hello friends! new(ish)!

Setting up a Server/Mail: Difference between revisions

From InstallGentoo Wiki v2
Jump to navigation Jump to search
mNo edit summary
 
(8 intermediate revisions by 3 users not shown)
Line 4: Line 4:
You need a domain.
You need a domain.
* This should not be a free domain that can be revoked at any time such as those from freedns or no-ip.
* This should not be a free domain that can be revoked at any time such as those from freedns or no-ip.
* See [[Domains]]
* See [[DNS]]
You need a server (duh) and a good understanding of GNU/Linux(or BSD, if you're so inclined)
You need a server (duh) and a good understanding of GNU/Linux(or BSD, if you're so inclined)
Keep in mind that the host can often see everything if you're using a VPS. Stick to trustworthy hosts or host from home for maximum (physical) security.
Keep in mind that the host can often see everything if you're using a VPS. Stick to trustworthy hosts or host from home for maximum (physical) security.


Consider that many residential ISPs block port 25 to fight spam. Contact your ISP and ask if they will let you use port 25 - if they refuse you will need a VPN or proxy for your mail server (see [[Setting Up A Server/VPN and Proxy]]).
Consider that many residential ISPs block port 25 to fight spam. Contact your ISP and ask if they will let you use port 25 - if they refuse you will need a [[Setting up a Server/VPN|VPN]] or [[Setting up a Server/Proxy|proxy]].


SMTP traffic between mail servers is often unencrypted for at least part of the route for a number of reasons. Consider using PGP to avoid potential interception problems.
SMTP traffic between mail servers is often unencrypted for at least part of the route for a number of reasons. Consider using PGP to avoid potential interception problems.
Line 20: Line 20:


== The Hard Way ==
== The Hard Way ==
ugh
[http://flurdy.com/docs/postfix/ This guide is far more in-depth than I could ever be.]


[https://workaround.org/ispmail/bullseye/ Well-regarded ISPmail guide for Debian. Recommended.]
[https://www.grepular.com/Automatically_Encrypting_all_Incoming_Email] Older guide to encrypted mailboxes. Recommended.
== Security ==
Obviously it's bad for your mail server to get compromised. If hackers break into a mail server, they can start sending spam, so these are high value targets. As soon as they find out that your mail ports are open (and they'll find out very quickly thanks to scanning ports+harvesting your address), they'll come right for you.
If your server starts sending spam, you will be taken for a spammer by all the major spammer blacklists. Your ISP may receive abuse complaints, and they'll be wanting to ask you wtf is going on. If the attacker does something illegal (eg. spam is illegal in Murka) you could get the authorities coming after your server, too. And when all this is over and the dust settled, you'll realize that your domain is now on every blacklist under the sun, all your emails bounce so you can't talk to anyone, and it's a huge pain to get off the blacklists ("I'm totally not a spammer guys, that was just a hacker!").


== Additional Considerations ==
== Additional Considerations ==
Security...


What about having your mail server accessible as a Tor hidden service? (link to that guide)
What about having your mail server accessible as a Tor hidden service? (link to that guide)
== External Links ==
*https://prefetch.eu/blog/2020/email-server/
*https://jeffreifman.com/how-to-install-your-own-private-e-mail-server-in-the-amazon-cloud-aws/
*https://www.c0ffee.net/blog/mail-server-guide/
*https://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/
[[Category:HowTo]]

Latest revision as of 08:14, 3 July 2023

Perhaps you're sick of Google/M$ datamining your emails, or maybe just want mail for your domain. Either way running your own mail server is a good solution.

Before You Start

You need a domain.

  • This should not be a free domain that can be revoked at any time such as those from freedns or no-ip.
  • See DNS

You need a server (duh) and a good understanding of GNU/Linux(or BSD, if you're so inclined) Keep in mind that the host can often see everything if you're using a VPS. Stick to trustworthy hosts or host from home for maximum (physical) security.

Consider that many residential ISPs block port 25 to fight spam. Contact your ISP and ask if they will let you use port 25 - if they refuse you will need a VPN or proxy.

SMTP traffic between mail servers is often unencrypted for at least part of the route for a number of reasons. Consider using PGP to avoid potential interception problems.

The Easy Way

There are a number of complete mailserver packages around specifically for the new or lazy sysadmin. Here are some recommendations, all include everything you need including anti spam. For most you will need Docker set up.

  • iRedMail - full featured, should only be run on a fresh install
  • docker-mailserver - docker, no webui
  • Mailu - docker, full featured including webui, simple
  • Mailcow - available for docker or for bare metal, but only docker is kept up to date. Includes webui.

The Hard Way

This guide is far more in-depth than I could ever be.

Well-regarded ISPmail guide for Debian. Recommended.

[1] Older guide to encrypted mailboxes. Recommended.

Security

Obviously it's bad for your mail server to get compromised. If hackers break into a mail server, they can start sending spam, so these are high value targets. As soon as they find out that your mail ports are open (and they'll find out very quickly thanks to scanning ports+harvesting your address), they'll come right for you.

If your server starts sending spam, you will be taken for a spammer by all the major spammer blacklists. Your ISP may receive abuse complaints, and they'll be wanting to ask you wtf is going on. If the attacker does something illegal (eg. spam is illegal in Murka) you could get the authorities coming after your server, too. And when all this is over and the dust settled, you'll realize that your domain is now on every blacklist under the sun, all your emails bounce so you can't talk to anyone, and it's a huge pain to get off the blacklists ("I'm totally not a spammer guys, that was just a hacker!").

Additional Considerations

What about having your mail server accessible as a Tor hidden service? (link to that guide)

External Links