I just set up my first ever email server and I’m proud of myself! 😊 Do you have any advice to avoid common problems? I mean something beginners often do that they shouldn’t. Thanks!
You’re in for a world of hurt. Email security is a pain in the ass. I used to do this full time and I’m so glad I don’t have to anymore.
Not trying to discourage you, it’s fun, it’s cool, but it can be a real PITA.
That’s true, but only initially. Once you get SPF/DKIM right, that you domain name grows a few years old (enough to be considered established) and that you nailed your configuration, there is no issue anymore. I’ve been running my own Postfix on a Pi in my home for about 5 years, and It Just Works ™. The only maintenance I do is updating the software (done when updating the rest of the OS), and I don’t get shadowbanned mails anymore, even when sending to outlook.com (which is. by far, the worst peer when self-hosting emails).
EDIT : by the way, fun fact : it seems not as related to IP reputation as it’s often said (well, unless the IP has bad reputation, of course). I changed my ISP late last year (thus changed my IP), I was very afraid I would lose my good reputation and have to start over with getting my mails shadowbanned, and… nothing happened. My mails just got delivered as usual. So I bet the domain name is at least as important as the IP.
Not trying to discourage you
Well, that’s exactly what it sounds like :/
Don’t listen to him OP, running your own email server is not “a world of hurt”.
The initial configuration involves quite a few things (DNS records, DKIM, spam filters, …) But it’s definitely manageable. And when all this is setup, you don’t have to touch it anymore, it just works!
I’ve been doing it for years now, and I’m not going back ! Congratulations on doing it, and good luck on keeping it running!
Try using this and sent it a test mail: https://www.mail-tester.com/
It’ll check blacklists, configuration, DNS and mail content itself for any issues
Cool, a bit basic but a good start. Getting 10/10 on that should be considered the baseline for having a working email solution for personal use. It verifies DMARC but ignores DNSSEC and DANE which are newer improvements to help prevent spoofing.
This test is pretty hardcore and full disclosure I don’t pass it myself fully yet, and I’ve spent considerable time learning and testing so it’s not a small task.
Mail-tester is just for outbound deliverability, nothing else. DNSSEC is really just for security practices. That doesn’t really effect outbound deliverability though which is always a bigger concern for me.
I don’t really agree. DANE, which builds on DNSSEC, will most likely be used to deny email outright or at least spam mark it in the near future. It provides much needed trust and security to a tool that in many ways is less secure than sending a physical letter. All it really needs is critical mass such that people are forced to implement it or risk their business critical email not reaching its recipient.
I’ve never seen a message denied for DNSSEC. It may be a thing they do in the future, I do think all domains should use it but it’s not something that’ll deny a message.
Mail tester is good, and I’ll add MX Toolbox which can also check a lot of other DNS settings, and help with email deliverability.
Make sure you are not an open relay.
If you also sent mail, make sure you have setup dkim and spf and dmarc
Congratulations! A mail server is quite demanding in terms of initial setup, but it’s also very rewarding !
Here are a few pointers I can give you:
- Using a good domain is important, some provider block entire TLDs for cheap domains (eg. .tk or .pw). I learnt it the hard way…
- Set your MX records to A records, not CNAME
- Ensure your PTR records match your A records for the mail server
- Learn about SPF and DKIM
- Set them up, and verify with mxtoolbox
- Use the
ip:
selector for SPF - Setup a spamfilter (I like spamassassin)
- Leave it all running for a few weeks/months
- Publish a DMARC policy on your DNS, and verify with mxtoolbox
This should limit a lot your likeliness to end up in spam folders (which is usually the hardest part about running your mail server)
Let’s hear the details! How did you do it?
Docker container with exposed ports. The container has postfix and rspamd for spam mitigation and some useful scripts for postfix management such as creating accounts, wiping data etc. Actually it comes preconfigured, the only thing you have to do is:
- configure environment variables so it meets your needs
- generste dkim key and set is as DNS record
- set revDNS to the IP address
- setup SPF (which is one, short DNS record)
Did you docker compose? Do you mind sharing it :)
Of course! It’s called docker-mailserver. It has extensive documentation, so it all becomes easy! 😃
Are you running it locally or on a VPS?
Great thank you!
Yes I want to know too