Set up a mail server with PostfixAdmin

Updated on

6 min read

Install PostfixAdmin on Ubuntu

Photo by geralt

Postfix Admin is a web based interface which allows users to configure and manage a Postfix based email server. With Postfix Admin you can create and manage multiple virtual domains, users and aliases.

This is the first post in the series for Setting up and configuring a mail server which covers creating the necessary DNS records and explains how to install and configure Postfix Admin, Nginx with free Let’s Encrypt certificate, PHP and MySQL.

This tutorial was written for Ubuntu 16.04, however the same steps with small modifications should work on any newer version of Ubuntu .


As the prerequisites to follow this series, you will need:

DNS settings

You need to set up the following DNS records for your mail system to work:

  • A record, to point your system’s FQDN (hostname) to your mail server IPv4 address. 3600 IN A
The FQDN consists of two parts, the hostname and the domain name.
  • MX record, to specify which mail server is responsible for accepting email messages on behalf of a recipient’s domain. In our case we want all emails sent to email addresses to be accepted by the mail server.      3600 IN MX  0
  • SPF record, which is used to verify which mail servers are approved to send email on behalf of a given domain. In the example below we are approving the domain mail servers (mx) and if the SPF check fails, the result will be a soft failure (~all):      3600 IN TXT "v=spf1 mx ~all"
Of course, you need to replace the domain name and the IP address with your real domain name and your mail server IP address.

Reverse DNS (PTR)

Reverse DNS (PTR) is an IP address to domain name mapping, the exact opposite of DNS which maps domain names to IP addresses.

Most email servers will perform a reverse DNS lookup on the IP address that is attempting to connect to them and may not accept emails from the server if the PTR record is not set.

In most cases PTR entries can be set via your hosting provider web interface or by contacting the support team and ask them to setup a correct PTR record for you.

You can use the dig command to find out the reverse DNS of a given IP address.

dig -x domain name pointer

Create a system user

Since we are configuring a mail server with virtual users we need one system user which will be the owner of all mailboxes and will be used by the virtual users to access their email messages on the server.

The following command will create a new group and user named vmail and set the user’s home directory to /var/mail/vmail:

sudo groupadd -g 5000 vmailsudo useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail

All virtual mailboxes will be stored in the /var/mail/vmail directory.

Install Nginx PHP and MySQL

Postfix Admin is a PHP based application. To be able to access the PostfixAdmin web interface we need to install a Web server and PHP.

Run the following command to install Nginx, PHP and all required PHP modules:

sudo apt install nginx mysql-server php7.0-fpm php7.0-cli php7.0-imap php7.0-json php7.0-mysql php7.0-opcache php7.0-mbstring php7.0-readline

You’ll be prompted to create a MySQL root password during the installation.

Download and Configure Postfix Admin

At the time of the writing, 3.1 is the latest stable version of Postfix Admin.

Download the Postfix Admin archive using the following wget command :

VERSION=3.1wget -q${VERSION}/postfixadmin-${VERSION}.tar.gz

Once the download is completed extract the archive :

tar xzf postfixadmin-${VERSION}.tar.gz

Move the Postfix Admin source files the /var/www directory and create templates_c directory (smarty cache):

sudo mv postfixadmin-${VERSION}/ /var/www/postfixadminrm -f postfixadmin-${VERSION}.tar.gzmkdir /var/www/postfixadmin/templates_c

Both Nginx and PHP-FPM are running under user www-data so we need to change the ownership of the /var/www/postfixadmin to that user:

sudo chown -R www-data: /var/www/postfixadmin

Postfix Admin will use a MySQL database to store information about users, domains and the application configuration.

Login to the MySQL shell :

mysql -u root -p

Create a new MySQL user and database using the following commands:

CREATE DATABASE postfixadmin;GRANT ALL ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'P4ssvv0rD';FLUSH PRIVILEGES;
Don’t forget to change the password (P4ssvv0rD) to something more secure.

Instead of editing the default Postfix Admin configuration we will create a new file named config.local.php which will overwrite the default application settings:

Open the file with your text file:

sudo nano /var/www/postfixadmin/config.local.php

Paste the following php code:

$CONF['configured'] = true;

$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'P4ssvv0rD';
$CONF['database_name'] = 'postfixadmin';

$CONF['default_aliases'] = array (
  'abuse'      => '',
  'hostmaster' => '',
  'postmaster' => '',
  'webmaster'  => ''

$CONF['fetchmail'] = 'NO';
$CONF['show_footer_text'] = 'NO';

$CONF['quota'] = 'YES';
$CONF['domain_quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';
$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';

$CONF['aliases'] = '0';
$CONF['mailboxes'] = '0';
$CONF['maxquota'] = '0';
$CONF['domain_quota_default'] = '0';

Save and close the file.

With the configuration above we are defining the database type and the login credentials. Also, we are specifying the default aliases, disabling fetchmail and enabling quota.

Next, run the following command to create the schema for the Postfix Admin database:

sudo -u www-data php /var/www/postfixadmin/upgrade.php

Once the database is populated, we can go on and create our first PostfixAdmin superadmin user using the postfixadmin-cli tool.

This user will have administration privileges to modify any domain or application setting.

sudo bash /var/www/postfixadmin/scripts/postfixadmin-cli admin add --superadmin 1 --active 1 --password P4ssvv0rD --password2 P4ssvv0rD

The output should look something like this:

Welcome to Postfixadmin-CLI v0.2

The admin has been added!

Don’t forget to change the password (P4ssvv0rD) for the superadmin account to something more secure.

Install free Let’s Encrypt SSL Certificate

We are gonna use the SSL certificate to access our Postfix Admin installation and enable the Dovecot and Postfix SSL/TLS encryption.

We have a tutorial about how to install a Let’s Encrypt SSL Certificate . The most important point here is to generate a SSL Certificate for your server hostname (FQDN) in our case

Once you generated the SSL certificate by following the tutorial linked above, edit your Nginx server block as follows:

server {
    listen 80;

    include snippets/letsencrypt.conf;
    return 301 https://$host$request_uri;

server {
    listen 443 ssl http2;
    root /var/www;

    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;
    ssl_trusted_certificate /etc/letsencrypt/live/;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;

    location / {
       try_files $uri $uri/ /index.php;

    location /postfixadmin {
       index index.php;
       try_files $uri $uri/ /postfixadmin/index.php;

    location ~* \.php$ {
         fastcgi_split_path_info ^(.+?\.php)(/.*)$;
         if (!-f $document_root$fastcgi_script_name) {return 404;}
         fastcgi_pass  unix:/run/php/php7.0-fpm.sock;
         fastcgi_index index.php;
         include fastcgi_params;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

Reload the Nginx service for changes to take effect:

sudo systemctl reload nginx

At this point you should be able to login to your Postfix Admin installation at, using the superadmin user created earlier in this tutorial.


In this tutorial you have installed Postfix Admin. In the next part of this series, we will continue with Postfix and Dovecot installation and configuration. Stay tuned!

This post is a part of the Setting up and configuring a mail server series.
Other posts in this series: