[Discuss] email server in Linux

Sat Jun 13 14:07:10 EDT 2020

On 6/13/2020 12:26 PM, Kent Borg wrote:
> On 6/12/20 10:29 PM, Tom Luo wrote:
>> Does anyone have experience setting a private email server in Ubuntu?
>
> If you like Ubuntu I would recommend Debian instead. It is what Ubuntu
> was based on and they haven't ruined it as badly as they have Ubuntu.
>
> I run postfix and dovecot on Debian.
>
> But a warning: You are heading into very rarefied territory here. I
> like think it gives me some sort of elite bragging rights, but I
> suspect the reality these days is this is too obscure for that, it
> just makes me a kook.
>
> I originally did it a zillion years ago because I could, and to learn.
> I keep doing it because I keep learning and I don't want to lose
> control. Sometimes I can go for long stretches and everything just
> works, but periodically the very rules for what is a properly run
> e-mail server change. That is a pain, but it also tends to keep me a
> little up to date.

Same here.  It's a lot harder to get started these days.  There's just
so much to know with respect to setting up SPF, TLS, etc. 

> If you do do it, you probably want to do it in the cloud (Linode,
> Digital Ocean, etc.). There is something nice about doing it at home,
> on you own box, but then you need a static IP address at home, one
> that isn't on spam blacklists, and I don't know a good solution to
> that anymore, My old DSL is going way up in price and down in
> reliability. I need to switch to something else and I don't know what

I've done a public-facing server on a DHCP address for close to 2
decades now.  You do have to pay attention to your public IP changing
(which will change a couple times a year even if you're not switching
providers, just because your ISP is doing internal reorganizations).  
And don't bother trying if you're on comcast; they are a nightmare. 

You could go the route Kent suggests, or you could start with a purely
internal system.  Just don't start off accepting mail from the outside. 
Lets you ignore all the hard parts (like figuring out what tricks you
have to use for your particular ISP/cloud providor), and a lot of the
old/simple tutorials (that don't cover any of the security stuff) will
work for you.  You could set up a system for a home network that your
family all has accounts on.  Then if you are comfortable and still think
this is a good idea, you can look at actually building out a system that
interacts with the outside world.

> Another suggestion: Don't offer e-mail addresses to others, or only to
> a very few (spouse...) because doing tech support can be a lot of
> work. I don't have an iphone, why can't my sister Google up out how to
> install my self-signed certificate herself?

Amen.  The other fun thing you can do is create unique email addresses
for every website that wants you to make a login.  I just add a new line
to /etc/aliases, run 'newaliases' (I do sendmail), and then I've got a
site-specific email address that will go to my normal inbox.  When that
site gets hacked and I start getting spam to that address, I not only
know who leaked, but can decide if I want to keep that address anymore
without impacting anything else.

Happy to share tips if you share more about which direction you want to go.

Matt