So I just finished moving my server in Iceland.  Some of you may know, my
upstream providor there decided to go out of business.  I didn't see it coming
though.  If this happened in USA, I would have gotten a 72 hour notice or
something.  Here I got a few months notice.  Not that I took advantage of it,
I've recently had a medical situation that sucked the time out of my life.  And
truth be told, I've recently ended up in a much more time consuming family
situation.  I don't mind, but it does infringe on my time to geek out on stuff.

That being said, I had to move my Icelandic server to another providor.  This
allowed me time to reassess what I was doing over there.  The big success of my
first few private servers ended up being email.  And what I mean is this, email
became the thing I used many times a day.  Sure, I had my own small webserver
too, but now that I am no longer doing citizen journalism, I even forgot where I
was hosting the content, let alone that I was self hosting the content.

But moving was an ideal time to re-assess what I wanted to be doing.  It turned
out if it wasn't email, it was tunnelling a connection to Iceland to grab a
piece of media that was not being allowed in USA.  So proxy was in.  And my
partner has a gopher server, so gopher was in.  As matter of fact, the fact that
I am maintaining a gopher server is why i'm re-starting a gopher "phlog."  Which
is a gopher weblog.  I mean if all your technology choices you want are
considered obsolete merely because you like to keep things simple, the most
logical choice is to stick with something with a partner.  But read my last
phlog post for more about that.

Ah, well what to do with email.  Well, the other half of the hosting partnership
is a shared unlimited cpanel-based webhosting account in NYC.  This is
necessary, as it's cheap but always up and there is a support system.  The
support is the driving force here.  No support is perfect, but you can always
text chat with an operator over their webpage.  The server itself, big and
anonymous and monitored by a paid staff whose job is to keep it up "four nines,"
which is to say 99.99% of the year.

So I thought about the benefits vs the cost in maintenence time, and I figured
out that I really didn't want to deal with spam.  Spam is essentially an arms
race situation, where shady spammers are constantly trying new ways to send you
their marketing BS.  There is a new legitimate bulk email environment, where you
can actually unsubscribe from what you don't want.  But we're talking about the
underside of the situation here.

Ever configure a mail client manually?  Where you put in the incoming and
outgoing servers individually?  That's where I had my epiphany!  I wanted to
recieve email on the big professionally run server so I didn't maintain as much
software.  But would I lose any benefit?

Well, it turns out there was a benefit I wasn't willing to part with, and that
was sending my own emails through my own server.  I bounced some of these ideas
off a freind who is a great computer consultant, and he pointed out to me that
the only way to truly not be associated with an outbound mail server that was
temporarily blacklisted because it somehow got co-opted by a spammer, was to
send email from your own leased ip address.  Well, I had one of those.

So, the trick was to set up email from the big massive server, then add the
option of sending through my own ip in Iceland from my desktop.  One inbound
server, two outbound servers.

Hence the title of this text file, "Interesting Postfix Install."

So I don't want to get too technical here, a lot of the preliminary steps are
probably already known to you.  First being to set up a new server.  Making a
machine name point to your new Debian Linux virtual machine instance, creating a
reverse pointer pointing back.  Also, moving the mail back to a big cpanel
instance, changing a mail-exchanger record. No surprises there.

Then it was time to "break ground" with a new postfix install.  It starts with a
"sudo apt-get install postfix" and the install system asks you what kind of mail
server.  The right choice is "internet facing mail server."  Then let apt-get
do it's magic.

So what turns out to be the first thing to making an outbound-only email server?
Tell postfix to stop listening for incoming connections.  The line in the
configuration file turns out to be "inet_interfaces,"  Change this to
"loopback-only" and postfix stops listening to the internet for port 25
connections.

Now, this actually wasn't my first move. I did want to connect with my desktop
email client to send mail.  But what I found to my chagrin was that postfix
actually uses the remote authentication method for imap servers that normally
get installed alongside of postfix.  One of my technical friends recently did a
few podcasts on software requirements.  I was not yet ready to install another
software suite just to authenticate.  What to do.

As it turns out there was a solution, you create a tunnel to server server with
ssh (secure shell) so that a local port at home stateside comes out inside your
server and connects to localhost on port 25!  How convenient!  As a home
internet user I'm not allowed to use port 25 here, and ssh with a "ssh -L
8025:localhost:25" was quite willing to go around the isp's firewall, as well as
go around me telling postfix not to listen to the internet but only the
localhost!  Welcome to the world of smtp-over-ssh!

The last step was to actually publish an spf record to tell the internet that I,
the domain owner, actually intend to send email from both the big server in NYC
and my own server in Iceland.  The recommended spf record from the cpanel isp is
something like
"+mx +include:websitewelcome.com" turns out websitewelcome.com is the entire
network of smtp servers the isp runs.  I found out I had to change this too
+mx +a:ada.info-underground.net +include:websitewelcome.com"  But I tested by
sending test emails to a free spf verifyer at verifier.port25.com.  As I tested
by sending from different places, I kept noticing that my smtp came from
"gateway0.websitewelcom.com"  Where the zero could be any of ten smtp servers.
Yes, the big server farm in NYC actually generated so much outbound email that
my stuff was getting pumped into the internet round-robin through any of 10
email servers!

But it's working now, and I hope it was as interesting to you as to me, dear
reader!

You are viewing proxied material from gopher.info-underground.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.