0

I'm trying to learn about linux and network administration, so I'm not especially concerned if this is not the most efficient way to do things.

I have a server at home running Ubuntu 20.04.

I've set up SSH including keys, OpenVPN, remote desktop and basic file-sharing. So far so good.

My ISP won't provide a static IP, so I access the server using the noIP service. Let's call the address myserver.ddns.net - so my ssh login is user@myserver.ddns.net.

I have several domain names that I'd like to add email addresses to. Let's call one of them 'example.com'. These are hosted by a small hosting company - to set MX records on these I open a support ticket and the admin sets them for me.

I'm looking at managing this server using postfix (because it seems best supported) and probably just having it forward email to an outlook.com box. I know that the first step of the setup is to make sure that any email sent to mail.example.com is directed to the postfix server, which will reside at whatever IP myserver.ddns.net is currently pointing to.

I also know that the Ubuntu hostname of the server running Postfix needs to match the FQDN in the MX record.

Can you please help a newbie really break down the connections from the FQDN -> noip -> my postfix server.

  1. The FQDN is example.com - therefore I ask my hosting server admin to place an MX record to redirect mail heading to mail.example.com?
  2. Because I don't have a static IP, this redirect needs to go to my noIP service. So I'm asking my hosting admin to direct mail.example.com to a) mail.myserver.ddns.net? b) myserver.ddns.net? c) something else?
  3. The Ubuntu server running postfix needs to have its hostname property set to match a) the FQDN name (hostname "example") b) the noIP address (hostname "myserver.ddns.net?" - but then I'm running into issues with "."s) c) something else?

I think that it should be:

  • mail.example.com -> myserver.ddns.net (Ubuntu hostname "example")

Like many things when I'm learning, I think the thing that's causing me the most grief is the initial step... Everything beyond this seems reasonably straightforward.

Thanks all!

atjb
  • 11
  • 2
    100% chance this fails. Most mainstream mail services do NOT accept mail from Residential IPs or Dynamic DNS providers, and require the forward DNS and the reverse DNS on the IP addresses to match, which you can't do on a residential ISP. You're better off paying for an email service than running email yourself - email is also its own form of Security Hell that is its own full time job, and as an IT Security Guy I don't say that lightly. – Thomas Ward Feb 05 '21 at 14:49
  • Thanks. Does it change anything if I access the email directly rather than forwarding to Outlook.com? I understand that paying for an email service is simpler, but I won't learn anything. – atjb Feb 05 '21 at 14:56
  • You should get a VPS for that, your home network won't work well as @Thomas Ward pointed out. But on a VPS, you can get it working nicely if you invest much(!) time learning stuff. I have that and it works just fine. But you need more than just an MX record. You will need DMARC, DKIM and SPF records if you want other email providers to accept your emails. Always check your server against https://mxtoolbox.com/ helps a lot – pLumo Feb 05 '21 at 15:01
  • 1
    @pLumo I touch on this briefly in my answer, but unless OP is willing to really learn how email works, how to properly do antispam, etc. it's probably best that they use a hosted mail service from any number of providers - I'm in the IT Security field and I myself have to invest a sizable amount of $$$ on my own to secure my own self-run email for my LLC - and it's taken me almost a year to get the thing to the state it's at now - operationally secure and protected from most threats. – Thomas Ward Feb 05 '21 at 15:32

2 Answers2

1

This may not be an answer that solves your question, but in the current state of Internet Email and such, is pretty much the only answer you can get at the moment:

Running an email server from your home on a Dynamic DNS provider and a Dynamic IP system from your Residential ISP is 100% going to fail and not work. Most mainstream email providers do not accept emails originating from mail servers on residential ISPs, and most residential ISPs will not let you run a mail server on their infrastructure. Further, a continually increasing number of providers require your forward DNS and your reverse DNS on your 'mail server' to match - you will not get the ability to do this on your Residential ISP.

Another consideration factor here is email system security. I'm an IT Security Professional myself, and protecting email systems from hacking attempts, etc. is its own full time job and unless you're willing to invest time (and likely a good portion of MONEY) into deploying an email system yourself, you really should not attempt to run email yourself.

You should consider going through a mail provider instead, and pay them for email services. Microsoft 365 (Business Basic license, on the Business side of their products for the Exchange access), ZoHo mail services, and numerous other providers are all out there and relatively cheap to provide services for email - unless you're willing to invest a LOT of time and effort into learning how mail works, securing your mail server properly, and paying for a VPS or such for this to run your mail, etc. you're better off just going with one of the many providers out there to run mail for you, you just have to get a domain name to go with it.

I would also advise not forwarding mail from a mail server in your home via Outlook or one of these other things directly, because there's a lot of restrictions on those types of accounts about mail volume, etc.

Thomas Ward
  • 74,764
  • Pretty definitive! Time to choose another project. Thanks for the responses and explanations. – atjb Feb 05 '21 at 17:27
-1

Do not use your Home computer and dynamic DNS for an email server (or any other server software that you want publicly available). I see several reasons:

  • Delivery issues: Other mail providers might (probably will) not accept your outgoing emails.

  • Your Privacy. Your public IP Address will be linked with a domain name, that makes you easily trackable (and attackable) in the internet at any time. The EU court has ruled that your IP address (and thus ddns address) is personal data not for nothing.

  • You open ports (=security holes) to a computer inside your home network. That is a security nightmare for you and christmas for hackers.

So, what to do ?

If you want to learn how to set up an email server, rent a VPS. It will cost you something like 10€ per month, for most providers you can easily change to a higher plan if you notice, that the ressources are not sufficient.

If you like (and I would strongly advise), you should take care that you can run docker containers on it (not all VPS will do, ask the support before renting if you are not sure).

Then you can try to install everything your self. Plan at least a full weekend for installation and more time for proper configuration. There are thousands of good tutorials out there.

Depending on your needs, you will need several software packages:

  • Postfix (Mail transfer agent / MTA)
  • Dovecot (SMTP server)
  • AMAVIS (Mail Filter)
  • Spamassassins (Spam scanner)
  • Clamav (Virus scanner)
  • ...

If you want to have a webmailer, you will need:

  • Rainloop (or similar)
  • LetsEncrypt

Take in consideration that you need security ...

  • Harden your ssh server
  • Use Fail2ban for ssh, postfix, dovecot and the webmailer login.
  • Keep everything up to date at any time (means also that you need to subscribe to security bulletins or mailing lists).
  • ...

... and for delivery ....

  • OpenDKIM
  • OpenDMARC
  • SPF records

... and probably more stuff ...

Sounds complicated? Oh yes it is. And if you don't want to learn about all the above mentioned stuff, you should keep off your hands from your own email server and take the advise from @ThomasWard to use your time for other useful things.

But: If you're still reading this and are still interested, go ahead and try.

And now for the easy part:

You can use the great docker-mailserver which includes all of the software mentioned (except the webmailer) and is well maintained. Please note, that this will only make the installation very easy. You will still need a deep understanding of your system to be able to configure it wisely and run it securely and without having delivery issues.

pLumo
  • 26,947
  • Thanks, this is also definitive. I don't have any free money for projects at the momnet, so I guess this can go in the bookmarks and I'll maybe look into it down the line. Thank you! – atjb Feb 09 '21 at 10:35
  • @downvoter: Why downvote? If I can improve the answer you should let me know. – pLumo Feb 09 '21 at 11:30
  • Dunno - wasn't me! I upvoted but I'm new so my vote doesn't count yet. – atjb Feb 10 '21 at 12:19