How To Install PostfixAdmin on AlmaLinux 10

Managing a mail server through command-line interfaces can be time-consuming and error-prone. PostfixAdmin provides a powerful web-based interface that simplifies the administration of Postfix mail servers, enabling administrators to manage virtual domains, mailboxes, and email aliases efficiently. This comprehensive guide walks you through the complete installation and configuration process of PostfixAdmin on AlmaLinux 10, a robust enterprise-grade Linux distribution known for its stability and security features.

AlmaLinux 10 brings enhanced security capabilities, improved container support, and streamlined package management that make it an excellent choice for hosting production mail servers. By following this tutorial, you’ll establish a fully functional PostfixAdmin installation capable of managing multiple email domains and hundreds of mailboxes through an intuitive web interface. Whether you’re setting up a small business mail server or managing enterprise email infrastructure, this guide provides the technical depth and practical insights needed for successful deployment.

What is PostfixAdmin?

PostfixAdmin is an open-source web-based management tool designed specifically for Postfix mail servers that use virtual domains and users stored in databases. Unlike traditional mail server configurations that rely on system users, PostfixAdmin enables the creation and management of virtual mailboxes entirely through a MySQL or PostgreSQL database backend. This architecture provides superior scalability and flexibility for hosting multiple email domains on a single server.

The application offers a comprehensive feature set including domain management, mailbox creation with quota controls, alias configuration, and forwarding rules. Administrators can define separate admin accounts with domain-specific privileges, allowing delegated management without granting full server access. PostfixAdmin supports multiple password encryption schemes including the modern ARGON2I algorithm, ensuring robust security for user credentials. The web interface eliminates the need for direct database manipulation or complex command-line operations, significantly reducing the learning curve for mail server administration.

Built with PHP and designed for integration with popular web servers like Apache and Nginx, PostfixAdmin seamlessly connects with Dovecot for IMAP/POP3 services. The platform’s database-driven approach enables easy backup, migration, and scalability as your email infrastructure grows.

Prerequisites and System Requirements

Before beginning the PostfixAdmin installation process, ensure your AlmaLinux 10 server meets the following requirements. You’ll need a fresh or existing AlmaLinux 10 installation with root or sudo privileges to execute administrative commands. The server should have at least 2GB of RAM for small deployments, though 4GB or more is recommended for production environments handling significant email traffic. Allocate a minimum of 20GB disk space for the operating system, applications, and email storage, with additional capacity based on anticipated mailbox usage.

A registered domain name with proper DNS configuration is essential for mail server operation. Configure MX records pointing to your mail server, along with A or AAAA records for hostname resolution. Proper DNS setup ensures reliable email delivery and prevents messages from being rejected by recipient servers. You should also plan to implement SPF, DKIM, and DMARC records for enhanced email authentication and deliverability.

The software stack for PostfixAdmin requires several components working in concert. You’ll need a web server—either Apache HTTP Server or Nginx—to serve the PostfixAdmin web interface. PHP version 7.3 or higher with essential extensions including mysqli, imap, mbstring, json, and session support handles application logic. A MySQL or MariaDB database server stores virtual domain configuration, mailbox credentials, and alias mappings. Finally, an SSL/TLS certificate from Let’s Encrypt or a commercial certificate authority secures web interface access and protects sensitive administrative credentials.

Step 1: Update AlmaLinux 10 System

Maintaining an updated system is the foundation of server security and stability. Begin by refreshing the package repository cache and upgrading all installed packages to their latest versions. Open a terminal session and execute the following command:

sudo dnf update -y

This command downloads and installs available updates for your AlmaLinux 10 system. The process may take several minutes depending on your internet connection speed and the number of pending updates. If kernel updates are installed during this process, reboot your server to activate the new kernel:

sudo reboot

After the system restarts, verify your AlmaLinux version and kernel information:

cat /etc/almalinux-release
uname -r

Check for the presence of conflicting mail transfer agents that might interfere with Postfix operation. AlmaLinux installations sometimes include Sendmail by default. Remove Sendmail if present:

sudo dnf remove sendmail -y

Configure the system hostname to match your mail server’s fully qualified domain name. Proper hostname configuration is critical for email authentication and delivery:

sudo hostnamectl set-hostname mail.yourdomain.com

Edit the /etc/hosts file to ensure local hostname resolution:

sudo nano /etc/hosts

Add or modify the entry to include your server’s IP address:

192.168.1.100 mail.yourdomain.com mail

Verify the hostname configuration:

hostname -f

Step 2: Install and Configure Web Server

PostfixAdmin requires a web server to deliver its interface to administrators. You can choose between Apache HTTP Server and Nginx based on your preferences and existing infrastructure. This guide covers both options.

Option A: Installing Apache HTTP Server

Apache remains one of the most popular web servers for hosting PHP applications. Install Apache on AlmaLinux 10 using the DNF package manager:

sudo dnf install httpd -y

Enable and start the Apache service to ensure it runs automatically at system boot:

sudo systemctl enable httpd
sudo systemctl start httpd

Verify that Apache is running correctly:

sudo systemctl status httpd

Configure firewall rules to allow HTTP and HTTPS traffic:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Test Apache installation by accessing your server’s IP address in a web browser. You should see the default AlmaLinux Apache test page.

Option B: Installing Nginx Web Server

Nginx offers excellent performance characteristics and efficient resource utilization, making it popular for high-traffic deployments. Install Nginx with this command:

sudo dnf install nginx -y

Enable and start the Nginx service:

sudo systemctl enable nginx
sudo systemctl start nginx

Check the service status:

sudo systemctl status nginx

Configure firewall rules for web traffic:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Verify Nginx is serving content by visiting your server’s IP address in a web browser.

Step 3: Install PHP and Required Extensions

PostfixAdmin relies on PHP to generate dynamic content and interact with the database backend. AlmaLinux 10 includes PHP 8.0 or higher in its default repositories. Install PHP along with necessary extensions:

sudo dnf install php php-fpm php-mysqlnd php-imap php-mbstring php-json php-session -y

Each extension serves a specific purpose in PostfixAdmin functionality. The php-mysqlnd extension provides native MySQL database connectivity with improved performance over older drivers. The php-imap extension enables mail-related functions essential for mailbox operations. The php-mbstring extension handles multibyte string operations, critical for supporting international character sets in email addresses and display names. The php-json extension processes JSON data structures used throughout the application.

Configure PHP settings for optimal performance and security. Edit the main PHP configuration file:

sudo nano /etc/php.ini

Locate and modify these directives:

upload_max_filesize = 50M
post_max_size = 50M
memory_limit = 256M
max_execution_time = 300
date.timezone = Asia/Jakarta

These settings allow larger file uploads, increase available memory for PHP processes, extend script execution time for complex operations, and set the appropriate timezone for your location.

If using Nginx, configure PHP-FPM to process PHP scripts. Edit the PHP-FPM pool configuration:

sudo nano /etc/php-fpm.d/www.conf

Ensure the user and group settings match your web server:

user = nginx
group = nginx

For Apache installations, verify the user is set to apache:

user = apache
group = apache

Enable and start the PHP-FPM service:

sudo systemctl enable php-fpm
sudo systemctl start php-fpm

Verify PHP installation by checking the version:

php -v

Step 4: Install and Configure MariaDB Database Server

MariaDB serves as the data repository for PostfixAdmin, storing all virtual domain configurations, mailbox credentials, and alias mappings. Install MariaDB server packages:

sudo dnf install mariadb-server mariadb -y

Enable and start the MariaDB service:

sudo systemctl enable mariadb
sudo systemctl start mariadb

Verify the service is running:

sudo systemctl status mariadb

Secure your MariaDB installation by running the security script. This interactive wizard helps eliminate common security vulnerabilities:

sudo mysql_secure_installation

The script prompts you through several security enhancements. Press Enter when asked for the current root password (none exists initially). Set a strong root password using a combination of uppercase letters, lowercase letters, numbers, and special characters. Answer ‘Y’ to remove anonymous users, disable remote root login, remove the test database, and reload privilege tables. These measures significantly improve database security and should be implemented on all production servers.

Log into the MariaDB shell to create the PostfixAdmin database and dedicated user:

sudo mysql -u root -p

Execute the following SQL commands to establish the database infrastructure:

CREATE DATABASE postfixadmin CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'postfixadmin'@'localhost' IDENTIFIED BY 'your_secure_password';
GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixadmin'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Replace your_secure_password with a strong, randomly generated password. Store this password securely as you’ll need it during PostfixAdmin configuration. The utf8mb4 character set ensures full Unicode support, including emoji and international characters that may appear in email content.

Verify database creation:

sudo mysql -u postfixadmin -p

Enter the password you created, then list available databases:

SHOW DATABASES;
EXIT;

Step 5: Download and Install PostfixAdmin

Navigate to the PostfixAdmin GitHub repository to obtain the latest stable release. At the time of writing, version 3.3.15 is current. Download PostfixAdmin using wget:

cd /tmp
wget https://github.com/postfixadmin/postfixadmin/archive/refs/tags/v4.0.1.tar.gz

Extract the archive to the appropriate directory based on your web server choice. For Apache installations:

sudo dnf install tar -y
sudo tar xvf v4.0.1.tar.gz -C /var/www/
sudo mv /var/www/v4.0.1 /var/www/postfixadmin

For Nginx installations:

sudo tar xvf v4.0.1.tar.gz -C /usr/share/nginx/
sudo mv /usr/share/nginx/v4.0.1 /usr/share/nginx/postfixadmin

PostfixAdmin requires a writable templates_c directory for compiled templates. Create this directory and set appropriate permissions. For Apache:

sudo mkdir -p /var/www/postfixadmin/templates_c
sudo setfacl -R -m u:apache:rwx /var/www/postfixadmin/templates_c/

For Nginx:

sudo mkdir -p /usr/share/nginx/postfixadmin/templates_c
sudo setfacl -R -m u:nginx:rwx /usr/share/nginx/postfixadmin/templates_c/

If you plan to integrate with Dovecot for password hashing, grant the web server user permission to read Let’s Encrypt certificates:

sudo setfacl -R -m u:apache:rx /etc/letsencrypt/live/ /etc/letsencrypt/archive/

Replace apache with nginx if using Nginx as your web server. These ACL permissions allow PostfixAdmin to access encryption certificates needed for secure password hashing without compromising overall system security.

Step 6: Configure PostfixAdmin

PostfixAdmin uses a local configuration file to override default settings. Create the configuration file based on your web server installation path. For Apache:

sudo nano /var/www/postfixadmin/config.local.php

For Nginx:

sudo nano /usr/share/nginx/postfixadmin/config.local.php

Add the following configuration, adjusting values to match your environment:

<?php
$CONF['configured'] = true;
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_port'] = '3306';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'your_secure_password';
$CONF['database_name'] = 'postfixadmin';

$CONF['encrypt'] = 'argon2i';

$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'YES';

$CONF['default_aliases'] = array (
    'abuse' => 'abuse@change-this-to-your.domain.tld',
    'hostmaster' => 'hostmaster@change-this-to-your.domain.tld',
    'postmaster' => 'postmaster@change-this-to-your.domain.tld',
    'webmaster' => 'webmaster@change-this-to-your.domain.tld'
);

$CONF['quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';

$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';

$CONF['page_size'] = '20';

$CONF['admin_email'] = 'admin@yourdomain.com';
?>

The argon2i encryption method provides superior security compared to older algorithms like MD5-CRYPT. Argon2 is specifically designed to resist brute-force attacks and GPU-based cracking attempts, making it the recommended choice for production mail servers. The database credentials must match those created during MariaDB setup. Save the configuration file and set appropriate permissions:

sudo chmod 640 /var/www/postfixadmin/config.local.php
sudo chown root:apache /var/www/postfixadmin/config.local.php

Adjust the path and group name based on your installation directory and web server.

Step 7: Configure Apache Virtual Host for PostfixAdmin

Create a dedicated Apache virtual host configuration for PostfixAdmin. This isolates PostfixAdmin from other web applications and enables SSL configuration:

sudo nano /etc/httpd/conf.d/postfixadmin.conf

Add the following configuration:

<VirtualHost *:80>
    ServerName postfixadmin.yourdomain.com
    ServerAlias www.postfixadmin.yourdomain.com
    DocumentRoot /var/www/postfixadmin/public
    
    <Directory /var/www/postfixadmin/public>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    
    ErrorLog /var/log/httpd/postfixadmin_error.log
    CustomLog /var/log/httpd/postfixadmin_access.log combined
</VirtualHost>

This configuration sets the document root to PostfixAdmin’s public directory, disables directory listing for security, allows .htaccess overrides, and establishes dedicated log files for troubleshooting. Test the Apache configuration syntax:

sudo apachectl configtest

If the test returns “Syntax OK”, restart Apache to apply changes:

sudo systemctl restart httpd

Step 8: Configure Nginx Server Block for PostfixAdmin

For Nginx installations, create a server block configuration file:

sudo nano /etc/nginx/conf.d/postfixadmin.conf

Add this Nginx configuration:

server {
    listen 80;
    server_name postfixadmin.yourdomain.com;
    root /usr/share/nginx/postfixadmin/public;
    index index.php index.html;
    
    access_log /var/log/nginx/postfixadmin_access.log;
    error_log /var/log/nginx/postfixadmin_error.log;
    
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    location ~ \.php$ {
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_read_timeout 300;
    }
    
    location ~ /\.ht {
        deny all;
    }
}

This Nginx configuration processes PHP files through PHP-FPM, establishes URL rewriting for clean URLs, and blocks access to sensitive .htaccess files. Test Nginx configuration syntax:

sudo nginx -t

Reload Nginx to activate the new configuration:

sudo systemctl reload nginx

Step 9: Configure SSL/TLS Certificates

Securing PostfixAdmin with SSL/TLS encryption protects administrative credentials and sensitive mailbox information during transmission. Install Certbot and the appropriate plugin for your web server:

For Apache:

sudo dnf install certbot python3-certbot-apache -y

For Nginx:

sudo dnf install certbot python3-certbot-nginx -y

Generate an SSL certificate using Let’s Encrypt:

For Apache:

sudo certbot --apache -d postfixadmin.yourdomain.com

For Nginx:

sudo certbot --nginx -d postfixadmin.yourdomain.com

Certbot automatically configures SSL settings and creates a renewal cron job. During the certificate generation process, provide a valid email address for renewal notifications. Choose the option to redirect HTTP traffic to HTTPS for enhanced security.

Configure automatic certificate renewal testing:

sudo certbot renew --dry-run

Modern SSL/TLS configuration should enforce strong protocols and cipher suites. For Apache installations, verify your SSL configuration includes:

SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES

For Nginx, ensure your SSL parameters are set:

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

Step 10: Complete PostfixAdmin Web-Based Setup

Access PostfixAdmin’s setup wizard through your web browser:

https://postfixadmin.yourdomain.com/setup.php

The setup page displays a system requirements checker showing the status of all dependencies. Green checkmarks indicate met requirements, while red crosses identify missing components. Address any failed checks by installing missing PHP extensions or adjusting permissions.

Create a setup password by entering your desired password in the setup form. PostfixAdmin generates a password hash displayed on the page:

$CONF['setup_password'] = 'hash_value_here:salt_value_here';

Copy this entire line and add it to your config.local.php file:

sudo nano /var/www/postfixadmin/config.local.php

Paste the setup password line at the end of the file, save, and refresh the PostfixAdmin setup page. Enter the setup password again, then create your superadmin account. Use an email address on a domain you’ll manage through PostfixAdmin rather than external email services like Gmail or Yahoo. This ensures you maintain full control over administrative credentials.

After creating the superadmin account, log into PostfixAdmin at:

https://postfixadmin.yourdomain.com/login.php

For enhanced security, rename or restrict access to the setup.php file after completing initial configuration:

sudo mv /var/www/postfixadmin/public/setup.php /var/www/postfixadmin/public/setup.php.disabled

Step 11: Create Virtual Domains and Mailboxes

Log into the PostfixAdmin administrative interface using your superadmin credentials. The dashboard presents options for domain management, virtual mailbox creation, and alias configuration.

Navigate to “Domain List” and click “New Domain” to add your first virtual email domain. Enter the domain name (e.g., example.com) and configure domain-specific settings including maximum mailboxes, aliases, and quota limits. These settings establish boundaries for each managed domain, preventing resource exhaustion.

After creating a domain, add virtual mailboxes by selecting “Virtual List” then “Add Mailbox”. Specify the mailbox username, select the domain from the dropdown menu, and set a secure password. Configure the mailbox quota based on expected usage—typical values range from 1GB for light users to 10GB or more for heavy email users.

Create email aliases to direct mail from one address to another. Aliases are useful for role-based addresses (support@, sales@) that forward to actual mailboxes. Access the alias creation form through “Virtual List” and “Add Alias”, then specify the source address and destination mailbox.

PostfixAdmin supports advanced features like catch-all addresses that receive mail sent to non-existent addresses within a domain. Configure catch-all addresses through domain settings, though use this feature cautiously as it can increase spam reception.

Step 12: Integrate PostfixAdmin with Postfix

PostfixAdmin manages database entries, but Postfix must be configured to query this database for mail routing decisions. Edit the main Postfix configuration file:

sudo nano /etc/postfix/main.cf

Add or modify these directives for virtual domain support:

virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf

Create the MySQL lookup files referenced in main.cf. First, the virtual domains lookup:

sudo nano /etc/postfix/mysql-virtual-mailbox-domains.cf

Add this configuration:

user = postfixadmin
password = your_secure_password
hosts = localhost
dbname = postfixadmin
query = SELECT domain FROM domain WHERE domain='%s' AND active='1'

Next, create the virtual mailbox maps lookup:

sudo nano /etc/postfix/mysql-virtual-mailbox-maps.cf

Add:

user = postfixadmin
password = your_secure_password
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox WHERE username='%s' AND active='1'

Finally, configure virtual alias maps:

sudo nano /etc/postfix/mysql-virtual-alias-maps.cf

Add:

user = postfixadmin
password = your_secure_password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias WHERE address='%s' AND active='1'

Secure these files by restricting permissions:

sudo chmod 640 /etc/postfix/mysql-*.cf
sudo chown root:postfix /etc/postfix/mysql-*.cf

Restart Postfix to activate the new configuration:

sudo systemctl restart postfix

Verify Postfix can query the database:

sudo postmap -q example.com mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf

Step 13: Security Hardening and Best Practices

Implement additional security measures to protect your PostfixAdmin installation and mail server infrastructure. Disable directory listing in your web server configuration to prevent unauthorized browsing of application files.

Restrict administrative interface access to specific IP addresses or networks. For Apache, add these directives to your virtual host:

<Directory /var/www/postfixadmin/public>
    <RequireAny>
        Require ip 192.168.1.0/24
        Require ip 10.0.0.100
    </RequireAny>
</Directory>

For Nginx, use the allow and deny directives:

location / {
    allow 192.168.1.0/24;
    allow 10.0.0.100;
    deny all;
}

Install and configure Fail2ban to prevent brute-force attacks against the PostfixAdmin login interface:

sudo dnf install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Configure SELinux policies for enhanced security on AlmaLinux 10. Check current SELinux status:

sudo sestatus

If SELinux is enforcing, configure appropriate contexts for PostfixAdmin directories:

sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/postfixadmin/templates_c(/.*)?"
sudo restorecon -Rv /var/www/postfixadmin/templates_c

Implement regular database backups using automated scripts:

sudo mkdir -p /backup/postfixadmin
sudo nano /usr/local/bin/backup-postfixadmin.sh

Add this backup script:

#!/bin/bash
BACKUP_DIR="/backup/postfixadmin"
DATE=$(date +%Y%m%d-%H%M%S)
mysqldump -u postfixadmin -p'your_secure_password' postfixadmin | gzip > ${BACKUP_DIR}/postfixadmin-${DATE}.sql.gz
find ${BACKUP_DIR} -name "*.sql.gz" -mtime +7 -delete

Make the script executable and create a cron job:

sudo chmod +x /usr/local/bin/backup-postfixadmin.sh
sudo crontab -e

Add this line to run daily backups at 2 AM:

0 2 * * * /usr/local/bin/backup-postfixadmin.sh

Step 14: Testing PostfixAdmin Installation

Thoroughly test your PostfixAdmin installation to verify all components function correctly. Send a test email to a virtual mailbox created in PostfixAdmin:

echo "Test email body" | mail -s "Test Subject" user@example.com

Check Postfix logs for successful delivery:

sudo tail -f /var/log/maillog

Look for entries indicating successful delivery to the virtual mailbox. Test alias forwarding by sending email to an alias address and verifying it reaches the destination mailbox.

Access the PostfixAdmin web interface and verify you can perform administrative functions including creating new mailboxes, modifying passwords, and adjusting quotas. Check that quota usage displays correctly for mailboxes with received email.

Test database connectivity by querying virtual domains directly:

sudo mysql -u postfixadmin -p postfixadmin -e "SELECT * FROM domain;"

Verify SSL certificate functionality by accessing PostfixAdmin via HTTPS and checking that your browser displays a valid certificate without warnings.

Troubleshooting Common Issues

Database connection errors typically indicate incorrect credentials or database permissions. Verify database settings in config.local.php match the MySQL user and password created earlier. Test database connectivity manually using the mysql command-line client.

Missing PHP extension errors appear in the setup checker when required modules aren’t installed. Install missing extensions using dnf and restart PHP-FPM. Check loaded PHP modules:

php -m | grep -i extension_name

Permission denied errors for the templates_c directory indicate incorrect ownership or ACL settings. Reapply permissions using setfacl commands and verify the web server user has write access.

Web server 403 Forbidden errors suggest directory permissions issues or SELinux policies blocking access. Check file permissions, verify virtual host DocumentRoot settings, and review SELinux audit logs:

sudo ausearch -m avc -ts recent

SSL certificate problems often stem from incorrect domain names or firewall blocking ACME validation. Verify DNS records resolve correctly and ensure ports 80 and 443 are open in your firewall configuration.

Dovecot password hashing errors occur when the web server lacks permission to read SSL certificates. Grant access using the setfacl commands provided earlier in this guide.

SELinux blocking issues on AlmaLinux 10 may require additional boolean settings or custom policies. Generate custom policies from audit logs:

sudo audit2allow -a -M postfixadmin_custom
sudo semodule -i postfixadmin_custom.pp

Congratulations! You have successfully installed PostfixAdmin. Thanks for using this tutorial for installing the latest version of PostfixAdmin on AlmaLinux OS 10. For additional help or useful information, we recommend you check the official PostfixAdmin website.