What equipment would you buy? Would you buy 1U rack servers and put them in a rack case? Perhaps place a case itself in a large safe to protect from fire and intruders?
What distro would you use?
What sort of disks would you select?
And how about the in/out email stack itself? What's the most performant/consistent/private way to run your own SMTP and IMAP servers?
It runs Postfix, Dovecot, Amavis/SpamAssassin and OpenDKIM on top of Debian Jessie.
The mail is stored on a single internal M.2 SATA SSD. It is encrypted using LUKS. (I have backups of course). Also, all of my incoming mail is encrypted with GnuPG on the way in (2)
My backup MX is a Digital Ocean box in a different country. Because my primary MX is on the end of a residential ISP IP address, it does not have good reputation (even though it is static). So for outgoing mail, I route over a VPN and out via my backup MX. Unless it is over IPv6, in which case it is routed via my free Hurricane Electric IPv6 tunnel (3)
(1) http://www.intel.nl/content/dam/www/public/us/en/documents/p...
(2) https://grepular.com/Automatically_Encrypting_all_Incoming_E...
(3) https://tunnelbroker.net/
As others have said, a 'clean' IP seems quite important. I've had emails disappear into Google's spam filters despite working previously, as reported by many here[0].
Was tempted by Virtualmin but went with the manual config in the end. Am receiving multiple domains on one server, so it has been a learning curve. Not convinced I've 'learned' a great deal particularly. At least a slightly clearer understanding of the moving parts involved. That's Postfix, Dovecot and Spamassassin, btw. All served over SSL/TLS only, i.e. only IMAPS is enabled in Dovecot.
Tempted to start encrypting all mail as it arrives on the server with GPG, as per Mike Cardwell's advice[1], although I'd have to use mailgate[2,3] with Postfix instead of Mike's Perl script for Exim. I'm also not sure how that would work with search, spam and such. Perhaps it's better to delete mail regularly, saving any files and details needed locally.
Had a slight edge-case issue arise recently - my phone battery died and I didn't have my machine so my mail was inaccessible until home. I've refrained from enabling webmail and think I'll keep it that way for now. Just make sure I have 'a device' with the credentials saved on it on my person when required.
--
[0] https://news.ycombinator.com/item?id=9150927
[1] https://grepular.com/Automatically_Encrypting_all_Incoming_E...
[2] http://andsk.se/tag/gpg-mailgate/
[3] https://github.com/uakfdotb/gpg-mailgate
I turned on "sieve_extprograms" inside Dovecot, dropped gpgit.pl into the correct directory, and now I just add stuff like this to my .sieve file:
filter "gpgit" ["--encrypt-mode", "prefer-inline", "mike.cardwell@example.com"];
I'd probably use CentOS 6 (avoiding systemd) with full disk encryption, and either a RAID10 of some good-performing normal disks, or RAID1 of SSDs.
I'd put a backup MX on a VPS somewhere, preferably in a different location to act as a store-and-forward to my main MX. This one will need to have a copy of the user map to avoid the "accept any" backscatter problem backup MXes have.
Postfix as the mail server; Dovecot for IMAP. Make sure it uses Maildir for storage (unless you're going SQL) as mbox is a horrible format that needs to die. Use SpamAssassin, and reject any mail from IPs listed on Spamhaus.
Truthfully though, I use a server in a datacentre for a reason - because home connections just aren't reliable enough and the ISPs can't be trusted (I can make sure I only send mail over TLS, but not that other people will only send their inbound mail into my server over TLS), and I wouldn't trust a consumer ISP not to suddenly try some kind of fuckery like blocking SMTP ports. Linode would get my recommendation, they are great value, have good performance for a cheapish VPS, and great uptime.
I don't have the necessary background to set up a mail server and all the attendant pieces all by myself but I've set up a perfectly acceptable mail server (with spam filter, AV etc) numerous times using iRedmail.
Did it on Ubuntu 12.4 (which was the stable release at the time) in a Xen server VM, because why tie up a whole physical server just for email? But now I'm a big fan of ZFS for RAID implementation so if I was doing it again I'd go that way instead (because I never could get ZFS to work under Zen)
It was a just to see if I could do it thing. I don't handle nearly enough email to justify the effort to maintain a mail server. Besides, gmail is amazing at filtering spam.
Ars Technica has a great 4-part guide [3] on setting up a mailserver yourself.
[1] https://mailinabox.email/
[2] https://github.com/al3x/sovereign
[3] http://arstechnica.com/information-technology/2014/02/how-to...
I like to decouple email storage from my email client, so I can switch clients at will as long as they support IMAP.
Linode, for example, has upgraded me in memory, space and bandwidth at least twice, and recently did a hardware upgrade. Not that you have to go with Linode specifically, just, when will you ever give yourself a free upgrade on your home hardware?