Server administration Setting Up a Mail Server from Scratch – Part 8: Final Check

  • Thread starter D•Jass
  • Start date
  • Tags
    server
D•Jass

D•Jass

Staff member
Verified
  • #1

Security Notes​

This guide only covers the basic functionality of a mail server.
For production use, it is CRITICAL to implement additional security measures that are intentionally NOT included in this basic tutorial.

These additional components should be considered essential in a real-world environment:
Spam protection (e.g., using SpamAssassin)
Antivirus scanning (e.g., with ClamAV)
Proper DNS records for your domain: SPF and DMARC
Postfix: RBL filters and HELO/EHLO validation
Install and configure Fail2ban to block brute-force attacks
Regular backups of mail and configuration files
Monitoring of server health and mail queue

Without these measures, your server is vulnerable to spam, phishing, malware, and may suffer from email deliverability issues or even blacklisting.

A separate Advanced Email Server Hardening Guide will cover these in detail.
Do NOT use a server configured only with this basic guide for handling important or production email without applying the security recommendations above!

Final Checklist and Testing​

Once you’ve completed all steps, run through this checklist to verify everything is working:

Mail Services

Postfix:
systemctl status postfix
ss -tulnp | grep -E ':(25|465|587)\b'
tail -f /var/log/mail.log
Ensure Postfix is active (running) and listening on ports 25, 465, and 587. Check logs for any errors.

Dovecot:
systemctl status dovecot
ss -tulnp | grep -E ':(110|143|993|995)\b'
tail -f /var/log/dovecot.log
Make sure Dovecot is active and listening on IMAP/POP3 ports.

OpenDKIM:
ss -lntp | grep 8891
opendkim-testkey -d example.com -s mail -vvv
Replace example.com and mail with your domain and DKIM selector. It should return key OK.

Web Server and TLS​

Verify that
Please, Login or Register to view URLs content!
and
Please, Login or Register to view URLs content!
load without certificate errors
Ensure HTTP traffic is redirected to HTTPS

Roundcube Webmail​

Open
Please, Login or Register to view URLs content!

Log in using a test mailbox (e.g. admin@example.com and its password)
Send an email to an external address (e.g. Gmail or Yandex)
Verify delivery and check if the message lands in the inbox (not spam)
Inspect headers — the email should include a DKIM-Signature
Send a reply from that external address to your test mailbox and verify it appears in Roundcube

DNS Records and Deliverability Tests​

Use online tools like:
Please, Login or Register to view URLs content!

Please, Login or Register to view URLs content!


Check that your MX, SPF, and DKIM records are correctly configured and recognized.

If everything passes, the basic setup is complete.
You are now ready to move on to advanced hardening and security configuration!
 
You must log in or register to reply here.
Top