I was needed to send emails for my new project. I have explored SaaS services first. Free packages provided by them have a small amount of sending emails. So as long as I am a programmer, I decided to host my own sending email server.
After some research, I decided to stay with Postfix send-only configuration. Continue to read how to install and configure SMTP server to send emails and not send them to a spam folder.
Prerequisites
I used a single-core VPS with Ubuntu 18.04 for just 2.5 USD per month. My main app uses a table in DB as an email queue, so I have two NodeJS apps: one to handle the queue and second to get delivery status and update it in the main app DB. Tell me if you want to see it. Here is only the Postfix part.
I also have a domain. Let it be example.com here. Since it will be used for a website, I am using a subdomain email.example.com for the email server.
Postfix installation
Install Postfix using commands below:
sudo apt-get update sudo apt install mailutils During installation, select Internet Site option for type of mail configuration. As a System mail name enter your domain, e.g. example.com.
You can see domain later with this command:
cat /etc/mailname Server configuration
Open the main config file with an editor:
sudo nano /etc/postfix/main.cf Find inet_interfaces parameter and change it to loopback-only. With that parameter, Postfix will not listen for any connection from outside of VPS.
inet_interfaces = loopback-only Other parameters and values to change for now:
mydestination = $myhostname, localhost.$mydomain, localhost Set your mail domain as a server hostname:
sudo hostnamectl set-hostname email.example.com Check the hostname with the command:
hostname --f Edit /etc/hosts file and add that subdomain with your remote IP:
1.2.3.4 email.example.com email Command to restart Postfix after configuration change:
sudo systemctl restart postfix Command to check current configuration:
postconf -d Create DKIM signature
Install DKIM tools:
sudo apt-get install opendkim opendkim-tools Add the user to the group:
sudo gpasswd -a postfix opendkim Open configuration file /etc/opendkim.conf:
sudo nano /etc/opendkim.conf Then add or update parameters below in the configuration file:
Socket inet:8892@localhost Canonicalization simple Mode sv SubDomains no AutoRestart yes AutoRestartRate 10/1M Background yes DNSTimeout 5 SignatureAlgorithm rsa-sha256 UserID opendkim KeyTable refile:/etc/opendkim/key.table SigningTable refile:/etc/opendkim/signing.table ExternalIgnoreList /etc/opendkim/trusted.hosts InternalHosts /etc/opendkim/trusted.hosts Create a folder for DKIM keys:
sudo mkdir -p /etc/opendkim/keys Change folder permissions:
sudo chown -R opendkim:opendkim /etc/opendkim sudo chmod go-rw /etc/opendkim/keys Create opendkim signing table:
sudo nano /etc/opendkim/signing.table With content inside:
*@example.com default._domainkey.example.com Then create key table:
sudo nano /etc/opendkim/key.table With content inside:
default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default.private Add trusted hosts:
sudo nano /etc/opendkim/trusted.hosts With content inside:
127.0.0.1 localhost *.example.com Create keys folder:
sudo mkdir /etc/opendkim/keys/example.com Then generate keys:
sudo opendkim-genkey -b 2048 -d example.com -D /etc/opendkim/keys/example.com -s default -v Change the private key file owner:
sudo chown opendkim:opendkim /etc/opendkim/keys/example.com/default.private Then restart opendkim service:
sudo service opendkim restart Check the key:
sudo opendkim-testkey -d example.com -s default -vvv Now add or update parameters in the Postfix configuration file (/etc/postfix/main.cf):
milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8892 non_smtpd_milters = inet:localhost:8892 Then restart Postfix:
sudo systemctl restart postfix DNS configuration
You need to configure some DNS records. With that configuration, email services will not treat your emails as spam.
Add A record for the email.example.com:
Type: A Name: email.example.com Value: 1.2.3.4 Add SPF record:
Type: TXT Name: example.com Value: v=spf1 mx ~all Add DMARC record:
Type: TXT Name: _dmarc Value: v=DMARC1; p=none Add DKIM record. Use previously generated DKIM signature (/etc/opendkim/keys/example.com/default.txt):
Type: TXT Name: default._domainkey Value: v=DKIM1; h=sha256; k=rsa; p=you-key-here-without-spaces Set PTR record (rDNS). You need to set it in your hosting provider's control panel.
Set email.example.com as a hostname and 4.3.2.1.in-addr.arpa as IP address. IP should be in reversed order.
Check if it set correctly with the command below:
host 1.2.3.4 Email encryption
Install Certbot:
sudo apt install certbot Then generate keys:
sudo certbot certonly --standalone -d email.example.com Configure Postfix to use that keys. Add or edit parameters below in /etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/letsencrypt/live/email.example.com/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/email.example.com/privkey.pem smtpd_tls_security_level=may smtp_tls_CApath=/etc/letsencrypt/live/email.example.com smtp_tls_security_level=may Then restart Postfix:
sudo service postfix restart Test
Send a test email with command:
echo "This is the body of the email" | mail -r test@example.com -s "This is the subject" your_email@gmail.com Check spam score with online services, e.g.: https://www.mail-tester.com/ (not an ad).
Top comments (0)