I recently started a new platform where I sell my books and courses, and I needed to send account-related emails to my users. The reasonable option that is often suggested is to use a paid email service such as Mailgun or SendGrid. Because the prospect of adding yet another dependency on Big Tech is depressing, I decided to go against the general advice and roll my own email server.
High-level Design
The simplest possible solution allows my web application to send emails out to people. I did not want to worry about other email use cases initially. There are two major protocols related to email:
- SMTP (Simple Mail Transfer Protocol): The protocol that allows email servers to talk between each other to send and receive messages. Popular open-source SMTP servers are Sendmail and Postfix.
- IMAP (Internet Message Access Protocol): A protocol that lets a user access and manage email stored in a remote server.
Really the only thing you need to send emails is SMTP. IMAP is for accessing emails, not sending them. So from the start I decided to skip IMAP.
Requirements and Preparation
Running an email server requires basically two things: a domain name and a computer to run the server on (such as a VPS). Having a domain is actually required to send emails on your own.
Step-by-Step Server Preparation
- Purchase a VPS: You can use providers like DigitalOcean, Linode, or Hetzner. Note that some providers block port 25 by default. You may need to request them to unblock it.
- Set a Hostname: Your server needs a proper hostname. If your domain is
example.com, your server could bemail.example.com.
Basic DNS Setup
You need to tell the world where your email server is. This is done through DNS records. You will need to create two records:
- A Record: Points
mail.example.comto your server's IP address. - MX Record: Points the mail delivery for
@example.comtomail.example.com.
Setting Up Postfix
Postfix is a popular open-source mail transfer agent (MTA) that routes and delivers electronic mail. You can install Postfix on Ubuntu using:
sudo apt-get update
sudo apt-get install postfix
During installation, select "Internet Site" and enter your domain name.
Email Security and Authentication
To ensure your emails are not marked as spam, you must configure several security policies.
Reverse DNS (PTR Record)
Your server's IP address must resolve back to its hostname (mail.example.com). You usually set this in your VPS provider's control panel.
DKIM (DomainKeys Identified Mail)
DKIM adds a cryptographic signature to your emails. You can set up OpenDKIM to handle this. It involves generating a private/public key pair, configuring Postfix to use the private key to sign outgoing emails, and publishing the public key in a TXT DNS record.
SPF (Sender Policy Framework)
SPF tells receiving servers which IP addresses are authorized to send emails on behalf of your domain. Add a TXT record to your DNS:
v=spf1 mx a:mail.example.com -all
This means only the MX record and the A record of mail.example.com are allowed to send emails.
DMARC (Domain-based Message Authentication, Reporting and Conformance)
DMARC ties DKIM and SPF together. It ensures that the domain in the "From" header matches the domains validated by DKIM and SPF.
Add a TXT record for _dmarc.example.com:
v=DMARC1; p=reject; sp=reject; aspf=s; adkim=s;
Have Patience
Many servers use a reputation system to decide if they accept or reject emails. Initially, your emails might be delivered to spam folders. Keep sending test emails and monitoring your Postfix logs. Over time, your server's reputation will improve.
FAQs
Is port 25 strictly necessary? Yes, port 25 is required to make outgoing connections to other mail servers. Ensure your hosting provider allows traffic on this port.
Do I need IMAP to send emails? No, IMAP is for accessing and managing received emails. You only need SMTP (Postfix) to send emails.
Why are my emails still going to spam after setting up DKIM, SPF, and DMARC? IP reputation plays a significant role. New IPs need time to build trust. Keep sending legitimate emails and your reputation will eventually improve.
Can I use a sub-domain for sending emails? Yes, you can configure your SPF, DKIM, and DMARC records for a sub-domain specifically for outgoing application emails.
Kaynak / Source: https://blog.miguelgrinberg.com/post/how-to-host-your-own-email-server