Setting Up A Spam-Proof Home Email Server (The Somewhat Alternate Way) (Debian Squeeze) - Page 4

Want to support HowtoForge? Become a subscriber!
 
Submitted by guestwriter (Contact Author) (Forums) on Mon, 2011-05-16 17:40. ::

Backup MX Server

Another problem that can occur on a dynamic IP address is, that your IP address changes and that it takes some time to propagate throughout the internet. If people want to send you email, they shouldn't get an error message.

For that reason you can add a backup MX server.

Someone I know as error404 told me a while back about Roller Network. From what I can see is that they offer cusotmizable email, dns and stuff and also backup mx capabilities.

I didn't sign up there as I have a couple of dedicated serves which I give other people to use as backup mx server, so I can't tell you how to proceed on Roller.

However the only thing you have to do, once you setup backup mx server on Roller Network, is to go to EveryDNS again, log into your account, select your domain and create another mx entry.

Make a "MX" record type, set as fully qualified domain name "MYDOMAIN.COM", set as value "ROLLERNETWORK" and set as "MX Value" "20"

The FQDN stays your domain name. Because it is for your domain name where a backup shall be created. The backup will be on the Roller Network, so you have to enter there whatever they tell you. The next important thing is, that the MX value is higher than the one you set for your own server. The higher the MX value, the less priority it gets - because even on a dynamic IP address you should be reachable most of the time.

 

Thunderbird

Now we have all together. Setup a nice little server, run Postfix, Dovecot, Procmail, Apache on it. We have a script that allows easy add/remove of incoming email addresses and we have also a backup mx server in case of downtime or ip address change.

Basically we're now good to go.

Now we just need to setup our email client. My preference here is Thunderbird - although it still has one major drawback in my opinion (but that's not for discussion here now). The reason for Thunderbird is a great addon:

Virtual Identity - this addon tries to figure out what your incoming email address is and will then set it as outgoing email address. The reason why this addon makes TB great is, because in other email clients you usually define your email address and it will be by default set as your outgoing email address. Normally you can manually alter it but that's a hassle.

Just imagine you set your email address to "testuser@testuser.com" but you create all those individual email addresses on websites and friends. If you don't alter it, then people will reply to "testuser@testuser.com" which then defeates the purpose of having a unique email address for everyone out there.

So this addon will take away a great deal of "manual setting of sender email address". The newest version can be found here (the one on Mozilla is quite outdated): Current Virtual Identity

Thunderbird also tries to figure out what capabilities your server supports. In case auto-detection isn't work properly, I'll give you the details right here:

Email Address: This can be just about anything you want. I recommend however that you do setup this email address also in the virtual file - just to be sure!

Username: This is your actual system user name

Password: This is your actual system password

Incoming Mailserver: This is just MYDOMAIN.COM, use IMAP and as Port 143 and set to STARTTLS

Outgoing Mailserver: This is just MYDOMAIN.COM, set Port to what is required and set to STARTTLS

If the autodection doesn't automatically work, you can press the "Stop" button (several) times and then fill in things manually and have it rechecked.

By default the Username will be set to the "left" part of the supplied email address. That's a common reason for auto-detection not working properly.

Once you have setup the account, you will be prompted to accept the certificate. I recommend to make accept the certificate permanently. It's you who created it. Also first sending of email will probably fail because of the certificate that also first needs to be accepted.

 

Slow sending of emails

As TLS negotiation requires random numbers for the session, on a little used box it can be the case that it takes a long time to send even small emails. The reason is that entropy might not be sufficient. You can boost entropy but it will be at a cost of security.

 

(1) Install rng-tools

apt-get install rng-tools

 

(2) Edit /etc/default/rng-tools

Add below

#HRNGDEVICE=/dev/null 

this

HRNGDEVICE=/dev/urandom

 

(3) Restart rng-tools

/etc/init.d/rng-tools restart

 

Port 25/587/... blocked

At my university port 25 was totally blocked. So I couldn't send emails at all while I was connected to the univesity network - except using their email client. This is different from being blocked by your ISP for submission of email because you want to send email from your device to your home server and your home server will then submit the email to the actual recipient.

Because of that I did add a couple more ports to the master.cf file.

As we already added port 587 to the master.cf (check above), you can easily add more ports there. Currently I do add port 2525 and 2500 (they are also easy to remember).

In your Thunderbird account settings for the SMTP servers, just change the port accordingly to 2525 or 2500 if neither 25 or 587 are working.

Of course you can add even more ports onto which Postfix shall listen.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by fossala (not registered) on Sun, 2011-09-18 13:45.

I have followed your guide (very good btw) and I cannot send things with smtp. It just says "login to server *mymailserver*.com failed."

Any ideas where to start to look where I went wrong? 

Submitted by sjau (registered user) on Sat, 2012-01-28 20:36.

I noticed a little error. On page 2 it says to run:

echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.config

 but it should be smtpd.conf

 

Maybe that's the reason why you can't login.

Submitted by KBurger (not registered) on Sun, 2011-05-22 05:01.

The dynamic IP address problem can easily be overcome with DDclient.  I think it's in the repositories.  If not you can get it here -  http://sourceforge.net/apps/trac/ddclient

With this you don't need a static IP address.

Submitted by Samat (not registered) on Thu, 2011-05-19 02:02.

Nice idea: but what I don't like about this, you're on that Thunderbird extension setting sender e-mail address for you.

What if someone stops maintaining the extension, or you want to switch to another e-mail client or webmail?

Submitted by JohnP (not registered) on Mon, 2011-05-16 19:17.
DNS services support wildcard redirection like *.domain.org, so you don't need to run BIND locally - or anywhere on your systems.

This has been working here for over a decade.

Bind is often hacked, so don't run it unless you really need it. If you do need to run it, use chroot.

DynDNS.org's DNS service supports wildcard redirection, MX and all the other things you need from a DNS service. ddclient is the dynamic IP tool, assuming your router doesn't support them already. Most current routers seem to support dyndns and a few other DNS providers.
Submitted by Anonymous (not registered) on Tue, 2011-05-17 09:01.

You do need DNS resolution if you are NATed.... and if you are using multiple networks at once, you really, really need it.

 If you're just on at home, you can easily set the dns resolution in the hosts file. But if it's a notebook that you use at home, at work or other places.... you'll need a better option ;=