email An email server on each VPS

[Nik schaad]

So I've got a dedicated server at home, and I run several VM's on that for my friends. But, a couple of them want email servers...

I have my own email server on a VM (@nikkiedev.com in this case). Each one of my friends have a website. For example, how would I create an email server for every one of their websites. So for example, have an email server for Hidden's vm (@hiddenslair.nl for website hiddenslair.nl) and for tijgersword's vm (@tijgersword.nl for website tijgersword.nl), yet still have my own domain as well on my own VPS? I use CloudFlare DNS, and can easily edit my records. I also have direct access to my Modem/router control panel. I don't use virtual domains, nor virtual users. I just want an email server per website (so per vm) How would I do this?

[Fourpointsix]

It can be done and takes at minimum two things: (1) their domains' MX records need to point to your server and (2) your server needs to be configured to accept mail for their accounts. The actual configurations will depend on the software you're running (Postfix, Dovecot, etc).

 

These days a well-behaved mail server also requires proper configuration of SPF, DKIM, and DMARC. Speaking of spam, your VPS may be on a spam list so be sure to check that too. I run an email server within DigitalOcean and large parts of their network are listed in the UCEPROTECTL2 spam list, including a range that my server is in. This means that mail providers who reject based on that list (Microsoft, for one) will refuse to accept mail from my server. There is nothing I can do about this other than to move my server.

 

As someone who has run my own mail server for over 20 years and hosted others on it at times, consider that hosting mail for others may become a larger task than it appears. Running your own mail server is one thing, but when others start to depend on it then you become their admin and after-hours tech support too. Any issues that may occur on the server which you may deem non-critical may be mission-critical to them. Data loss becomes a relationship loss. Be sure that both you and they agree on expectations up-front. You might find that pointing them towards a Zoho or Migadu or Fastmail or ProtonMail or similar provider is better for your mental and relationship health.

 

Useful mail admin tools at mxToolbox: Blacklist check; DMARC check; MX lookup

 

[Nik schaad]

1 hour ago, Fourpointsix said:

It can be done and takes at minimum two things: (1) their domains' MX records need to point to your server and (2) your server needs to be configured to accept mail for their accounts. The actual configurations will depend on the software you're running (Postfix, Dovecot, etc).

 

These days a well-behaved mail server also requires proper configuration of SPF, DKIM, and DMARC. Speaking of spam, your VPS may be on a spam list so be sure to check that too. I run an email server within DigitalOcean and large parts of their network are listed in the UCEPROTECTL2 spam list, including a range that my server is in. This means that mail providers who reject based on that list (Microsoft, for one) will refuse to accept mail from my server. There is nothing I can do about this other than to move my server.

 

As someone who has run my own mail server for over 20 years and hosted others on it at times, consider that hosting mail for others may become a larger task than it appears. Running your own mail server is one thing, but when others start to depend on it then you become their admin and after-hours tech support too. Any issues that may occur on the server which you may deem non-critical may be mission-critical to them. Data loss becomes a relationship loss. Be sure that both you and they agree on expectations up-front. You might find that pointing them towards a Zoho or Migadu or Fastmail or ProtonMail or similar provider is better for your mental and relationship health.

 

Useful mail admin tools at mxToolbox: Blacklist check; DMARC check; MX lookup

 

i have a postfix/dovecot imap/smtp server on my own vm. Do I need to setup postfix and dovecot on their vms too? I can only port forward to one vm at a time. And yes im 100% fully aware of the mental, physical and relational affects, and they are no issue for me. Im honestly just trying to learn this

 

 

 

 

Structure:

> Divided in

+ on the same level as

 

Dedicated(apache , mysql and bots) > mail-vps (myself) + hidden-vps (apache, want to add email) + tijgersword (apache)

 

[Fourpointsix]

Sorry, I misinterpreted your post as asking about serving multiple domains from one server but you want to run multiple mail servers from a single IP. It may be possible, though I don't have experience doing it so I can't offer tested configuration details.

 

DNS: The MX record for all domains would need to point to your public IP. Also, set up "mail.domain" for each domain to point to your public IP too.

 

Receiving: MX records do not contain port numbers so you can only accept mail on the standard ports which of course can only be forwarded to one VM. You'd need to configure your existing Postfix to accept all domains' mail and then forward to the other VMs via their private IPs where their Postfix instances would accept it. This aspect of it is the least familiar to me but email is meant to hop between servers so I'd be surprised if it couldn't be done.

 

Check out Postfix email firewall/gateway, specifically these lines:

12     transport_maps = hash:/etc/postfix/transport
...
19 /etc/postfix/transport:
20     example.com   smtp:[inside-gateway.example.com]

The description says "Route mail for example.com to the inside gateway machine. The [] forces Postfix to do no MX lookup."

I think that will solve the forwarding-to-internal-VM problem.

 

Sending: This will be fairly straightforward as it'd be handled by your VM and you'd just need to add the other domains as valid relays to your Postfix's relay_recipients config file.

 

IMAP: This can be accomplished by allocating each domain its own port to forward at the router. Yours would be on 143, the next VM might be 144, then 145, etc. Each would forward to port 143 on their respective VM. You'd have to tell each user which port their domain's IMAP is running on so they can configure their mail client with "mail.mydomain.com:145", for instance.

 

One of the great things about email is that its infrastructure consists of many distinct pieces and they are all meant to handle complex configurations. I'm sure you can get this working.

[Nik schaad]

2 minutes ago, Fourpointsix said:

Sorry, I misinterpreted your post as asking about serving multiple domains from one server but you want to run multiple mail servers from a single IP. It may be possible, though I don't have experience doing it so I can't offer tested configuration details.

 

DNS: The MX record for all domains would need to point to your public IP. Also, set up "mail.domain" for each domain to point to your public IP too.

 

Receiving: MX records do not contain port numbers so you can only accept mail on the standard ports which of course can only be forwarded to one VM. You'd need to configure your existing Postfix to accept all domains' mail and then forward to the other VMs via their private IPs where their Postfix instances would accept it. This aspect of it is the least familiar to me but email is meant to hop between servers so I'd be surprised if it couldn't be done.

 

Check out Postfix email firewall/gateway, specifically these lines:

12     transport_maps = hash:/etc/postfix/transport
...
19 /etc/postfix/transport:
20     example.com   smtp:[inside-gateway.example.com]

The description says "Route mail for example.com to the inside gateway machine. The [] forces Postfix to do no MX lookup."

I think that will solve the forwarding-to-internal-VM problem.

 

Sending: This will be fairly straightforward as it'd be handled by your VM and you'd just need to add the other domains as valid relays to your Postfix's relay_recipients config file.

 

IMAP: This can be accomplished by allocating each domain its own port to forward at the router. Yours would be on 143, the next VM might be 144, then 145, etc. Each would forward to port 143 on their respective VM. You'd have to tell each user which port their domain's IMAP is running on so they can configure their mail client with "mail.mydomain.com:145", for instance.

 

One of the great things about email is that its infrastructure consists of many distinct pieces and they are all meant to handle complex configurations. I'm sure you can get this working.

Thank you soooo so so much for your help, I'll try this out and if you want i'll let you know how it goes. Have a nice evening

[jde3]

On 3/13/2022 at 2:35 PM, Fourpointsix said:

It can be done and takes at minimum two things: (1) their domains' MX records need to point to your server and (2) your server needs to be configured to accept mail for their accounts. The actual configurations will depend on the software you're running (Postfix, Dovecot, etc).

 

These days a well-behaved mail server also requires proper configuration of SPF, DKIM, and DMARC. Speaking of spam, your VPS may be on a spam list so be sure to check that too. I run an email server within DigitalOcean and large parts of their network are listed in the UCEPROTECTL2 spam list, including a range that my server is in. This means that mail providers who reject based on that list (Microsoft, for one) will refuse to accept mail from my server. There is nothing I can do about this other than to move my server.

 

As someone who has run my own mail server for over 20 years and hosted others on it at times, consider that hosting mail for others may become a larger task than it appears. Running your own mail server is one thing, but when others start to depend on it then you become their admin and after-hours tech support too. Any issues that may occur on the server which you may deem non-critical may be mission-critical to them. Data loss becomes a relationship loss. Be sure that both you and they agree on expectations up-front. You might find that pointing them towards a Zoho or Migadu or Fastmail or ProtonMail or similar provider is better for your mental and relationship health.

 

Useful mail admin tools at mxToolbox: Blacklist check; DMARC check; MX lookup

 

Mail is a hard problem and I've run my own server as well for decades. But anymore it's just a spam box or useful for having disposable aliases on the fly.. actually supporting users or having to rely on it is potentially possible.. but I wouldn't ever want that job. It's a lot of work and no money being a free admin.

Maybe I should retire it and move the domain off to a mail host provider but.. eh..

[Nik schaad]

On 3/14/2022 at 2:23 AM, Fourpointsix said:

Sorry, I misinterpreted your post as asking about serving multiple domains from one server but you want to run multiple mail servers from a single IP. It may be possible, though I don't have experience doing it so I can't offer tested configuration details.

 

DNS: The MX record for all domains would need to point to your public IP. Also, set up "mail.domain" for each domain to point to your public IP too.

 

Receiving: MX records do not contain port numbers so you can only accept mail on the standard ports which of course can only be forwarded to one VM. You'd need to configure your existing Postfix to accept all domains' mail and then forward to the other VMs via their private IPs where their Postfix instances would accept it. This aspect of it is the least familiar to me but email is meant to hop between servers so I'd be surprised if it couldn't be done.

 

Check out Postfix email firewall/gateway, specifically these lines:

12     transport_maps = hash:/etc/postfix/transport
...
19 /etc/postfix/transport:
20     example.com   smtp:[inside-gateway.example.com]

The description says "Route mail for example.com to the inside gateway machine. The [] forces Postfix to do no MX lookup."

I think that will solve the forwarding-to-internal-VM problem.

 

Sending: This will be fairly straightforward as it'd be handled by your VM and you'd just need to add the other domains as valid relays to your Postfix's relay_recipients config file.

 

IMAP: This can be accomplished by allocating each domain its own port to forward at the router. Yours would be on 143, the next VM might be 144, then 145, etc. Each would forward to port 143 on their respective VM. You'd have to tell each user which port their domain's IMAP is running on so they can configure their mail client with "mail.mydomain.com:145", for instance.

 

One of the great things about email is that its infrastructure consists of many distinct pieces and they are all meant to handle complex configurations. I'm sure you can get this working.

and what if I were to do it with virtual domains?