Hey-ho 👋
What is the best approach for selfhosting an email server with static IP or blocked port 25?
I’ve done it many times in many different ways, now doing it again and want to hear what is the best approach these days
My port 25 isn’t even probably blocked, I just prefer to use my vps to help it with this stuff
Any suggestions?
You must log in or register to comment.
Do not try to host outbound mail on residential IP blocks, delivery will be really bad. Cheap VPS is same story. You best bet is VPS from some not well know provider, they may be avoid to be in blacklist in M$ and Google. Inbound mail is fine anywhere as so long as you can have port 25 open. DDNS works too.
Hosting email with mailcow dockerized worked pretty good on my netcup vps, but before you go into hosting email ask yourself a few questions:
- Will you use your selfhosted mail for important things? (Banking, official correspondence and so on)
- Can you promise a near 100% uptime? Otherwise, some email might not reach you.
- How important is the Mail you send? Some (stupid) Blocklists generally block all IP ranges that are sold out by vps companies and other kinds of IAAS.
- If you register any accounts with your selfhosted mail, can you guarantee yourself that your email account is secure? Don’t underestimate what an attacker can do with a compromised Mail account.
I personally ended up scrapping my email server eventually. Nowadays I pay a company to do the mail hosting, you just need to set some DNS records and they do everything else. Personally, I’m with proton, but there are many good alternatives.
As i said i already have experience of hosting email, many different ways, etc
Will you use your selfhosted mail for important things? (Banking, official correspondence and so on)
I’m barely using email because have really few services that require an email (foss and selfhosting evangelism)
Can you promise a near 100% uptime? Otherwise, some email might not reach you.
I can promise you anything under these stars. And some of it would be true because my specialization is 0 downtime systems
How important is the Mail you send? Some (stupid) Blocklists generally block all IP ranges that are sold out by vps companies and other kinds of IAAS.
Never had any problems with the big hosters like do, linode, vultr, hetzner
If you register any accounts with your selfhosted mail, can you guarantee yourself that your email account is secure? Don’t underestimate what an attacker can do with a compromised Mail account.
Selfhosting for many years, never got hacked because I take security seriously
Nowadays I pay a company to do the mail hosting
I’m trying not to pay companies when not necessary, and especially not for a “setup service”
Alright, you seem to have a good grasp on what you’re doing. Good luck have fun. I really hope it works for you.
Can you promise a near 100% uptime? Otherwise, some email might not reach you. Just lol. Mail get queued just fine by everyone. If you really concern , setup second MX.
You can selfhost the email server wherever you want. But you’ve to use some external system to deliver the email or you’ll end up in spam because your residential IP is most likely dynamic and already flagged by most email providers.
One way to do it is to get a VPS somewhere and setup Wireguard on it. Then configure your local system to bind to the Wireguard interface and IP so all email send and received using the tunnel. Dovecot doesn’t care what interface it is running on, Postfix has specific options that you can change in
master.cfto accommodate the fact that it will be binding to the VPN IP and the real IP is the VPS public IP.- Setup a install of Dovecot / Postfix / Rspamd on your local server: https://workaround.org/ispmail-bookworm/
- Start by setting up a Wireguard tunnel between your local server and the VPS: https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04
- Create a outgoing transport for the email that uses the WG tunnel and is aware of the VPS public IP:
out-wg unix - - n - - smtp -o proxy_interfaces=188.xxx.xxx.xxx # the real public IP of the VPS -o smtp_bind_address=10.0.0.2 # the IP that your local server has on the WG interface -o inet_interfaces=10.0.0.2 # same as above -o myhostname=server.example.org # should match the PTR / reverse DNS entry on the VPS IP -o smtp_helo_name=server.example.org # should match the PTR / reverse DNS entry on the VPS IP -o syslog_name=smtp-wg- Set your VPS firewall to NAT/forward incoming traffic on port 25, 587, 465 and 993 to the local server (wireguard client 10.0.0.2);
- Change
main.cfto use the transport by adding:default_transport = out-wg.
That’s everything you need to get it going. Use https://www.mail-tester.com/ to debug if DKIM and everything else is properly setup at the end.
Very nice walkthrough. Gonna bookmark this.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System IMAP Internet Message Access Protocol for email IP Internet Protocol NAT Network Address Translation POP3 Post Office Protocol v3, for email; contrast IMAP RPi Raspberry Pi brand of SBC SBC Single-Board Computer SMTP Simple Mail Transfer Protocol VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
9 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.
[Thread #461 for this sub, first seen 29th Jan 2024, 13:05] [FAQ] [Full list] [Contact] [Source code]
