I was needed to send emails for my new project. I have explored SaaS services first. Free packages provided by them have a small amount of sending emails. So as long as I am a programmer, I decided to host my own sending email server.
After some research, I decided to stay with Postfix send-only configuration. Continue to read how to install and configure SMTP server to send emails and not send them to a spam folder.
Prerequisites
I used a single-core VPS with Ubuntu 18.04 for just 2.5 USD per month. My main app uses a table in DB as an email queue, so I have two NodeJS apps: one to handle the queue and second to get delivery status and update it in the main app DB. Tell me if you want to see it. Here is only the Postfix part.
I also have a domain. Let it be example.com here. Since it will be used for a website, I am using a subdomain email.example.com for the email server.
Postfix installation
Install Postfix using commands below:
1 | sudo apt-get update |
During installation, select Internet Site option for type of mail configuration. As a System mail name enter your domain, e.g. example.com.
You can see domain later with this command:
1 | cat /etc/mailname |
Server configuration
Open the main config file with an editor:
1 | sudo nano /etc/postfix/main.cf |
Find inet_interfaces parameter and change it to loopback-only. With that parameter, Postfix will not listen for any connection from outside of VPS.
1 | inet_interfaces = loopback-only |
Other parameters and values to change for now:
1 | mydestination = $myhostname, localhost.$mydomain, localhost |
Set your mail domain as a server hostname:
1 | sudo hostnamectl set-hostname email.example.com |
Check the hostname with the command:
1 | hostname --f |
Edit /etc/hosts file and add that subdomain with your remote IP:
1 | 1.2.3.4 email.example.com email |
Command to restart Postfix after configuration change:
1 | sudo systemctl restart postfix |
Command to check current configuration:
1 | postconf -d |
Create DKIM signature
Install DKIM tools:
1 | sudo apt-get install opendkim opendkim-tools |
Add the user to the group:
1 | sudo gpasswd -a postfix opendkim |
Open configuration file /etc/opendkim.conf:
1 | sudo nano /etc/opendkim.conf |
Then add or update parameters below in the configuration file:
1 | Socket inet:[email protected] |
Create a folder for DKIM keys:
1 | sudo mkdir -p /etc/opendkim/keys |
Change folder permissions:
1 | sudo chown -R opendkim:opendkim /etc/opendkim |
Create opendkim signing table:
1 | sudo nano /etc/opendkim/signing.table |
With content inside:
1 | *@example.com default._domainkey.example.com |
Then create key table:
1 | sudo nano /etc/opendkim/key.table |
With content inside:
1 | default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default.private |
Add trusted hosts:
1 | sudo nano /etc/opendkim/trusted.hosts |
With content inside:
1 | 127.0.0.1 |
Create keys folder:
1 | sudo mkdir /etc/opendkim/keys/example.com |
Then generate keys:
1 | sudo opendkim-genkey -b 2048 -d example.com -D /etc/opendkim/keys/example.com -s default -v |
Change the private key file owner:
1 | sudo chown opendkim:opendkim /etc/opendkim/keys/example.com/default.private |
Then restart opendkim service:
1 | sudo service opendkim restart |
Check the key:
1 | sudo opendkim-testkey -d example.com -s default -vvv |
Now add or update parameters in the Postfix configuration file (/etc/postfix/main.cf):
1 | milter_default_action = accept |
Then restart Postfix:
1 | sudo systemctl restart postfix |
DNS configuration
You need to configure some DNS records. With that configuration, email services will not treat your emails as spam.
Add A record for the email.example.com:
1 | Type: A |
Add SPF record:
1 | Type: TXT |
Add DMARC record:
1 | Type: TXT |
Add DKIM record. Use previously generated DKIM signature (/etc/opendkim/keys/example.com/default.txt):
1 | Type: TXT |
Set PTR record (rDNS). You need to set it in your hosting provider’s control panel.
Set email.example.com as a hostname and 4.3.2.1.in-addr.arpa as IP address. IP should be in reversed order.
Check if it set correctly with the command below:
1 | host 1.2.3.4 |
Email encryption
Install Certbot:
1 | sudo apt install certbot |
Then generate keys:
1 | sudo certbot certonly --standalone -d email.example.com |
Configure Postfix to use that keys. Add or edit parameters below in /etc/postfix/main.cf:
1 | smtpd_tls_cert_file = /etc/letsencrypt/live/email.example.com/fullchain.pem |
Then restart Postfix:
1 | sudo service postfix restart |
Test
Send a test email with command:
1 | echo "This is the body of the email" | mail -r test@example.com -s "This is the subject" [email protected] |
Check spam score with online services, e.g.: https://www.mail-tester.com/ (not an ad).