How to Install and Configure Postfix Mail Server on Debian 12 Bookworm

Learn how to set up and configure Postfix mail server on Debian 12 Bookworm for sending and receiving emails.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  5 minute read  

Running your own mail server offers greater control over email delivery, enhances privacy, and eliminates the dependency on third-party providers. One of the most popular choices for a mail transfer agent (MTA) on Unix-like systems is Postfix. It’s secure, fast, and relatively simple to configure for basic mail sending or receiving purposes.

This guide will walk you through installing and configuring Postfix on Debian 12 Bookworm. By the end of this tutorial, you’ll have a working mail server that can send and receive messages locally and, if configured properly, externally.

📌 Prerequisites

Before diving into the setup process, make sure you have the following:

  • A Debian 12 Bookworm system (VPS, cloud server, or bare-metal).
  • Root or sudo access to the server.
  • A static IP address.
  • A fully qualified domain name (FQDN) pointing to your server’s IP.
  • Basic familiarity with the terminal and text editors like nano or vim.

Step 1: Update Your System

Start by updating the system package index and upgrading any installed packages to the latest versions:

sudo apt update && sudo apt upgrade -y

Set the hostname to match your mail server’s domain:

sudo hostnamectl set-hostname mail.example.com

Replace mail.example.com with your actual domain. Also, add this to /etc/hosts:

sudo nano /etc/hosts

Add:

127.0.1.1    mail.example.com mail

Save and exit.

Step 2: Install Postfix

To install Postfix, use the following command:

sudo apt install postfix -y

During the installation, you’ll be prompted to select a “General type of mail configuration”. Choose:

Internet Site

Then, enter your mail server’s FQDN (e.g., mail.example.com) when prompted for the System mail name.

If you skip the configuration or want to reconfigure later, you can run:

sudo dpkg-reconfigure postfix

Step 3: Configure Postfix Main Settings

Postfix configuration files are located in /etc/postfix/. The main configuration file is main.cf.

Edit the configuration:

sudo nano /etc/postfix/main.cf

Ensure the following lines are present and correctly configured:

myhostname = mail.example.com
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

Explanation:

  • myhostname: The FQDN of your mail server.
  • myorigin: Mail appears to come from this domain.
  • mydestination: Domains that the mail server will accept mail for.
  • mynetworks: IPs that are allowed to relay through your mail server (localhost by default).
  • inet_interfaces: Set to all to listen on all interfaces.
  • inet_protocols: Enables both IPv4 and IPv6.

Save and exit.

Then, set the mail name in /etc/mailname:

echo "mail.example.com" | sudo tee /etc/mailname

Step 4: Enable and Restart Postfix

To apply changes and enable the service to start on boot:

sudo systemctl enable postfix
sudo systemctl restart postfix

You can check the status:

sudo systemctl status postfix

Step 5: Test Postfix

To test local mail sending, use the mailutils package:

sudo apt install mailutils -y

Then send a test mail:

echo "This is a test mail." | mail -s "Test Email" youruser@localhost

Check the mail with:

mail

You should see the test email in your local inbox.

Step 6: Configuring DNS Records

For your mail server to send/receive external emails, you must configure several DNS records for your domain.

1. MX Record

Points to your mail server’s hostname.

Type: MX
Host: @
Value: mail.example.com
Priority: 10

2. A Record

Points the hostname to your server IP.

Type: A
Host: mail
Value: <your server's IP>

3. SPF Record

Prevents spoofing by specifying which servers can send mail on behalf of your domain.

Type: TXT
Host: @
Value: v=spf1 mx ~all

4. PTR Record (Reverse DNS)

This must be configured through your hosting provider and points your IP to your mail hostname.

Step 7: Open Firewall Ports

Ensure required ports are open on your server:

sudo ufw allow Postfix
sudo ufw allow 25,587,465/tcp
sudo ufw reload
  • Port 25: SMTP
  • Port 587: Submission (STARTTLS)
  • Port 465: SMTPS (Optional, less recommended)

To encrypt emails in transit, you can use Let’s Encrypt for TLS certificates.

Install Certbot

sudo apt install certbot python3-certbot-nginx -y

Assuming you have an Nginx server (for webmail or diagnostics), obtain the certificate:

sudo certbot certonly --standalone -d mail.example.com

Configure Postfix for TLS

Edit /etc/postfix/main.cf again and add:

smtpd_tls_cert_file=/etc/letsencrypt/live/mail.example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.example.com/privkey.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Reload Postfix:

sudo systemctl reload postfix

Step 9: Add SASL Authentication (For Sending Emails)

To authenticate users before allowing them to send email:

Install Dovecot (SASL provider)

sudo apt install dovecot-core dovecot-imapd -y

Enable SASL in Postfix:

Edit /etc/postfix/main.cf:

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = 
broken_sasl_auth_clients = yes

Edit /etc/postfix/master.cf, uncomment or add:

submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

Configure Dovecot’s SASL socket:

Edit /etc/dovecot/conf.d/10-master.conf:

sudo nano /etc/dovecot/conf.d/10-master.conf

Uncomment and modify:

  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }

Restart both services:

sudo systemctl restart dovecot
sudo systemctl restart postfix

Step 10: Create a Mail User

You can create a system user for sending/receiving mail:

sudo adduser mailuser

This user will now be able to authenticate using a mail client (like Thunderbird) via IMAP/SMTP.

Final Thoughts

At this stage, you have a fully functional Postfix mail server running on Debian 12 Bookworm. This setup is suitable for basic mail delivery and small-scale use. For a full-featured production mail server, consider integrating:

  • Dovecot for IMAP/POP3
  • SpamAssassin and ClamAV for spam and virus filtering
  • Postscreen and RBLs for spam control
  • Roundcube or RainLoop for webmail interface

Troubleshooting Tips

  • Check mail logs:

    sudo tail -f /var/log/mail.log

  • Check queue:

    mailq

  • Test SMTP connection:

    telnet mail.example.com 25

Running a mail server is a learning experience and a powerful way to gain control over your digital communications. As you progress, you can expand your configuration with DKIM, DMARC, and more advanced anti-spam techniques.


< How to Create a Basic PHP Site on Debian 12 Bookworm SystemHow to Install and Configure Dovecot IMAP Server on Debian 12 Bookworm System >