English - (+)

Email Server


1. About the Email Server

Once enabled, FreedomBox Email Server can be currently used via IMAP clients and provides spam filtering features. Spam learning is not yet implemented and antivirus is currently on hold, though. This is just the beginning. More e-mail related features and utilities are planned.

1.1. Ease of Use

The interfaces for admin and non-admin users are very simple for an email server. Unlike other apps in FreedomBox, this custom application integrates many Debian packages with quite a lot of glue code to make them all work together for a user-friendly, complete, secure, maintainable solution.

After proper configuration, you'll be able to interoperate with popular email providers, but be aware that your privacy depends on the business practices of those providers.

1.2. E-mail Privacy

Privacy is a practice, not a statistic. Its meaning varies in terms of one's situation, habits, emergency preparedness. Only if the user understands what assets, adversaries, attack vectors are in their threat model can they make effective use of privacy-enhancing technologies. Generally a threat model answers the following questions:

In this section we provide some examples of a threat model. We then introduce the practices and software features applicable for each threat model.

I don't want spam in my primary inbox

I don't like the fact that big companies are scanning my emails to my friends

More advanced threat models require an even higher level of communication secrecy: Alice and Bob may not trust the email providers nor the network connecting both providers. End-to-end encryption can be achieved with GnuPG (see Free Software Foundation, Email Self-Defense Guide) or S/MIME. These methods alone however do not provide forward secrecy nor future secrecy. If forward and future secrecy is needed by your threat model, consider using XMPP OMEMO in place of emails.

2. Installing

First of all you need to go to the Apps menu.

If already installed, the Email Server will be shown above the Disabled line. This is likely not your case, but if it is, that means that the Email Server is already installed, so this chapter isn't for you and you ought to jump to the next one.

If the Email Server is shown among the icons below the Disabled line, it is either not yet installed or it is currently disabled. This is the usual starting status.

Select the Email Server app. You are presented with the Email Server app page. If not installed yet you'll be shown the Install button. Click on it!

Due to a known bug you might get this error

Despite the message suggesting held packages, another usual cause is that there's already another email server installed in the system, usually exim4 in Debian systems. Usually it is there by default but you don't need it so you can just uninstall it. This can be done accessing your FreedomBox via SSH and running

Then you can try again

This will trigger the installation process.

After installing all needed software packages, configuring them, etc FreedomBox will tell you that the installation is successful and the app page will show additional content like the port information and several feature configuration forms organized by means of tabs.

Next time you go to the Apps Menu it will show the Email Server enabled (above the disabled line).

3. Configuring the Email Server

  1. Log into FreedomBox web interface as an admin. Server configuration forms are hidden to regular users.

  2. Go to Email Server app. Problems with the service are listed in the Service Alert section.

  3. Resolve all service problems.

Now as admin you can:

Additional configurations in your FreedomBox and in your domain name registry are needed to meet current security standards.


For the moment USE THIS SERVER ONLY FOR INTERNAL EMAILS (among FreedomBox users within the same machine) or in controlled testing environments. Attempts of sending e-mail to regular services may get your IP address blacklisted due to unmet security measures.

4. Using the Email Server


This app is still under construction. USE THIS SERVER ONLY FOR INTERNAL EMAILS (among FreedomBox users within the same machine) or in controlled testing environments. Attempts of sending e-mail to regular services may get your FreedomBox blacklisted due to unmet security measures.

As a user you can:

Once an admin has set up RoundCube configuration for it to work with the FreedomBox Email server you can log into RoundCube and start sending emails to your fellow FreedomBox users without the need for other email clients.

4.1. With FreedomBox Webmail Client (RoundCube)

RoundCube email client is provided by FreedomBox as an optional app. If RoundCube has been installed before the email server, setup will tell RoundCube to use the FreedomBox email service. Once both apps are installed, you have a complete webmail setup for you and your friends.

4.2. With Thunderbird

Open Thunderbird. Go to hamburger menu → New → Existing Mail Account. Enter a display name, your FreedomBox email address, and your FreedomBox password. Click continue.

FreedomBox implements the Automatic Account Configuration endpoint which Thunderbird will make use of.

4.3. Manual Configuration

Tell your email client to use these parameters:

STARTTLS on the SMTP submission port is also supported.

4.4. Email Aliases

Email aliases are very useful for privacy. Now as FreedomBox email user (don't even need to be an admin) you can have temporary throw-away and specific email addresses under your control. You can create, modify, and delete email aliases from the My Aliases tab of the Email Server page in FreedomBox web interface.

Mails to non-existent users, non-existent aliases, or system users will be rejected at the SMTP connection level. Disabled aliases work like a "no reply" address: mails to those aliases will be dropped; the sender will not receive a failure code or bounce notification.

5. Advanced Features

5.1. Having multiple email domains

Configuration at the Domains tab is needed.

  1. Log into the Plinth web interface as an admin.
  2. Go to Email Server → Domains page. You will see a form like the snapshot below.

  3. Edit $mydestination (make sure all of your email domains are listed in the variable)

  4. Click Update

    Domains tab at Email Server app page

Recommended domain settings:


The automatically appended domain part for locally submitted mails. Setting it to localhost should be okay.

A fully-qualified domain name for your email addresses. It is the domain after the @ sign.

Typically hostname.$mydomain or just $mydomain - the internet hostname of this mail system. NOTE: Provide a reachable domain name to avoid email bouncing. If you don't have a domain name, use localhost


The list of accepted domains for inbound mails. It must contain the values of $mydomain and $mydestination (dollar sign notation may be used). If you mess up this variable, Postfix may try to relay internal mails to the public internet which will be dangerous.

6. Troubleshooting

6.1. How to debug an action script failure? How to access the system log?

Open a secure shell connection to your FreedomBox. Type sudo journalctl -b -o short-monotonic --no-pager

6.2. Why does the server say "relay access denied"?

This is because Postfix was not aware of the email domain. To fix that,

  1. Ensure FreedomBox is aware of your internet domain name. If you don't have a domain name, skip to step 2.

    • Log into the Plinth web interface as an admin.
    • Go to System → Name Services

    • Add a domain name if you haven't done so.
  2. Repair the email server's configurations.
    • Log into the Plinth web interface as an admin.
    • Go to Email Server app → Home.

    • Find the Service Alert section.

    • Click Repair next to the failed Postfix domain diagnosis.

If problem persists or you could not find the Service Alert section,

  1. Log into the Plinth web interface as an admin
  2. Go to Email Server → Domains

  3. Edit $mydestination (make sure your email domain is listed in the variable; dollar sign notation is supported)

  4. Click Update

6.3. Cannot send anything from Roundcube. It says "SMTP Error (250): Authentication failed".

Root cause: Roundcube tried to submit your email from an unencrypted connection, but ports 465 and 587 required SSL and STARTTLS encryption, respectively.


For RoundCube, edit the /etc/roundcube/config.inc.php file to make it use port 25 (unencrypted). Fix these settings:

$config['smtp_server'] = 'smtp://localhost';
$config['smtp_port'] = 25;


If using another email client like Thunderbird, enforce SSL or STARTTLS usage by the email client.

7. Providing user feedback

Please provide your feedback on usage on this forum thread.

8. Technical info and discussion

FreedomBox email server was presented at Debconf21. Slides and video recording are available courtesy of the Debian Outreach team.

This salsa issue is driving the implementation. Feel free to join discussions and provide technical ideas.

Back to Features introduction or manual pages.









Live Help

Where To Start







To Do









FreedomBox for Communities

FreedomBox Developer Manual

HELP & DISCUSSIONS: Discussion Forum - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, January 23 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.