Skip to main content

Mail Server – Postfix + Dovecot with TLS/SSL awaited howto, Postfix is probably the most popular mail server and is usually coupled with Dovecot or Courier and in some cases, with Anti SPAM and Anti Virus. (We will see that in another article)

My previous tutorial on how to setup a mail server was based on Courier-imap, but as Dovecot became more and more popular, I had to give it a try !

Both mail systems are good but they have their own plus and minus from my experience and reading:

Courier Dovecot
+ Extremely reliable

+ Trashmail box automatically expunged

+ Powerful maildrop

+ Low memory footprint

+ Good IMAP performance through indexing

+ Highly configurable

– Larger memory footpring – Trashmail box not automatically expunged

These are obviously only my observations and I know they actually found some turnaround to their minuses.

As I’m a big IMAP user and usually never delete my mail, indexing is a big plus for me and I wanted to give it a shot, this is why I’ve migrated to Dovecot.

The tutorial below will be for a Postfix + Dovecot for IMAP with SSL security. The user management will be based on users created on the system. (No SQL database or text file as it will be for few users only)


Debian comes with the default MTA (Mail Transfer Agent) called Exim which will not be useful anymore as we will replace it with Postfix.

then you will need to select a type of configuration, just choose “Internet Site”


and you will need to type your System mail name. I suggest you to create a dedicated sub domain and to use it here, in my case it will be

Doing so allow you to be ready adding server mails or changing more easily.


We will assume, you want to create an email account for your regular Debian or Ubuntu user. We will see later in this guide how to create new users.


You can generate your own self-signed certificate by running the following command:

(In Root)

This will create a pairs of key and certificates based on RSA encryption 2048 bit.

You will need to enter some info such as:

You will use these 2 key in Postfix conf and Dovecot conf.


The main configuration file of Postfix is located as /etc/postfix/ I suggest you to remove all its content and to replace by this one:

Obviously replace by your own domain name and same thing for TLS certificate and key you have just created.

Then, you need to modify the master file to do the bridge with Dovecot and allow sending mails.

and replace the #submission part by this one:


You may want to set some aliases, meaning if we send an email to root@yourdomain or webmaster@yourdomain, to make sure mails will drop into your account. If you want to make some changes, you can modify the file /etc/aliases.

Basically it says, mailer-daemon will be redirected to postmaster user (You may not have a real user called postmaster), never mind, it also says postmaster will be redirected to root and root to “MYSUER!!”. Just make sure this user suits your needs.

As it suits my need, I didn’t change anything there. But if you make any changes, don’t forget to update the configuration with the command:


Now you need to configure Dovecot through the file /etc/dovecot/dovecot.conf. Here again I suggest you to remove everything and use mine. (The original file contains a lot of links to sub conf file located in /etc/dovecot/conf.d

and replace with:

You will need to change ssl certificate location. (Last part of the file)

And finally, restart Postfix and Dovecot to update all your changes

Users Management:

In the case you want to create a new email box for a dedicated user, you can simply create a new user on your system and mails will work immediately.

In root, type:

The /sbin/nologin option will prevent the user from logging in to your server via ssh.

And that’s all at this stage.

You should now have a working email setting that you could try with Thunderbird for example. Thunderbird should recognize the server setting and you will be using STARTTLS for both IMAP and SMTP.

The next tutorial will cover how to add SPAM protection and Virus Scanning (Although Linux is well protected against viruses, you may still want to add an antivirus scan for your Windows users or when you will be accessing your mails from a Windows system.)

EDIT: The next tutorial is ready:

Reduce SPAM and improve security – Amavis + SpamAssassin + ClamAV + Procmail + PostScreen


7 thoughts on “Mail Server – Postfix + Dovecot with TLS/SSL

    1. Hi Martin,
      It’s a tough question!!
      When I started to use Postfix, I’ve checked a lot of website to compare Exim vs Postfix vs Sendmail and the differences between Exim and Postfix are not that many….
      Exim is probably as robust as Postfix and he the default MTA in many GNU/Linux flavor. (Debian, etc…)
      However it seems the configuration of Postfix is a little easier (Well, there is less file to configure and it all depends on what you are trying to achieve)
      Also, it seems Postfix is more popular than Exim and you can find many tutorials and people using Postfix (Meaning better support from the community)

      For all these reasons I prefer Postfix than Exim, but Exim is also a great MTA anyway.

  1. You open { and do not close with } in the /etc/dovecot/dovecot.conf
    Clearly, this can not be correct. And this must be untested so that scares me.

    1. Hi Thijs,

      I actually wrote my tutorials at the same time that I install them.
      As I do not set any option for the protocol IMAP, I’ve uncommented the part, that’s why it works well on my server.

      But you raised a good issue.
      I’ve updated the dovecot.conf to correct this

      Thanks for reporting!

  2. Thanks for this post. I had to specify mydomain = xxx and myorigin = $mydomain to make it work in my case.
    However I don’t know how to get mails with imap. I’m using Thunderbird. I use the linux password for the password field in Thunderbird (is that correct?), SMTP port is 587, IMAP port is 993, but “Thunderbird fails to find the settings for your email account.”

Leave a Reply

Your email address will not be published. Required fields are marked *