Email Newsletter Server

Make the leanest possible newsletter server in minutes.
  • Allow whitelisted IP's to login and send mail from a list of usernames.
  • Allow incoming mail to be read using usernames and passwords for authentication.

Initial Setup

Complete the Initial Setup, Remote Access, and Specify Your Hostname sections specified in the Digital Ocean Guide.

Install Postfix

  • apt-get install postfix postfix-pcre opendkim opendkim-tools mailutils
  • Choose the Internet Site configuration

Configure Postfix

Configure Postfix to allow SMTP connections from only the IP of specific servers, then make milters sign every message with DKIM before sending.
  • cd /etc/postfix
  • nano
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    append_dot_mydomain = no
    readme_directory = no
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination =,, , localhost
    relayhost =
    mynetworks = [::ffff:]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    milter_default_action = accept
    milter_protocol = 2
    smtpd_milters = inet:localhost:8891
    non_smtpd_milters = inet:localhost:8891
    header_checks = pcre:/etc/postfix/header_checks
  • mkdir dkim
  • nano dkim/hosts
  • nano /etc/default/opendkim
  • opendkim-genkey -t -s mail -d
  • cp mail.private /etc/postfix/dkim.key
  • cat mail.txt
  • Use the output to update your DNS but remove t=y parameter
  • service opendkim start
  • nano /etc/opendkim.conf
    Syslog                  yes
    UMask                   002
    OversignHeaders         From
    KeyFile                 /etc/postfix/dkim.key
    Selector                mail
    SOCKET                  inet:8891@localhost
    ExternalIgnoreList      /etc/postfix/dkim/hosts
    InternalHosts           /etc/postfix/dkim/hosts

Remove Relay Info

By default, Postfix puts metadata in the header that reveals the origin server. This can be undesirable in some cases. The following was taken from this article.
  • nano /etc/postfix/header_checks
    /^\s*(Received: from)[^\n]*(.*)/ REPLACE $1 ( [])$2

Install Dovecot

The Dovecot service listens for IMAP connections, reads and returns data from user's mail boxes. When you run this command, do not allow the installer to create a self signed certificate.
  • apt-get install dovecot-imapd

Configure Dovecot

In this configuration Dovecot will allow remote connections and use the system's local users and passwords to authenticate.
  • cd /etc/dovecot
  • nano dovecot.conf
    ssl = no
    disable_plaintext_auth = no
    mail_privileged_group = mail
    mail_location = mbox:~/mail:INBOX=/var/mail/%u
    userdb {
    	driver = passwd
    passdb {
    	args = %s
    	driver = pam
    protocols = " imap"
  • nano /etc/pam.d/dovecot
    @include common-auth
    @include common-account
    @include common-session
    auth    required
    account required


  • reboot

Add Users

These users and passwords will work for both Postfix and Dovecot.
  • adduser marketing

Dovecot Debug

  • doveadm log find

Enable Forwarding

  • Open /etc/postfix/ and append.
    virtual_alias_domains =
    virtual_alias_maps = hash:/etc/postfix/virtual
  • Create /etc/postfix/virtual and configure.
  • To catch and forward emails to any address for a given domain.
  • postmap /etc/postfix/virtual
  • service postfix reload


Connect to your server programmatically and shoot off some emails!