hello friends! new(ish)!

Setting up a Server/Mail: Difference between revisions

From InstallGentoo Wiki v2
Jump to navigation Jump to search
>4ab41
m (added security from home server remote access)
>4ab41
m (Added resources for email server)
Line 34: Line 34:


What about having your mail server accessible as a Tor hidden service? (link to that guide)
What about having your mail server accessible as a Tor hidden service? (link to that guide)
== External Links ==
*https://prefetch.eu/blog/2020/email-server/
*https://jeffreifman.com/how-to-install-your-own-private-e-mail-server-in-the-amazon-cloud-aws/
*https://www.c0ffee.net/blog/mail-server-guide/
*https://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/


[[Category:HowTo]]
[[Category:HowTo]]

Revision as of 01:29, 6 February 2021

Perhaps you're sick of Google/M$ datamining your emails, or maybe just want mail for your domain. Either way running your own mail server is a good solution.

Before You Start

You need a domain.

  • This should not be a free domain that can be revoked at any time such as those from freedns or no-ip.
  • See DNS

You need a server (duh) and a good understanding of GNU/Linux(or BSD, if you're so inclined) Keep in mind that the host can often see everything if you're using a VPS. Stick to trustworthy hosts or host from home for maximum (physical) security.

Consider that many residential ISPs block port 25 to fight spam. Contact your ISP and ask if they will let you use port 25 - if they refuse you will need a VPN or proxy.

SMTP traffic between mail servers is often unencrypted for at least part of the route for a number of reasons. Consider using PGP to avoid potential interception problems.

The Easy Way

There are a number of complete mailserver packages around specifically for the new or lazy sysadmin. Here are some recommendations, all include everything you need including anti spam. For most you will need Docker set up.

  • iRedMail - full featured, should only be run on a fresh install
  • docker-mailserver - docker, no webui
  • Mailu - docker, full featured including webui, simple
  • Mailcow - available for docker or for bare metal, but only docker is kept up to date. Includes webui.

The Hard Way

This guide is far more in-depth than I could ever be.

Simpler than the above guide but without any of the spam filtering, webmail, etc.

[1] Older guide to encrypted mailboxes. Recommended.

Security

Obviously it's bad for your mail server to get compromised. If hackers break into a mail server, they can start sending spam, so these are high value targets. As soon as they find out that your mail ports are open (and they'll find out very quickly thanks to scanning ports+harvesting your address), they'll come right for you.

If your server starts sending spam, you will be taken for a spammer by all the major spammer blacklists. Your ISP may receive abuse complaints, and they'll be wanting to ask you wtf is going on. If the attacker does something illegal (eg. spam is illegal in Murka) you could get the authorities coming after your server, too. And when all this is over and the dust settled, you'll realize that your domain is now on every blacklist under the sun, all your emails bounce so you can't talk to anyone, and it's a huge pain to get off the blacklists ("I'm totally not a spammer guys, that was just a hacker!").

Additional Considerations

What about having your mail server accessible as a Tor hidden service? (link to that guide)

External Links