configuration fails at the last hurdle
as a newbie suddenly requiring a mail server the configuration of dovecot and postfix is proving elusive. if i get one element working another fails. i think it would help readers if i supply my status report and ask for suggestions as to how to ensure a remote client can access the mail just delivered from another remote in addition for mutt to see the mail on the sever.
cat <<EOF > ~/mailserver-status.txt 📨 Mail Server Status – Ryzen2 (Ubuntu 25.10)
Objective: To host email services independently, replacing Manx Telecom’s legacy offering.
Rationale: Manx Telecom has been acquired by Jersey Telecom, with plans to charge £65 per annum per email address. This migration aims to preserve autonomy and reduce costs.
✅ Current Achievements
Mail Receipt Confirmed: Mail addressed to jsm@mckenzietrust.com (a domain owned by us) is successfully received via encrypted POP3S (port 995) using both Thunderbird and OpenSSL.
Maildir Workflow Operational: Messages arrive in Maildir/new and are moved every minute to Maildir/cur via a cron job. They are accessible locally using mutt.
SSL Layer Functional: POP3S handshake completes successfully, confirming certificate and encryption setup is sound.
⚠️ Known Issues
Remote Access Fails Silently: Thunderbird and OpenSSL clients connect but cannot retrieve messages from Maildir/cur or new. No errors are returned—access appears to die silently.
Dovecot Configuration Fragility: Any attempt to explicitly define mail_location in config files (e.g., 10-mail.conf) causes Dovecot to crash on startup. This behavior is consistent across both Ubuntu 25.04 and 25.10 builds. It is imperative not to attempt location overrides, as recovery requires reverting to a clean config state.
Post-Reboot Regression: Remote access was briefly functional but failed after a system reboot triggered by a firmware update. This suggests a state-dependent or ephemeral config success.
🧭 Configuration Notes
Dovecot and Postfix Versions: Packages from Ubuntu 25.04 were manually installed and locked to prevent auto-updates. This avoids compatibility issues with newer builds.
POP3S Listener Enabled: The following stanza is active in 10-master.conf: service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } }
SSL Configuration: ssl = yes ssl_server_cert_file = /etc/dovecot/private/dovecot.pem ssl_server_key_file = /etc/dovecot/private/dovecot.key These paths are valid and readable by root.
🧱 Constraints and Priorities
No Urgency: At least one month is available for debugging and refinement.
Web Server Stability Is Critical: The live web server must remain uninterrupted, as it hosts the McKenzie Trust’s public-facing structure.
Outbound Mail Deliverability: The domain currently uses DDNS. Without a PTR record, outbound mail from Ryzen2 may be rejected. A fixed IP or relay forwarding will be required.
🧩 Next Steps
- Investigate mailbox visibility for remote clients—likely a permissions or UID mapping issue.
- Consider enabling auth-master socket for privileged access if needed.
- Explore relay options or static IP acquisition to ensure outbound mail acceptance. EOF
regards jsm
On 3/11/25 05:30, demo--- via dovecot wrote:
- Maildir Workflow Operational: Messages arrive in Maildir/new and are moved every minute to Maildir/cur via a cron job. They are accessible locally using mutt. Moving the messages in this way doesn't make sense. Can you stop doing that, and then try to access the mail via IMAP?
i could but i dont want to use imap because several users use the system and auto removal from the list is nbg. thus pop3 preferred
jsm
On 03/11/2025 11:14, Jason J.G. White via dovecot wrote:
On 3/11/25 05:30, demo--- via dovecot wrote:
- Maildir Workflow Operational: Messages arrive in Maildir/new and are moved every minute to Maildir/cur via a cron job. They are accessible locally using mutt. Moving the messages in this way doesn't make sense. Can you stop doing that, and then try to access the mail via IMAP?
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
"anon" == anon via dovecot <dovecot@dovecot.org> writes:
This doesn't make sense? Why are you playing games like this. dovecot is for IMAP access. So why not use IMAP?
i could but i dont want to use imap because several users use the system and auto removal from the list is nbg. thus pop3 preferred
I don't know what 'nbg' means.
Are you expecting users to both be able to read email from their phones, as well as from their desktop computers, and as well on the mail server using mutt to access the Maildir/ directly?
If so, then we're really not going to be able to help you, since you're persuing a terrible plan which will screw things up. Dovecot expects to be the solve thing in control of the mail store for messages.
Mutt is perfectly happy talking to IMAP even when you're logged into the same system that handles the email. So why change?
If people like to download and save mail elsewhere, then let them do so to their own directories, but keep access to the Maildir/ area limited to just dovecot and postfix (for delivering email INTO the Maildir setup.
I've got more comments in your original messaage.
John
On 03/11/2025 11:14, Jason J.G. White via dovecot wrote:
On 3/11/25 05:30, demo--- via dovecot wrote:
- Maildir Workflow Operational: Messages arrive in Maildir/new and are moved every minute to Maildir/cur via a cron job. They are accessible locally using mutt. Moving the messages in this way doesn't make sense. Can you stop doing that, and then try to access the mail via IMAP?
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
"demo---" == demo--- via dovecot <dovecot@dovecot.org> writes:
as a newbie suddenly requiring a mail server the configuration of dovecot and postfix is proving elusive. if i get one element working another fails. i think it would help readers if i supply my status report and ask for suggestions as to how to ensure a remote client can access the mail just delivered from another remote in addition for mutt to see the mail on the sever.
So going by what you've posted, you're trying to setup email for a domain:
$ dig +short -t MX mckenzietrust.com
10 mckenzietrust.com.
$ dig +short -t A mckenzietrust.com
178.16.2.130
$ nmap 178.16.2.130
Starting Nmap 7.93 ( https://nmap.org ) at 2025-11-03 14:28 EST
Nmap scan report for adsl178.16.2.130.manx.net (178.16.2.130)
Host is up (0.12s latency).
Not shown: 994 filtered tcp ports (no-response)
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
110/tcp open pop3
113/tcp closed ident
995/tcp open pop3s
1080/tcp closed socks
Nmap done: 1 IP address (1 host up) scanned in 8.39 secondsyou really need to setup an HTTPS cert on your web pages. But that's a simple issue you can work out with letsencrypt down the line.
But looking at the port, you have postfix running on port 25. This is good. And if you're getting email in, then you're probably good. I didn't check if you're running starttls or anything on there.
The other part I see is that you have POP open which is bad because it's sending passwords over the wire unecrypted. You have POP3s setup for grabbing mail, which is fine too. Not how I would do it, but to each his own.
cat <<EOF > ~/mailserver-status.txt 📨 Mail Server Status – Ryzen2 (Ubuntu 25.10)
Objective: To host email services independently, replacing Manx Telecom’s legacy offering.
Rationale: Manx Telecom has been acquired by Jersey Telecom, with plans to charge £65 per annum per email address. This migration aims to preserve autonomy and reduce costs.
✅ Current Achievements
- Mail Receipt Confirmed: Mail addressed to jsm@mckenzietrust.com (a domain owned by us) is successfully received via encrypted POP3S (port 995) using both Thunderbird and OpenSSL.
What the heck are you talking about here? POP3s is for _getting_ mail, not sending mail.
- Maildir Workflow Operational:
Messages arrive in Maildir/new and are moved every minute to Maildir/cur via a cron job. They are accessible locally using mutt.
Why? Mutt can handle IMAP connections just fine.
- SSL Layer Functional:
POP3S handshake completes successfully, confirming certificate and encryption setup is sound.
This is just one aspect, and only for _getting_ mail by mail clients (MUAs). It is not for sending email, or for receiving emails.
⚠️ Known Issues
- Remote Access Fails Silently: Thunderbird and OpenSSL clients connect but cannot retrieve messages from Maildir/cur or new. No errors are returned—access appears to die silently.
- Dovecot Configuration Fragility:
Any attempt to explicitly define mail_location in config files (e.g., 10-mail.conf) causes Dovecot to crash on startup. This behavior is consistent across both Ubuntu 25.04 and 25.10 builds. It is imperative not to attempt location overrides, as recovery requires reverting to a clean config state.
Can you explain this better? And maybe post your dovecot configurration with 'sudo doveconf -n' so we can look into it.
I'm also going to suggest you only go with Ubuntu 24.04 LTS, since that's a long term release and much more stable than the 25.x or 24.10 releases, which are only supported for six months.
- Post-Reboot Regression:
Remote access was briefly functional but failed after a system reboot triggered by a firmware update. This suggests a state-dependent or ephemeral config success.
And the errors you get are?
🧭 Configuration Notes
- Dovecot and Postfix Versions:
Packages from Ubuntu 25.04 were manually installed and locked to prevent auto-updates. This avoids compatibility issues with newer builds.
Again, don't use 25.04, it's not an LTS release. Use the 24.04 LTS release for longer term security update support. I'd also NOT recommend doing with Dovecot 2.4.x yet, it's still getting the bugs and documentation setup.
As a matter of fact, have you looked into using Mail-in-a-box or even iRedMail to build your environment?
- POP3S Listener Enabled: The following stanza is active in 10-master.conf: service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } }
- SSL Configuration: ssl = yes ssl_server_cert_file = /etc/dovecot/private/dovecot.pem ssl_server_key_file = /etc/dovecot/private/dovecot.key These paths are valid and readable by root.
🧱 Constraints and Priorities
- No Urgency: At least one month is available for debugging and refinement.
- Web Server Stability Is Critical: The live web server must remain uninterrupted, as it hosts the McKenzie Trust’s public-facing structure.
- Outbound Mail Deliverability: The domain currently uses DDNS. Without a PTR record, outbound mail from Ryzen2 may be rejected. A fixed IP or relay forwarding will be required.
🧩 Next Steps
- Investigate mailbox visibility for remote clients—likely a permissions or UID mapping issue.
- Consider enabling auth-master socket for privileged access if needed.
- Explore relay options or static IP acquisition to ensure outbound mail acceptance. EOF
regards jsm
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
On 2025-11-03 12:30, demo--- via dovecot wrote:
as a newbie suddenly requiring a mail server the configuration of dovecot and postfix is proving elusive. if i get one element working another fails. i think it would help readers if i supply my status report and ask for suggestions as to how to ensure a remote client can access the mail just delivered from another remote in addition for mutt to see the mail on the sever.
Trying to break down what you want to achieve:
- Receive mail (hence Postfix)
- Read mail from a remote client (hence Dovecot)
- Read mail via
mutt(not specified whether it should be from a remote client, or directly on the server)
From the rest of your email, it would appear that you used an LLM, which is only so useful... It can give you an idea, but it won't give you a proper guide with copy and paste commands to set up a mail server.
Perhaps you would be interested in reading through the following guide
for setting up a mail server (recently updated for Debian 13 and,
therefore, for Dovecot 2.4), and see if you could use it? It will
explain how to set up a mail server with Postfix and Dovecot (and
others), with mail accessible from remote clients (via IMAP, which
leaves the emails on the server). You can also use mutt as a remote -
or, if really needed, as a local - client to read mail via IMAP (either
via imap.domain.com or so, or via localhost).
https://workaround.org/ispmail-trixie
If you have more specific questions, ask.
regards jsm
Regards, Edmund
-- Edmund Lodewijks <edmund@proteamail.com> TZ: UCT+2 / GMT+2
📬 Global Response to Dovecot List: Ryzen2 Configuration Review Dear Dovecot colleagues, Thank you all for your generous engagement with my recent post regarding the configuration hurdles on Ryzen2. I’ve reviewed each reply carefully and offer this consolidated response to clarify my position, acknowledge your insights, and refine the path forward.
🧩 Configuration Context • Objective: Replace Manx Telecom’s legacy email hosting with a self-managed Postfix+Dovecot setup for the domain . • Current Status: • Postfix relays outbound mail via SMTP2GO (confirmed operational) • Mail is received locally and stored in Maildir format • POP3S access is enabled and functional for Thunderbird and OpenSSL • Local access via mutt is confirmed • Constraints: • Multiple users share the system • IMAP is intentionally avoided due to auto-removal behavior and shared access concerns • Ubuntu 25.10 is in use, with packages locked to avoid regressions
🧠 Contributor Insights and Responses 🗣️ Jason J.G. White
I appreciate the suggestion. However, POP3 is preferred due to shared access and the need to avoid server-side auto-removal. The cron-based move from to is a pragmatic workaround to ensure visibility in mutt, which otherwise ignores . 🗣️ John Stoffel
Your concern is noted. I agree that Dovecot should ideally manage the Maildir lifecycle. However, in this transitional phase, mutt’s direct access is essential for local diagnostics and trustee visibility. IMAP may be reconsidered once user workflows stabilize.
A fair point. The current build was chosen for hardware compatibility, but I’ll evaluate a pivot to 24.04 LTS once the mail stack is stable.
I’ll do so in a follow-up once the POP3S access issue is fully resolved. 🗣️ Odhiambo Washington
Thank you for the generous offer and config link. For now, I’m keeping things apt-based to maintain transparency and control, but Mailcow remains on the radar if containerization becomes strategic. 🗣️ Edmund Lodewijks
Guilty as charged—but I’ve found the LLM useful for iterative diagnostics and config synthesis. Your link to workaround.org/ispmail-trixie is appreciated and will be reviewed. 🗣️ Adesh
Noted. I’m currently using prebuilt packages from Ubuntu 25.04/25.10, but this compiler issue reinforces the case for sticking with 2.3.x or LTS builds.
🧭 Next Steps • Continue POP3S refinement and UID/permissions audit • Post for peer review • Evaluate LTS migration and IMAP feasibility • Consider auth-master socket for privileged access • Monitor Maildir integrity and avoid manual interference
Thank you again for your time, expertise, and candor. Your feedback has helped clarify priorities and avoid missteps. I’ll follow up with config excerpts and test results as they evolve. Warm regards, Captain James Stuart McKenzie Ryzen2, Isle of Man
participants (5)
-
anon
-
demo@manx.net
-
Edmund Lodewijks
-
Jason J.G. White
-
John Stoffel