Email Server

Alright guys, let's help all the privacy conscious brothers out, how does one create an email server?

Is a Raspberry Pi enough?
Do most isps block port 25?
How does one make sure that it is secured each step of the way?

Please help a beginner out

Other urls found in this thread:

arstechnica.com/information-technology/2014/02/how-to-run-your-own-e-mail-server-with-your-own-domain-part-1/
arstechnica.com/information-technology/2014/03/taking-e-mail-back-part-2-arming-your-server-with-postfix-dovecot/
arstechnica.com/business/2014/03/taking-e-mail-back-part-3-fortifying-your-box-against-spammers/
arstechnica.com/information-technology/2014/04/taking-e-mail-back-part-4-the-finale-with-webmail-everything-after/
freedns.afraid.org/
mail-tester.com
twitter.com/NSFWRedditVideo

>Is a Raspberry Pi enough?
Sure.
>Do most isps block port 25?
Sure. Even if yours doesn't, residential IP blocks are going to be blacklisted by pretty much every major mail provider.

Is it worth it to buy a domain name or should you keep it local?

That question doesn't really make any sense. Do you know what a domain name is? Or what an email server is for?

The tricky part with owning a self hosted email server is that the ISP must add a SPF record to the DNS.
Most of the time ISP do not provide this kind of service for home users.

sorry im a beginner, i thought you would need to buy a domain name to make your email name be custom after @

As other anons have stated, doing it from home is gonna give you a shitton of headaches and it's probably not going to work. Get a domain name (so just the domain name, not hosting..) and a VPS. As for how, I used this 4 part tutorial 2 years ago and my server is still chugging along fine.

arstechnica.com/information-technology/2014/02/how-to-run-your-own-e-mail-server-with-your-own-domain-part-1/
arstechnica.com/information-technology/2014/03/taking-e-mail-back-part-2-arming-your-server-with-postfix-dovecot/
arstechnica.com/business/2014/03/taking-e-mail-back-part-3-fortifying-your-box-against-spammers/
arstechnica.com/information-technology/2014/04/taking-e-mail-back-part-4-the-finale-with-webmail-everything-after/

You can use a free DNS service to get SPF records.
freedns.afraid.org/ supports it

You will need a VPN with a static IPv4 because your home IP address is going to be blacklisted by spam filters, as other Anons already pointed out

I ment PTR record, the SPF one you can add it yourself in the DNS control panel provided by the registrar where you bought the domain.

Yes, you have to buy a domain.
If you are a beginner I strongly advise you do not self host your email.
It's actually pretty hard to configure everything properly.
Most hosting providers offer an option comprised of domain+email for very cheap.

>ISP block ports
What shit country is that?

>As other anons have stated, doing it from home is gonna give you a shitton of headaches and it's probably not going to work.
The only option is to use VPN with a static IP. then you can host your mail at home like you would with a VPS.

Not but mine blocks 25 by default and lets me unblock it from their control panel. It's understandable since malware would use infected pcs in the network to send spam which would probably end up with the entire ISP being blacklisted.

True but imo at that point you might as well get a VPS, unless you're really tinfoily and want it stored at home.

>True but imo at that point you might as well get a VPS, unless you're really tinfoily and want it stored at home.
Practically yes, although there is some appeal in e-mail actually being deliver to your home. Comfy.

I run my own email hosted at home and everything works flawlessly, it isn't an easy task to set everything up but it is definitely doable.
Obviously you need a decent ISP (read as: one that does not block TCP 25).
My IP and domain is not included in any spamlist.

hi, thanks for the link, is it ok to do this on a rpi?

Yes it is.

Yes, as the tutorial might say you might want to skip the anti virus section as it eats memory, the rest if fine. (tutorial is for Ubuntu I think but Raspbian should be fine).

one last question, and I know it will sound retarded, but forgive my ignorance, when i turn my rpi off and an email is sent to me, will it remain in queue before i turn it back on, send anyway or will it essentially not deliver and will inform the sender of its failure to deliver?

>or will it essentially not deliver and will inform the sender of its failure to deliver?

This.

I am running a company on postfix, courier and smtp/imap without any SPF for like 5 years now. Never had a big problem so far. PTR is a must-have.

Yes, you are right, I wrote SPF instead of PTR.

Mail admin since the qmail days here is what I do:
I have a 5buck digital ocean account running ubuntu and sendmail in a split port configuration.

I have an rpi in my home network running fetchmail/sendmail that pop(s) the mail from the vps every 10 minutes and stores it locally. It also runs imap(s)

Each of my hosts runs fetchmail/sendmail to send mail to my vps and retrieves mail from my local rpi with imaps and keeps a copy on the rpi. The rpi has an archive all my mail since 2009 and no mail is stored on the vps for more than 15 minutes.

My domain name service (namecheap) has a dynamic dns service that works with my router so I can retrieve mail from outside the home.

Enabling SPF (and DKIM) is still a good idea though to stay out of more spamboxes and enable (sigh.. some) mailservers to check if mails from your domain(s) are actually send by your mailserver.

Recommend doing a test on this website: mail-tester.com

You're going to be blacklisted, and there will be spam flowing from your server in less than a week.

How did you decide on your domain name? Did you make it your name or something professional sounding?

Why hasnt the world switched to bitmessage yet? Its decentralized and even supports tor now.

>What shit country is that?
All of them, dumbfuck. My ISP allows me to unblock port 25, but it doesn't mean shit because the IP addresses are usually still blacklisted and they tell you this will be the case.

maybe
yes
google it

Another big issue you will have trying to host this on a residential IP is that it's probably in various RBLs (real-time blackhole lists). In other words, Spamhaus etc. classify entire blocks of IPs as "dynamic / residential". Other mail servers that use these RBLs will drop your connection as soon as they look you up in their configured RBL(s). You wouldn't be able to send me any messages unless I manually whitelisted your IP.

I'd recommend a cheap VPS. ARP networks has a plan for $10 / month. v4/v6/full root/reverse DNS etc.

No, he is not if his ISP is decent enough and everything is configured in a good way.

Because no one like good things.

I don't know where you live but here in europe most ISP do not block shit nor give a shit what you do.
I host a shit-ton of stuff at home (email, jabber, etc), I usually use between 2 and 5 TB of bandwidth a month and no one literally gives a shit.

Jesus christ, just don't.

>I work for a business-only ISP and used to manage 1 stupidly overloaded, badly configured POP3 server, 1 exchange server and 6 IMAP servers with tens of thousands of users.

This thread alone is enough to traumatize me, thank fuck I do more interesting stuff now and only spend about an hour a day troubleshooting email issues.

I tried to run a mail server behind a business cable internet account for a small non-profit. It was never an issue with the ISP blocking us, but no other mail server that used an RBL would accept mail from us.

>Is a Raspberry Pi enough?
For a low volume simple SMTP / POP server, sure. I think an rPI 3 will even handle IMAP for a few users.

>Do most isps block port 25?
Yes. You might be able to get around this by using a VPN endpoint as the MX record, or some other such fuckery.

>How does one make sure that it is secured each step of the way?
So you want to go full retard?
- TLS required
- Messages PGP encrypted
- IPsec over the wire
- DKIM signing
- Full disk encryption
- Rights management if supported

I use Exchange because reasons. Spam filtering is done at the firewall, TLS is required, and I've enabled DKIM. That's as far as I've currently gone. How far you want to go is up to you.

Bad luck and it was probably a fucking shitty ISP.
I run mine from home for years and so far I never had any problem, not even when sending emails to google or fucking microsoft addresses (which is infamously famous for employing over-restrictive spam policies).

Hi, what if it's just for one person?

Like I said, I'm a realold fag that was on the internet in the mid 90's. My domain name is my initials. Good luck finding a three letter tld today though...

ALRIGHT mr. @gay.com

I just hate email altogether. Your mail server will probably end up being compromised, you'll end up sending out spam and being blacklisted and you'll find some dick RBL owner will either charge money to delist you or won't allow you to delist yourself if you're not the owner of the IP address.

Or better yet, if you are an ISP - they'll refuse you anyway because they're the sort of idiot who thinks graylisting is a good idea. I can name names, but I don't want this to get personal or identify myself.

Also SPF is only as good as the receiving server, if they don't check for it you're as good as spoofed and be warned that some people are stupid enough to tell you that you have a problem with YOUR SPF record because they don't configure Spamassassin correctly.

Even Hotmail/Outlook don't know what they're doing with their SPF records, they send us abuse reports listing their own internal ip addresses as the perpetrator, it absolutely bananas.

I UNDERSTOOD HALF OF WHAT YOU SAID

CHRIST, ISN'T IT CRAZY THAT BILLIONS OF PEOPLE ARE USING EMAIL ACCOUNTS RUN BY OTHER PEOPLE AND THEY THINK IT'S "SAFE"

ALL IT TAKES IS SOME GOVERNMENT AGENCY ASKING FOR THE DETAILS AND THAT'S IT, EVERYTHING YOU DO AND YOUR ENTIRE LIFE GONE

WHAT IS THIS MAD WORLD WE'RE LIVING IN

It's not so much that side of things, it's that mail as a whole is reliant on everyone playing by the same rules and knowing what they're doing, it takes one shitty admin to fuck it up for people and unfortunately there are hundreds of those.

Email signature full of all the certs they have and yet they can't read a bounceback properly or understand why they're failing SPF.

>let's help all the privacy conscious brothers out
Encrypt. You can save your data on NSA servers if you encrypt it right. Storing it on a Pi in your room just moves the data outu of a data center with physical security to your home with none.