5 minutes
Self Hosted Mail Server
Here we go again, running our own services like a boss.I’ve tried out some mail server solutions namely docker-mailserver and citadel.
In the following I want to name and discuss features, set-up procedures and cons.
Citadel
Is easy to set up because it comes with its own installer, completely handling software installation and filesystem tasks for you.
It also has an interactive graphical installation walking you through the setup process, which makes this process even faster.
After the installation process you will be able to access your web interface for handling mails as well as Citadel settings.
And Citadel is ugly.
I mean it works fine, I have set up the appropriate MX entry in the DNS and evening magically works.
But that is all.
Handling the server’s settings is made complicated by creating abstract user areas (like floors) and reading mails is overall handling is not really fun because of the ugly interface straight out of the early 90s.
I am sorry Citadel, but this is too much…
Docker-Mailserver
I never worked with docker until this time and had to learn a bit more about the endless possibilities with Docker and the flexibility behind the container handling.
The server installation handles just as easy as Docker’s deployment works.
I also liked the idea of a custom, sandbox-like working environment for the Mailserver to run in.
I mean, the setup is not as easy as Citadel, of course, but no problem in general. I had problems getting things to run though.
I am currently running Ubuntu Server 16.04 which should be supported without problems but I got some errors I have to look into right now…
I have read documentations and set-up tutorials for other services and I at least want to mention them for the sake of remembering in a later workflow:
Mail-in-a-box
Needs a fresh server running only this service (their server)…
Modoboa
I did not get into the backend after successful installation…
Postal
Did not set it up because of many issues in their GitHub…
QMailtoaster
Only has a CentOS installation guide…
I have not decided on what solution to use just yet or even if I should set things up without any of those.
It is still possible to set everything up without fancy docker containers and gui settings handling.
This whole set-up process took me about 4 work days of time with all the testing, failures and spam filter configuration.
And I love it.
After some research and testing I’ve come to the conclusion that for my needs it is possible and easy enough to set up Postfix and Dovecot for SMTP and IMAP connectivity with SSL and without PLAIN text login only.
This solutions seems well tested and stable and I don’t need docker containers and web interfaces, the letter because I want to send and receive mails with this server, reading those will be done on a smartphone or other email clients in Linux, OSX and Windows.
Easier said than done
Setting up Postfix and Dovecot is no problem as such, as well als configuring them to standard ports and without encryption but I want to have it secure.
Here are some problems I have encountered.
For starters I did not find an up to date, sophisticated ‘How to’ describing both set up processes adequately without even opening ports 25 and 143 or some annoyingly unlinked second guide ’next week’ where ‘we will make things secure’.
On the other hand I could learn from these tutorials that I could authenticate postfix SMTP over Dovecot and with the SASL standard and I learned many things about SSL and TLS handshakes as well as client support for different authentication methods Dovecot supports.
So I’ve tried to collect different tutorials and tried to understand different configuration possibilities.
Dovecot especially has a nicely split up configuration approach where the different config files are inside the
/etc/dovecot/conf.d/
directory.
File names keep it easy to find the configuration one is looking for.
Most online tutorials completely ignore this approach and suggest replacing the master config file with
’their settings’ where things might become a little easier to understand in the first place but I suggest keeping a
copy of the original master config (/etc/dovecot/dovecot.conf
) and once everything is tested and working properly,
set dovecot up the way it is supposed to be!
For Postfix we have two config files, the master.cf
and the main.cf
inside /etc/postfix/
.
Postfix configuration made no problems at all.
You simply configure everything concerning SSL in the main.cf
and enable SMTP proxy to SMTPS
and the submission
with smpts_auth_method = dovecot
and service restart postfix and you are good to go.
I used certbot to acquire an SSL certificate from letsencrypt and configured postfix to authenticate over Dovecot and use TLS only, everything went well, encrypted login and messages.
When it comes to Dovecot I had some problems with multiple different little things like setting up Maildir correctly and that for every user.
I also set things up to use the UNIX users on this server, so no virtual users and no virtual mailboxes as well as no user database for the moment, also because I am the only user for this server atm.
This might have to be changed in the future, as well as user management and handling them with a database.
I also set up spamassassin and sieve and need to introduce clam inside this whole procedure to check mails for malicious attachments.
Still searching for some online test tools…
Do not forget DNS settings
I figured out (by reading the fucking manual - and /var/logs/mail.log
and mail.err
) that my IP is part of a
completely blacklisted IP range on spamhaus.org.
This was not my fault as the online report shows but the previous owner’s but you might easily end up running into dept in this manner if things are not set up correctly.
Your domain (hopefully already being an A record) needs a valid MX record as well as an SPF record and maybe
even some others (DMARC
for example).
I am not going to provide any information on how to change these because it differs for each hoster.
An easy way to make sure everything works and is set up properly towards public is to use a simple tool called MXTOOLBOX.