I've not even finished watching the video yet but this tutorial is simply superb; so nice to hear really useful mail server information in English, delivered without waffle and getting straight to the point. Really good.
Great job! This is not an easy subject to cover with all the complicated parts that make up a mail server. Thanks for taking the time to put this together and sharing your knowledge.
the finest video i have come across on the internet that deals with mail server configuration, i have seen lots of videos but this is the most detailed one. thank you more on u and more growth. am from Nigeria
This is incredible. So useful to me as I'm building a web application for user emails and have to dynamically create emails for users. Thanks to you, I can build this on my own and not pay $350/month for this feature of my application. Not only that, but I'm also learning from one of the people responsible for the most influential game of my childhood, Runescape. I just love everything about this video. Hats off to you sir!
WOW, i normally set my playback speed to filter the babble most tutorials have, im 37mins in and still at x1. This is how a tutorial should be done 100% informative content i wish i found this tutorial at the start of my setup process it would of literally saved me hours Subscription added
@@SidequestNinja Only edit i would make would be sudo apt install -y python3-certbot-nginx certbot certonly --nginx -d example.com hope you dont mind xD
You deserve more views and subscribers. Keep the good work up. I am planning to host my email server in my home office. Hope you will make video for Web server hosting as well in the future. We need more people like you to counter big Corporations like Microsoft, Amazon, Facebook, Google.
I LOVE SPF - the checks happen before your spammer has a chance to push any DATA at you, so saving your bandwidth. Kudos for "-all", so many providers tell you "~all", which is worse than useless, as it leads users to a false sense of security.
Great work, I seriously cannot understand how come such a valuable fast and comprehensive video doesn't have hardly any view as opposed to low quality fake gurus videos containing only a portion of this content. To make it even more comprehensive out still add letsencrypt and dkim tutorials
Thanks, I'm glad you found it helpful :D I do cover DKIM at 1:10:12, was there anything in there in particular that you'd have liked more detail on? I thought about covering Let's Encrypt as well, but since there are lots of different setup possibilities for certbot (depending on your proxy setup, for example) and the Let's Encrypt documentation covers them all pretty thoroughly, I thought it was best to stick to just the mailserver setup here.
One of the most informative videos on youtube IMHO. "How to" create secondary MX's and/or an eternity-store for backup/migration purposes must be just around the corner? ;-)
Thanks! When I have the time (i.e. once my game is released) I want to do an updated version of this for the latest Ubuntu version. I could sneak in one or two extra things at that point maybe...
Bit late to the party, but in 2023 all info is still relevant. thx! I just had a small issue with cleanup, amavis added a header that displays the port 10026 it uses and i wanted to remove this, so I added it to the header_checks file, but that did nothing. I had to add a smtp_header_checks to my main.cf pointing to the same file to make it work.
Incredible video! One question though: What if I want to receive webhooks for events like bounces, etc...? Can you please guide me in the right direction where to look for this? Really appreciate the work man, and the fact that you're still active in the comments.
Thanks! Hooking into things like bounces isn't something I've ever looked into. My instinct would be to use rsyslog - you can set it up to watch for bounces in /var/log/mail.log, and get it to send whatever message you need when it spots one. The omhttp module lets you send HTTP(S) requests.
@@SidequestNinja Thanks, I'll give it a shot. Also, is there a way we can externally add domains by hitting an API? And maybe get the generated public DKIM record back in response... Maybe I'm reaching way too far here, but any hack will do too. Thanks again!
@@sharrc As far as I'm aware, no, there's no such API, it's all handled by the config files. If you wanted to add domains you'd also have to add MX records for whatever domains you wanted the postfix instance to handle, so you'd have to do more than just hit an endpoint on the mailserver anyway. And if you're after the public DKIM data you can just hit the DNS records for the domain.
Nothing on Dovecot Mail Client configs, virtual users or setting up a webmail server. We'd have a long wait for mail. I think it might be better to do a lucid web page tutorial on this very important topic instead. But a reasonable start. Hope your game turned out well.
Hey there, virtual users (via a Postgres DB) are covered in Part 3. I haven't got a webmail server in my setup, so I haven't dealt with that here. What extra info on Dovecot and mail clients would you want to see? (The game is expected to release in August, there's a Steam demo if you'd like to give it a spin: s.team/a/1248420)
Thx for the great tutorial I've been searching for 3 days, U'll have a nice future, ur smart ❤️ I would ask about performance is it enough for a company like 200 mail per hour and also about the server requirments
The main requirement is memory for all the antivirus definitions. Anything less than 2.5GB and you're likely to see clamav-daemon getting terminated when it tries to update definitions due to lack of memory. In terms of mail capacity, you should be fine. If you need to increase throughput, you can increase $max_servers on Amavis and max_proc on Postfix so that they'll handle more emails concurrently - that will also take more memory for each Amavis process, and obviously you'll need enough cores for the extra processes to have any impact.
Insanely helpful video - just having one issue, I can’t send large attachments… it can cope with small images (1mb etc) but if i try and send for example a 17mb video, it fails on send, how do you change this limit?!
Hi Oliver, in main.cf you can set message_size_limit to whatever you need. It's in bytes, so for 20MB you'd need "message_size_limit=20971520", for example.
i have this question i want to ask, every thing is working fine as i went through the video and implement all that i see u do, at this point i want to connect my DB to my PHP codes on my server, so that i can create users in the users table, without going on the black screen to that. in the course of that i read about the PBKDF2 hashing, and found out how i can implement it in PHP. the hashed values produce by PHP does not come with ''$" signs as the devcot do. my question is can devcot still read and understand the hash passwords, if PHP should hash them and get them drop in the DB despite there diff in output value?
The Dovecot documentation shows the format that it expects for PBKDF2, here: doc.dovecot.org/configuration_manual/authentication/password_schemes/ It notes that, unfortunately, there's no standard format for this (which is probably why PHP is doing something different), but that what Dovecot wants is “$1$salt$rounds$hash”. Your best option is probably to modify your PHP code to output the format Dovecot expects. Make sure it starts with "{PBKDF2}" as well.
@@SidequestNinja thank u so much Sir! i read extensively about the hashing and i got to find out that PHP do return the hex value of the hashed characters. after that i decide to fall back to ARGON2I. i am trying connect PHP and postgreSQL, i am use to mariaDB, chose to learn postgresql to add to my skills and to try exploit the advantage it has over MariaDB. thank you so much once again
@@SidequestNinja thank u so much for ur support, i have taken care of lots of things and the PHP is weel connected to postgresql. ARGORN2I us actually working fine in PHP. i can now ad a user to the DB now is for me to create a user from frontend and let the user connect to postfix via turndabird. thank u so much i so appreciate all ur effort
It's hard to know without looking over your setup in detail. Is it possible that Postfix isn't looking for the certificate in the right place? Or that Postfix doesn't have permission to read those files?
@@SidequestNinja CheckTLS gives error " Cert Hostname DOES NOT VERIFY (_dc-mx.9c909617cf2a._MY DOMAIN_ != MY DOMAIN | DNS:*.MY DOMAIN | DNS:MY DOMAIN) So email is encrypted but the host is not verified " (Changed my domain to "MY DOMAIN" cus UA-cam deletes comments with URLs)
Not without knowing what the error is! UA-cam comments probably aren't the easiest place to sort out a problem like this, I'd suggest visiting some tech forums. Give them as many details as you can so they're able to help.
@@SidequestNinja Thank you very much for taking the time to answer! Yeah there is a whole lot to it! I went back through your blog step by step (great job, btw) and realized I had quickly read through to uncomment the line on the submission port! Anyway, I figured it out and I have a much better understanding of how postfix actually works because of that one problem! A blessing in disguise I guess! Btw, I too am also a Christian, on an inexorable path to heaven only because of my Savior Jesus Christ! 👍👍God Bless Brother!
Hi Torge, I've never tried to do this, but Postfix does support it - this documentation should get you most of the way: www.postfix.org/VIRTUAL_README.html You'll also need to set up MX records on all the additional domains pointing at your mailserver, so that senders trying to reach an address on those domains know where to send the mail.
Na tygodniu będę konfigurować ale najpierw muszę zrobić kopię serwera. Ostatnio testowałem iredmail i nigdy więcej tego gówna nawet kijem nie tknę. Rozwalił cała konfigurację serwera, musiałem od nowa wszystko instalować
DKIM is in there, at 1:10:12. For a project of this scale, I doubt it makes much difference whether you use MariaDB or Postgres, go with whatever you're familiar with/already using. Using Haraka would make this a totally different video!
@@SidequestNinja Who do you mean by hosting provider? My domain is with Google Domains and my ISP is BT. Google Domains allows me to set PTR records so who is it I'd contact......
@@ORicketts The hosting provider would be whoever's system you use to set up DNS records, which sounds like Google in your case. If Google Domains lets you do your own PTR record, then you should be able to do it yourself.
I've not even finished watching the video yet but this tutorial is simply superb; so nice to hear really useful mail server information in English, delivered without waffle and getting straight to the point. Really good.
Great job! This is not an easy subject to cover with all the complicated parts that make up a mail server. Thanks for taking the time to put this together and sharing your knowledge.
One of the best tutorial available on UA-cam.
Deserves more views.
the finest video i have come across on the internet that deals with mail server configuration, i have seen lots of videos but this is the most detailed one. thank you more on u and more growth. am from Nigeria
I don't think I've commented on this video (because I've had it bookmarked and saw a good portion a bit ago)... lifesaver. THANK YOU!
This is incredible. So useful to me as I'm building a web application for user emails and have to dynamically create emails for users.
Thanks to you, I can build this on my own and not pay $350/month for this feature of my application.
Not only that, but I'm also learning from one of the people responsible for the most influential game of my childhood, Runescape.
I just love everything about this video. Hats off to you sir!
You're very kind, and I'm glad to hear that it'll save you a lot of money over time :)
PS Selling rare black lobster
thank you so much! i tried to find something descent for awhile, finally i have found a very good video!!
Great tutorial! Thanks for taking the time to make this, you saved me from hours of reading
Great video, thanks a bunch, no one goes in as deeper as you have done on this subject and this is a big and complicated subject.
You're welcome, I'm glad it was helpful :)
WOW, i normally set my playback speed to filter the babble most tutorials have, im 37mins in and still at x1. This is how a tutorial should be done 100% informative content i wish i found this tutorial at the start of my setup process it would of literally saved me hours
Subscription added
Thanks, my friend, I'm glad you've found it helpful!
@@SidequestNinja Only edit i would make would be
sudo apt install -y python3-certbot-nginx
certbot certonly --nginx -d example.com
hope you dont mind xD
Legendary and Epic. Thank for making this video.
You deserve more views and subscribers. Keep the good work up. I am planning to host my email server in my home office. Hope you will make video for Web server hosting as well in the future. We need more people like you to counter big Corporations like Microsoft, Amazon, Facebook, Google.
Insanely informative and helpful video.
Too much value! This is so helpful, thank you so much.
I LOVE SPF - the checks happen before your spammer has a chance to push any DATA at you, so saving your bandwidth. Kudos for "-all", so many providers tell you "~all", which is worse than useless, as it leads users to a false sense of security.
~all does rather suggest you're not entirely sure who might be sending email from your domain, which hopefully isn't true!
Great work, I seriously cannot understand how come such a valuable fast and comprehensive video doesn't have hardly any view as opposed to low quality fake gurus videos containing only a portion of this content. To make it even more comprehensive out still add letsencrypt and dkim tutorials
Thanks, I'm glad you found it helpful :D I do cover DKIM at 1:10:12, was there anything in there in particular that you'd have liked more detail on?
I thought about covering Let's Encrypt as well, but since there are lots of different setup possibilities for certbot (depending on your proxy setup, for example) and the Let's Encrypt documentation covers them all pretty thoroughly, I thought it was best to stick to just the mailserver setup here.
This is helpful, thanks 👍 - the link to the blog post seems to be down though.
Ooh, well spotted. It's up again now! Thanks :)
...aaaaaand I rebooted the server and it hasn't come back. Time to submit a ticket to the hosting provider...
Looks like a very complete video. Thanks!
This was awesome. Thank you so much. Great work!
Excellent work. Thank you!
One of the most informative videos on youtube IMHO. "How to" create secondary MX's and/or an eternity-store for backup/migration purposes must be just around the corner? ;-)
Thanks! When I have the time (i.e. once my game is released) I want to do an updated version of this for the latest Ubuntu version. I could sneak in one or two extra things at that point maybe...
Bit late to the party, but in 2023 all info is still relevant. thx! I just had a small issue with cleanup, amavis added a header that displays the port 10026 it uses and i wanted to remove this, so I added it to the header_checks file, but that did nothing. I had to add a smtp_header_checks to my main.cf pointing to the same file to make it work.
That's not a bad idea! I hope at some point to make an updated version of this video, this would be a nice little tweak to include :)
One final thing! Any idea how to make like a fail rule? Similar to the alias table but to reject mail to certain addresses?
Hi - any ideas on how to make a fail rule in the alias table? Emails to example@xyz forward to an auto fail by the mailer daemon?
Incredible video! One question though: What if I want to receive webhooks for events like bounces, etc...? Can you please guide me in the right direction where to look for this?
Really appreciate the work man, and the fact that you're still active in the comments.
Thanks!
Hooking into things like bounces isn't something I've ever looked into. My instinct would be to use rsyslog - you can set it up to watch for bounces in /var/log/mail.log, and get it to send whatever message you need when it spots one. The omhttp module lets you send HTTP(S) requests.
@@SidequestNinja Thanks, I'll give it a shot. Also, is there a way we can externally add domains by hitting an API? And maybe get the generated public DKIM record back in response... Maybe I'm reaching way too far here, but any hack will do too.
Thanks again!
@@sharrc As far as I'm aware, no, there's no such API, it's all handled by the config files. If you wanted to add domains you'd also have to add MX records for whatever domains you wanted the postfix instance to handle, so you'd have to do more than just hit an endpoint on the mailserver anyway. And if you're after the public DKIM data you can just hit the DNS records for the domain.
Nothing on Dovecot Mail Client configs, virtual users or setting up a webmail server.
We'd have a long wait for mail.
I think it might be better to do a lucid web page tutorial on this very important topic instead.
But a reasonable start.
Hope your game turned out well.
Hey there, virtual users (via a Postgres DB) are covered in Part 3. I haven't got a webmail server in my setup, so I haven't dealt with that here. What extra info on Dovecot and mail clients would you want to see?
(The game is expected to release in August, there's a Steam demo if you'd like to give it a spin: s.team/a/1248420)
Thx for the great tutorial
I've been searching for 3 days,
U'll have a nice future, ur smart ❤️
I would ask about performance is it enough for a company like 200 mail per hour and also about the server requirments
The main requirement is memory for all the antivirus definitions. Anything less than 2.5GB and you're likely to see clamav-daemon getting terminated when it tries to update definitions due to lack of memory. In terms of mail capacity, you should be fine. If you need to increase throughput, you can increase $max_servers on Amavis and max_proc on Postfix so that they'll handle more emails concurrently - that will also take more memory for each Amavis process, and obviously you'll need enough cores for the extra processes to have any impact.
Insanely helpful video - just having one issue, I can’t send large attachments… it can cope with small images (1mb etc) but if i try and send for example a 17mb video, it fails on send, how do you change this limit?!
Hi Oliver, in main.cf you can set message_size_limit to whatever you need. It's in bytes, so for 20MB you'd need "message_size_limit=20971520", for example.
@@SidequestNinjaThanks so much, really helpful and lightning reply. Is that number 20mb in bytes?
@@ORicketts Yes :)
@@SidequestNinja Perfect. Thanks again!
i have this question i want to ask, every thing is working fine as i went through the video and implement all that i see u do, at this point i want to connect my DB to my PHP codes on my server, so that i can create users in the users table, without going on the black screen to that. in the course of that i read about the PBKDF2 hashing, and found out how i can implement it in PHP. the hashed values produce by PHP does not come with ''$" signs as the devcot do. my question is can devcot still read and understand the hash passwords, if PHP should hash them and get them drop in the DB despite there diff in output value?
The Dovecot documentation shows the format that it expects for PBKDF2, here: doc.dovecot.org/configuration_manual/authentication/password_schemes/
It notes that, unfortunately, there's no standard format for this (which is probably why PHP is doing something different), but that what Dovecot wants is “$1$salt$rounds$hash”. Your best option is probably to modify your PHP code to output the format Dovecot expects. Make sure it starts with "{PBKDF2}" as well.
@@SidequestNinja thank u so much Sir! i read extensively about the hashing and i got to find out that PHP do return the hex value of the hashed characters. after that i decide to fall back to ARGON2I. i am trying connect PHP and postgreSQL, i am use to mariaDB, chose to learn postgresql to add to my skills and to try exploit the advantage it has over MariaDB. thank you so much once again
@@SidequestNinja thank u so much for ur support, i have taken care of lots of things and the PHP is weel connected to postgresql. ARGORN2I us actually working fine in PHP. i can now ad a user to the DB now is for me to create a user from frontend and let the user connect to postfix via turndabird. thank u so much i so appreciate all ur effort
"454 4.7.0 TLS not available due to local problem"
I configured the TLS correctly with Let'sEncrypt. Any solutions?
It's hard to know without looking over your setup in detail. Is it possible that Postfix isn't looking for the certificate in the right place? Or that Postfix doesn't have permission to read those files?
@@SidequestNinja Accidentally wrote "fullchain.pen" instead of "fullchain.pem" 🥲
@@quokka_yt Ah, yeah, that'll do it! Glad you managed to track it down :)
@@SidequestNinja CheckTLS gives error
"
Cert Hostname DOES NOT VERIFY (_dc-mx.9c909617cf2a._MY DOMAIN_ != MY DOMAIN | DNS:*.MY DOMAIN | DNS:MY DOMAIN)
So email is encrypted but the host is not verified
"
(Changed my domain to "MY DOMAIN" cus UA-cam deletes comments with URLs)
@@quokka_yt I don't think I can diagnose this from here without being able to see your setup, I'm afraid.
I'm failing an spf check according to my logs when I try to send an email from thunderbird! any idea why?
Not without knowing what the error is! UA-cam comments probably aren't the easiest place to sort out a problem like this, I'd suggest visiting some tech forums. Give them as many details as you can so they're able to help.
I figured it out! I overlooked adding this override to the submission port:
-o smtpd_recipient_restrictions=
@@SidequestNinja Thank you very much for taking the time to answer! Yeah there is a whole lot to it! I went back through your blog step by step (great job, btw) and realized I had quickly read through to uncomment the line on the submission port! Anyway, I figured it out and I have a much better understanding of how postfix actually works because of that one problem! A blessing in disguise I guess! Btw, I too am also a Christian, on an inexorable path to heaven only because of my Savior Jesus Christ! 👍👍God Bless Brother!
@@jhhassler Well, that's good news all round :D Always good to bump into a brother in Christ online!
@@jhhassler Are you able to send mails to Gmail and others?
Amigo eres increíble.
¡Gracias!
What do I need to change in order use email-addresses which haven’t the domain I used to setup the mailserver.
Hi Torge, I've never tried to do this, but Postfix does support it - this documentation should get you most of the way: www.postfix.org/VIRTUAL_README.html
You'll also need to set up MX records on all the additional domains pointing at your mailserver, so that senders trying to reach an address on those domains know where to send the mail.
@@SidequestNinja Thank you
any can help me for set limit mailboxes size in devecot?
Hi Alfonso, this isn't something I've ever tried to do, but it looks like the documentation on this is here: wiki2.dovecot.org/Quota/Configuration
Na tygodniu będę konfigurować ale najpierw muszę zrobić kopię serwera. Ostatnio testowałem iredmail i nigdy więcej tego gówna nawet kijem nie tknę. Rozwalił cała konfigurację serwera, musiałem od nowa wszystko instalować
Yikes! I've never tried iRedMail, but I hope Postfix works out better. Let me know how you get on!
I went through the same thing. I couldn't believe the damage I caused.
Zrobiłeś może ten serwer pocztowy? Działa dobrze?
@@jurnyjarzabek zostałem na mailcow
Thanks for the video. BUT the background is very distracting bcz it's completely unrelatable from the fact being explained in the video.
Hah, yes, looking back it wasn't the best thing to choose, a plain background would have been better.
Here is what i'd do different: I would be replace postgres with mariadb and postfix with haraka from open stack. i would add dkim.
DKIM is in there, at 1:10:12. For a project of this scale, I doubt it makes much difference whether you use MariaDB or Postgres, go with whatever you're familiar with/already using. Using Haraka would make this a totally different video!
@@SidequestNinja i know but all i said what i'd do differently but i didn't know that there is dkim in there. Haraka is same thing as postfix.
Is this guide still working?
I haven't run through it myself for some time. I'd expect it to still be broadly accurate, though some details may have changed.
nice talk bro
Very good. Theres a mix and match between init.d and systemd, fuck it why not use both I guess.
I should probably finally make the break with init.d and embrace the future.
ty sir, saw another video saying "dont host your own email server its too hard you gotta set upa "reverse dns" " xddd
That's one of the easy parts, you just need to ask your hosting provider and they do all the hard work!
@@SidequestNinja Who do you mean by hosting provider? My domain is with Google Domains and my ISP is BT. Google Domains allows me to set PTR records so who is it I'd contact......
@@ORicketts The hosting provider would be whoever's system you use to set up DNS records, which sounds like Google in your case. If Google Domains lets you do your own PTR record, then you should be able to do it yourself.
@@SidequestNinja Thanks! What do i put in the fields hostname and data?
@@ORickettsI'm not actually sure, never had to do it myself!
thanks