Read in 6 minutes

last updated 

Set up a mail server with PostfixAdmin

This is the first post in the series Setting up and configuring a mail server which covers creaton of all the necessary DNS records and explains how to install and configure PostfixAdmin, Nginx, PHP, MySQL and generate a free Lets Encrypt certificate.


As the prerequisites to follow this series, you will need:

  • Ubuntu 16.04 server
  • The server hostname must be a FQDN, including the domain suffix, and must be resolvable. In this series we will use You can use the followng command to check the server FQDN hostname hostname -f.

DNS settings

You need to set up the following DNS records for your mail system to work:

  • A record, to point your system’s FQDN (hostname) to your mail server IPv4 address 3600 IN A

To check that the FQDN is resolvable, type nslookup at a command line prompt. If the FQDN is resolvable, the nslookup command will return the IP Address of your machine.

  • MX record, to specify which mail server is responsible for accepting email messages on behalf of a recipient’s domain. In our case we want all emails sent to email addresses to be accepted by the mail server.      3600 IN MX  0
  • SPF record, to verify which mail servers are approved to send email on behalf of a given domain. In the example below we are approving the domain mail servers (mx) and if the SPF check fails, the result will be a soft failure (~all):      3600 IN TXT "v=spf1 mx ~all"

Of course, you need to replace the domain name and the IP address with your real domain name and your mail server IP address.

Reverse DNS (PTR)

Reverse DNS (PTR) is IP address to domain name mapping, it’s the exact opposite of DNS which maps domain names to IP addresses.

Most email servers will perform a reverse DNS lookup on the IP address that is attempting to connect to them and may not accept emails from your server if the PTR record is not set. In most cases PTR entries can be set via your hosting provider web interface or by contacting the support team and ask them to setup a correct PTR record for you.

You can use the dig command to find out the reverse DNS of a given IP address.

dig -x domain name pointer

Create a system user

Since we are configuring a mail server with virtual users we need one system user which will be the owner of all mailboxes and will be used by all virtual users to access email on the server. We will set the user’s home directory to /var/mail/vmail, and all our mailboxes will be stored in that directory.

sudo groupadd -g 5000 vmail
sudo useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail

Install Nginx PHP and MySQL

PostfixAdmin is an application written in PHP so we need to install a web server in order to be able to access the PostfixAdmin web interface.

The following command will install Nginx, PHP and all requred PHP modules:

sudo apt install nginx mysql-server php7.0-fpm php7.0-cli php7.0-imap php7.0-json php7.0-mysql php7.0-opcache php7.0-mbstring php7.0-readline

You’ll be prompted to create a MySQL root password during the installation.

Download and Configure PostfixAdmin

At the time of the writing, 3.1 is the latest stable version of PostfixAdmin. Issue the following commands to download and extract the PostfixAdmin archive to the /var/www directory.

wget -q${VERSION}/postfixadmin-${VERSION}.tar.gz
tar xzf postfixadmin-${VERSION}.tar.gz
sudo mv postfixadmin-${VERSION}/ /var/www/postfixadmin
rm -f postfixadmin-${VERSION}.tar.gz
mkdir /var/www/postfixadmin/templates_c

Both Nginx and PHP-FPM are running under user www-data so we need to change the ownership of the /var/www/postfixadmin to that user:

sudo chown -R www-data: /var/www/postfixadmin

PostfixAdmin will use a MySQL database to store information about users, domains and the application configuration. Login to the MySQL shell:

mysql -u root -p

and create a new database and user:

CREATE DATABASE postfixadmin;
GRANT ALL ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'P4ssvv0rD';

Don’t forget to change the password (P4ssvv0rD) to something more secure.


Instead of editing the default PostfixAdmin configuration we will create a new file named config.local.php which will overwrite the default values:


$CONF['configured'] = true;

$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'P4ssvv0rD';
$CONF['database_name'] = 'postfixadmin';

$CONF['default_aliases'] = array (
  'abuse'      => '[email protected]',
  'hostmaster' => '[email protected]',
  'postmaster' => '[email protected]',
  'webmaster'  => '[email protected]'

$CONF['fetchmail'] = 'NO';
$CONF['show_footer_text'] = 'NO';

$CONF['quota'] = 'YES';
$CONF['domain_quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';
$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';

$CONF['aliases'] = '0';
$CONF['mailboxes'] = '0';
$CONF['maxquota'] = '0';
$CONF['domain_quota_default'] = '0';
With the configuration above we are defining the database type and the login credentials, the default aliases, disabled fetchmail tab and enabled quota.

Run the following command to create the schema for the PostfixAdmin database:

sudo -u www-data php /var/www/postfixadmin/upgrade.php

Once the database is populated, we can go on and create our first PostfixAdmin superadmin user using the postfixadmin-cli tool . This user will be able to login and modify any domain or setting.

sudo bash /var/www/postfixadmin/scripts/postfixadmin-cli admin add [email protected] --superadmin 1 --active 1 --password P4ssvv0rD --password2 P4ssvv0rD
Welcome to Postfixadmin-CLI v0.2

The admin [email protected] has been added!


Don’t forget to change the password (P4ssvv0rD) for the superadmin account to something more secure.

Install free Let’s Encrypt SSL Certificate

We have a tutorial about how to install a Let’s Encrypt SSL Certificate here. We are gonna use the SSL certificate to access our PostfixAdmin installation and to enable Dovecot and Postfix SSL/TLS encryption. The most important point here is to generate a SSL Certificate for your server hostname (FQDN) in our case

At the end your Nginx configuration should look as follows:

server {
    listen 80;

    include snippets/letsencrypt.conf;
    return 301 https://$host$request_uri;

server {
    listen 443 ssl http2;
    root /var/www;

    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;
    ssl_trusted_certificate /etc/letsencrypt/live/;
    include snippets/ssl.conf;

    location / {
       try_files $uri $uri/ /index.php;

    location /postfixadmin {
       index index.php;
       try_files $uri $uri/ /postfixadmin/index.php;

    location ~* \.php$ {
         fastcgi_split_path_info ^(.+?\.php)(/.*)$;
         if (!-f $document_root$fastcgi_script_name) {return 404;}
         fastcgi_pass  unix:/run/php/php7.0-fpm.sock;
         fastcgi_index index.php;
         include fastcgi_params;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

Reload the Nginx service for changes to take effect:

sudo systemctl reload nginx

Finally you should be able to login to your PostfixAdmin installation at using the superadmin user you created previously.

That’s it for this part of the series. In the next part of this series, we will continue with Postfix and Dovecot installation and configuration. Stay tuned!

This post is a part of the Setting up and configuring a mail server series.
Other posts in this series:

Set up a mail server with PostfixAdmin