Wednesday, November 6, 2019

Modoboa Mail Server with Apache2 as Web Server on Ubuntu 18.04

Modoboa is an excellent way to simplify the installation, configuration, and ongoing maintenance of an email server.  The easiest way is to install Modoboa is by using an installation script available on GitHub.

The Modoboa install script installs the Nginx web server by default.  Nginx is best for static content and Apache is better for dynamic content (like php). The key advantage to using Nginx is it commands less system resources due to its architecture.  Still, if  your web traffic is low, the performance gains by using Nginx is negligible. I decided my website would be best served with Apache alone, though I still wanted to use Modoboa as my email server.

Since the installation script installs Nginx by default, a few modifications to the script file are needed.  The following instructions assume a fresh Ubuntu 18.04 with Apache already installed.  Also, make sure DNS MX record is already configured with

Modoboa Installer

First install mod_wsgi then restart Apache
$ sudo apt-get install libapache2-mod-wsgi
$ sudo systemctl restart apache2
The installation script is available from GitHub.
$ git clone
Install the necessary perl scripts
$ sudo apt-get install python-virtualenv python-pip
Navigate to the installer directory
$ cd modoboa-installer
Run the following command.
$ sudo ./ --stop-after-configfile-check
You'll get a warning that the installer.cfg file was not found so a new one was created.  installer.cfg file allows you to customize certain elements of the installation. The default contents include the following:
$ [general]
hostname = mail.%(domain)s

generate = true
type = self-signed

email =

engine = postgres
host =
install = true

user = postgres
password =
Leave the certificate type to self-signed.  We will install a Let's Encrypt certificate manually later.
If you want to use MariaDB instead of postgres, change the engine type under database to mysql. Scroll down and change the instruction to install nginx to false.
enabled = false
Make the desired changes and save the file.  Next we'll re-run the installation routine using --interactive.
$ sudo ./ --interactive
If you have problems with the installation, rerun the script with the debug option:
$ sudo ./ --interactive --debug
If all goes well, the completed installation should look similar to the following:
Welcome to Modoboa installer!

Before you start the installation, please make sure the following DNS records exist for domain '':
       IN MX

Your mail server will be installed with the following components:
modoboa automx amavis clamav dovecot razor postfix postwhite spamassassin uwsgi radicale opendkim
Do you confirm? (Y/n)
The process can be long, feel free to take a coffee and come back later ;)
Generating new self-signed certificate
Installing amavis
Installing spamassassin
Installing razor
Installing clamav
Installing modoboa
Installing automx
Installing radicale
Installing uwsgi
Installing opendkim
Installing postfix
Installing postwhite
Installing dovecot
Congratulations! You can enjoy Modoboa at (admin:password)

Apache Configuration

Next we need to create an Apache config file for  Here is the file I created in the /etc/apache2/sites-available directory and named :
<VirtualHost *:80>
  DocumentRoot /srv/modoboa/instance/

  Alias /media/ /srv/modoboa/instance/media/
  <Directory /srv/modoboa/instance/media>
    Order deny,allow
    Allow from all

  Alias /sitestatic/ /srv/modoboa/instance/sitestatic/
  <Directory /srv/modoboa/instance/sitestatic>
    Order deny,allow
    Allow from all

Next we need to configure the Apache config file.
$ sudo nano /etc/apache2/apache2.conf
Scroll down the page and uncomment (or add if it's missing) the following lines.
<Directory /srv/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
In addition, we need to configure WSGI.  Add the following lines to the Apache config file:
WSGIScriptAlias / /srv/modoboa/instance/instance/
WSGIPythonHome /srv/modoboa/env/
WSGIPythonPath /srv/modoboa/instance/

<Directory /srv/modoboa/instance/instance>
  Require all granted
WSGIPassAuthorization On
Save the file and reboot.

Install Lets Encrypt Certificate

Make sure the https port 443 is included in your firewall configuration. See Install Firewall (ufw).

Install certbot

Add the PPA and install certbot (install software-properties-common if necessary)
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt update
Install certbot packages:
$ sudo apt install python-certbot-apache

Install certificate:

Install the certificate as shown
$ sudo certbot --apache -d
Answer any prompts and wait for the confirmation that the certificate has been issued.  If you have problems getting the certificate issue, try visiting the website The Let's Encrypt Certificate is only valid for 90 days.  However the certbot installation includes a cron script that auto renews the certificate 30 days before expiration.  The script is located at /etc/cron.d.

You can test the renewal process by running the following command again:
$ sudo certbot renew --dry-run
Manual installation of the Let's Encrypt certificate as instructed will automatically result in the creation of an ssl version of the Apache conf files for your site. Here are the contents of my site's ssl config file (mail.your-domain-le-ssl.conf) after a successful letsencrypt installation in the /etc/apache2/sites-available/ path:
<IfModule mod_ssl.c>
<VirtualHost *:443>
  DocumentRoot /srv/modoboa/instance/

  Alias /media/ /srv/modoboa/instance/media/
  <Directory </srv/modoboa/instance/media>
    Order deny,allow
    Allow from all

  Alias /sitestatic/ /srv/modoboa/instance/sitestatic/
  <Directory /srv/modoboa/instance/sitestatic>
    Order deny,allow
    Allow from all

SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
Include /etc/letsencrypt/options-ssl-apache.conf
Note your certificate file path may vary.

There are two additional lines we need to add to the Apache config file file.  Add the two following lines after the WSGIScriptAlias.
WSGIDaemonProcess python-path=/srv/modoboa/instance:/srv/modoboa/env/lib/python2.7/site-packages

Modoboa Log-In Panel

Modoboa is programmed to work with IMAP.  If you want to connect to your mail server via pop3 to another email service, you need to make configuration changes.  The easiest was to do this is to install dovecot-pop3d.
$ sudo apt install dovecot-pop3d
Open firewall ports for 25, 587, 993, 995.

We're now ready to log into the Modoboa panel.  Go to  Your log-in is Admin and the password is password. Once you're logged in change your username and/or password.  Click on the user name in the top right of the menu panel, then go to settings>>profile to make the changes.

To set up domains for the server, click Domains from the top menu bar then click the Add+ button. Be sure to enable dkim signing. Once the domain is setup, you can retrieve the public key for DKIM by selecting Domains from the top menu bar, then click the domain name.  Click the Show key button in the DNS box on the top right. You will need to add the domain key to your DNS settings.

If you plan to use Modoboa's webmail (I used it for testing) you should change the IMAP and SMTP ports and enable ssl/tls.  Click Modoboa in the menu bar, then select the Webmail tab.  Under IMAP settings, click the radio button to use a secure connection and change the port to 993.  Under SMTP settings, click the radio button to enable STARTTLS, change the server port to 587, then click the "Yes" radio button to require authentication.  Click save.