How to Configure a Mail Server (Postfix/Dovecot) on FreeBSD

Setting up a mail server on FreeBSD using Postfix and Dovecot can be a powerful way to manage email services efficiently. This guide will walk you through the installation and configuration of Postfix as the Mail Transfer Agent (MTA) and Dovecot as the IMAP/POP3 server. We’ll also cover enabling TLS encryption for secure communication.

Prerequisites

Before we begin, ensure you have:

• A FreeBSD system with root or sudo access
• A registered domain name (e.g., example.com)
• A static IP address with proper DNS settings
• Basic knowledge of FreeBSD system administration

Step 1: Install Required Packages

FreeBSD provides both Postfix and Dovecot through its ports and package management systems.

Update your package repository and install the required software:

pkg update && pkg upgrade
pkg install postfix dovecot nano

Step 2: Configure Postfix

2.1 Set Postfix as the Default MTA

FreeBSD uses Sendmail by default, so we need to disable it and enable Postfix.

Edit /etc/mail/mailer.conf and ensure it has the following entries:

sendmail        /usr/local/sbin/postfix
send-mail       /usr/local/sbin/postfix
mailq           /usr/local/sbin/postfix
newaliases      /usr/local/sbin/postfix

Disable Sendmail in /etc/rc.conf:

sysrc sendmail_enable="NO"
sysrc sendmail_submit_enable="NO"
sysrc sendmail_outbound_enable="NO"
sysrc sendmail_msp_queue_enable="NO"

Enable Postfix:

sysrc postfix_enable="YES"

2.2 Configure Postfix Main Settings

Edit /usr/local/etc/postfix/main.cf and update the following settings:

myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relay_domains = $mydestination
home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP
smtpd_tls_cert_file = /etc/ssl/certs/mail.pem
smtpd_tls_key_file = /etc/ssl/private/mail.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache

2.3 Start and Enable Postfix

Run the following command to start Postfix:

service postfix start

To apply configuration changes, restart Postfix:

service postfix restart

Step 3: Configure Dovecot

Dovecot will be used to manage IMAP and POP3 services.

3.1 Enable Dovecot Service

Enable Dovecot in /etc/rc.conf:

sysrc dovecot_enable="YES"

3.2 Configure Dovecot Authentication

Edit /usr/local/etc/dovecot/dovecot.conf and update the following:

protocols = imap pop3 lmtp
listen = *

Edit /usr/local/etc/dovecot/conf.d/10-mail.conf and configure the mail location:

mail_location = maildir:~/Maildir
namespace inbox {
  inbox = yes
}

Edit /usr/local/etc/dovecot/conf.d/10-auth.conf and ensure authentication is enabled:

auth_mechanisms = plain login
!include auth-system.conf.ext

3.3 Start and Enable Dovecot

Run the following command to start Dovecot:

service dovecot start

Restart Dovecot to apply changes:

service dovecot restart

Step 4: Configure TLS for Secure Email Communication

4.1 Generate SSL Certificates

To secure your mail server, generate a self-signed SSL certificate (or obtain a certificate from Let’s Encrypt):

openssl req -new -x509 -days 365 -nodes \
  -out /etc/ssl/certs/mail.pem \
  -keyout /etc/ssl/private/mail.key

Ensure correct permissions:

chmod 600 /etc/ssl/private/mail.key

4.2 Configure Postfix for TLS

Edit /usr/local/etc/postfix/main.cf and add:

smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/ssl/certs/mail.pem
smtpd_tls_key_file = /etc/ssl/private/mail.key

Restart Postfix:

service postfix restart

4.3 Configure Dovecot for TLS

Edit /usr/local/etc/dovecot/conf.d/10-ssl.conf:

ssl = yes
ssl_cert = </etc/ssl/certs/mail.pem
ssl_key = </etc/ssl/private/mail.key

Restart Dovecot:

service dovecot restart

Step 5: Configure User Mail Accounts

Create user accounts for mail:

pw useradd username -m -s /sbin/nologin
passwd username

Ensure mail directories exist:

mkdir -p /home/username/Maildir
chown -R username:username /home/username/Maildir

Step 6: Test Your Mail Server

6.1 Test Postfix SMTP

Use telnet to verify SMTP is running:

telnet mail.example.com 25

You should see a response from Postfix.

6.2 Test Dovecot IMAP

Use telnet to verify IMAP:

telnet mail.example.com 143

You should receive a response from Dovecot.

6.3 Send a Test Email

Use mail to send a test email:

echo "Test email" | mail -s "Test" user@example.com

Conclusion

You now have a working mail server on FreeBSD using Postfix and Dovecot with TLS encryption. This setup provides a secure and efficient way to manage email services. For added security, consider setting up spam filtering with SpamAssassin and enabling DKIM and SPF authentication.

By following these steps, you have created a robust and reliable mail server that can handle email communication for your domain securely and efficiently.