Getting my mail server set up
Thanks for your support thus far community…
I am trying to get a clearer understanding of how email servers work so I can proceed in properly setting up one…
Currently, we are using Bluehost for our emails and over time we have gotten errors of email deliverability to GMAIL…
With the best of my understanding I need to setup DKIM, DMARC and PTR record on my Linode.
Here are some questions I need clarifications on
- Do I need to install Postfix on my Linode considering the fact that I already use Bluehost.
- What does Postfix really do.
- With Postfix installed can I create different emails like [email protected], email@example.com
I feel with these answers I should be able to proceed with the next steps.
Thanks in advance…
Based on the questions you're asking, I personally would advise against trying to run your own email server.
They're not a fire-and-forget proposition, and they require somewhat regular babysitting in order to avoid becoming a delivery vector for spam, phishing, or other malicious materials.
It would perhaps be better for you to understand the inner workings of email as a set of protocols, the many security issues inherent in its design, etc. That will help you into the "what does postfix really do" answers, and make things like DKIM, DMARC, SPF, etc. make sense in a real-world way.
You received really good advice from "cyveris." Running a mail-server can be a huge time-sink and is best left to those who have the technical skills and the tooling to maintain it.
If you ARE going to take the plunge I suggest you use https://mailinabox.email . I had success with it couple of years ago.
If you do this, you will want to put the mail server on it's own (small) Linode server.
Unless you are really, really, really interested in running your own mail, I suggest you do what we do. We took a small $5/mo. shared server on PairNetworks (pair.com) just for email. We then modified the DNS records at the registry for each of our domains to send web traffic to our Linode and mail traffic to PairNetworks. Easy to do… lots of documentation out there on how to do this.
The cost is the same (Pair vs. Linode)… but it is way, way faster to add new email boxes or forwards or responders with Pair than it was on our own mail server.
Unless you are a very good Linux system administrator (or want to become one!), it is not advised that you run your own mail server.
Just my opinion… worth what it cost.. probably far less!
Boy howdy! I have to agree with @cyveris here… Mail servers are not hard to set up but they require care & feeding. If you don't know what you're doing and slip up, your domain could end up being blacklisted all over the internet. I spend probably more time guarding ports 25, 465 and 587 from attacks by bad actors (looking at you Vlad & the PLA) than anything.
1. Do I need to install Postfix on my Linode considering the fact that I already use Bluehost.
No. What you need to do is find a mail service host that's reliable. If you're having problems with Bluehost because they don't want to bother with SPF, DKIM, DMARC and the coming MTS-SLA, dump 'em. Google will happily host your email domain and it doesn't seem to have any problems with any of these.
2. What does Postfix really do.
There are three acronyms you need to understand:
► MTA: Mail Transfer Agent. This is what postfix(1) largely does. An MTA's job is to receive mail from someone (could be an MUA or another MTA) and either relay it to another MTA or hand it off to an MDA for delivery. postfix(1) typically provides three services:
- smtp (simple mail transfer protocol…port 25) -- this is the 'relay' function; although an MUA can submit mail for transmission using smtp, you'd have to have been living under a rock for the last 75 years to want to do this…port 25 has to be completely unrestricted…which makes it a target for spammers.
- ssmtp (or smtps…port 465) -- the secure version of smtp…does exactly the same thing but there is public-key exchange and encryption involved in the transfer of the message.
- submission (port 587) -- a secure protocol to accept messages from an MUA for transmission/relay.
► MUA: Mail User Agent. Although there are some small quirks, you can think of any program that allows you to compose email and click "Send" as an MUA. It has two jobs: a) take mail from the user and submit it to the MTA; and b) take mail from the MDA and present it to the user for reading, forwarding, filing, etc.
► MDA: Mail Delivery Agent. When an MTA determines that it's the destination for the message, the MTA will hand the message off to an MDA for delivery (postfix(1) can do delivery but its facilities frankly suck…you would never want to do this). There are 3 services provided by an MDA:
- lmtp (local mail transfer protocol…this typically runs on a local-domain socket for performance & security since the internet isn't involved in this). It's very similar in structure to smtp -- this is the MTA/MDA message exchange.
- pop3 (post office protocol 3…ports 110/995 for clear/secure service) -- an older style protocol that transfers messages from the MDA to the MUA for presentation to the user…rapidly falling out of favor but still in wide use.
- imap (internet message access protocol…ports 143/993 for clear/secure service) -- a protocol that presents messages to the MUA for reading, forwarding, filing, etc….unlike pop3, the messages are not moved to the MUA first; they stay on the server…this is the probably dominant post-office-style protocol in use today.
In the postfix(1) world, the MDA half of the MTA/MDA marriage is dovecot(1). Although dovecot is fairly simple beast conceptually, it has lots of options and the configuration model is way different than postfix(1)s. I find it cryptic & obtuse personally…
Anyway, I hope this helps… Here's a couple of references:
- The Book of Postfix: State-of-the-Art Message Transport ~500 pages
- Dovecot: POP3/IMAP servers for enterprises and ISPs ~400 pages
Both postfix(1) and dovecot(1) have changed around the edges since these were both published but the technical concepts are fundamentally the same. Get good used copies if you can for way less dinero™!