hello friends! new(ish)!
Setting up a Server/Mail
Perhaps you're sick of Google/M$ datamining your emails, or maybe just want mail for your domain. Either way running your own mail server is a good solution.
Before You Start
You need a domain.
- This should not be a free domain that can be revoked at any time such as those from freedns or no-ip.
- See DNS
You need a server (duh) and a good understanding of GNU/Linux(or BSD, if you're so inclined) Keep in mind that the host can often see everything if you're using a VPS. Stick to trustworthy hosts or host from home for maximum (physical) security.
Consider that many residential ISPs block port 25 to fight spam. Contact your ISP and ask if they will let you use port 25 - if they refuse you will need a VPN or proxy.
SMTP traffic between mail servers is often unencrypted for at least part of the route for a number of reasons. Consider using PGP to avoid potential interception problems.
The Easy Way
There are a number of complete mailserver packages around specifically for the new or lazy sysadmin. Here are some recommendations, all include everything you need including anti spam. For most you will need Docker set up.
- iRedMail - full featured, should only be run on a fresh install
- docker-mailserver - docker, no webui
- Mailu - docker, full featured including webui, simple
- Mailcow - available for docker or for bare metal, but only docker is kept up to date. Includes webui.
The Hard Way
This guide is far more in-depth than I could ever be.
Well-regarded ISPmail guide for Debian. Recommended.
[1] Older guide to encrypted mailboxes. Recommended.
Security
Obviously it's bad for your mail server to get compromised. If hackers break into a mail server, they can start sending spam, so these are high value targets. As soon as they find out that your mail ports are open (and they'll find out very quickly thanks to scanning ports+harvesting your address), they'll come right for you.
If your server starts sending spam, you will be taken for a spammer by all the major spammer blacklists. Your ISP may receive abuse complaints, and they'll be wanting to ask you wtf is going on. If the attacker does something illegal (eg. spam is illegal in Murka) you could get the authorities coming after your server, too. And when all this is over and the dust settled, you'll realize that your domain is now on every blacklist under the sun, all your emails bounce so you can't talk to anyone, and it's a huge pain to get off the blacklists ("I'm totally not a spammer guys, that was just a hacker!").
Additional Considerations
What about having your mail server accessible as a Tor hidden service? (link to that guide)