I read some recent phosts by jynx ([0],[1]) on email, where he
mentions mutt and the fact that self-hosting is difficult. I've been
using mutt and self-hosting my own domains' email for many years,
and have had few problems with blacklisting or blocking. Here is a
broad overview of what I do and recommend. I haven't changed this
setup in a long time, it just runs:

Setup postfix on a hosted Debian VPS, obviously there are tons but I
use Ramnode for no particular reason over any others. I chose
postfix because it is easy to setup, very secure and there are lots
of tutorials available on how to do all the little things you want
to do with an email server.

You can use a server in your basement, but in any case the server
should have a static IP address, as many commercial mail servers
block email from broad swaths of dynamic IP ranges used by
residential ISPs. If you can get two static IPs that is better, if
one gets put on a blacklist for some reason you can just switch to
the second.

For DNS, obviously you need an MX record but it needs to be a
hostname, not an IP address. Further, the IP address of your mail
server needs to have a PTR record (reverse DNS) so that it resolves
to the same hostname as your MX record. Some of the more strict mail
servers check that the reverse DNS resolves.

Add SPF records. They don't really work, but adding them is easy and
you can just set them to soft-fail. I have no specific data to say
this helps with blocking, but I have never been blocked by any of
the big providers, so maybe it does help. Use one of the many
wizards online for generating the needed TXT records. I don't use
DKIM.

The easiest setup for spam/virus scanning is amavis/spamasassin. For
POP/IMAP I use dovecot, with free SSL certs on that and SMTP/TLS by
Let's Encrypt (I used to use self-signed certs, but these are free
and avoid any issues). I also use greylisting via postgrey, but it
is not mandatory.

If you want to allow family or friends (or yourself when traveling)
to use your mail server as an outbound relay, this can be a
problem. Most residential ISPs block port 25 outbound to all but
their mail servers. Obviously this is unacceptable, so you can open
up another port and have it forward to port 25 with an iptables rule
- I use port 26 since I've found this is rarely blocked.

/sbin/iptables -t nat -A PREROUTING -d <mail server IP> -p tcp \
-m tcp --dport 26 -j DNAT --to-destination <mail server IP>:25

I use a chrooted saslauthd for SMTP auth via TLS.

The server itself is firewalled and although SSH is allowed in from
anywhere, I disable password auth and run the daemon on another
port. That avoids most bulk SSH attacks.

For mutt I like Debian's mutt-patched which gives a nice
sidebar/folder view. I also consolidate all of my personal email
addresses into the same mutt config using folders, folder hooks and
the reverse alias setting. I use procmail to filter into folders. I
compose mail in emacsclient. Like postfix, once this is setup it
needs very little maintenance. I read my email right on the mail
server, but I do use k9 mail on occasion from my phone, via IMAP.

[0] gopher://sdf.org/0/users/jynx/dat/20171202b.post
[1] gopher://sdf.org/0/users/jynx/dat/20171203.post

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.