MAIL-IN-A-BOX
Hillary Clinton’s self-hosted mail server didn’t do her presidential campaign much good. Let’s see how Jonni Bidwell’s fares…
People often say that email is hard. At one stage it was considered too hard to be the subject of a standard four-page tutorial. By the time you’ve explained Postfix, Dovecot, chromalisting, MX records, DMARC and DKIM there’s not really much room left to describe everything else. And there’s a lot of everything else. But that doesn’t mean it’s necessarily ‘hard’, just complex. A good elucidation of this can be found at https://bit.ly/lxf284mail.
One ‘turnkey’ offering is called Mail-in-a-Box (https:// mailinabox.email), which doesn’t use containers. Instead, it’s meant to be installed on a single-purpose machine whose only job is to be an email server. Unlike lots of things featured in this magazine, MIAB is meant to be not at all configurable, beyond of course setting domain names and mail aliases. Sure, you can SSH into it and mess with the (many) configuration files, but as soon as the system updates these will all be overwritten.
MIAB is currently based on Ubuntu 18.04, which might seem (with Ubuntu 22.04 LTS not too far away) a little old. But it’s still supported until 2023, and we’ll probably see a seamless upgraded to Ubuntu 20.04 over the coming months. You don’t need much in terms of resources to run your own mailserver. An entry-level VPS will be fine, the docs recommend at least 512MB of RAM, but you might have to sacrifice a couple of features (namely Spamassassin and ClamAV) with that amount. Unlike almost every other ‘self-hosted’ software we feature, you almost certainly can’t run a mail server using your home internet connection. ISPs (rightly) don’t want their customers’ machines turning into spam-spewing zombies, and generally block SMTP connections to home users unilaterally. You could try asking your ISP not to do this, but they’re unlikely to listen. In fact, they might start asking you awkward questions about what on earth you are doing.
Mail servers also need to be online all the time, otherwise mail may go undelivered. We certainly wouldn’t count on our ISP having 100 per cent uptime, so we hit up our favourite server shop Mythic Beasts and arranged ourselves a dual vCPU VPS with 2GB of RAM. We also paid for a bit of extra storage space, because you never know when that will come in handy.
Besides the cost of the (virtual) hardware, you’ll absolutely need to have a domain registered upon which to set up email. Dynamic DNS (e.g. duckdns.org)
offerings are no good – we need to have access to MX (mail exchange) records and such, and these are associated with the actual domain name, not an arbitrary subdomain. You can always find a bargain on cheap name registrations, less-flashy top-level domains (TLDs), e.g. .tv, .info, .email, can be had for less than a $1/year. But after one year don’t be surprised if the cost to renew is around 10 times this. It’s recommended to avoid certain TLDs, including .xyz, .go and other novelty suffixes since these are often not taken seriously by mail servers. We’ll pretend we registered linuxformat. email (which we didn’t because IT don’t let us have domain names anymore) for the sake of this featurette.
What’s in a name?
It’s recommended to name your soon-to-be mail server box, so that it’s fully qualified domain name (in our hypothetical case) would be box.linuxformat.email.
For some VPS providers (including Digital Ocean) it’s necessary that this hostname matches the name given in their control panel. Plus it’s less confusing. All of this is covered in the first part of the setup guide (https:// mailinabox.email/guide.html), which you should read twice over before starting set up a proper.
Once you have a vanilla Ubuntu 18.04 install and access to your domain registrar’s control panel, setup is pretty easy. There are a lot of DNS records to set up so we’ll discuss those before we install any mail software. First is reverse DNS, which confusingly is set by your VPS provider rather than your domain registrar (although if you’re using the same provider for both this is generally handled automatically). Reverse DNS associates an IP address with a domain name, and for mail to work we need that to be the FQDN we decided on earlier: box.linuxformat.email. There’s a catch, though. Some hosting companies won’t let you configure reverse DNS until forward DNS is working properly. So you might have to first set up A records (and/or AAAA records, the IPv6 equivalent) for your FQDN at your registrar first.
The DNS requirements are covered thoroughly in the setup guide, so we’ll just glance over them here. First of all you’ll need to set Glue Records, sometimes called Child Records, Vanity Nameservers or all kinds of other unofficial terms. Glue records are needed at the registrar when a host takes control of its own DNS, and usually consist of two hostnames, generally your FQDN prefixed by ns1 and ns2. So in our case that would be ns1.box.linuxformat.email and ns2.box. linuxformat.email. The glue records associate both of these hostnames with the IP address of our server, but they are not standard A records. In fact, they’re generally not set by the registrar’s standard DNS control panel, for example with DreamHost, they’re hidden away in the WHOIS info section.
With glue records working (note that DNS takes a while to propagate) the next step is to make our machine ready for managing its own DNS. This next step means any subdomains you have set up with your registrar (other than the glue records) will stop working for now. But that’s okay – once MIAB is running it’s easy to reinstate them. Your domain registrar will have an option to use custom nameservers rather than their own (and this option usually comes with a warning that it might break things). Set this to the ns1 and ns2 hostnames from our glue records (this does seem fairly circulant but as the guide says “everyone gets confused here").
Now we can actually log in to our VPS (typically via an SSH key), pull the setup script and then, all going well, be in business. So run:
$ curl -s https://mailinabox.email/setup.sh | sudo -E bash
You’ll be prompted for the email address you’d like to configure first and a password. Then you’ll be told to log in with these credentials at the /admin URL. Once you’re in, head to the System status & DNS page and you’ll likely see a few ticks but several crosses. There will be hints to remedy these. SSL certificates can be provisioned automatically for example, but if our experience is anything to go by patience is key. Changes to nameservers can take up to three days to propagate fully (where as other changes are generally noticed within a few minutes). Hopefully you’ll then be able to log in to the RoundCube web mail application (at your server’s main URL) and send mail to your friends.
WHY IS MAIL SO HARD? “By the time you’ve explained Postfix, Dovecot, chromalisting, MX records, DMARC and DKIM there’s not really much room left to describe everything else.”