Personal Mail Server

Usually personal computers are not set up to send mail out on their own.

However like every Linux system, their are lot of things going on in the background, mostly invisible to the user. Their are some useful features which are only possible if the system can tell you about.

For example, did you know that, of somebody tries to log-in on your personal computer and fails, the system tries to notify you by mail?

This works only if the system is able to send out mails.

Null Client

We want our personal computer to send out mails on its own, but not receive any, or deliver mails to its local user accounts.

This particular configuration is called a A null client and can be described as follows:

  • It never receives any mail from the network

  • It can only send mail out to a mail gateway/smart-host.

  • It does not deliver any mail locally. All mails are sent to outside mail accounts.

In the following example, our personal workstation will be called torres. We have purchased an set-up our own domain We call our mail-server

This mail server accepts only mails from registered mail accounts who login with their full mail address and password on the SMTP submission server running on port 587.

The connection needs to be encrypted by TLS.


Mail-Server Account

Like your desktop mail client any other client, torres will need to login (as “”), before being allowed to deliver mails on

We therefore create a mail account for it on our mail server.

Create a mail account password for the mail account

$ pwgen --secure 32 1

Create a mail account for your workstation on your mail server. You can use the mail servers Administration Web Interface for that.


To install:

$ sudo apt install postfix mailutils

The installation process will ask you a series of questions:


You can restart this configuration wizard again anytime later with the command:

$ sudo dpkg-reconfigure postfix

Unfortunately the “null client” configuration we need here is not in the list. Therefore we have to choose: “No configuration” here.

Postfix Configuration

Make a copy of the sample configuration file:

$ sudo cp /etc/postfix/ /etc/postfix/

Set the group for postfix to run tasks in /etc/postfix/

# setgid_group: The group for mail submission and queue management
# commands.  This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
setgid_group = postdrop

Client Authentication

As mentioned before, for the central mail server, our workstation is just another mail client, which needs to login before being allowed to send any mails.

This is how we tell our workstation to login on the remote server

We store the login password in the file /etc/postfix/smtp_password.

The format is

<SMTP server> <user-name>:<password>********

After that update the relevant postfix database and protect it:

$ sudo postmap /etc/postfix/smtp_password
$ sudo chown root:root /etc/postfix/smtp_password*
$ sudo chmod 0600 /etc/postfix/smtp_password*

Rerouting Local Mails

Notification and warning mails created by system programs (like cronjobs) are usually sent to local profiles like “root”, “webmaster” or other local Unix user profiles. Since these are local profiles, their mail address is just a user id, there is no “@” and there is no domain part.

Local mail is delivered by storing it in a mailbox the users home directory, where it never ever will be found or read, since these “user” accounts are not real human users.

We want these mails to be re-routed to mailboxes owned by real humans stored on remote mail-servers. To yourself, the owner or the person responsible for this computer.

To re-route all mails to one single address, we can use a Regular Expression. Regular expression need to be defined in a map file, for Postfix to interpret it.

So instead of the usual /etc/aliases file, we create a virtual alias table with regular expression in the map file /etc/postfix/virtual_alias.

2# Postfix virtual alias map
3# Regular expression database
5# Please run `sudo postmap /etc/postfix/virtual_alias` after changing this file.

The contents of the file are cached in the database /etc/postfix/virtual_alias.db. That database needs a refresh every time changes have been made to /etc/postfix/virtual_alias:

$ cd /etc/postfix
$ sudo postmap /etc/postfix/virtual_alias

Main Configuration File

Fortunately a “null client” needs very little configuration. Just a few of lines in the file /etc/postfix/ are enough:

 1# See /usr/share/postfix/ for a commented, more complete version
 3# Debian specific:  Specifying a file name will cause the first
 4# line of that file to be used as the name.  The Debian default
 5# is /etc/mailname.
 6# Where do mails I send out come from?
 7myorigin = /etc/mailname
 9# Disable backwards compatibility
12# Fully qualified domain name of this host
13myhostname =
15# Which network interfaces do I listen for incoming connections?
16inet_interfaces = loopback-only
18# For which domains do I deliver mail locally?
19mydestination =
21# Where do I lookup rules for mapping addressed to their aliases?
22virtual_alias_maps = regexp:/etc/postfix/virtual_alias
24# Which remote SMTP server do I connect to for sending out mails?
25relayhost = []:submission
27# Do I need to login on the remote SMTP server?
28smtp_sasl_auth_enable = yes
29smtp_sasl_security_options = noanonymous
31# Where can I lookup my password for logins on remote servers?
32smtp_sasl_password_maps = hash:/etc/postfix/smtp_password
34# Do I need to verify remote SMTP servers certificate?
35smtp_tls_security_level = secure
36smtp_tls_secure_cert_match = nexthop
38# Where are CA files stored to verify TLS certificates?
39smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
41# Do I need to log TLS certificate validation results?
42smtp_tls_loglevel = 1
45#-*- mode: ini; tab-width: 4; indent-tabs-mode:nil  -*-

Configuration Check

$ sudo postfix check

Reload Postfix

sudo systemctl reload-or-restart postfix.service