Raspberry Pi Email Server: Postfix and Dovecot Setup

Running your own email server on a Raspberry Pi is a powerful project for learning how email infrastructure works, hosting a local notification system for IoT devices and scripts, or setting up an intranet mail system for a home lab or small office. While not suitable for a public-facing high-volume mail server, a Raspberry Pi running Postfix and Dovecot is perfectly capable of handling internal mail routing, alert notifications, and LAN-based email.

This guide covers a complete setup: Postfix for SMTP (sending/receiving), Dovecot for IMAP (reading mail), TLS certificates, and SASL authentication — all on a Raspberry Pi running Raspberry Pi OS.

Architecture Overview

Before diving into configuration, understand the components:

• Postfix: The Mail Transfer Agent (MTA). Handles SMTP — sending email between servers, receiving incoming mail, and delivering to local mailboxes. The most widely used MTA on Linux.
• Dovecot: The Mail Delivery Agent (MDA) and IMAP/POP3 server. Manages mailbox storage and lets email clients (Thunderbird, Outlook) retrieve mail via IMAP or POP3.
• SASL (Simple Authentication and Security Layer): Authentication layer. Postfix uses Dovecot’s SASL to authenticate outgoing SMTP connections.
• TLS/SSL: Encryption for both SMTP and IMAP. We’ll use self-signed certificates (sufficient for local/LAN use) or Let’s Encrypt if you have a domain.

The mail flow: sender’s email client → Postfix (port 587 SMTP submission) → Postfix delivers locally → Dovecot stores in mailbox → recipient’s email client pulls via IMAP (port 993).

Prerequisites

Before starting, ensure:

• Raspberry Pi running Raspberry Pi OS (Bookworm or Bullseye) with a static IP address on your LAN
• A hostname configured (we’ll use mail.local for LAN use)
• Ports 25, 587 (SMTP), 993 (IMAPS) accessible — unblock in your firewall if needed
• Root or sudo access

Set your Pi’s hostname:

sudo hostnamectl set-hostname mail.local
sudo nano /etc/hosts
# Ensure this line exists:
127.0.1.1    mail.local

Installing and Configuring Postfix

Step 1: Install Postfix

sudo apt update && sudo apt install -y postfix

During installation, a configuration dialog appears:

• General type of mail configuration: Select “Internet Site”
• System mail name: Enter local (or your domain if you have one)

Step 2: Configure Postfix main settings

Edit /etc/postfix/main.cf:

sudo nano /etc/postfix/main.cf

Set or verify these key parameters:

# Basic settings
myhostname = mail.local
mydomain = local
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =

# Network settings
inet_interfaces = all
inet_protocols = ipv4

# Mailbox settings (Maildir format for Dovecot compatibility)
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail

# TLS settings (we'll add cert paths after generating them)
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/ssl/mail/mail.crt
smtpd_tls_key_file = /etc/ssl/mail/mail.key
smtpd_tls_auth_only = yes

# SASL authentication (via Dovecot)
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

# Security
smtpd_helo_required = yes
disable_vrfy_command = yes

Step 3: Enable submission port (587)

Edit /etc/postfix/master.cf and uncomment/add the submission service:

submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Generating TLS Certificates

For local use, we’ll generate a self-signed certificate. If you have a domain and public IP, use Let’s Encrypt with Certbot instead.

sudo mkdir -p /etc/ssl/mail
sudo openssl req -new -x509 -days 3650 -nodes 
  -out /etc/ssl/mail/mail.crt 
  -keyout /etc/ssl/mail/mail.key 
  -subj "/C=IN/ST=Maharashtra/L=Mumbai/O=HomeServer/CN=mail.local"

sudo chmod 640 /etc/ssl/mail/mail.key
sudo chown root:ssl-cert /etc/ssl/mail/mail.key 2>/dev/null || 
  sudo chown root:postfix /etc/ssl/mail/mail.key

Installing and Configuring Dovecot

Step 1: Install Dovecot with IMAP and SASL support

sudo apt install -y dovecot-core dovecot-imapd dovecot-pop3d

Step 2: Configure Dovecot authentication

Edit /etc/dovecot/conf.d/10-auth.conf:

disable_plaintext_auth = yes
auth_mechanisms = plain login

Step 3: Configure mail location

Edit /etc/dovecot/conf.d/10-mail.conf:

mail_location = maildir:~/Maildir
mail_privileged_group = mail

Step 4: Configure SSL in Dovecot

Edit /etc/dovecot/conf.d/10-ssl.conf:

ssl = required
ssl_cert = </etc/ssl/mail/mail.crt
ssl_key = </etc/ssl/mail/mail.key
ssl_min_protocol = TLSv1.2

Step 5: Configure Dovecot SASL socket for Postfix

Edit /etc/dovecot/conf.d/10-master.conf. Find the service auth block and add:

service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}

Step 6: Configure IMAP service

Edit /etc/dovecot/conf.d/20-imap.conf:

protocol imap {
  mail_max_userip_connections = 10
  imap_idle_notify_interval = 2 mins
}

Creating Mail Users and Testing

Mail users correspond to Linux system users. Create a user for each mailbox:

# Create user 'admin'
sudo useradd -m -s /bin/bash admin
sudo passwd admin

# Create the Maildir structure
sudo -u admin mkdir -p /home/admin/Maildir/{new,cur,tmp}

Restart both services:

sudo systemctl restart postfix dovecot
sudo systemctl enable postfix dovecot

Test sending mail locally:

# Install mailutils for testing
sudo apt install -y mailutils

# Send a test email
echo "Test body" | mail -s "Test Subject" admin@local

# Check if it arrived
ls /home/admin/Maildir/new/

If a file appears in the new/ directory, mail delivery is working.

Configuring an Email Client

To connect Thunderbird, Outlook, or any IMAP client to your Raspberry Pi mail server:

• Incoming server (IMAP): mail.local (or Pi’s IP), Port 993, SSL/TLS, username: admin, password: (your admin password)
• Outgoing server (SMTP): mail.local (or Pi’s IP), Port 587, STARTTLS, username: admin, same password
• SSL certificate: Accept the self-signed certificate warning on first connection

For DNS resolution of mail.local on your LAN, either add an entry to your router’s DNS or edit the /etc/hosts file on each client machine:

# On client machine /etc/hosts:
192.168.1.xxx  mail.local

Using the Mail Server for Raspberry Pi Script Notifications

One of the most practical uses for a local Pi mail server is sending alerts from other Pi projects and scripts. Configure Python to send mail through your local Postfix:

import smtplib
from email.mime.text import MIMEText

def send_alert(subject, body):
    msg = MIMEText(body)
    msg['Subject'] = subject
    msg['From'] = 'alerts@local'
    msg['To'] = 'admin@local'
    
    with smtplib.SMTP('localhost', 587) as s:
        s.ehlo()
        s.starttls()
        s.login('admin', 'your_password')
        s.sendmail('alerts@local', 'admin@local', msg.as_string())

# Example: temperature alert from DHT11 sensor
if temperature > 30:
    send_alert('Temperature Alert', f'Sensor reads {temperature}°C — too hot!')

Frequently Asked Questions

Can I use my Raspberry Pi mail server for sending public internet email?

Technically yes, but practically difficult. Most ISPs block port 25 on residential connections. To send internet email, you’d need a static IP, reverse DNS (PTR record), SPF/DKIM/DMARC records, and your IP must not be on any blacklists. For sending alerts to external addresses, it’s easier to relay through Gmail or another SMTP relay using Postfix’s relayhost configuration. The local Postfix+Dovecot setup described here is best for intranet/LAN mail.

What is the difference between SMTP port 25 and 587?

Port 25 is the traditional SMTP port used for server-to-server mail transfer (MX routing). Port 587 is the SMTP submission port intended for email clients (authenticated users submitting mail). Our setup uses 587 for client connections with mandatory authentication and TLS, and keeps port 25 for local delivery. Never expose port 25 directly to the internet without proper spam controls.

How do I add spam filtering to my Raspberry Pi mail server?

Install SpamAssassin (sudo apt install spamassassin) and configure Postfix to pipe incoming messages through it before delivery. SpamAssassin scores emails based on content and headers and marks them with an X-Spam-Score header. Dovecot’s sieve filtering can then automatically move high-scoring messages to a spam folder.

How much storage does a mail server need?

For a personal or home lab mail server with a few users, a 32GB SD card is adequate. However, SD cards wear out with frequent small writes. For production use, boot from a USB SSD and store the Maildir directories on the SSD. A 64GB SSD provides comfortable storage for years of email history for a small team.

Can I access my Raspberry Pi mail from anywhere?

Yes, via a VPN. Set up WireGuard or OpenVPN on the Pi, then connect your remote devices to the VPN. Once connected, your email client sees the Pi’s LAN IP and can connect to IMAP port 993 and SMTP port 587 securely. This avoids exposing your mail server directly to the internet.

Conclusion

A Raspberry Pi running Postfix and Dovecot is a legitimate, functional mail server for home lab, IoT notification systems, and intranet use. The setup is more involved than most Pi projects, but it’s an excellent way to deeply understand email infrastructure — the same MTA/MDA architecture that powers mail servers at far larger scale.

Once the base setup is running, you can extend it with Roundcube webmail, SpamAssassin spam filtering, ClamAV virus scanning, and Sieve filter scripts for automated mail sorting. The Pi handles all of this comfortably for small user counts.

Start your home lab server project! Find the right Raspberry Pi board and accessories at Zbotic’s Raspberry Pi collection — from Pi 5 boards to sensors and power solutions.