How to self-host your email server
In 1998 at my first job, I was the system administrator of the biggest Internet provider in Bolivia, it still is the biggest provider. The Internet arrived here in 1995 or 1996, so it was just starting.
I was in charge of BGP routers, with a satellite connection to the Internet, the whole country had just 2 mbps of connection back in those days. I was also in charge of the email server, (roble.scz.entelnet.bo), the DNS server run on a Unix machine while the email and web server on a RedHat Linux powered PC.
Fast forward to 2001, I started my own company, it had nothing to do with system administration, but anyway we needed email service, so I just got an online channel with a /28 public IP segment, and set up a CentOS server running bind, sendmail, Dovecot.
In 2007, I started blogging on Drupal running on that same server using Apache, PHP and MySQL here the first post. I was used to hosting services.
But then I had less time in my hands, it was also more difficult to maintain the services running, keeping up to date with Spam filters and rules became difficult, Bind also had its problems, and Slashdot happened and Bandwidth was not enough.
I moved my server to a web hosting company, and then to a Linode VPS, I also outsourced the DNS service and moved the email to Google Apps.
I migrated my old server to Debian and used it just for:
- DNS Cache
That was in 2010 more or less, so I stopped hosting my services, only my blog was in my hands, but at that time I started using Jekyll, so it was just a VPS with Nginx.
Back on Hosting my own services
In April this year I started this blog, but I also enrolled in the Fediverse, and decided to run my own instance, therefore I was hosting again, that was not just a NGINX server, then I read this, this and this.
And the idea of running my services was in my head again. I wanted to do it different with time, it is not 1998 anymore, so I decided to learn about Docker. So now I have in just one Arch Linux server:
- Two static sites
- One Wordpress Site
- One RSS reader (Miniflux)
- One password manager app (Bitwarden)
- One read-later app (Wallabag)
- One Webmention app Webmentiod
All running with Docker Compose files, but there was something missing, it was email. (Mastodon has its own server -yet-)
Hosting your own email server
I wanted to run an email server on Docker, so I looked for alternatives and I have found that there are some really nice.
I have not tested it, but seems really easy to deploy it has a free version that I think is enough for personal use, with two professional options with a monthly charge.
It is a clone of Poste.io, but using only free, Open Source alternatives, I have installed and configured, it took me just 45 minutes to have server running for one of my domains. It has a tool that create a configuration file based on your options, and it set up everything for you, you can find it here, you only need to answer a few questions, and run three or four commands and there you have a complete email server.
- Admin web front-end
Really a great option, I recommend it to anyone.
Then I found this one, it is also a complete suite, all Open Source, with excellent documentation, and ready to deploy on a server with Docker. It is not as easy as Mailu, but I decided to use it. I followed this guide, yes I know, you still need Gmail or any other provider to send your emails, if you follow that guide. But I was not ready to jump into the pool completely.
So, here is my setup:
- MX record points to my server, so all my email is received by my server
- All email is then forwarded to other accounts (Gmail accounts in this case)
- Gmail is configured to use those accounts as default and not the Gmail address, and uses my SMTP server to send
This way I am sure I am using my domain, because we already agreed that everybody should own his domain, right?. I am using Gmail as my email client.
I am doing this way, because it is easy to search emails when they are with Gmail, also because I am not sure if I may lose my server and lose some important email. I need to be sure about that, because I am hosting for my family, not only for me.
Also having an IMAP client on a cell phone drains the battery, because it polls the server even when there is nothing to download, or if you keep an open IMAP IDLE connection, it will also drain the battery. There is a solution for that, you need PushOver, and this IMAP to PushOver app, I have not tested yet, but I think is the way to go.
Edit: After reading some comments on Reddit, these three other options seems to be good ones too.
Mail in a Box: Although there are not official instructions to install it on Docker, it should be possible, here is an outdated attempt, and here another one. But on a VPS it seems work great, and the admin pannel guides you.
Things to consider
If you plan to host your own email server, there are some important things you need to consider, and it is to properly configure your DNS server. Here is what you need:
You really need to configure a SPF record, it is not the same with all providers, but there is plenty of documentation, and it is not hard to do. This record basically tells the recipient server who is authorized to send mail on behalf of your domain. The most common configuration is that the MX server are the authorized ones, something like this.
v=spf1 mx ~all
This one is a little more difficult, you need to create the DKIM key, your email server may do it, all examples above can do it, once you have it, you need to create a TXT record on your DNS and paste it there, it will look something like this:
v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArARSBHTh32y3VpSEe+pOI7AuILCUsYw1FNL5vTu1P3Mpte50jjkvzg+pBndcSzndQDt6B6mqLBbTwWrZR/j73CTI4ejcYL+xqSXYPU8+xNwu5uwHOMsgWMl15Z/1e1QJD9Ss3Q8aOLOkvHNIgAfSCq
All your emails will be signed with that, DKIM key, and the receiving server can check if the signature is valid, using the info from the DNS.
This one is optional, but is better to have it, you can generate it using online tools like this one. What it does is to tell what to do when something fails, and who to report that, usually the server admin, well you.
You need to have a PTR DNS records, that is the reverse DNS for the IP your server is using should point to the same name the A record has. So, for example, if you have this A record
IN A mail.server.com 192.168.0.1
There should also be a reverse record like this.
IN PTR 192.168.0.1 mail.server.com
You need to ask to the owner of the IP to add that record for you, if you are using a VPS, you can look in the documentation about that.
Of course, you need a MX record, but you already knew about this one, otherwise maybe is not a good idea to run your own server. This basically informs al sending servers which server is receiving email for your domain.
Once you have set up everything, wait 24 hours for DNS to propagate and test it, this tool is great
Secondary mail server
After reading this comment, I want to add this recommendation too.
When the main server is down, email can not be delivered, usually it just stays in the senders queue, and once your server is up again all email is delivered to it, but if the outage is long enough some email might be returned to senders and the users will lose them.
The way to avoid this is to have a second machine running a secondary email server, this is simpler to set up, as it will only have the function to store email while the main server is down, and send all emails to it once is up again. There are some good documentation out there, here and here.
The drawback is that now you have a second email to upgrade and keep running, and Spammers usually target at it, so if you have backups for the main server, and you consider you can have it up and running relatively fast you can avoid a second email. One should also consider whose email is being hosted at the server, and how critical is that email for them.
Critical email might be on an Office 365 Exchange Online (Plan 1), once again, under your domain.
You may not need to host your email server, you can use Fastmail, Zoho, Office 365, or Google Suite, but you must use your domain, all accounts, all bank statements should be sent to an email address at your domain, otherwise you can lose control over your accounts. Hosting your email server is not an easy task, dealing with SPAM is hard, and downtimes can be a nightmare too, but you learn one or two things while hosting your email.