Opinion/Help on setting up my own IMAP/SMTP server

[Fencer128]

Hi,

I've been searching for a good guide on what it takes/costs to host your own mail server (for just a few users i.e. less than 10). I've not yet been able to find what I'm looking for. I was hoping for a guide that tells you the ins and outs if you have access to:

A domain name
A computer
A willing and reliable ISP
Linux/NetBSD software

Does anyone know any good links or info off the top of their heads.

Thanks,

Andy

EDIT: This is also posted in "Applications....", but I'm not *really* sure where it's best to post this. Cheers.

 

[Soybomb]

What os?

 

[Fencer128]

Sorry I forgot to say! - I would use Linux/NetBSD

Cheers,

Andy

 

[cleverhandle]

There are lots of guides on the various parts of mail service, but there are so many possible combinations that it can be difficult to find an all-in-one roadmap. Basically, you need 3 things - 1) DNS - if you're going to have email addresses, you need an MX record pointing to your mail server. Even if you don't run your own DNS, this is rarely a problem to set up. 2) an MTA - the program that shuttles mail across the Internet and receives mail for you. This is usually Sendmail or Postfix, sometimes qmail. 3) an IMAP daemon - the program that workstations connect to in order to check mail. Often this is Courier-IMAP, though UW and Cyrus are other good candidates. Depending on the combination, you may need Procmail to get the mail from the MTA to the mailboxes in an appropriate format.

Personally, I picked Sendmail for the MTA - while it's not the easiest daemon to use, it's not as hard as people make it out to be, IMO. Also, for better or worse, it's the standard, so I wanted to learn how it works. For the IMAP daemon, I chose Courier - it's widely used, easy to set up, and does what it needs to do. Cyrus has better security, which I didn't need, at the cost of complexity. UW just didn't seem to get good reviews from anyone I talked with. Here's the basic setup.

DNS
1) Enter an MX record for the domain to mail.domain.com.

Sendmail
2) Use FEATURE(`use_cw_file'), and enter mail.domain.com and domain.com in /etc/mail/local-host-names. This tells Sendmail to receive mail for the whole domain.com domain, not just for the specific machine mail.domain.com.

3) Use MASQUERADE_AS(`domain.com'). Basically, the reverse of #2 - tell Sendmail to make all outgoing mail come from domain.com.

4) Use FEATURE(`local_procmail'). Sendmail won't deliver directly to Maildir format boxes, so this tells Sendmail to deliver through procmail, which can handle Maildir boxes just fine.

Courier-IMAP
5) Probably I edited a config file somewhere. There wasn't much to set up as far as the daemon is concerned.

6) Run maildirmake for each user. This sets up the mailbox in the appropriate format.

Procmail
7) Create an /etc/procmailrc that contains

MAILDIR=$HOME/Maildir/
DEFAULT=$MAILDIR

That will deliver messages from Sendmail in the form that Courier expects.

And that's pretty much it. There are some other things that you'll want to set up, like Sendmail access controls, procmail filtering, or SpamAssassin. Maybe Webmail, too. But that's the conceptual backbone.

 

[Fencer128]

Originally posted by: cleverhandle
There are lots of guides on the various parts of mail service, but there are so many possible combinations that it can be difficult to find an all-in-one roadmap. Basically, you need 3 things - 1) DNS - if you're going to have email addresses, you need an MX record pointing to your mail server. Even if you don't run your own DNS, this is rarely a problem to set up. 2) an MTA - the program that shuttles mail across the Internet and receives mail for you. This is usually Sendmail or Postfix, sometimes qmail. 3) an IMAP daemon - the program that workstations connect to in order to check mail. Often this is Courier-IMAP, though UW and Cyrus are other good candidates. Depending on the combination, you may need Procmail to get the mail from the MTA to the mailboxes in an appropriate format.

Personally, I picked Sendmail for the MTA - while it's not the easiest daemon to use, it's not as hard as people make it out to be, IMO. Also, for better or worse, it's the standard, so I wanted to learn how it works. For the IMAP daemon, I chose Courier - it's widely used, easy to set up, and does what it needs to do. Cyrus has better security, which I didn't need, at the cost of complexity. UW just didn't seem to get good reviews from anyone I talked with. Here's the basic setup.

DNS
1) Enter an MX record for the domain to mail.domain.com.

Sendmail
2) Use FEATURE(`use_cw_file'), and enter mail.domain.com and domain.com in /etc/mail/local-host-names. This tells Sendmail to receive mail for the whole domain.com domain, not just for the specific machine mail.domain.com.

3) Use MASQUERADE_AS(`domain.com'). Basically, the reverse of #2 - tell Sendmail to make all outgoing mail come from domain.com.

4) Use FEATURE(`local_procmail'). Sendmail won't deliver directly to Maildir format boxes, so this tells Sendmail to deliver through procmail, which can handle Maildir boxes just fine.

Courier-IMAP
5) Probably I edited a config file somewhere. There wasn't much to set up as far as the daemon is concerned.

6) Run maildirmake for each user. This sets up the mailbox in the appropriate format.

Procmail
7) Create an /etc/procmailrc that contains

MAILDIR=$HOME/Maildir/
DEFAULT=$MAILDIR

That will deliver messages from Sendmail in the form that Courier expects.

And that's pretty much it. There are some other things that you'll want to set up, like Sendmail access controls, procmail filtering, or SpamAssassin. Maybe Webmail, too. But that's the conceptual backbone.

Thanks for that. Can you just run me through one more thing....

I use (but could change) mydomain.com at the moment for registering and managing my domain name. Given that I have a fixed IP address, can I usually email my ISP to get them to add the MX record to their nameserver? Do I need to ask anything of mydomain.com when doing this?

Thanks again,

Andy

 

[cleverhandle]

If mydomain.com is managing your DNS, you need to ask them to enter the MX record. Poke around their website - usually this is not a big deal.

 

[Fencer128]

Originally posted by: cleverhandle
If mydomain.com is managing your DNS, you need to ask them to enter the MX record. Poke around their website - usually this is not a big deal.

This is where I get confused! The nameservers that my ISP uses have nothing to do with this? "Their" DNS is seperate from "my" DNS in this respect ?

I know a little about DNS and I know that you're right - but this always confuses me.

Cheers,

Andy

 

[Soybomb]

My personal favorite is postfix, you'll find a lengthy list of howtos here http://www.postfix.org/docs.html

Exim is also popular although I didn't care for its configuration, same for qmail (djb stuff just hasn't rocked my world yet in general....) Sendmail is a workhorse and certainly installed in enough places to show it, but its security history made me want to seek out other software, that as an added bonus is easier to configure, at least for me.

You need to edit the records for your domain name. If your ISP is doing the dns for your domain name, you would go through them to change it. Otherwise perhaps your domain names dns hosting is coming from your registrar?

 

[cleverhandle]

Originally posted by: Fencer128
This is where I get confused! The nameservers that my ISP uses have nothing to do with this? "Their" DNS is seperate from "my" DNS in this respect ?

In a nutshell...

There are many DNS servers in the world. They can all typically resolve a hostname to an IP address and return the result to a client. But, for a given domain name, there are only a few servers (usually 2-3) that are authoritative for that domain. Those authorities contain the permanent records for your domain - other DNS servers ask them for the information and cache the result for a certain period of time. The MX record needs to be added to whichever server is the authority for your domain. Then, after the previously cached results expire (maybe a day or two tops), the rest of the world's DNS servers will be pulling the new info from the authorities. Since you registered with mydomain.com, their DNS servers are authoritative, so they're the people you need to contact.

 

[Fencer128]

Originally posted by: cleverhandle

Originally posted by: Fencer128
This is where I get confused! The nameservers that my ISP uses have nothing to do with this? "Their" DNS is seperate from "my" DNS in this respect ?

In a nutshell...

There are many DNS servers in the world. They can all typically resolve a hostname to an IP address and return the result to a client. But, for a given domain name, there are only a few servers (usually 2-3) that are authoritative for that domain. Those authorities contain the permanent records for your domain - other DNS servers ask them for the information and cache the result for a certain period of time. The MX record needs to be added to whichever server is the authority for your domain. Then, after the previously cached results expire (maybe a day or two tops), the rest of the world's DNS servers will be pulling the new info from the authorities. Since you registered with mydomain.com, their DNS servers are authoritative, so they're the people you need to contact.

Thanks for that.

Cheers for all your help.

Andy

 

[subflava]

In a nutshell...

There are many DNS servers in the world. They can all typically resolve a hostname to an IP address and return the result to a client. But, for a given domain name, there are only a few servers (usually 2-3) that are authoritative for that domain. Those authorities contain the permanent records for your domain - other DNS servers ask them for the information and cache the result for a certain period of time. The MX record needs to be added to whichever server is the authority for your domain. Then, after the previously cached results expire (maybe a day or two tops), the rest of the world's DNS servers will be pulling the new info from the authorities. Since you registered with mydomain.com, their DNS servers are authoritative, so they're the people you need to contact.

This is not necessarily true. It really depends on the regsitrar (network solutions, dotster.com, godaddy.com, mydomain.com, etc) and how they choose to sell their product. For example, I use dotster.com for my domain and by default they do not provide you domain hosting service. You have to pay extra for that. I believe most registrars operate this way. When you register a domain name with them, all they ask for is your name, address, etc and the IP addresses of the nameservers that host (or that you want to host) your domain. The administrators/owners of *those* nameservers you specify are the people you go to to get MX and any other records set.

Now, it might seem natural to most people that the registrar should just provide the second part of the service also...which is why I guess many of them do You just have to pay for it.

 

[Nothinman]

This is not necessarily true. It really depends on the regsitrar (network solutions, dotster.com, godaddy.com, mydomain.com, etc) and how they choose to sell their product. For example, I use dotster.com for my domain and by default they do not provide you domain hosting service. You have to pay extra for that. I believe most registrars operate this way. When you register a domain name with them, all they ask for is your name, address, etc and the IP addresses of the nameservers that host (or that you want to host) your domain. The administrators/owners of *those* nameservers you specify are the people you go to to get MX and any other records set.

Now, it might seem natural to most people that the registrar should just provide the second part of the service also...which is why I guess many of them do You just have to pay for it.

That's mostly semantics, assuming he already registered with mydomain.com he should have already either paid for their DNS service or told them what DNS servers to use, so hopefully he knows who to contact =)

 

[Fencer128]

Originally posted by: Nothinman

This is not necessarily true. It really depends on the regsitrar (network solutions, dotster.com, godaddy.com, mydomain.com, etc) and how they choose to sell their product. For example, I use dotster.com for my domain and by default they do not provide you domain hosting service. You have to pay extra for that. I believe most registrars operate this way. When you register a domain name with them, all they ask for is your name, address, etc and the IP addresses of the nameservers that host (or that you want to host) your domain. The administrators/owners of *those* nameservers you specify are the people you go to to get MX and any other records set.

Now, it might seem natural to most people that the registrar should just provide the second part of the service also...which is why I guess many of them do You just have to pay for it.

That's mostly semantics, assuming he already registered with mydomain.com he should have already either paid for their DNS service or told them what DNS servers to use, so hopefully he knows who to contact =)

I can sort it with them - and now I understand that it leaves me the option of running my own DNS server at a later time.

Cheers,

Andy