From owner-freebsd-questions@freebsd.org Fri May 4 21:11:15 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E2FA8FB825F for ; Fri, 4 May 2018 21:11:14 +0000 (UTC) (envelope-from freebsd@t41t.com) Received: from dot.t41t.com (dot.t41t.com [159.203.61.223]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "digitalocean", Issuer "digitalocean" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 200356A74D for ; Fri, 4 May 2018 21:11:13 +0000 (UTC) (envelope-from freebsd@t41t.com) Received: from dot.t41t.com (localhost [127.0.0.1]) by dot.t41t.com (8.15.2/8.15.2) with ESMTPS id w44Khjak016265 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 4 May 2018 20:43:46 GMT (envelope-from freebsd@t41t.com) Received: (from tait@localhost) by dot.t41t.com (8.15.2/8.15.2/Submit) id w44KhiKZ016264; Fri, 4 May 2018 20:43:44 GMT (envelope-from freebsd@t41t.com) X-Authentication-Warning: dot.t41t.com: tait set sender to freebsd@t41t.com using -f Date: Fri, 4 May 2018 20:43:44 +0000 From: FBUser To: Mayuresh Kathe , freebsd-questions@freebsd.org Subject: Re: email service for a private domain! Message-ID: <20180504204344.GA26824@dot.t41t.com> References: <20180504083711.GB10324@wolfman.devio.us> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180504083711.GB10324@wolfman.devio.us> User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 May 2018 21:11:15 -0000 Mayuresh Kathe said (on 2018/05/04): > i own a domain (kathe.in) which i would like to setup for mail services. > essentially, i should be able to log-in over ssh and work through my > emails using mailx. > ... > could i be pointed in the right direction? > > also, how do i evaluate hosting service providers? > i only know of rootbsd and digitalocean. As others have mentioned, it's a nontrivial amount of setup, that a third party would be happy to do for you. I would recommend FastMail. At its simplest, receiving email is easy. You need to configure an MTA (sendmail, postfix, exim, ...) to know it should receive email for your domain, then you need to point the MX record in DNS to that server. A small domain might even manage adequately without spam filtering, but setting up ClamAV and SpamAssassin is well covered by online tutorials. (Search for "setting up spamassassin" plus the name of the MTA you're using.) You may use the default local delivery agent, which will probably drop messages into /var/mail. Or you might want something more featureful like procmail or sieve. If you want to be able to retrieve email remotely (e.g. via IMAP) that's another set of things to configure, but you only asked about local access. Sending email is more work (if you want it to be read). In today's environment you will need to set up SPF, which advertises in DNS who can send mail for your domain. SPF is not enough anymore, though. You also need to set up DKIM, which cryptographically verifies certain headers in your outgoing email against a public key published in DNS. You also need to ensure you have "sender alignment", which matches MAIL FROM with From: with your SPF and DKIM records. Then you need to publish a policy called DMARC in DNS to describe your mail practices. You probably want that policy to include reporting of failures, at least initially. All that effort will be for naught if you do not restrict who can send mail through your server to just authorized users by appropriately configuring your MTA. You might look at packaged do-it-yourself solutions like https://mailinabox.email/, for guidance if not also actual implementation. As for where to host, reputation matters. In my experience reputation and cost are proportional. Lots of email providers outright block email from all of DigitalOcean's IP space, because they're the lowest-cost provider and therefore the largest source of problems, with high IP turnover. Similarly, residential IPs -- or things providers sometimes mistakenly think are residential IPs -- are blocked. I've not heard of too much trouble with RackSpace/RootBSD. Good luck!