How to Set Up a Custom Domain Email Server on Amazon EC2 Using Postfix


9 views

When moving from traditional cPanel hosting to AWS EC2, email server configuration becomes a manual process. Unlike shared hosting environments, EC2 instances don't come with pre-configured email solutions. Postfix is a popular MTA (Mail Transfer Agent) that can be installed on Linux instances to handle email delivery.

Before proceeding, ensure you have:

  • A running EC2 instance (Ubuntu/CentOS recommended)
  • SSH access with sudo privileges
  • A registered domain with proper DNS management
  • Ports 25 (SMTP), 465 (SMTPS), and 587 (Submission) open in security groups

First, install Postfix and related packages:

sudo apt-get update
sudo apt-get install postfix mailutils libsasl2-modules sasl2-bin

During installation, select "Internet Site" and enter your domain name when prompted. Then edit the main configuration file:

sudo nano /etc/postfix/main.cf

Add or modify these key parameters:

myhostname = mail.yourdomain.com
mydomain = yourdomain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
home_mailbox = Maildir/
mailbox_command =
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

For secure authentication, configure SASL:

sudo nano /etc/postfix/sasl/smtpd.conf

Add these lines:

pwcheck_method: saslauthd
mech_list: plain login

Proper DNS configuration is crucial:

mail.yourdomain.com. IN A your.ec2.ip.address
yourdomain.com. IN MX 10 mail.yourdomain.com.
yourdomain.com. IN TXT "v=spf1 a mx ip4:your.ec2.ip.address ~all"
_dmarc.yourdomain.com. IN TXT "v=DMARC1; p=none; rua=mailto:postmaster@yourdomain.com"

Verify Postfix configuration:

sudo postfix check
sudo postfix reload

Test email sending:

echo "Test email body" | mail -s "Test Subject" recipient@example.com

To enable mailbox access:

sudo apt-get install dovecot-core dovecot-imapd dovecot-pop3d

Configure Dovecot:

sudo nano /etc/dovecot/dovecot.conf

Add basic configuration:

protocols = imap pop3
mail_location = maildir:~/Maildir
ssl = yes
ssl_cert =

Important security measures:

  • Implement TLS encryption for all connections
  • Set up proper firewall rules
  • Configure rate limiting to prevent abuse
  • Regularly monitor mail logs
  • Consider using Amazon SES as a relay to improve deliverability

Remember that running your own mail server requires ongoing maintenance and monitoring to ensure proper deliverability and security.

When migrating from traditional cPanel hosting to AWS EC2, setting up email functionality becomes a manual process. While cPanel provided one-click email solutions, EC2 requires proper server configuration. Postfix is the most reliable MTA (Mail Transfer Agent) for Linux servers, handling about 25% of internet mail servers.

Ensure your EC2 instance has:

  • A static Elastic IP address
  • Proper DNS records (MX, A, PTR, SPF)
  • Ports 25 (SMTP), 587 (Submission), and 993 (IMAPS) open in Security Groups
  • Reverse DNS configured through AWS

First, install Postfix and dependencies:


sudo apt update
sudo apt install postfix mailutils libsasl2-modules sasl2-bin

During installation, select "Internet Site" and enter your domain name. Then edit the main configuration:


sudo nano /etc/postfix/main.cf

Update these key parameters:


myhostname = mail.yourdomain.com
mydomain = yourdomain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
home_mailbox = Maildir/

For secure authentication, set up SASL:


sudo nano /etc/postfix/sasl/smtpd.conf

Add these lines:


pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

Create SMTP credentials:


sudo saslpasswd2 -c -u postconf -h mydomain username
sudo chown postfix:postfix /etc/sasldb2

Verify Postfix settings:


sudo postfix check
sudo postconf -n

Send a test email and check logs:


echo "Test message" | mail -s "Test Subject" recipient@example.com
tail -f /var/log/mail.log

For production use, consider adding:

  • SSL/TLS certificates from Let's Encrypt
  • Dovecot for IMAP/POP3 access
  • SpamAssassin for filtering
  • DKIM signing with OpenDKIM