Motivation
Now that you have a private domain name, you can make full use of it and build a private mail server, so that you can create your own mailbox, and all the information in the mail can be completely controlled by yourself, which is more secure.
There are multiple deployment methods for private mail servers, because I have installed docker on the server before, and other software tools on the server also use docker for containerized deployment and operation, so the mail server here is also chosen to be more convenient for containerizationtools to deploy.
I saw Mailu and mailcow as the most used tools for building mail servers on the Internet..At first, I felt that the settings of Mailu were relatively simple and the interface was relatively refreshing, so I tried to do it, but after a lot of effort, I couldn’t send and receive emails successfully, so I had to give up.
mailcow is another open source mail server package that contains the necessary software packages to build a private mail server.Mailcow officially provides an installation guide for docker containerization, which is more convenient to deploy on the server. Then I tested mailcow, and it was able to receive emails successfully, but failed to send emails to the outside world. Later, I found out that it was because the operator I used closed port 25. At this time, I was close to giving up the idea of building my own email server.But later I saw on the Internet that email relay/mail forwarding could be used as an alternative, so I spent a long time exploring, and finally used email relay to solve the problem of external sending.Here is a record of the process of tossing this mail server.
Prerequisites
- docker and docker compose
- Domain name (secondary domain name is enough)
- acme.sh (to generate SSL certificates)
- nginx (reverse proxy)
Preparation
Prepare Domain Name
Create a second-level domain name and configure domain name resolution on the website where you purchased the domain name or the management website of your own domain name. The specific process can be found in “How This Website Was Built 1 – Purchase and Configure a Personal Domain Name”.
For example, I have a primary domain name jinli.cyou, so I created a secondary domain name “mail.jinli.cyou” for my private email server.Then the domain name and IP address were bound on Alibaba Cloud’s domain name management platform.
Generate SSL Certificate using acme.sh
Many tutorials on the Internet use Let’s Encrypt to generate SSL certificates, but since I have already downloaded the acme.sh tool when building this website, I used acme.sh to generate a certificate for “cloud.jinli.cyou”. The specific process can be found in How This Website Was Built 2 – Build a Personal Website using Hugo.
The process is as follows:
-
Find the Access key of your domain name management account. You can use the previous one or get a new one, and then export the Access key as system variables
Ali_Key
andAli_Secret
. -
Use the following command to generate the certificate:
1
acme.sh --issue --dns dns_ali -d your.domain.com
-
Use the following command to copy the certificate to your mailcow directory. For example, I created a folder
cert
under the mailcow installation directory to store the certificate files:1 2 3
acme.sh --install-cert -d your.domain.com \ --key-file /media/mailcow/cert/key.pem \ --fullchain-file /media/mailcow/cert/cert.pem
nginx Reverse Proxy Configuration
Because I installed nginx when building this website, I used nginx as a reverse proxy tool here.
Create a new configuration file mailcow.conf
in the configuration directory of nginx as the reverse proxy configuration file of the cloud network disk, write in the file:
server{
listen 80;
server_name mail.jinli.cyou;
return 301 https://mail.jinli.cyou$request_uri;
}server{
listen 443 ssl;
ssl_certificate /media/lijin/mailcow/certs/cert.pem;
ssl_certificate_key /media/lijin/mailcow/certs/key.pem;
server_name mail.jinli.cyou;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
proxy_buffer_size 128k;
proxy_buffers 64 512k;
proxy_busy_buffers_size 512k;
}
}
Here I use port 8080 as the service port of mailcow.The SSL certificate is stored in the location specified in the previous step.
After the configuration is complete, restart the nginx service to make the changes take effect:
|
|
Install mailcow
For the method of installing mailcow using docker-compose, please refer to the [tutorial] (https://docs.mailcow.email/i_u_m/i_u_m_install/#install-mailcow) officially provided by mailcow.
Add New Users and Other Settings
After logging in to the mailcow management interface as an administrator, click the administrator account avatar in the upper right corner, and you can see the “Users” option in the drop-down menu. Click this option to add user groups and new users.
Email Relay (Email Forwarding)
Many Internet Service Provider(ISP) will block port 25, which will cause emails to fail to be sent from the server.So one option is to contact the ISP and ask the ISP to unblock port 25, but this is not easy.
Another solution is to use the mailbox relay (mailbox forwarding) service, that is, the mail that needs to be sent from the self-built mailbox A is handed over to another mailbox server B that has the function of sending mail, and the mail to be sent is sent by the mailbox server B on behalf of.Usually, mailbox server B can be Gmail like this Mail service providers can be commercial companies that provide email forwarding services (such as Mailgun, SendGrid, etc.), some network carriers (such as AT&T) also provide users with mail forwarding services.
Since Gmail provides mail forwarding service, the sent mail will add Google’s signature information, and commercial mail forwarding such as Mailgun and SendGrid needs to be paid to use, so here I use the free mail forwarding service provided by AT&T.
Relay Mailbox Settings
Different mailboxes may have different setting methods, here we take the mailbox provided by AT&T as an example.
-
Find the
Mailboxes
option inSettings
, there isSend-only email address
, clickAdd
to add the mailbox you need to be forwarded by the agent.For example, I want to use AT&T mailbox for my Personal mailbox[email protected]
to send emails, I will add a[email protected]
. -
After clicking confirm, AT&T will send an email to the forwarded mailbox to verify the identity.After logging into your personal mailbox
[email protected]
, follow the instructions in the email and click the link to confirm. -
After the mailbox verification is successful, the red prompt of “Not verified” in the above AT&T settings will disappear.
mailcow Settings
Follow the steps to set up mailbox forwarding given in the official mailcow document to set up mailbox forwarding for personal mailboxes:https://docs.mailcow.email/manual-guides/Postfix/u_e-postfix-relayhost/。
It is mainly divided into three steps:
-
Log in to the mailcow administrator interface, find
Routing
in theConfiguration and Details
settings, and add your forwarding server, for example, I use AT&T mailbox, usesmtp.mail.att.net:587
. Then fill in your user name and password. It is recommended to reset a password for external use in the proxy mailbox. -
After setting, click the
Test
button and fill in the email address to be proxied for testing.If everything goes well, you can see the green prompt message of the last successful sending.If you receive a red failure message, it means that the settings are incorrect, and you need to check the previous settings. -
In the management interface of mailcow, enter
Mail Setup
and findDomains
.Add the proxy mailbox set inRouting
toSender-dependent transports
.
Test
In Mail tester, you can test the effect of the mailbox you built.
The score is not high, but it is basically enough.
If you want to improve your score, you can look at the points deducted and improve according to the suggestions of Mail tester.