See SpamAssassin for filtering of spam emails.
Webmail
See Roundcube and Squirrelmail for setting up of a webmail.
See also
- Comparison of mail servers — Further comparison of mail servers, including ones which are not supported by Arch Linux
- Sieve – a mail filtering programming language
- Webmail
- This page was last edited on 1 June 2023, at 15:37.
- Content is available under GNU Free Documentation License 1.3 or later unless otherwise noted.
- Privacy policy
- About ArchWiki
- Disclaimers
How to Run a Linux Mail Server
In today’s article, we briefly explain what is the SMTP protocol. We also provide a step-by-step tutorial on how to install a mail server on Linux.
List of content you will read in this article:
There are plenty of e-mail services out there, however, how trustworthy are they? For normal day-to-day e-mail use, typical email services are just secure enough. Nevertheless, if you are dealing with sensitive data, it is best to have your own mail server as in this case, you get full control over where your emails go through. In today’s article, we will discuss about the SMTP (i.e. Simple Mail Transfer Protocol) protocol and show you a step-by-step tutorial on how to run your own mail server on Linux.
What is an SMTP Server?
SMTP is a part of the application layer of the TCP/IP protocol. With the use of a process named “store and forward”, it transfers emails across networks. An SMTP server is an application that’s primary purpose is to send, receive, and/or relay outgoing mail between email senders and receivers.
Without an SMTP server, your email wouldn’t make it to its destination. Once you hit “send,” your email transforms into a string of code that is then sent to the SMTP server. The SMTP server is able to process that code and pass on the message. If the SMTP server wasn’t there to process the message, it would be lost in translation.
How to Run a Mail Server on Linux
Please note that this tutorial is made for Ubuntu/Debian.
In this tutorial, we will use the Postfix mail server and the Roundcube webmail application.
- First, set a valid FQDN (i.e. Fully Qualified Domain Name) for your server with the following command. Do not forget to replace “monovm.com” with your domain name.
sudo hostnamectl set-hostname mail.monovm.com
- Now, add a MX and A records for your domain in your DNS control panel.
- Once that is done, you will need to install Apache2, MariaDB and PHP :
sudo apt install apache2 apache2-utils mariadb-server mariadb-client php7.4 libapache2-mod-php7.4 php7.4-mysql php-net-ldap2 php-net-ldap3 php-imagick php7.4-common php7.4-gd php7.4-imap php7.4-json php7.4-curl php7.4-zip php7.4-xml php7.4-mbstring php7.4-bz2 php7.4-intl php7.4-gmp php-net-smtp php-mail-mime php-net-idna2 mailutils
sudo apt-get install postfix
- Once that is installed, you need to install an MDA (i.e. Mail Delivery Agent), we chose Dovecot
sudo apt-get install dovecot-imapd dovecot-pop3d
sudo systemctl restart dovecot
tar -xvf roundcubemail-1.4.8.tar.gz
sudo mv roundcubemail-1.4.8 /var/www/html/roundcubemail
sudo chown -R www-data:www-data /var/www/html/roundcubemail/
sudo chmod 755 -R /var/www/html/roundcubemail/
- Once the above steps are completed, you need to create a new database and a user for Roundcube as well as grant all the permissions. Note: do not include “MariaDB [(none)]>” in the commands you are writing.
MariaDB [(none)]> CREATE DATABASE roundcube DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
MariaDB [(none)]> CREATE USER roundcubeuser@localhost IDENTIFIED BY ‘password’;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON roundcube.* TO roundcubeuser@localhost;
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> quit;
sudo nano /etc/apache2/sites-available/roundcube.conf
Then, add the following configuration to it:
CustomLog $/roundcube_access.log combined