Set up a Linux server as stand-alone mailserver

[Cyberuben]

Hi,

I'm trying to find out a way to set up a standalone mailserver. I have multiple domains protected by cloudflare and for security reasons I do not have MX-records set up to my webserver as it makes my IP easily 'findable'. Currently I'm looking for a way to send my emails from a server that is NOT my webserver, though, in my full control.

I've googled for email hosting, so an external mail server that I can use, but all of these hostings only allow one domain per hosting plan. Since I host more than just one domain, this could become quite valuable.

What I'm trying to achieve is setting up a server that accepts mail and sends mail (IMAP and SMTP), using any software that works. The server should hide my personal IP from being sent through the headers (Google Apps only hides your IP when sending using your browser, not through email software).

The most important part is that I need my server to send mail as if it is not spam. I had several cases where mails from my domain had to be removed from the junk list because it was classed as spam, and since I am planning to send mails with important information, though not classified, I'd like my mail to just show up in people's mailbox without having to state that it might show up in their junk.

If there are any tutorials, I'm sorry, I couldn't find any.

Ruben

 

[Pinhedd]

Hi,

I'm trying to find out a way to set up a standalone mailserver. I have multiple domains protected by cloudflare and for security reasons I do not have MX-records set up to my webserver as it makes my IP easily 'findable'. Currently I'm looking for a way to send my emails from a server that is NOT my webserver, though, in my full control.

I've googled for email hosting, so an external mail server that I can use, but all of these hostings only allow one domain per hosting plan. Since I host more than just one domain, this could become quite valuable.

What I'm trying to achieve is setting up a server that accepts mail and sends mail (IMAP and SMTP), using any software that works. The server should hide my personal IP from being sent through the headers (Google Apps only hides your IP when sending using your browser, not through email software).

The most important part is that I need my server to send mail as if it is not spam. I had several cases where mails from my domain had to be removed from the junk list because it was classed as spam, and since I am planning to send mails with important information, though not classified, I'd like my mail to just show up in people's mailbox without having to state that it might show up in their junk.

If there are any tutorials, I'm sorry, I couldn't find any.

Ruben

I'm a little bit confused.

You have a web server, presumably with some public facing sites hosted on it. Yet you're afraid of its IP being discovered?

Where is this server hosted?

Where is your mail server going to be hosted? As far as mail goes, you're pretty much restricted to commercial data centers. Many ISPs will not allow port 25 traffic on their network that is not destined to or originating from their own mail servers, and running one may be in violation of your ISPs terms of service.

If the IP of the mail server is dynamic, give up now.

Setting up a functioning mail server that won't have its deliveries flagged as spam requires very high level control over the DNS, rDNS, and IP routing. Most receiving mail servers will perform an nslookup on the hostname of the sending mail server to see if the sender's IP matches an A record in the host's domain's DNS zone. It will then perform an rDNS lookup to see if the hostname matches a PTR record of the originating IP in the rDNS zone. If either record is missing, the mail will usually be discarded as this may indicate a fraudulent message not sent by a legitimate mail server. The server will then look for an SPF record for the domain to which the sender belongs (not necessarily the domain to which the mail server belongs) to see if the mail server is authorized to send mail on behalf of that domain. SPF records are critical to preventing domains from being impersonated by malicious senders. Finally, it is highly recommended to setup DKIM/DomainKey which allows the sending mail server to digitally sign the outbound mail with a private key whose public counterpart is located in a DNS record.

I hope that this helps a bit.

 

[Cyberuben]

Well, you got it in some way.
I do indeed have a public webserver, but I'm trying to mask it's IP in any possible way. I host a few websites for game communities, and since booters are getting more known by little kids, DDoSing becomes more of a problem. I'm not really afraid a kid will be able to grab my webservers IP but I still want to add another layer of security. I'm using CloudFlare to basically "hide" my server, and as long as my server has no outgoing requests, no one will figure out what my webserver's IP is.

What I want to achieve is ordering a 2nd VPS where I can run all my mailservices on. This means that my mailserver's IP is not dynamic and is on 24/7, and (as you say), can be configured using SPF records.

Even though I understand what you say in your post, I'm not sure how I can achieve this, and I hoped to get some help here. I will do some research myself and try to find some tutorials later to achieve what I want, knowing what you said.

 

[Pinhedd]

Well, you got it in some way.
I do indeed have a public webserver, but I'm trying to mask it's IP in any possible way. I host a few websites for game communities, and since booters are getting more known by little kids, DDoSing becomes more of a problem. I'm not really afraid a kid will be able to grab my webservers IP but I still want to add another layer of security. I'm using CloudFlare to basically "hide" my server, and as long as my server has no outgoing requests, no one will figure out what my webserver's IP is.

What I want to achieve is ordering a 2nd VPS where I can run all my mailservices on. This means that my mailserver's IP is not dynamic and is on 24/7, and (as you say), can be configured using SPF records.

Even though I understand what you say in your post, I'm not sure how I can achieve this, and I hoped to get some help here. I will do some research myself and try to find some tutorials later to achieve what I want, knowing what you said.

Okay I understand that.

If your existing VPS is powerful enough you may be able to get away with embedding a second VPS within it that runs solely as a mail server (running a virtual machine within a virtual machine is possible if the VT-x extensions are exposed by the host). Get a second IP allocated and point it to the new VPS. If the new IP is not on the same subnet as your existing one it should be nearly impossible to put them together.

You may wish to take a look at running your mail server on an AWS Micro instance. Micro instances are part of the free tier (which comes with some usage limitations), so you can run one at next to no cost. You can then relay the email through AWS's email service. All that you would have to do then is authorize AWS SES to sign and send email on behalf of your domain by including their own SPF zone in your SPF record. It's easy enough to do. If the outbound mail load is light, a micro instance will handle it easily.

 

[Cyberuben]

My current webserver only has 512 MB of RAM. I don't really need more as I host about 5 websites and I still have 100 MB RAM available.
I was thinking of ordering a 2nd VPS for $5 / month, also 512 MB RAM.

Do you perphaps know a good guide on how configure a mailserver properly (Preferably CentOS)? I don't want to end up trying multiple ones and then finding out I have to do a reinstall beacuse I'm not sure what I changed.

I'm not that experienced with Linux yet, though I'm a fast learner and I can easily follow some tutorials or guides.

 

[Pinhedd]

My current webserver only has 512 MB of RAM. I don't really need more as I host about 5 websites and I still have 100 MB RAM available.
I was thinking of ordering a 2nd VPS for $5 / month, also 512 MB RAM.

Do you perphaps know a good guide on how configure a mailserver properly (Preferably CentOS)? I don't want to end up trying multiple ones and then finding out I have to do a reinstall beacuse I'm not sure what I changed.

I'm not that experienced with Linux yet, though I'm a fast learner and I can easily follow some tutorials or guides.

Okay. For Linux the two big ones are Sendmail and Postfix. Both are good, and both are available in CentOS.

Sendmail in particular is the default MTA for RHEL, and is also the default for CentOS, it's well supported and very compliant.

This should be good enough to get you started with Sendmail

http://tecadmin.net/install-sendmail-server-on-centos-rhel-server/

I also recommend looking at this guide for configuring Postfix

http://wiki.centos.org/HowTos/postfix

If you only wish to use that mail server as an outbound relay (no receiving email) then you can ignore the parts about Dovecote

 

[Cyberuben]

I used Virtualmin to set up my mailserver. I figured out I could run it as a mailserver alone, without the webserver etc attached. Now my main problem is that I need DKIM and SPF records, but I don't really understand how and what.

Virtualmin uses Postfix for delivering email. I do not yet have MX records set up for my domain, though, my Outlook test mail arrived at my inbox.
I have set up Postfix's headerchecks so it does not show my IP to the outside (which is exactly why I wanted my own mail server, not through SMTP, not through MX-records).

Could someone tell me how I set up DKIM / SPF records for my domain? I'm not sure which information you need to help me, but I'm sure I can post all information that should be kept private in a private message.