This is an old revision of the document!
- mailserver-trixie
- Jonathan Haack
- Haack's Networking
- webmaster@haacksnetworking.org
mailserver-trixie
This tutorial is for users of Debian GNU/Linux who want to set up a proper email server. This particular version is a work in progress and will contain adjustments needed for Trixie. So far, I've found the following differences:
# Editing authentication settings
sudo nano /etc/dovecot/conf.d/10-auth.conf
auth_username_format = %{user|username|lower}
#auth_username_format = %n
# Editing mailbox location settings
sudo nano /etc/dovecot/conf.d/10-mail.conf
mail_driver = maildir
mail_path = ~/Maildir
mail_inbox_path = ~/Maildir/.INBOX
#old one was
#mail_location = mbox:~/mail:INBOX=/var/mail/%u
#mail_location = maildir:~/Maildir
# Editing SSL/TLS settings
sudo nano /etc/dovecot/conf.d/10-ssl.conf
#new format for cert and key, longer name, removes the classic “<” character
ssl_server_cert_file = /etc/letsencrypt/live/mail.domain.com/fullchain.pem
ssl_server_key_file = /etc/letsencrypt/live/mail.domain.com/privkey.pem
#ssl_prefer_server_ciphers = yes
#comment out diffy helman, now deprecated
#ssl_server_dh_file = /etc/dovecot/dh.pem
# Editing Sieve filter settings
sudo nano /etc/dovecot/conf.d/90-sieve.conf
#updating where dovecot looks for sieve rules by default, new format
sieve_script personal {
driver = file
path = ~/sieve
active_path = ~/.dovecot.sieve
}
#old one was
#plugin {
#sieve = file:~/sieve;active=~/.dovecot.sieve
#}
# Editing main Dovecot configuration
sudo nano /etc/dovecot/dovecot.conf
#declare versions
dovecot_storage_version = 2.4.1
dovecot_config_version = 2.4
#comment out dictionary (unless you set it up)
#dict {
# quota = file:/var/lib/dovecot/quota
#}
In May 2025, the Validity RBL switched to a locked model, so you need to disable queries to it in spamassassin by editing sudo nano /etc/spamassassin/local.cf and putting the following restrictions underneath dns_server 127.0.0.1 and then comment out the VALIDITY scoring rule.
dns_query_restriction deny bl.score.senderscore.com dns_query_restriction deny sa-accredit.habeas.com dns_query_restriction deny sa-trusted.bondedsender.org #score RCVD_IN_VALIDITY_RPBL 5.0
Over the weeks and months ahead, I will merge the changes documented above into the body of the tutorial below. It will be some months before I merge, however, since Trixie is not yet stable and there will likely be more changes on the server I am testing in production. Below, please find the Bookworm tutorial:
— oemb1905 2025/11/03 15:14
