JDPFu.com 2024

I started hosting my own email through a home broadband connection around 1998. Every ISP is a little different, so be certain to check the terms of use for your ISP. Often, running an email server is against the TOS. Many ISPs are blocking the ports needed to run email servers. That doesn’t mean you can’t run one, just that you’ll have to add two more steps to your setup. If you are new at this, you may not be positive about the reasons that your email isn’t being received or sent.

For the last 4 years, I’m been hosting a Zimbra installation inside a virtual machine. Zimbra is a communications server that can easily replace MS-Exchange for many corporations. I’ve been running email servers for companies since 1996.

For such a small question, the answer is more complex than someone would think.

How Email Works

SMTP

This is simple. To send and receive email used to be pretty easy. Use have an MTA, Mail Transfer Agent, that behaves as the inbound and outbound server for email. This is ususally qmail, postfix, or cough, sendmail. This service needs to list on port 25 for SMTP traffic from anywhere in the world and it needs to be able to transmit SMTP traffic out to any server in the world to port 25 on the remote server.

DNS MX Record

Your domain record needs to tell the world which IP/server is your mail exchanger. That is accomplished through the DNS MX record. You need one.

Client – POP3 or IMAP

Personal opinion here – if you are going to run your own email server, do not bother with POP3. Use IMAP and store all the messages on your server. When you do this, all your client machines have access to all your email from anywhere in the world. You control which ports are used for sending and receiving email and can ensure that only SSL/TLS connections are supported. That means that anywhere in the world, you are safe to use your client to send/receive email from your server. Pretty nice. With IMAP, searching through email messages happens on the server too – chances are that the server is much quicker than your shiny new Android phone. ;)

That’s all you need to host email from your own server. Of course, your ISP may put up road-blocks to make that a little more difficult. Road-blocks like not giving you at least 1 static IP or blocking either inbound or outbound port 25 traffic. It is possible to get around these issues using a Dynamic DNS name server and SMTP store and forward service. Describing how those work is more than I will cover in this article, but you can find more information easily by google.

Does Your ISP Block Critical Ports

Before we start, you need to determine if your ISP is blocking the standard port used for SMTP traffic, port 25. It matters for both inbound and outbound connections.

Inbound

To receive email, an outside connection must be made to your machine on port 25 for your domain, so to test this, you need to find a server outside your ISP and try to telnet on port 25 back to your IP. You’ll probably want to setup an MTA or telnet server or even just a web page on that port.

Don’t forget to open port 25 inbound on your router and forward any traffic to your server on the port where you have a listener running. That can be www, telnet, or SMTP or whatever. My router allows port translation and I have an internal web server running, so I would use 25-to-80 translation. Also, don’t forget that your internal server may be running a firewall and blocking all non-local subnet traffic. If you aren’t – WHY NOT!?? Relax your firewall for a few minutes.

From the remote machine,

$ telnet xx.xx.xx.xx 25

Does it connect? If you are using a web server like me, do a GET to request the top page. If the connection times out, that doesn’t mean your ISP is filtering port 25, but it is a good indication that it may be happening. You need to try the same command from inside your network. If that doesn’t work, then you have a configuration issue to solve.

Outbound

To transmit email, you’ll need to connect to other servers on port 25. Most servers on the internet don’t run an SMTP listener on port 25, so how do you find one that will? Simple, use DNS. Pick a domain and look up the MX record for it.

$ dig google.com mx

or

$ host -t mx  google.com

google.com mail is handled by 30 alt2.aspmx.l.google.com.

google.com mail is handled by 10 aspmx.l.google.com.

google.com mail is handled by 20 alt1.aspmx.l.google.com.

google.com mail is handled by 40 alt3.aspmx.l.google.com.

google.com mail is handled by 50 alt4.aspmx.l.google.com.

MX records have a priority built in. The lowest number is the preferred email server. In the gmail.com case, from my network, I should hit aspmx.l.google.com.

$ telnet aspmx.l.google.com 25
Trying 74.125.65.27...
Connected to aspmx.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP f34si7435989ann.188
^]
telnet> quit
Connection closed.

Simple, it works here. If it doesn’t connect, then your ISP is blocking outbound port 25 traffic and you need to find an outbound configuration to transmit email. Sometimes ISPs block just one-way traffic for port 25. Sometimes they require use of any email gateway which they control. If that outbound relate allows it, you may be allowed to transmit email that isn’t from the ISP domain. That could be just fine.

Clients

If you are considering running an email server, then you don’t need any help setting up clients. Just be certain to only allow encrypted connections, even from internal clients.

MTA – Postfix Server

Postfix is my SMTP server of choice. It was designed as a secure replacement for sendmail. It is trivial to setup for a single domain, while supporting extremely complex MTA configurations. I have a central SMTP server running postfix where all the other UNIX-like servers forward all emails (mostly concerning server status) as satellite SMTP servers. This is pretty easy to setup under APT.

$ sudo apt-get install postfix

and answer the questions in a smart way. When you are done, you should have a working SMTP server. All sending of email from your network should go through this new postfix server. That means you must configure all clients to know about it either with internal DNS, /etc/hosts or by using the IP address of the server. To make this easier, be certain to answer the local networks question correctly in your postfix setup.

IMAP – Dovecot Server

There are 2 popular IMAP servers for Linux systems. Courier and Dovecot. I’ve used Dovecot previously and found it pretty easy to setup. This is just for reading email, not sending.

Do Not Become An Open Relay

In the email server world, it is easy to become an open relay. After you setup your postfix and open the necessary ports, redirect the router back to port 25 on your new email server, you’ll want to have an outside mail server test your server for being an open relay. Spammers love open relays and it is the easiest way to get added to an RBL – Remote Block List. Search for “open relay test” to find some free testing.

Email Block Lists

RBL or remote block lists are the main way that email providers block spam. Residential DHCP addresses are part of this automatically and some corporations block all email to/from any IP inside any RBL. It just makes sense. OTOH, when we want to use our home systems for sending and receiving SMTP, being on an RBL is a major hindrance for successful transmission. If you are on residential ISP service, there isn’t much you can do about this beside paying for an email receiving and forwarding service. These are often sold separately, meaning you can purchase either sending OR receiving solutions. It is a good idea to have a receiving solution as a backup since your ISP may go down and email will not be able to get to you new server. I’ve seen this for $50/year. If this is just a hobby, I wouldn’t worry about it.

Centralized Email

Even if you cannot receive email on your home server, you can centralize all email to it by pulling email from multiple external accounts periodically and placing those messages into your mailstore. “Huh?” you ask? Suppose you have 5 outside email accounts – gmail, isp-mail, yahoo-mail and a few throw-away accounts. You can setup a tool called fetchmail to poll those systems and drop any messages there into your central email server mail storage. For example, I poll my ISP email every 10 hours with fetchmail

$ more ~/.fetchmailrc 

set daemon 36000

poll mail.isp.net

   with protocol pop3

   username jdpfu password PASSWORD is {local-user-name}

There are lots of more complex fetchmail options. Use man fetchmail to learn more. You will probably want to use the /etc/aliases file on each of your machines too. Use man aliases to learn more.

Perfect Server Setup

After rereading this article, I know that lots of specific details were left out. If you choose to run email at home, you may want to follow a setup guide. The guys over at HowToForge produce Server Setup Guides for just this purpose. Often, these are tailored for running an ISP and often, they do not secure their setups as much as I’d like, but when you are starting out even getting a working configuration is helpful. Here’s the smallest, quickest, smallest howto for email on Debian servers. Even that HowTo is overkill for what is needed for a home or hobby domain since there is no need to have MySQL involved at all.

Other Email Related Services

When you setup an email server, you’ll probably want to include a few other capabilities, like

• Webmail – SquirrelMail is a commonly used
• Antispam – Spam Assassin
• Antivirus – ClamAV – Others
• Calendaring – Usually not part of email solutions
• Address Books – Centralized addressbooks are often LDAP servers and most email clients understand LDAP queries.

If you have a large enough need and want everything included in 1 setup, Zimbra is pretty capable. I can’t recommend this to someone just starting out running their first SMTP server. It is complex and picky about certain things being setup before you can even install the system. Further, it won’t install on less than 1GB of RAM. I’ve giving our Zimbra VM here almost 2GB of RAM. It is a hog, but it does some pretty cool things too. The enterprise calendaring is the killer-app for us.

Backups and Disaster Recovery Planning

Enough said. Do it. Test it. Validate it.

Don’t Forget About Virtualization

Everything said above can (and should) be performed inside a VM. There’s no need to run email directly on hardware. A postfix+dovecot email server can easily handle 50 users with 512MB of RAM and 1 CPU. Email does not add a heavy load on a server.

In the End …

In the end, do you really want important emails to possibly be missed because your home network connection is unavailable and you didn’t setup a backup MX at another location? In the old days, email would be retried over 4 days before the systems would give up. These days, you are lucky if they try for 4 hours. That means when you are out of town on vacation, which is when your email server will be disconnected, any email will be lost until you return and power cycle your ISP modem connection if anything bad happens. For 99.99% of the people out there, running your own email server isn’t a bright idea. If you want to learn, then sure, run one at home, but you probably want your important email going somewhere else.