[Discuss] Running a mail server, or not

[david at thekramers.net (David Kramer)]

Update: Mostly successful!? I set up postfix and dovecot using MySQL for 
the virtual users and domains, using a domain name I wasn't using for 
anything else (bostongeeks.net), as a test.

Most of the details I followed were from 
https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql/ 
with higher level details coming from 
https://www.linode.com/docs/email/running-a-mail-server/.? Also followed 
their pages for securing the server, and [tried to] follow their 
directions for installing the certs.? Here are some interesting things I 
ran into:

Installing mysql-server no longer prompts you for a root password on 
install.? it does this crazy thing where if you run mysql/mysqladmin as 
root, it lets you in without a password.? Even if you set the root 
password, you can't get into mysql as root unless you're logged in as 
root, and then it ignores the password.? In the mysql.user table, the 
record for root has a plugin of auth_socket instead of 
mysql_native_password.? I added a new record and then it worked.

Another mysql problem I ran into is some of the configuration (from the 
default files and the directions above) use localhost, and some use 
127.0.0.1.? It pains me that this is still a problem in 2018.? So I had 
to add another user record so both would work.

With respect to the certs, it went easier than I thought, but part of 
the confusion is different systems call the cert and key files different 
things with different extensions.? A lot of mail documentation talks 
about pem files, but I had a crt file and a key file.? After some 
searching I found a page 
<https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-file> 
that explained that pem is kind of a format, and crt files are often 
also pem files and how to tell if yours is.? Mine was, so rock and roll.

Dovecot is the strong, silent type.? It hardly ever tells you when it's 
unhappy and why, and will die with no messages.? And worse, it spits out 
messages like "dovecot: auth: Error: auth worker: Aborted PASSV request 
for david at bostongeeks.net: Shutting down", when it's not actually 
shutting down. Google says "Oh everybody gets that, ignore it."? I was 
pretty unhappy about that.

OK, here was the most fun. This one is more particular to my system than 
helpful to others, but it could be entertaining.? When I got everything 
together, and ran a test sending an email from my desktop machine as 
david at thekramers.net to david at bostongeeks.net, and got "RCPT TO failed: 
: Recipient address rejected: User unknown in virtual mailbox table">? I 
double checked and the virtual domain and virtual user were set up 
correctly.?? Lots of googling on this one, and I finally figured out the 
problem wasn't the new server at all, but my current mail server, which 
was still set up to get mail for bostongeeks.net but had no users for 
it. This was hard to track down because there were so many machines 
involved that are running postfix and could have been the origin of that 
message: My desktop server, my home mail server, my old Linode node mail 
server, and the new Linode node mail server. This also took a while to 
diagnose because I suspected that was the problem, but I grepped all of 
/etc on that server for bostongeeks.net and found nothing, but that's 
because it was in the database.? I deleted that virtual domain and it 
all worked.

Thank you all for your advice.? I'm hopeful I will be able to fully 
switch over very shortly. I still have some things to work on which I 
will post in a separate email.


On 06/20/2018 04:26 AM, David Kramer wrote:
> Quick version of my situation:
> - I ran my own mail server at home for a long time, and it was good.
>
> - When I moved from Comcast Business (static IP) to FiOS years ago, 
> things got complicated both because of dynamic IP address, and because 
> about that time lots of sites started cracking down on SSL certs and 
> reverse DNS entries and whatnot, Yahoo and others started rejecting a 
> lot of mail that was accepted in the past, etc.? Lots of mail would 
> not go through.
>
> - I got a Linode server, and tried to set up a mail server for it and 
> failed. I reached out for help here and it didn't work out. The 
> directions for setting up postfix/dovecot/procmail/spamassassin/certs 
> was incredibly long and complicated, and I'm not a SysAdmin, so I 
> never got a full working solution.
>
> - I ended up with the crazy system I have now, where incoming email 
> goes to my server still running at home. Outgoing mail goes out my 
> server at home and smart relayed through the linode server 
> (postfix/dovecot/procmail) so it has a consistent IP address and real 
> SSL certificates I bought from GoDaddy.? This... mostly works, but my 
> email still can't get send mail to some people. Worse, I can't send 
> mail to my family to their @thekramers.net domain name because the 
> Linode server won't send them to my server at home.
>
> - I am totally fed up with this brokenness, and from running an 
> ancient server at home, and want to fix this right.? Also my certs are 
> expiring and I'm getting new ones, so I need to do change things 
> anyway.? DNS changes are a hassle, as are power outages.
>
> My main motivations for running my own mail server is that I rely 
> heavily on procmail rules to deliver mail to the right folders, and I 
> am also not crazy about third parties scanning and storing all my 
> mail, though that's negotiable.? The idea solution as I currently see 
> it is all mail going through my Linode server, which would be for both 
> incoming, outgoing, filtering, webmail of some sort, oh and CalDav and 
> CardDav. And move my web server there too eventually. If I can move my 
> super old Owncloud? to Nextcloud on the linode server too.? I will 
> probably start with 
> https://www.linode.com/docs/email/running-a-mail-server/
>
> My main fear in all of this is that I will try to set everything up 
> and it will go wrong, and my mail will bounce, possibly for days, 
> while I am job hunting. So I need to go about this carefully.? I'm 
> willing to start from scratch on the Linode server. incoming mail will 
> go to my home server until I change MX records so at least that part 
> has some leeway.
>
> Questions:
> - Are there any other solutions to my end goal (privacy and control 
> over mail routing to mailboxes) that I'm missing, other than running 
> my own mail server? Some other mail platform I can trust and also set 
> up very complex routing rules with?? GMail and Office365 are right out 
> on general privacy and trust principles, and client-side filtering is 
> not an option because I read my email on 4+ devices.
>
> - Are Postfix/Dovecot/procmail the best tools for me, and worth the 
> insane configuration process?
>
> - I've asked here before if anyone was willing to help me, for free or 
> for money (no I can't pay $50 an hour but I can pay). Given that 
> failure means my mail won't work, relying on asking questions on 
> mailing lists if I run into trouble is problematic.
>
> - Right now I have mbox, some of them pretty huge. I have to assume 
> there will be a way of moving my mail over from my home server to the 
> new server in maildir format, since that is newer and much better. So 
> I need to get the server working then I can worry about copying over 
> the old mail later.
>
>
> Thanks in advance. and sorry about the long email. I like to give all 
> the details to cut down on the back and forth and wrong paths so I'm 
> not wasting others time as much.
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss