How to Build You Own Ubuntu-based Email Server

Here’s another Linux-newbie-friendly guide on building and running your own email server on the cloud using Ubuntu and “Mailinabox”. Hosting it on a dedicated server or VPS is highly recommended for this. You can use any well-known providers like DigitalOcean, Vulture or Linode.

Setting up your own email server is not always the best option due to several reasons. Number of one of which is security. If you’re not knowledgeable enough to run the server yourself you might end up with a compromised server and other security breaches, due to faulty configuration and the like. And this is the top reason why you shouldn’t host and run your email server and should instead use one of well-known third-party email services like Gmail/G-Suite, Zoho Mail, Fast Mail and etc.

If you’re interested, you could take advantage of a ready-to-use and free email service, instead of building your own. Click this link to know more.

But if you’re really motivated to make your own, you should run through the basic server hardening steps to at least implement the needed basic security for a server. I will cover that part in this guide and basic knowledge in Linux command is a must in order to follow through. I won’t explain in-depth what each command would do.

So when you’re ready, jump on in and follow through the actual steps below and construct your private email server using “Mail in a Box”. Click on the jump links below.

Jump Links

Use the following links to quickly navigate to a specific section of this how-to post.


What is Mailinabox

Mail in a Box – stylized as “Mailinabox‘ or Mail-in-a-Box, is a script developed by Josh, that is made up of different free software and bundled together so it can be used to easily put up an instance of email server which can host multiple different domains.

In reality, setting up a server to send out emails requires manual configurations using the command-line. You will have to configure each component correctly in order to have a complete and running setup, without issues. Further more, incorrect and incomplete configuration of each component could render the box unusable or failure to send out an email.

But with “Mailinabox” configuration is a breeze and automated, you can either leave the default setting or customize them for your needs.

Mailinabox sets up Fail2ban, Letsencrypt SSL Certificate, Firewall (using UFW in Ubuntu), for basic server security. For anti-spam and other security features, MIA sets up; graylisting, SPF, DKIM, DMARC, opportunistic TLS, HSTS and DNSSEC. Without these correctly configured, your message will end up in spam folder of Gmail, Yahoo! and other known email services out there on the Internet.

MIAB was developed to be an “all-in-one” solution that can handle IMAP/POP, SMTP, spam filtering, webmail and also DNS resolution. And since it can handle DNS, you can use MIAB as your DNS for your other domain.

Email Service Providers

  • Gmail
  • Zoho Mail
  • Outlook
  • Yahoo! Mail
  • FastMail
  • Hushmail
  • Proton Mail

Basic Email Server Security

Once you fired up your Droplet on DigitalOcean or VPS from other hosts, you need to setup basic security for very obvious reason. You might not know, your server might get compromised even just after putting it up on the cloud. This is very possible with modern automated SSH Brute-forcer and other hacker bots out there on the Internet. I won’t discuss deeply in to this matter, but this step should be done before any other else on the server.

Note: You may skip this if you would only do a quick testing on the MiaB script, but you will have to destroy your droplet once you decide to go in production. You need to start from scratch and do the basic security procedure.

For basic security we need to:

  1. Basic SSH Security
  2. Create a new user and make it a sudoer
  3. Setup TCP wrappers

Things Needed for a Private Email Server

Before even jumping on the actual procedure, you must have the following on hand already. These are the must-have requirements so you can run your private email server.

  • VPS with at least 1GB of RAM, loaded with Ubuntu Server 14.04 64-bit – As of June 5, 2018, MIAB only supports Ubuntu 14.04. You may read why no support for Ubuntu 16.04 on this page.

    You can get a $5 VPS with 1GB RAM from DigitalOcean, Vultr or Linode.

  • Domain Name for the email domain – you can use your existing domain name for this, but you need to modify your DNS settings on your Domain Registrar’s Dashboard. If you would need to buy another, I higly recommend that you get from Gandi.net (Chubbable is registered on Gandi) for your domain name because I know it supports DNSSEC and it works well for Mail-in-a-Box. You can use NameCheap too or other Registrar, but support for DNSSEC is not good everywhere.

    To know more about known good domains, click here.

  • Server Name – or Host name can be any text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9). Your server name or host name must be a FQDN. To simply explain this without being too technical, your FQDN is your hostname + domain name.

    For example, you would want to name your server as email, while your domain to use is chubbable.com, then the FQDN would be email.chubbable.com.

    If you’d want to build a multiple email server, then perhaps you’d name your machines like; box1.chubbable.com, box2.chubbable.com.

    But for the sake of this guide and simplicity, consider box as your hostname. So it would be box.your-domain.tld.

Known Good Top-Level Domains with DNSSEC Support

Base on my research and some experience, these are the known good TLDs that has DNSSEC support. I’m using .com, .me and .email myself for my other domains.

DNSSEC Supported Domain

  • .com
  • .email
  • .fund
  • .guide
  • .info
  • .io
  • .me
  • .net
  • .uk
  • .me
  • .uk
  • .us
  • .xyz

There are other TLDs that can handle DNSSEC on Gandi.net – listed on this page.

How should I know if my Gandi Domain supports DNSSEC?

When logged in to your Gandi Account, go to Domains tab, click on your domain, click on DNSSEC, and you should notice the big “Add a key” button.

The Step-by-step Procedure to Create Your Own Email Server

Building your private email server requires several software and manual configurations. Added to that, you initially have to install your server OS like Ubuntu Server 14.04. You have to install all the components from scratch.

But all thanks to MIAB, it makes life easier and takes care of the tedious tasks of configuring of an email server.

Setup Overview

To create your own personal email server, you need to go through these steps.

  1. Get a hosting account from DigitalOcean, Vultr, Linode or other VPS hosts out there on the Internet.

  2. Launch a VPS and Install Ubuntu 14.04

  3. Go through the steps of basic server security setup and hardening.

  4. Setup DNS from your Domain Registrar Dashboard.

  5. Download the MIAB script to your server and launch.

  6. Post Install Configuration.

  7. Testing and Troubleshooting.

NOTE: It is very important that you go through step 4 first (DNS Setup), before taking up the actual MIAB installation. Else, you’ll be facing several issues which can be a waste of your precious time.

The step-by-step Guide

I’m not a Linux expert, though I am knowledgeable enough and has the actual experience that makes me qualified to write this guide in a newbie-friendly way. So follow through, don’t let the command line intimidates you.

  1. Get a Hosting Account

    I you’d ask me who’s to pick, then I’d say DigitalOcean. For me, their control panel is one of the easiest to understand and use. Of course, there are alternatives to DigitalOcean, there is Vultr and Linode whose price are similar to each other.

    While I know there is Google CE and Amazon AWS, which are the leading companies in web hosting service, they are difficult to use as a newbie. Learning curve is a bit steep and setting up your account and your first server takes time.

    So if you want to really get started fast and easy, grab a VPS over at DigitalOcean and fire it up real quick and go to the next step.

  2. Launch a VPS and Install Ubuntu 14.04

    When launching a VPS or Droplet on DigitalOcean, you don’t have to manually install Ubuntu, just point and click and you’re set. Wait for the build to complete and then login with your keys using SSH.

    If its your first time working with DigitalOcean and Server, I highly recommend that you first read on this post – Building a VPS using Ubuntu 14.04.

    On that post you will learn how to create your first Droplet or VPS and setup basic security. But with MIAB, you don’t have to worry setting up Firewall, Fail2ban and SSL, as MIAB will take care of them for you and set them up flawlessly. The other thing you will need to learn if you’re a newbie, is how to connect to your server using SSH.

  3. Go through the steps of basic server security setup and hardening.

  4. Setup DNS from your Domain Registrar Dashboard

    If you don’t want to go through issues while building your email server, please setup first your DNS and allow some time for the DNS propagation. Once complete, you are ready to launch and install MIAB.

    If you’re on Gandi.Net, you can setup your DNS by creating a Glue Record.

    To create a Glue Record on Gandi, login to your account and go to Domains, click on Your Domain Name, then click on Glue Records. Once on this page, delete all existing entries and start from fresh.

    Click on Add button, and enter ns1.box on the provided text field. Then type your VPS/Droplet IP address on the IP Address text field then click Save. Repeat this step but use ns2.box this time and same IP address you entered before.

    Note: You don’t need to type your domain name on this step. Gandi will append your entries with you domain name. So just type ns1.box and it will become ns1.box.domain.tld or ns1.box.chubbable.com.

    Adding Glue Records in Gandi Dashboard

    Reference Image: Adding Glue Records in Gandi Dashboard

    Next is to change your Name Server to your newly created Glue Record. To do this, click on Nameservers tab and click change. Update DNS1 and enter your Glue Record, in my example it was ns1.box.chubbable.com. Repeat this step with DNS2. Click Save button and you’re done.

    Wait at least 30-minutes before checking how the DNS propagation is doing.

    For the tools I used to check DNS propagation, I use WhatsMyDNS and MXtoolbox.

    So after 30 minutes or so, go and check how your DNS propagation is doing. On the text field type your domain name and set drop down menu to DNS, click Search button. A positive search result should show the configured Glue Records on this step. Using my example, it should show ns1.box.chubbable.com and ns2.box.chubbable.com. See reference image below.

    Reference Image: DNS Propagation Check Tool

    Checking DNS Propagation

    Using same tool as used above searching for your A Record should result showing the IP address of your VPS or Droplet. See reference image below.

    Reference Image: A Record Checks

    Make sure A Record is pointing to the correct IP Address of your E-Mail Server

    Once your DNS has propagated, you can now proceed to the next step, and that is – installing “Mail in a Box” on DigitalOcean.

  5. Download the MIAB script to your server and launch.

    Login to your server/droplet via SSH and download the Mail-in-a-Box script.

    As a reminder for newbies, logging in to your server via SSH is typing this on your command-line:

    ssh root@ipaddress.of.server
    

    Then you should be logged-in as root on your server, and your command prompt should look like this:

    Reference Image: Command Prompt

    This is what a command prompt looks like.

    So once logged-in, update your server box prior to MiaB installation. The command should be:

    sudo apt-get update && sudo apt-get upgrade
    

    After successfully updating your server, you are now ready to install MiaB.

    So let’s do that now. Grab the MIAB script from this page, copy and paste it on your command-line, like so:

    curl -s https://mailinabox.email/setup.sh | bash
    

    If you logged in as other than root, then the command is:

    curl -s https://mailinabox.email/setup.sh | sudo bash
    

    Hit enter key to initiate installation.

    Watch your screen, because it will ask you some question. See reference image below.

    Reference Image: MiaB Question

    Installation Question No. 1

    Hit OK on the first prompt and on the second, change the email address to your preferred one. Take note that whatever you put on that field will be you Super Admin user name.

    Reference Image: Miab Question 2

    MiaB will ask for your E-Mail Addres.

    To edit, hit backspace to delete all contents and type in your preferred email. You can add more after the the installation process.

    Once done, hit TAB key to move the cursor to OK, once there hit Enter Key.

    This next page will pop-up after the above.

    Reference Image: MiaB suggesting hostname to use

    MiaB Hostname Setup

    Check the value and edit as needed. In my case, it’s box.chubbable.com and this value is also the name of my droplet on my DigitalOcean dashboard.

    When satisfied hit tab key to select OK, and finally hit enter key and installation continues.

    Another prompt will pop asking your geographic area, just do so using your up/down keys to select your area/continent and hit tab to select OK button. Next prompt should be asking your Time Zone, so select your Country’s capital City and hit OK. Installation continues with white texts on black screen background. The process will take a while but won’t take more than 15-minutes. Watch your screen though, because the install script will prompt you for your admin password.

    Reference Image: Mail in a Box Installation Process

    The MiaB script is doing its thing.

    On the password prompt, you should enter your admin password twice. Take note, when you type in your password, it won’t be printed on your screen. So type in your password slowly and surely.

    Once done, installation should be completed and you will be presented with your admin URL. See reference image below.

    Reference Image: Mail-in-a-Box Installation Done

    Installation Done, Confirmed.

    NOTE 1: If you had setup your DNS correctly, Letsencrypt SSL should be provisioned automatically for you during the setup. You will have to answer Yes to the license agreement and that would be it.

    In case not, and the MIAB script had used the self-signed SSL certificate instead, then no worries. You should still have the chance to install Letsencrypt SSL using the Admin Dashboard.

    NOTE 2: Below is the exact texts used by the script when asking your about Letsencrypt License Agreement.

    It is Let's Encrypt's terms of service agreement. If you agree, I can
    provision that TLS certificate. If you don't agree, you will have an
    opportunity to install your own TLS certificate from the Mail-in-a-Box
    control panel.
    
    Do you agree to the agreement? Type Y or N and press <ENTER>:
    

    NOTE 3: After successfully provisioning your Letsencrypt SSL, you should now be able to login to your MIAB admin dashboard by using your full domain name. Example: https://box.chubbable.com/admin – and you should see the green padlock icon on your browser address bar. Which indicates that your SSL certificate is installed and working.

MIAB Post-installation Setup

So now that you’ve installed MiaB, you need further configuration, system checks and testing.

To start off, you need to login to your admin dashboard. Your user name is the email you created during the initial installation procedure with MiaB. Once logged in, provision a new Letsencrypt SSL” and then log off. You need to clear your browser cache before logging in again, so your browser can detect the new SSL certificate.

How Can I Install SSL Certificate after MiaB Installtion

To install Letsencrypt SSL to your MiaB Email Server, login as admin and do the following:

  1. System Menu
  2. Click on TLS (SSL) Certificates
  3. Click on Provision

Then wait for the process to complete. After this, you should now have a Free SSL Certificate issued by Letsencrypt.

Reference Image: Provisioning a Letsencrypt SSL on MiaB

Provisioning a Letsencrypt SSL on MiaB

How to Create Additional Users or Email in MiaB

Reference Image: Adding New Email Account

Adding New Email Account

To add additional email/user to your primary domain, simply do the following:

  1. Click on Mail menu.
  2. Clock on Users
  3. Then type in the email address and the password. Leave Normal Users setting, and click Add User button.

    You should get a confirmation that you successfully added a new user. See reference image below.

Reference Image: Adding a New User Success

Success! New User Added

It’s Wrap!

If you follow through this guide carefully and step-by-step, you should now have your own personal email server that you can use with multiple domain names. Further configuration is necessary when you want to add additional domain.

In case you face some issues, feel free to ask below and I will try my best to answer them as soon as possible.

There are other open source solution on the Internet, which I’m going to share with you in the future, and will post a “how-to” guide once I have the time. As for now, Mail-in-a-Box is serving me well but it is reaching its end-of-life cycle. Overall, it is the best free email server solution I’ve used and always been my recommendation to clients.

But MiaB is not the only solution, there are more like it, and they’re also free and open source. Haven’t I mentioned about MailCow and iRedMail?

Chubbable

Hi, I'm Chubby! That's what my friends call me. I'm a tech savvy dude who is passionate in learning stuffs by himself. I post stuffs that I recently learned and also stuffs that I'm very knowledgeable of. I also post articles here to serve as my own reference and knowledge base archiving.