Previous Page

nihilist - 00 / 00 / 00

VPS Mailserver

Before we start, you will need a Debian 10+ VPS (you can get one on digitalocean for example), if you prefer to use your own self hosted server, make sure that port 80, 443, 587 and 993 are correctly port forwarded so that the public ip points to the server and not the router. Once that's done, go and ssh into your debian 10 server.

You cannot use DuckDNS for this one because you will need to add specific DNS records, most importantly the MX and DKIM records which are crucial for this tutorial. Therefore go get an actual paid domain name, i got mine on Infomaniak :

So let's add a subdomain to point at our mail server, to do so you need to go to the DNS Zone settings to add a few entries starting with the MX record:

Here make sure you do not forget the trailing dot (.) at the end of the Target. Next you want to setup that mail subdomain as well, and to do so you will do add a CNAME record, that is if your mail server is the SAME as your main server (mail.domain.com == domain.com):

In the other case where your mailserver is NOT the same as the main server (mail.domain.com != domain.com) you will need an A record which is going to tell Which IP to go to in order to reach that mail server:

In this case we're going to make it point to our DigitalOcean VPS as usual and once it's done we can simply ssh into it:

EDIT: DIGITALOCEAN IS BLOCKING PORT 25 (SMTP) i have to redo this tutorial on another VPS.


[ 192.168.100.1/24 ] [ /dev/pts/8 ] [~]
→ ssh root@mail.void.yt
The authenticity of host 'mail.void.yt (161.35.41.22)' can't be established.
ECDSA key fingerprint is SHA256:AMDSjSs4f3CDvivmjFRjGDjmuz079vsS/A+9hdYi9a0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'mail.void.yt,161.35.41.22' (ECDSA) to the list of known hosts.
Linux debian-s-1vcpu-1gb-lon1-01 4.19.0-10-cloud-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@debian-s-1vcpu-1gb-lon1-01:~#

Initial Configuration

Once you've logged in via SSH, install the following dependencies:


apt install nginx socat curl -y

Once that's done, download the nginx config and edit it:


wget https://blog.nowhere.moe/servers/mail/mail.conf -O /etc/nginx/sites-available/mail.conf
nano /etc/nginx/sites-available/mail.conf

Make sure you put your own domain name in there:

Next we're going to get our free TLS certificate by using acme.sh:


wget -O -  https://get.acme.sh | sh
source ~/.bashrc

systemctl stop nginx 
acme.sh --issue --standalone -d mail.void.yt -k 4096

Once you're done, hit CTRL+S to save, and CTRL+X to exit nano.


ln -s /etc/nginx/sites-available/mail.conf /etc/nginx/sites-enabled/mail.conf
nginx -t
systemctl start nginx

Once you're here, nginx should tell you the configuration is successful, if not, make sure you followed the syntax of the original file. Next we're going to see that our configuration works by browsing to it:

Here the 404 error is intended, you also see that the website redirects to https (tls 1.3). Now from here we'll simply need to use Luke Smith's script:

The Script




cd ~
wget https://raw.githubusercontent.com/LukeSmithxyz/emailwiz/master/emailwiz.sh
chmod +x emailwiz.sh
sh emailwiz.sh

When postfix asks you something, hit "internet site":

Next postfix is going to ask you the FQDN, make sure you type the domain name, NOT the subdomain:

Then hit enter, and wait for the script to install postfix and dovecot. Luke intended this script to be run and to configure postfix and dovecot together. The main feature here is that once you create an user added to the mail group, it's going make them able to receive and send mail.

Once the script finished running, we need to go back to our DNS settings to configure DKIM:

First things first we add the following TXT record:

If it doesnt work try out the DKIM option and hit save:

Next we're going to add DMARC:

And lastly the @ TXT record:

Once that's done, save your DNS settings, Create the user ON THE SERVER, and install thunderbird locally:


useradd -m -G mail -s /bin/bash someone
passwd someone

Then run thunderbird with the user's credentials, make sure you use the manual config tab:

And welcome to DigitalOcean, where you can't run mail servers lol. I did some research on DO's forums, and i found out that basically they are blocking port 25 (SMTP) which, in general indicates that they do not allow any mail hosting on their VPS, so for once i am not going to recommend DO

TLDR i am incredibly surprised at how difficult it is to setup your own email server. In france, most ISPs simply do not allow port 25 apart from OVH. Online, both DigitalOcean and Vultr block port 25 to avoid mail spam which makes me wonder where exactly do you even host your mail server. If anyone knows a particular hosting service that ALLOWS port 25 and other mail-specific ports (993 587 etc) please let me know.

Nihilism

Until there is Nothing left.

About nihilist

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nowhere.moe (PGP)