Complete Guide for setting up usable Email Server with Postfix Devcot and MariaDB and secure it with SPF, DKIM, and DMARC on Debian and Ubuntu

A few weeks ago I was trying to set up my email server on my Debian server it was hard because I could not find a complete guide that has all the parts that are required to build a usable Postfix email server.

Supported Distributions: Most Debian distributions, including Debian 9, Debian 10, Debian 11, and Ubuntu 20.04 (It is tested on Debian 10)

You should be familiar with the following:

1. Linux Command Line
2. You can edit files through Nano or Vim text editor. Refer to Nano Text Editor Manual
3. Understand the basics of MySql data.

Setting up your Server

1. You will need a VPS
2. Set up your server.  And make sure these ports are open (25, 465, 587, 110, 995, 143, and 993)

Configure DNS for your mail server

• Create a DNS entry for your email server. This can either be an A record pointing to your server’s IP address or a CNAME record pointing to a domain name. Regardless of the chosen record type, configure the hostname/name as mail.
• Add an MX record. Assign the hostname/name as '@', designate the mail server as 'mail.example.com' (substituting 'example.com' with your domain name), and allocate a priority of 10.

Example of the DNS Zone file

@    MX    10    mail.example.com.
mail    A    192.0.2.0

Where 192.0.2.0 is IPV4 of your vps.

Update the Hosts file on your Server

Verify that the hosts file contains a line for the public IP address of your VPS and is associated with the Fully Qualified Domain Name (FQDN). In the example below, 192.0.2.0 is the public IP address, mail is the local hostname, and mail.example.com is the FQDN.

nano /etc/hosts

127.0.0.1 localhost.localdomain localhost
192.0.2.0 mail.example.com mail

Install SSL Certificate for you Domain

In this step there are two ways of going forward. One way is if your server is only for your mail server the you can just use this command

sudo certbot certonly --standalone

Keep in mind the location of generated Key files it will be used in when setting up Dovecot in future.

But if you already have another server running like a web application using NGINX or some other reverse proxy, then that proxy is already using 80 port. So it will give an error.

So you just create the certificate file for your domains and use those files. How to set let's encrypt

Install Packages

sudo apt-get update && sudo apt-get upgrade
sudo apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql mysql-server

This will install the mysql-server package, which isn’t available by default on some newer versions of Debian. If you receive a message stating that the package is not available, install mariadb-server instead. MariaDB is a drop-in MySQL replacement.

Configuring MySQL for Email Transmission using Postfix and Dovecot

Information regarding the mail server's users (email addresses), domains, and aliases is stored within a MySQL (or MariaDB) database. Both Dovecot and Postfix utilize this data for their operations.

Setup Mysql Database server

1. Utilize the mysql_secure_installation tool to configure supplementary security settings. You'll have the opportunity to modify the MariaDB root password, eliminate anonymous user accounts, deactivate root logins except for localhost, and remove test databases. It's advisable to respond affirmatively to these options. Further details about the script can be found in the MariaDB Knowledge Base.

   sudo mysql_secure_installation
   

2. Log in to MySQL as a root user:

   sudo mysql -u root -p
   

3. Create a new database:

   CREATE DATABASE mailserver;
   

4.