as a newbie suddenly requiring a mail server the configuration of dovecot and postfix is proving elusive. if i get one element working another fails. i think it would help readers if i supply my status report and ask for suggestions as to how to ensure a remote client can access the mail just delivered from another remote in addition for mutt to see the mail on the sever.
cat <<EOF > ~/mailserver-status.txt 📨 Mail Server Status – Ryzen2 (Ubuntu 25.10)
Objective: To host email services independently, replacing Manx Telecom’s legacy offering.
Rationale: Manx Telecom has been acquired by Jersey Telecom, with plans to charge £65 per annum per email address. This migration aims to preserve autonomy and reduce costs.
✅ Current Achievements
Mail Receipt Confirmed: Mail addressed to jsm@mckenzietrust.com (a domain owned by us) is successfully received via encrypted POP3S (port 995) using both Thunderbird and OpenSSL.
Maildir Workflow Operational: Messages arrive in Maildir/new and are moved every minute to Maildir/cur via a cron job. They are accessible locally using mutt.
SSL Layer Functional: POP3S handshake completes successfully, confirming certificate and encryption setup is sound.
⚠️ Known Issues
Remote Access Fails Silently: Thunderbird and OpenSSL clients connect but cannot retrieve messages from Maildir/cur or new. No errors are returned—access appears to die silently.
Dovecot Configuration Fragility: Any attempt to explicitly define mail_location in config files (e.g., 10-mail.conf) causes Dovecot to crash on startup. This behavior is consistent across both Ubuntu 25.04 and 25.10 builds. It is imperative not to attempt location overrides, as recovery requires reverting to a clean config state.
Post-Reboot Regression: Remote access was briefly functional but failed after a system reboot triggered by a firmware update. This suggests a state-dependent or ephemeral config success.
🧭 Configuration Notes
Dovecot and Postfix Versions: Packages from Ubuntu 25.04 were manually installed and locked to prevent auto-updates. This avoids compatibility issues with newer builds.
POP3S Listener Enabled: The following stanza is active in 10-master.conf: service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } }
SSL Configuration: ssl = yes ssl_server_cert_file = /etc/dovecot/private/dovecot.pem ssl_server_key_file = /etc/dovecot/private/dovecot.key These paths are valid and readable by root.
🧱 Constraints and Priorities
No Urgency: At least one month is available for debugging and refinement.
Web Server Stability Is Critical: The live web server must remain uninterrupted, as it hosts the McKenzie Trust’s public-facing structure.
Outbound Mail Deliverability: The domain currently uses DDNS. Without a PTR record, outbound mail from Ryzen2 may be rejected. A fixed IP or relay forwarding will be required.
🧩 Next Steps
- Investigate mailbox visibility for remote clients—likely a permissions or UID mapping issue.
- Consider enabling auth-master socket for privileged access if needed.
- Explore relay options or static IP acquisition to ensure outbound mail acceptance. EOF
regards jsm
On 3/11/25 05:30, demo--- via dovecot wrote:
- Maildir Workflow Operational: Messages arrive in Maildir/new and are moved every minute to Maildir/cur via a cron job. They are accessible locally using mutt. Moving the messages in this way doesn't make sense. Can you stop doing that, and then try to access the mail via IMAP?
i could but i dont want to use imap because several users use the system and auto removal from the list is nbg. thus pop3 preferred
jsm
On 03/11/2025 11:14, Jason J.G. White via dovecot wrote:
On 3/11/25 05:30, demo--- via dovecot wrote:
- Maildir Workflow Operational: Messages arrive in Maildir/new and are moved every minute to Maildir/cur via a cron job. They are accessible locally using mutt. Moving the messages in this way doesn't make sense. Can you stop doing that, and then try to access the mail via IMAP?
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
"anon" == anon via dovecot <dovecot@dovecot.org> writes:
This doesn't make sense? Why are you playing games like this. dovecot is for IMAP access. So why not use IMAP?
i could but i dont want to use imap because several users use the system and auto removal from the list is nbg. thus pop3 preferred
I don't know what 'nbg' means.
Are you expecting users to both be able to read email from their phones, as well as from their desktop computers, and as well on the mail server using mutt to access the Maildir/ directly?
If so, then we're really not going to be able to help you, since you're persuing a terrible plan which will screw things up. Dovecot expects to be the solve thing in control of the mail store for messages.
Mutt is perfectly happy talking to IMAP even when you're logged into the same system that handles the email. So why change?
If people like to download and save mail elsewhere, then let them do so to their own directories, but keep access to the Maildir/ area limited to just dovecot and postfix (for delivering email INTO the Maildir setup.
I've got more comments in your original messaage.
John
On 03/11/2025 11:14, Jason J.G. White via dovecot wrote:
On 3/11/25 05:30, demo--- via dovecot wrote:
- Maildir Workflow Operational: Messages arrive in Maildir/new and are moved every minute to Maildir/cur via a cron job. They are accessible locally using mutt. Moving the messages in this way doesn't make sense. Can you stop doing that, and then try to access the mail via IMAP?
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
"demo---" == demo--- via dovecot <dovecot@dovecot.org> writes:
as a newbie suddenly requiring a mail server the configuration of dovecot and postfix is proving elusive. if i get one element working another fails. i think it would help readers if i supply my status report and ask for suggestions as to how to ensure a remote client can access the mail just delivered from another remote in addition for mutt to see the mail on the sever.
So going by what you've posted, you're trying to setup email for a domain:
$ dig +short -t MX mckenzietrust.com
10 mckenzietrust.com.
$ dig +short -t A mckenzietrust.com
178.16.2.130
$ nmap 178.16.2.130
Starting Nmap 7.93 ( https://nmap.org ) at 2025-11-03 14:28 EST
Nmap scan report for adsl178.16.2.130.manx.net (178.16.2.130)
Host is up (0.12s latency).
Not shown: 994 filtered tcp ports (no-response)
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
110/tcp open pop3
113/tcp closed ident
995/tcp open pop3s
1080/tcp closed socks
Nmap done: 1 IP address (1 host up) scanned in 8.39 secondsyou really need to setup an HTTPS cert on your web pages. But that's a simple issue you can work out with letsencrypt down the line.
But looking at the port, you have postfix running on port 25. This is good. And if you're getting email in, then you're probably good. I didn't check if you're running starttls or anything on there.
The other part I see is that you have POP open which is bad because it's sending passwords over the wire unecrypted. You have POP3s setup for grabbing mail, which is fine too. Not how I would do it, but to each his own.
cat <<EOF > ~/mailserver-status.txt 📨 Mail Server Status – Ryzen2 (Ubuntu 25.10)
Objective: To host email services independently, replacing Manx Telecom’s legacy offering.
Rationale: Manx Telecom has been acquired by Jersey Telecom, with plans to charge £65 per annum per email address. This migration aims to preserve autonomy and reduce costs.
✅ Current Achievements
- Mail Receipt Confirmed: Mail addressed to jsm@mckenzietrust.com (a domain owned by us) is successfully received via encrypted POP3S (port 995) using both Thunderbird and OpenSSL.
What the heck are you talking about here? POP3s is for _getting_ mail, not sending mail.
- Maildir Workflow Operational:
Messages arrive in Maildir/new and are moved every minute to Maildir/cur via a cron job. They are accessible locally using mutt.
Why? Mutt can handle IMAP connections just fine.
- SSL Layer Functional:
POP3S handshake completes successfully, confirming certificate and encryption setup is sound.
This is just one aspect, and only for _getting_ mail by mail clients (MUAs). It is not for sending email, or for receiving emails.
⚠️ Known Issues
- Remote Access Fails Silently: Thunderbird and OpenSSL clients connect but cannot retrieve messages from Maildir/cur or new. No errors are returned—access appears to die silently.
- Dovecot Configuration Fragility:
Any attempt to explicitly define mail_location in config files (e.g., 10-mail.conf) causes Dovecot to crash on startup. This behavior is consistent across both Ubuntu 25.04 and 25.10 builds. It is imperative not to attempt location overrides, as recovery requires reverting to a clean config state.
Can you explain this better? And maybe post your dovecot configurration with 'sudo doveconf -n' so we can look into it.
I'm also going to suggest you only go with Ubuntu 24.04 LTS, since that's a long term release and much more stable than the 25.x or 24.10 releases, which are only supported for six months.
- Post-Reboot Regression:
Remote access was briefly functional but failed after a system reboot triggered by a firmware update. This suggests a state-dependent or ephemeral config success.
And the errors you get are?
🧭 Configuration Notes
- Dovecot and Postfix Versions:
Packages from Ubuntu 25.04 were manually installed and locked to prevent auto-updates. This avoids compatibility issues with newer builds.
Again, don't use 25.04, it's not an LTS release. Use the 24.04 LTS release for longer term security update support. I'd also NOT recommend doing with Dovecot 2.4.x yet, it's still getting the bugs and documentation setup.
As a matter of fact, have you looked into using Mail-in-a-box or even iRedMail to build your environment?
- POP3S Listener Enabled: The following stanza is active in 10-master.conf: service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } }
- SSL Configuration: ssl = yes ssl_server_cert_file = /etc/dovecot/private/dovecot.pem ssl_server_key_file = /etc/dovecot/private/dovecot.key These paths are valid and readable by root.
🧱 Constraints and Priorities
- No Urgency: At least one month is available for debugging and refinement.
- Web Server Stability Is Critical: The live web server must remain uninterrupted, as it hosts the McKenzie Trust’s public-facing structure.
- Outbound Mail Deliverability: The domain currently uses DDNS. Without a PTR record, outbound mail from Ryzen2 may be rejected. A fixed IP or relay forwarding will be required.
🧩 Next Steps
- Investigate mailbox visibility for remote clients—likely a permissions or UID mapping issue.
- Consider enabling auth-master socket for privileged access if needed.
- Explore relay options or static IP acquisition to ensure outbound mail acceptance. EOF
regards jsm
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
participants (4)
-
anon
-
demo@manx.net
-
Jason J.G. White
-
John Stoffel