Deploy a fully functional and secure Postal server in minutes. If you found this valuable, please donate so we can continue to bring the world open source resources.
This is an example of an Ansible repository that will automatically deploy Postal SMTP server and secure it for you. It does require a little background in server administration and how Ansible works.
This entire setup supports the following features:
- 🚀 Automatic installation & configuration of Postal
- ⚡️ Deploy a brand new server in under 6 minutes (even on a slower server)
- 😱 Automatic configuration of HTTPS & TLS for secure emails & web GUI Access (via Let's Encrypt)
- 🔐 Secure server management with hardened SSH (passwordless, disabled root login, and custom SSH ports)
- ⏫ Automatic server security updates (Postal updates are still manual though, but very easy...)
Ansible is a tool that you install on your computer that will connect to your server over SSH and configure it for you. If you are not familiar with Ansible, we highly suggest that you read Ansible's Getting Started Guide. This will help you understand the most important concepts and how to install it on your local machine.
This code has been running in production and has been running well for us. Few important notes for you to understand:
- It has been tested on Ubuntu 18.04 only
- We see improvements how this repository could be organized better, but it is the first release and we just wanted to focus on getting the code out there for people to reference
The remainder of this document will walk you through how to deploy and configure your Postal server.
You can self-host this, or go with a cloud provider. Cloud providers will probably be the fastest, so we'll take how to do this on your own VPS in the cloud.
- At least 2GB of RAM (for the smallest Postal instances)
- TWO Static public facing IP addresses (if you plan to use Click & Open Tracking)
- We've only tested this Ansible deployment with Ubuntu 18.04
DISCLAIMER: The links below are affiliate links. This kicks back a few bucks to us for the referral, but does not cost you anything extra to you. Affiliate programs do not influence our recommendations in any sort of way either. These are the best recommendations available.
Pros
- Simple setup with two IP addresses
- Reliable and affordable
Cons
- [Vultr blocks port 25 by default](https://www.vultr.com/docs/ what-ports-are-blocked). You need to contact support to have it unblocked
(We already had our stuff unblocked, so the rest of the guide will follow Vultr)
Pros
- Reliable and affordable
- Supports second IP address with "floating IP"
Cons
- Digital Ocean uses "Floating IP Addresses" for their secondary IP addresses. This uses some form of NAT (they use Openstack) for floating IPs and can break certain things on some software. No reports with Postal yet, but it has done this for other softwware.
- You cannot set PTR records (reverse DNS) on Floating IPs. So if you plan to send mail through more than one IP, look for a different provider
Pros
- Reliable and affordable
- Supports second IP address
Cons
- Getting a second IP address might be a little political on why you need it
Pros
- You can do almost anything with these providers
Cons
- It is more expensive
Self hosting email is a major pain in the butt. Some spam filters will block entire blocks of known IP addresses for VPS providers. If you continue on this adventure, sign up for these tools minimally to monitor your sender reputation:
For best security, make sure your SSH keys are configured and added to your Vultr account.
You can get a simple Postal server through Vultr for as little as $10/mo.
Be sure to select/configure:
- Any region that you want
- Ubuntu 18.04 x64
- A server with at least 2GB of memory
- Your SSH key that you have added to your account
- A proper DNS name for your server (our example is
mypostalserver.521dimensions.com)
Our example is mypostalserver.521dimensions.com, so we added an "A record" that points to our IP address that Vultr gave us.
Going back to the Vultr portal, go to "Settings → IPv4" then click "Add Another IPv4 Address". You may also need to restart your server through the Vultr control panel in order for your IP to apply to your account!!! (that means NOT just running the command reboot)
Now you should have two IP addresses, but we need to configure the reverse DNS to point to the same DNS record that you added above for your server (our example of mypostalserver.521dimensions.com). Without this step, your email will fail to deliver.
Although the secondary IP address has been added to your account, you need to configure your server. Click on the "networking configuration" link to see your exact configuration that you will need to add.
While having the network configuration open in your browser window, you will want to open program window so you can SSH into your server.
Replace mypostalserver.mydomain.test with the DNS name that you chose.
Since we can copy and paste from Vultr, the easiest is to just clear the current configuration. Run these commands on your server.
echo "" > /etc/netplan/10-ens3.yamlThen copy the configuration to your clipboard from the Vultr site. We can open the (now empty) configuration with nano.
nano /etc/netplan/10-ens3.yaml- Press
CMD + Vto paste - Press
CTRL + O(that is an "oh", not a zero) to Save - Press
CTRL + Xto exit thenanotext editor
Now that we have the configuration ready we just need to:
- Update the "apt" package caches on the server
- Install "python" package on the server for Ansible to run
- Update all other packages on the server
- Remove old packages on the server
- Reboot the server (for our networking changes to take effect)
You can do this all in one command by copying and running the below command on your server:
apt update && apt install -y python && apt upgrade -y && apt autoremove -y && rebootAfter the server reboots, ping both server IP addresses to make sure that you configured everything correctly.
We're assuming that you have Ansible downloaded and installed on your machine.
You can confirm Ansible is working by running
ansible --versionRepo can be placed anywhere on your system. Just choose a location that works best for you and that you remember where you place it. You will need to modify the example commands to match the path that you chose.
There are three areas that you need to configure:
You will see under the [postal] group, there is a place holder of mypostalserver.mydomain.test change this line to match the properly configured DNS name that points to your server's main IP address.
Modify this file to your satisfaction. Follow the comments in the file of what needs to be modified.
Rename this file to match exactly what you have it set to in the "hosts" file within the Ansible repo. Open this file and modify it according to the comments.
Once you have everything configured, we can finally get to running the "Ansible Playbook". Run this command to start the deployment on your own machine:
ansible-playbook -i /path/to/your/downloaded-repo/hosts /path/to/your/downloaded-repo/postal.yml☕️ Grab a cup of coffee while this runs, it should take a little less than 6 minutes to complete run.
After your server is finished deploying, validate the following functions:
Visit https://mypostalserver.mydomain.test and see if your page loads. Make sure the SSL is valid.
Run the following command. Replace mypostalserver.mydomain.test with the DNS name that you chose.
openssl s_client -connect mypostalserver.mydomain.test:25 -starttls smtpYou should see a response like the one below showing us that it is working.
To make a user so that you can log into the Web GUI, run the following command while connected to your server via SSH:
postal make-userYou will be prompted to fill out a few details your new user.
Configure your DNS to add an "A Record" that points your tracking domain to the secondary IP address of your server.
Once you are able to ping and verify that your DNS is resolving to the correct IP, you then need to register your email with Let's Encrypt to get a valid SSL certificate deployed for your click tracking.
Run this command on the server:
postal register-lets-encrypt [email protected]You've now successfully deployed your Postal server! From here on out, you can find how to use Postal on the official documentation.
The official documentation will be the best resource on how to do everything, but the steps we suggest doing from here are:
- Create your organization
- Create your web server
- Add the domains that you plan to send from
- Follow the validation settings and configure all DNS records for each domain you add
- Validate your settings by sending an email to https://mail-tester.com
If for some reason you need to make any special adjustments, see these files within the repoistory:
host_vars/mypostalserver.mydomain.test(all variables you can change)roles/postal/templates/opt/postal/config/postal.yml.j2(the actual template that gets deployed)
- If you want community support (responses are from volunteers at soonest-availability basis), open an issue on Github →
- If you want professional support (guaranteed responses within one business day), you can contact 521 Dimensions and we'll get in touch for billing details
As always, if it is a Postal specific question, you can browse the issues on Postal's Github.