2023 How to Quickly Build an Email Server of Your Own in 2022
Development
Preparation
Before building a mail server, we need to meet the following conditions:
- A domain name that belongs to your own, for example: prds98.com (this is used as an example in the following content)
- A server that can be connected to the Internet, such as: Alibaba Cloud Server, Tencent Cloud Server
- Reversely resolve the ip address of this server to its own domain name
The first two are very easy to do. Basically, both Alibaba Cloud and Tencent Cloud have very mature one-stop services. The third is more difficult, because most domestic cloud vendors do not directly provide the option to set reverse resolution (PTR record) in China. However, reverse resolution is a mechanism that maps an IP address to a domain name, which can prevent other mailboxes from treating your emails as spam, so this must be done. If you cannot configure reverse resolution directly, you can go to customer service of your Internet Service Provider (ISP) to configure it for you. Noted that the ISP is on the side of your server provider, not on the side of the DNS resolution service. For example, the domain name resolution service of Tencent Cloud is provided by Dnspod. Although Dnspod is owned by Tencent, it is not ideal going to their customer service. You need to go to the machine configuration page to find a customer service.
Configure DNS settings
-
PTR records was discussed in the previous section.
-
Configure A record:
mail.prds98.com -> 1.2.3.4 (server ip address)
-
Configure the CNAME records:
smtp.prds98.com -> mail.prds98.com
pop.prds98.com -> mail.prds98.com
imap.prds98.com -> mail.prds98.com
-
Configure MX record:
prds98.com -> mail.prds98.com
-
Configure the SPF record:
prds98.com -> "v=spf1 a mx -all"
-
Configure DMARC record:
_dmarc.prds98.com -> "v=DMARC1; p=none; rua=mailto:dmarc-reports@prds98.com"
DMARC record is not required, but is very helpful for problems encountered with mail transmission. After starting the service, you need to create an account ````dmarc-reports@prds98.com``` to receive DMARC reports.
Deploy the mail server with Docker
Configure service
We use the most popular open source mail server poste.io. First, make sure the server has Docker and
Docker-Compose installed. Next, create a new directory on the server, touch a compose.yml file in the directory,
and copy the following content into this file:
Remember to replace the domain name with your own, and use the environment to set the time zone. If your server memory is less than 4G, it is recommended to disable the ClamAV antivirus module, just uncomment
DISABLE_CLAMAV=TRUE.ClamAV takes up about 1G of memory during operation. He will regularly update the virus database, and the memory usage will expand quick, causing the server to freeze.
Rspamd is a module for automatic spam recognition. It only takes up about 250M of memory, and it is recommended not closing it.
Start the service
Just run the docker-compose up -d command in the directory will start the mail server. After starting the service
for the first time, some initial configuration is required. Use the browser to access the server ip address and follows
the wizard.
Configure HTTPS (TLS certificate)
After the initial configuration is completed, it will automatically enter the mail server backend, go to System settings, select TLS certificate, and follow the wizard to complete the Let's Encrypt certificate configuration. Later, when you directly access the domain name, HTTPS connection will be established instead of HTTP, and you will not be alert insecure!
Configure DKIM key
Enter the Virtual domain configuration from the backend, click the domain name you configured, generate a new DKIM in the DKIM key column, go to your DNS settings and add a TXT record: The following is an example:
_s20160910378._domainkey.your-domain.com IN TXT "k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FvkMuwN46vvtQCC1JZz7XzRE+l+Lf8/5XUKwWJXOcE7dJoZBbOE0Gz85phZ2q+y4l8D7t/hXDz9q+6/KVQDgJ9muaxSM/uS+KG0ds0QLEiV0GYCVu+ZZQSNPBPjOwlDvo3LraW00lMpd5dUj+xpr07ShfIoULhi7/7t76n5GZMse9yBa4hIhxSG/wCAB4D6IWYBURz9Pc75IDPDTlImr3TP/82YrsULY70CHaPHA1+j1VPA5lE+tnmeqxJW6P537xSutDppv8BZg4nlF3ojg2k6LB/cq15C4QRPAMs77pRA4GVnys1LEJ3JDvV3/csOCZ49oC4m44/TnWXk057OAwIDAQAB"
Then the DNS record should be something as follows:
| Domain Record | Record Type | Record Value |
|---|---|---|
| _s20160910378._domainkey | TXT | k=rsa;p=MIIBIjANB... |
Test the mail server
At this point the basic configuration has been completed, don't forget to create a dmark report
account dmarc-reports@prds98.com.
You can check whether your emails can be sent and received normally through some test tools. Below are some recommended websites which can detect the standardization of your mail server configuration and guide you to do further optimization.
Tags:
Previous
Next