Setting Up A Spam-Proof Home Email Server (The Somewhat Alternate Way) (Debian Squeeze) - Page 4
Backup MX Server
Another problem that can occur on a dynamic IP address is, that your IP address changes and that it takes some time to propagate throughout the internet. If people want to send you email, they shouldn't get an error message.
For that reason you can add a backup MX server.
Someone I know as error404 told me a while back about Roller Network. From what I can see is that they offer cusotmizable email, dns and stuff and also backup mx capabilities.
I didn't sign up there as I have a couple of dedicated serves which I give other people to use as backup mx server, so I can't tell you how to proceed on Roller.
However the only thing you have to do, once you setup backup mx server on Roller Network, is to go to EveryDNS again, log into your account, select your domain and create another mx entry.
Make a "MX" record type, set as fully qualified domain name "MYDOMAIN.COM", set as value "ROLLERNETWORK" and set as "MX Value" "20"
The FQDN stays your domain name. Because it is for your domain name where a backup shall be created. The backup will be on the Roller Network, so you have to enter there whatever they tell you. The next important thing is, that the MX value is higher than the one you set for your own server. The higher the MX value, the less priority it gets - because even on a dynamic IP address you should be reachable most of the time.
Now we have all together. Setup a nice little server, run Postfix, Dovecot, Procmail, Apache on it. We have a script that allows easy add/remove of incoming email addresses and we have also a backup mx server in case of downtime or ip address change.
Basically we're now good to go.
Now we just need to setup our email client. My preference here is Thunderbird - although it still has one major drawback in my opinion (but that's not for discussion here now). The reason for Thunderbird is a great addon:
Virtual Identity - this addon tries to figure out what your incoming email address is and will then set it as outgoing email address. The reason why this addon makes TB great is, because in other email clients you usually define your email address and it will be by default set as your outgoing email address. Normally you can manually alter it but that's a hassle.
Just imagine you set your email address to "firstname.lastname@example.org" but you create all those individual email addresses on websites and friends. If you don't alter it, then people will reply to "email@example.com" which then defeates the purpose of having a unique email address for everyone out there.
So this addon will take away a great deal of "manual setting of sender email address". The newest version can be found here (the one on Mozilla is quite outdated): Current Virtual Identity
Thunderbird also tries to figure out what capabilities your server supports. In case auto-detection isn't work properly, I'll give you the details right here:
Email Address: This can be just about anything you want. I recommend however that you do setup this email address also in the virtual file - just to be sure!
Username: This is your actual system user name
Password: This is your actual system password
Incoming Mailserver: This is just MYDOMAIN.COM, use IMAP and as Port 143 and set to STARTTLS
Outgoing Mailserver: This is just MYDOMAIN.COM, set Port to what is required and set to STARTTLS
If the autodection doesn't automatically work, you can press the "Stop" button (several) times and then fill in things manually and have it rechecked.
By default the Username will be set to the "left" part of the supplied email address. That's a common reason for auto-detection not working properly.
Once you have setup the account, you will be prompted to accept the certificate. I recommend to make accept the certificate permanently. It's you who created it. Also first sending of email will probably fail because of the certificate that also first needs to be accepted.
Slow sending of emails
As TLS negotiation requires random numbers for the session, on a little used box it can be the case that it takes a long time to send even small emails. The reason is that entropy might not be sufficient. You can boost entropy but it will be at a cost of security.
(1) Install rng-tools
apt-get install rng-tools
(2) Edit /etc/default/rng-tools
(3) Restart rng-tools
Port 25/587/... blocked
At my university port 25 was totally blocked. So I couldn't send emails at all while I was connected to the univesity network - except using their email client. This is different from being blocked by your ISP for submission of email because you want to send email from your device to your home server and your home server will then submit the email to the actual recipient.
Because of that I did add a couple more ports to the master.cf file.
As we already added port 587 to the master.cf (check above), you can easily add more ports there. Currently I do add port 2525 and 2500 (they are also easy to remember).
In your Thunderbird account settings for the SMTP servers, just change the port accordingly to 2525 or 2500 if neither 25 or 587 are working.
Of course you can add even more ports onto which Postfix shall listen.