Postfix is the most widely deployed Mail Transfer Agent (MTA) on the internet. It handles sending and routing email between servers, and it’s the backbone of most self-hosted mail setups. This guide walks you through installing and configuring Postfix on Ubuntu 22.04.
Prerequisites
- A VPS or dedicated server running Ubuntu 22.04
- A public IP address (not blacklisted)
- A domain name with DNS access
- Root or sudo access
Step 1: Install Postfix
Update the package list and install Postfix:
sudo apt update
sudo apt install postfix -y
During installation, you’ll see a configuration dialog. Select Internet Site and enter your fully qualified domain name (FQDN), for example mail.example.com.
Verify the installation:
postconf mail_version
Step 2: Configure the Main Settings
The main Postfix configuration file is /etc/postfix/main.cf. Open it:
sudo nano /etc/postfix/main.cf
Set the following core parameters:
# Hostname and domain
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
# Network interfaces to listen on
inet_interfaces = all
inet_protocols = ipv4
# Trusted networks (localhost + your own IP)
mynetworks = 127.0.0.0/8
# Where to deliver local mail
home_mailbox = Maildir/
# Relay restrictions
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
After editing, reload Postfix:
sudo systemctl reload postfix
Step 3: Configure DNS Records
For your mail server to be reachable and trustworthy, set up these DNS records:
MX record — tells other servers where to deliver email for your domain:
example.com. IN MX 10 mail.example.com.
A record — resolves your mail server hostname:
mail.example.com. IN A YOUR_SERVER_IP
PTR record (reverse DNS) — configure this through your VPS provider’s control panel. The PTR for YOUR_SERVER_IP should point to mail.example.com. This is critical for spam prevention.
Step 4: Enable TLS Encryption
Generate a self-signed certificate (or use Let’s Encrypt — recommended):
sudo apt install certbot -y
sudo certbot certonly --standalone -d mail.example.com
Add TLS settings to /etc/postfix/main.cf:
# TLS for incoming connections (smtpd)
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
# TLS for outgoing connections (smtp)
smtp_tls_security_level = may
smtp_tls_loglevel = 1
Reload:
sudo systemctl reload postfix
Step 5: Send a Test Email
Use the mail command (from mailutils) to send a test:
sudo apt install mailutils -y
echo "Test body" | mail -s "Test Subject" you@gmail.com
Check the mail log:
sudo tail -f /var/log/mail.log
Look for lines with status=sent to confirm successful delivery.
Step 6: Check Your IP Reputation
Before going live, verify your IP isn’t blacklisted. Use MXToolbox or check major RBLs:
host -t txt 1.0.0.127.zen.spamhaus.org
If your IP is listed, contact your VPS provider or request delisting.
Common Issues
“Connection refused” on port 25 — Many VPS providers block outbound port 25 by default. Contact support to request it be unblocked, or use port 587 (submission) for authenticated sending.
Emails going to spam — You likely need SPF, DKIM, and DMARC records. See our email authentication guide.
Postfix not starting — Check syntax errors: sudo postfix check and review /var/log/mail.err.
Next Steps
Postfix alone only handles SMTP (sending/relaying). To let users receive and read email via IMAP or POP3, you need to pair it with an IMAP server like Dovecot. See Setting Up Dovecot for the next step.