I tried maybe 15 years ago and it went about as well as you’d expect for back then. But I’m starting to get the itch again.
Have any of you tried relatively recently? How impossible is it to get reliable deliverability to gmail and whatnot these days?
I have been using my own email for many years (to this day). Everything is working great. The main thing is to have a static IP and be able to specify your domain in the PTR record of the ip address.
In general, you will need: postfix (https://wiki.archlinux.org/title/Postfix) OpenDMARC (https://wiki.archlinux.org/title/OpenDMARC) OpenDKIM (https://wiki.archlinux.org/title/OpenDKIM) Dovecot (https://wiki.archlinux.org/title/Dovecot) Some interface to choose from (soGO, roundcube) Maybe graylists, ClamAV, SpamAssassin, or something else to protect your mailbox from spam and viruses. And if you want filtering functionality, then you also need Sieve.
I’ve been running my own mail for 10+ years. I recommend rspamd for spam filtering. It took the place of SpamAssasin, grey listing, SPF checking, etc. All in one single system.
Where are you hosting your mail?
On my home server. My ISP gives me a static address and makes PTR records for only about $1.5 per month.
How do connect to your mail’s server outside your home network?
Sorry for all the questions, I’m trying to get my DNS working with a vpn and it’s been difficult.
Well… as I already wrote, my home server is literally on the Internet because I rent a static public IP address from the provider.
But if you have a VPS, then you just need to do port forwarding to your server with a VPS, and then add the following entries to the mx DNS server:
Where 10 and 20 are the server priority Or if the VPS is part of your domain then:
you.domain. 21600 IN MX 10 first.vps.you.domain. you.domain. 21600 IN MX 20 second.vps.you.domain. first.vps.you.domain. 21600 IN A 1.1.1.1 second.vps.you.domain. 21600 IN A 2.2.2.2And if you also have IPv6, you can do
first.vps.you.domain. 21600 IN AAAA fd00::1 second.vps.you.domain. 21600 IN AAAA fd00::2Where 1.1.1.1, 2.2.2.2, fd00::1 and fd00::2 are the addresses of your VPS
You also need to enter the address in the SPF:
you.domain. 21600 IN TXT "v=spf1 +mx -all"What does it mean
v=spf1 is the SPF version.
+mx – it is allowed to send mail from the IP addresses specified in the MX records of the domain.
-all – prohibits sending from any other servers (hard refusal).
Also, in order for the signature to work on the mail server, you need to make several TXT entries (for a detailed explanation, see my links about DKIM):
keyname.__domainkey.you.domain. TXT "v=DKIM1; ...%DKIM params%"and
you.domain. 86400 IN TXT "v=DMARC1...%dmarc params%"And you need ask you VPS provider set PTR for you VPS IP address with first.vps.you.domain. Or some providers access that config in web panel.
If you want to be able to accept mail, you’ll need to directly expose your mail server on your public IP (router configuration required). You’ll also need to allow your server to egress your WAN as well. That being said - if you really want tighten your security, and don’t care about missing some emails, you could limit your server to seeing only those servers you know you’ll be communicating with, such as work, bank, or GMail servers only.
You can make it so that retrieving your email with your client of choice requires a VPN connection to your home network also.