{"id":14911,"date":"2025-10-29T06:01:46","date_gmt":"2025-10-29T12:01:46","guid":{"rendered":"https:\/\/www.supportpro.com\/blog\/?p=14911"},"modified":"2026-03-27T02:57:13","modified_gmt":"2026-03-27T08:57:13","slug":"how-to-configure-a-cloud-mail-server-with-postfix-dovecot-with-ssl-on-aws","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/how-to-configure-a-cloud-mail-server-with-postfix-dovecot-with-ssl-on-aws\/","title":{"rendered":"How to Configure a Cloud Mail Server with Postfix\/Dovecot) with SSL on AWS"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">I\u2019ve always been fascinated by how email actually works. You type a message, hit <em>send<\/em>, and a few seconds later, it shows up somewhere else in the world. There\u2019s a lot happening behind that one click.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A while back, I decided to try running my own email server instead of depending on Gmail or Outlook. It wasn\u2019t just about curiosity but also about control. I wanted my data to stay on servers I manage, not in someone else\u2019s giant datacenter.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In this post, I\u2019ll walk through how I got <strong>Postfix<\/strong> and <strong>Dovecot<\/strong> working on <strong>AWS<\/strong>, using SSL for security. If you\u2019ve got some Linux experience and a few spare hours, you can get this running too.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Why I Wanted My Own Email Server<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s be real \u2014 it\u2019s easy to use the big players. <a href=\"https:\/\/www.supportpro.com\/blog\/check-emails-from-other-accounts-using-gmail\/\" title=\"\">Gmail <\/a>and Zoho are great until you start thinking about privacy or the idea of depending entirely on another company. When you host your own email, a few things change:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>You\u2019re in charge.<\/strong> Nobody decides storage limits or filters for you.<\/li>\n\n\n\n<li><strong>Your privacy stays yours.<\/strong> No background scanning or hidden analytics.<\/li>\n\n\n\n<li><strong>It grows with you.<\/strong> Add users, increase storage, move servers \u2014 your call.<\/li>\n\n\n\n<li><strong>You spend less.<\/strong> On AWS, you only pay for what you actually use.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019s not for everyone, but if you enjoy having real control over your setup, it\u2019s absolutely worth it.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>What I Used<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s what went into my setup:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Postfix<\/strong> \u2013 this is what handles sending and receiving mail (SMTP).<\/li>\n\n\n\n<li><strong>Dovecot<\/strong> \u2013 this manages the mailboxes and allows clients like Outlook or Thunderbird to fetch messages (IMAP\/POP3).<\/li>\n\n\n\n<li><strong>Let\u2019s Encrypt SSL<\/strong> \u2013 free SSL certificates to keep traffic encrypted.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">That\u2019s really all you need to get started.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 1. Setting Up the Server on AWS<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">I logged in to the AWS console and spun up a small <strong>EC2 instance<\/strong> (Ubuntu 22.04, but Debian works fine too). You can use a t2.micro. it\u2019s enough for testing.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Then, I made sure the security group allowed:<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<ul class=\"wp-block-list\">\n<li>22 &nbsp; SSH<\/li>\n\n\n\n<li>25 &nbsp; <a href=\"https:\/\/www.supportpro.com\/blog\/adding-additional-smtp-listenerports\/\" title=\"\">SMTP<\/a><\/li>\n\n\n\n<li>465,587 &nbsp; SMTPS<\/li>\n\n\n\n<li>993 &nbsp; IMAPS<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Once the instance was running, I took note of the public IP. That\u2019s what the domain will point to later.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 2. DNS Configuration<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This part\u2019s simple but important. Without DNS records, other mail servers won\u2019t know where to send your mail.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In Route 53 (or your registrar\u2019s panel), I created:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>A Record:<\/strong> mail.mydomain.com \u2192 [my EC2 IP]<\/li>\n\n\n\n<li><strong>MX Record:<\/strong> Points to mail.mydomain.com<\/li>\n\n\n\n<li><strong>PTR Record:<\/strong> This is reverse DNS; without it, many servers will reject your mail.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Once DNS propagated, I was ready to move on.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 3. Installing the Basics<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">I SSH in and run<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>sudo apt update &amp;&amp; sudo apt upgrade -y<\/li>\n\n\n\n<li>sudo apt install postfix dovecot-core dovecot-imapd dovecot-pop3d ufw certbot -y<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">When Postfix asked for the mail configuration type, I chose <strong>Internet Site<\/strong> and used mail.mydomain.com as the system mail name.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 4. Postfix Configuration<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This was the part that took me a bit to understand the first time.<br><a href=\"https:\/\/www.supportpro.com\/blog\/postfix-dkim-setup\/\" title=\"\">Postfix <\/a>acts as the middleman \u2014 it decides how mail is routed and which connections it accepts.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">I edited:sudo nano \/etc\/postfix\/main.cf<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">and added:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">myhostname = mail.mydomain.com<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">mydestination = localhost, mail.mydomain.com<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">home_mailbox = Maildir\/<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">mynetworks = 127.0.0.0\/8<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">smtpd_use_tls = yes<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">smtpd_tls_auth_only = yes<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">smtpd_tls_cert_file = \/etc\/letsencrypt\/live\/mail.mydomain.com\/fullchain.pem<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">smtpd_tls_key_file = \/etc\/letsencrypt\/live\/mail.mydomain.com\/privkey.pem<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Then restarted Postfix:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">sudo systemctl restart postfix<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 5. Dovecot Setup<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Dovecot is what lets users read emails through an app or client.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">I made a few quick edits in sudo nano \/etc\/dovecot\/dovecot.conf<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Added:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">protocols = imap pop3<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Then in: sudo nano \/etc\/dovecot\/conf.d\/10-mail.conf<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Added: mail_location = maildir:~\/Maildir<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">And enabled SSL: <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">sudo nano \/etc\/dovecot\/conf.d\/10-ssl.conf<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">ssl = required<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">ssl_cert = &lt;\/etc\/letsencrypt\/live\/mail.mydomain.com\/fullchain.pem<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">ssl_key = &lt;\/etc\/letsencrypt\/live\/mail.mydomain.com\/privkey.pem<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Restarted it:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">sudo systemctl restart dovecot<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 6. SSL Certificates<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">To get SSL working, I installed Let\u2019s Encrypt\u2019s Certbot:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">sudo apt install certbot -y<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">sudo certbot certonly &#8211;standalone -d mail.mydomain.com<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">To make sure the certificate renews automatically, I added:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">sudo crontab -e<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">0 3 * * * certbot renew &#8211;quiet<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 7. SPF and DMARC<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">To make sure outgoing emails don\u2019t go to spam, I added these DNS records:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>SPF:<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">v=spf1 mx a ip4:&lt;your-server-ip&gt; -all<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>DMARC:<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">v=DMARC1; p=none; rua=mailto:admin@mydomain.com<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">After a few minutes, those started taking effect.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 8. Optional \u2014 Hardening Security<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">I installed <strong>Fail2Ban<\/strong> just to keep brute-force attempts out:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">sudo apt install fail2ban -y<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019s a small step but makes a big difference.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 9. Testing It Out<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Before I connected my mail client, I ran:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">sudo systemctl status postfix<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">and<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">tail -f \/var\/log\/mail.log<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Then sent a test:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">echo &#8220;Mail server test&#8221; | mail -s &#8220;Test&#8221; you@yourdomain.com<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When that landed in my inbox, I\u2019ll admit, it felt good.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Mail Client Configuration<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-table\"><div class=\"pcrstb-wrap\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><tr><td>IMAP<\/td><td>mail.mydomain.com \u2014 Port 993 (SSL\/TLS)<\/td><\/tr><tr><td>SMTP<\/td><td>mail.mydomain.com \u2014 Port 465 or 587 (SSL\/TLS)<\/td><\/tr><tr><td>Username<\/td><td>your email address<\/td><\/tr><tr><td>Password<\/td><td>your chosen password<\/td><\/tr><\/tbody><\/table><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">And just like that, I could send and receive from my own server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Final Thoughts<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Running your own email server isn\u2019t <a href=\"https:\/\/www.supportpro.com\/blog\/how-to-fix-email-delivery-issues-in-zimbra-postfix\/\" title=\"\">\u201cset and forget<\/a>.\u201d You\u2019ll want to keep an eye on logs, renew SSLs, and occasionally update configs. But once you get it working, it\u2019s honestly satisfying. You understand every piece of how your mail works \u2014 from DNS to delivery. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019d rather not spend a weekend figuring out the finer details, our <a href=\"https:\/\/www.supportpro.com\/emergency-new.php\" title=\"\">team <\/a>can help with that, with all the security, monitoring, and deliverability tuning built in.<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide has-media-on-the-right is-stacked-on-mobile is-vertically-aligned-center has-white-background-color has-background\"><div class=\"wp-block-media-text__content\">\n<p class=\"has-large-font-size wp-block-paragraph\">Facing issues? <\/p>\n\n\n\n<p class=\"has-large-font-size wp-block-paragraph\">Our technical support<br>engineers can solve it. <\/p>\n\n\n\n<!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper\" id=\"hs-cta-wrapper-3350a795-db50-482f-9911-301930d1b1be\"><span class=\"hs-cta-node hs-cta-3350a795-db50-482f-9911-301930d1b1be\" id=\"hs-cta-3350a795-db50-482f-9911-301930d1b1be\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/2725694\/3350a795-db50-482f-9911-301930d1b1be\" ><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-3350a795-db50-482f-9911-301930d1b1be\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/3350a795-db50-482f-9911-301930d1b1be.png\"  alt=\"Contact Us today!\"\/><\/a><\/span><script charset=\"utf-8\" src=\"https:\/\/js.hscta.net\/cta\/current.js\"><\/script><script type=\"text\/javascript\"> hbspt.cta.load(2725694, '3350a795-db50-482f-9911-301930d1b1be', {\"useNewLoader\":\"true\",\"region\":\"na1\"}); <\/script><\/span><!-- end HubSpot Call-to-Action Code -->\n<\/div><figure class=\"wp-block-media-text__media\"><img fetchpriority=\"high\" decoding=\"async\" width=\"904\" height=\"931\" src=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup.png\" alt=\"guy server checkup\" class=\"wp-image-12943 size-full\" srcset=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup.png 904w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-291x300.png 291w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-768x791.png 768w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-585x602.png 585w\" sizes=\"(max-width: 904px) 100vw, 904px\" \/><\/figure><\/div>\n","protected":false},"excerpt":{"rendered":"<p>I\u2019ve always been fascinated by how email actually works. You type a message, hit send, and a few seconds later, it shows up somewhere else in the world. There\u2019s a&hellip;<\/p>\n","protected":false},"author":4,"featured_media":14913,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[69,5],"tags":[],"class_list":["post-14911","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws","category-general-topics"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/14911","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/comments?post=14911"}],"version-history":[{"count":4,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/14911\/revisions"}],"predecessor-version":[{"id":16774,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/14911\/revisions\/16774"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media\/14913"}],"wp:attachment":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media?parent=14911"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/categories?post=14911"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/tags?post=14911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}