Guess what has been holding me back from upgrading to Ubuntu 18.04. It is the fear of messing up my mail server. I am quite confident with setting up nginx as web server. I don't think I run anything else. Oh wait, the certbot. Fine. The web server also comes with some baggage, like nodejs, mysql... No more php. Thus the stack evolved from LAMP to LEMP to LEMN which becomes less and less meaningful and more and more difficult to pronounce. It is a shame that we did not take the path less travelled by to HEMP.

A few days ago, I tried Mailgun and got even more confused. The lesson learnt is that one should not sign up Mailgun using the email address that you want to let Mailgun handle. That was not entirely the fault of Mailgun. Anyway I've decided to take some time to set up my own mail server.

The popular setup is to use Postfix as MTA and Dovecot for IMAP. I am not sure which to use as MDA, because either Postfix or Dovecot does. Heard Dovecot was better. My current setup does not involve Dovecot since I just let Postfix forward the received mail to my Gmail address. It would be cool to have IMAP.

There are two parts to this: Mail servers talking to each other and user talking with mail server.

For Digital Ocean I had to tell them who I was and what I intended to do with mail server before they allowed my mail server to join the party.

My mail server allows users to talk to it only on localhost. I'd like it to authenticate me on the wild Internet and then relay emails from me.

Server

Being able to receive mail is relatively easy. Just use Postfix and set up MX records. The received mail will be saved to disk on the server and one can ssh there and eyeball it. Or one can ask Postfix to forward it and eyeball it in Gmail say. (When forwarding we need to write sender or SPF always fails, because this checks the SPF record of the sender's mail server.) Or put in some work to set up IMAP and eyeball it in one's favourite mail client on one's favourite device. Oh, one may receive spams, so put in some spam filtre to protect eyeball.

Being able to send mail involves a lot. Well, is easy, if you don't care if it lands invariably in spam folders of the recipients. One needs to set up SPF, dkim and DMARC, which can be done by following guides online; needs an IP with good reputation, which ¯\_(ツ)_/¯. The world has been made harsh by the spammers that came before us.

User

If user wants to retrieve email stored on the disk of the mail server via IMAP, he talks to Dovecot. After authentication, he gets what he wants.

If user wants to send email, he gives the email to Postfix and Postfix sends it out. Postfix restricts for whom it is willing to send the email out. Otherwise it becomes an open relay and Digital Ocean would kill me for this. Some form of authentication of the user is needed again... so why not just delegate the task to somebody, like Dovecot, who knows how to do it? So there is some overlap of responsibilities which can make things look complicated.

Conclusion

Thus the components we need are

  • something that talks SMTP (MTA),
  • something that knows where to put the received mails (MDA),
  • something that talks IMAP, and
  • something that authenticates users.

except the first item is usually bogged down with the trail of baggage of SPF+dkim+DMARC and spam filtres.

Probably should have used POP3 rather than IMAP, because would like a back up of emails. Now that I think about it, most of my emails are in the cloud. If Gmail fails I will lose a lot of correspondences, even though I won't miss most.