Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 4 May 2018 20:43:44 +0000
From:      FBUser <freebsd@t41t.com>
To:        Mayuresh Kathe <mayuresh@kathe.in>, freebsd-questions@freebsd.org
Subject:   Re: email service for a private domain!
Message-ID:  <20180504204344.GA26824@dot.t41t.com>
In-Reply-To: <20180504083711.GB10324@wolfman.devio.us>
References:  <20180504083711.GB10324@wolfman.devio.us>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Mayuresh Kathe <mayuresh@kathe.in> said (on 2018/05/04):
> i own a domain (kathe.in) which i would like to setup for mail services.
> essentially, i should be able to log-in over ssh and work through my
> emails using mailx.
> ...
> could i be pointed in the right direction?
> 
> also, how do i evaluate hosting service providers?
> i only know of rootbsd and digitalocean.

As others have mentioned, it's a nontrivial amount of setup,
that a third party would be happy to do for you. I would
recommend FastMail.

At its simplest, receiving email is easy. You need to configure
an MTA (sendmail, postfix, exim, ...) to know it should receive
email for your domain, then you need to point the MX record in
DNS to that server. A small domain might even manage adequately
without spam filtering, but setting up ClamAV and SpamAssassin
is well covered by online tutorials. (Search for "setting up
spamassassin" plus the name of the MTA you're using.) You may
use the default local delivery agent, which will probably drop
messages into /var/mail. Or you might want something more
featureful like procmail or sieve. If you want to be able to
retrieve email remotely (e.g. via IMAP) that's another set of
things to configure, but you only asked about local access.

Sending email is more work (if you want it to be read). In
today's environment you will need to set up SPF, which
advertises in DNS who can send mail for your domain. SPF is not
enough anymore, though. You also need to set up DKIM, which
cryptographically verifies certain headers in your outgoing
email against a public key published in DNS. You also need to
ensure you have "sender alignment", which matches MAIL FROM with
From: with your SPF and DKIM records. Then you need to publish a
policy called DMARC in DNS to describe your mail practices. You
probably want that policy to include reporting of failures, at
least initially. All that effort will be for naught if you do
not restrict who can send mail through your server to just
authorized users by appropriately configuring your MTA.

You might look at packaged do-it-yourself solutions like
https://mailinabox.email/, for guidance if not also actual
implementation.

As for where to host, reputation matters. In my experience
reputation and cost are proportional. Lots of email providers
outright block email from all of DigitalOcean's IP space,
because they're the lowest-cost provider and therefore
the largest source of problems, with high IP turnover.
Similarly, residential IPs -- or things providers sometimes
mistakenly think are residential IPs -- are blocked. I've not
heard of too much trouble with RackSpace/RootBSD.

Good luck!




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20180504204344.GA26824>