I tried maybe 15 years ago and it went about as well as you’d expect for back then. But I’m starting to get the itch again.
Have any of you tried relatively recently? How impossible is it to get reliable deliverability to gmail and whatnot these days?
You must log in or # to comment.
I recently set up the whole stack (Postfix, Dovecot, OpenDKIM) on a VPS. I wanted to do it from home, but my ISP won’t provide a static IP or open ports 25/465/587 for consumer customers, no exceptions.
It took me about two days to get everything working, but most of that was because I went in with very little knowledge of how email even actually works. If you’re looking for a learning experience, I’d say go for it. If you just want a working email setup quickly, I wouldn’t recommend it.
I haven’t noticed any deliverability issues so far. Just make sure you have SPF, DKIM, DMARC, and PTR records all set correctly from the start.
Which VPS provider are you using? Many of them end up blacklisted for mail delivery due to spammers using them.
Yes. Just today. And every day of the last 26 years. GMail delivery is no big deal. but outlook freaks out in ways I just don’t care to solve.
Email is the hardest thing to self-host, but it’s definitely doable. You’ll need a static IP, and you’ll need to talk to your ISP to make sure outbound connections on port 25 are open.
Set up your servers and your DNS settings (another commenter gave a good guide), then use this tool to check that DKIM and SPF are working and that you’re not seen as spam with SpamAssassin:
Once that’s done, take your static IP and check it with this tool:
https://mxtoolbox.com/blacklists.aspx
If it’s on any of the lists, you’ll need to go to those lists’ sites and try to get it removed. You might need to make an email address for “postmaster@yourdomain” at this point.
Beyond that, you may need to “warm up” your IP address, by sending email to yourself on various services (Gmail, Yahoo, Microsoft) and marking them as not spam.
Then you should be golden.
I had to do this for both my SMTP servers for Port87. If you use more than one server, this process gets a little harder, so probably stick to one at first.
I’m pretty sure gmail’s filters are per-user. I’ve had it react after just one flag/unflag, and I doubt that it would do that it would only take one action to change it for everyone.
It’s more of a signal that the IP address does send trustworthy email. AFAIK, IP reputation isn’t handled on a per-user basis. Domain reputation probably is.
I use YUNOhost on a VPS and it came with email out of the box. Which is just as well because I had no previous experience self-hosting!
I think I had a couple of emails get marked as spam in the beginning but everything has been totally fine for the last 2/3 years.
If I had to make one suggestion, I would use a trusted third party to relay outbound e-mail such as AWS SES, mxroute, sendgrid, mailgun, etc. When I was looking for a job a few years ago, I found many potential employers’ systems would flag my e-mails as junk or simply delete them, and I had to revert to gmail. My second suggestion is to properly set up TLS/SSL for security, and SPF, DKIM, and DMARC for maximum deliverability. I’m currently using a deprecated application, but I’ve been testing mailcow which seems alright.
Beware that Mailgun doesn’t differentiate between transactional and marketing emails, this could hurt your deliverability.
deleted by creator
I did mailinabox for a bit. Worked well but spam made me stop.
I have been using my own email for many years (to this day). Everything is working great. The main thing is to have a static IP and be able to specify your domain in the PTR record of the ip address.
In general, you will need: postfix (https://wiki.archlinux.org/title/Postfix) OpenDMARC (https://wiki.archlinux.org/title/OpenDMARC) OpenDKIM (https://wiki.archlinux.org/title/OpenDKIM) Dovecot (https://wiki.archlinux.org/title/Dovecot) Some interface to choose from (soGO, roundcube) Maybe graylists, ClamAV, SpamAssassin, or something else to protect your mailbox from spam and viruses. And if you want filtering functionality, then you also need Sieve.
I’ve been running my own mail for 10+ years. I recommend rspamd for spam filtering. It took the place of SpamAssasin, grey listing, SPF checking, etc. All in one single system.
Thanks, I’ll give it a try sometime.
Where are you hosting your mail?
On my home server. My ISP gives me a static address and makes PTR records for only about $1.5 per month.
Lucky. I need to use an external service for 12€/month with 100Mbps and 1TB/month limits, per VPN.
How do connect to your mail’s server outside your home network?
Sorry for all the questions, I’m trying to get my DNS working with a vpn and it’s been difficult.
But in reality, this will only allow you to receive incoming mail. In order for outgoing mail to work, it is necessary that the mail server and all the strapping go through the VPS to the Internet. This requires a rather complicated configuration of iptables, and I recommend that you simply either fill up the mailer on a VPS (there will be a maximum of gigabytes of mail. it’s not that heavy), or buy a static address at home.
If you still decide to go the hard way, here’s an approximate plan for what you need to do in the spirit of iptables, because setting it up in firewalld is a real torment.:
*mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A OUTPUT -m owner --uid-owner 924 -j MARK --set-mark 0x300 COMMITwhere 924 is the postfix user ID, you may have a different number. check it out
ip route add default via 10.8.12.4 dev wg0 table 100adding the default route via the VPS address to the routing table 100. replace 10.8.12.4 with the address of your VPS and wg0 with the name of the interface for communication between the VPS and home. Then
ip rule add from all fwmark 0x300 lookup 100We are sending all packets with the label 0x300 to the routing table 100. In other words, the postfix user will have his own custom routing table via VPS.
This creates several problems due to the fact that with this configuration, it may not be possible to connect to postfix via your server’s interfaces. But in basic case all will work. Bypassing this problem will create even more complex routing rules and will generally be overkill. But if you’re interested, write to me and I’ll sign it.
If you want to be able to accept mail, you’ll need to directly expose your mail server on your public IP (router configuration required). You’ll also need to allow your server to egress your WAN as well. That being said - if you really want tighten your security, and don’t care about missing some emails, you could limit your server to seeing only those servers you know you’ll be communicating with, such as work, bank, or GMail servers only.
You can make it so that retrieving your email with your client of choice requires a VPN connection to your home network also.
Well… as I already wrote, my home server is literally on the Internet because I rent a static public IP address from the provider.
But if you have a VPS, then you just need to do port forwarding to your server with a VPS, and then add the following entries to the mx DNS server:
you.domain. 21600 IN MX 10 you.first.vps. you.domain. 21600 IN MX 20 you.second.vps.Where 10 and 20 are the server priority Or if the VPS is part of your domain then:
you.domain. 21600 IN MX 10 first.vps.you.domain. you.domain. 21600 IN MX 20 second.vps.you.domain. first.vps.you.domain. 21600 IN A 1.1.1.1 second.vps.you.domain. 21600 IN A 2.2.2.2And if you also have IPv6, you can do
first.vps.you.domain. 21600 IN AAAA fd00::1 second.vps.you.domain. 21600 IN AAAA fd00::2Where 1.1.1.1, 2.2.2.2, fd00::1 and fd00::2 are the addresses of your VPS
You also need to enter the address in the SPF:
you.domain. 21600 IN TXT "v=spf1 +mx -all"What does it mean
v=spf1 is the SPF version.
+mx – it is allowed to send mail from the IP addresses specified in the MX records of the domain.
-all – prohibits sending from any other servers (hard refusal).
Also, in order for the signature to work on the mail server, you need to make several TXT entries (for a detailed explanation, see my links about DKIM):
keyname.__domainkey.you.domain. TXT "v=DKIM1; ...%DKIM params%"and
you.domain. 86400 IN TXT "v=DMARC1...%dmarc params%"And you need ask you VPS provider set PTR for you VPS IP address with first.vps.you.domain. Or some providers access that config in web panel.
Yes. Using simple-nixos-mailserver as the foundation.
Really great experience, and have had no deliverability issues.
I would recommend something like stalwart, which is just a single binary and works. Gives you a web interface and a zonefile you can just copy paste into your DNS including all correct DMARC DKIM SPF and autodiscovery records.
Setting postfix, dovecot etc. up from scratch can be a bit time consuming and annoying.
Deliverability depends on where it is hosted, many VPC providers IP space is completely blocked in spam filters.
There are a few complete mail servers out there now that simplify everything into one package.
docker-mailserver is a great choice in my opinion.
I do it. Postfix+dovecot+spamassassin managed with ISPConfig running on a VPS. Works just fine, but my domains already have a long-ish good reputation so that may play a part on my experience. Biggest headache is to keep things running, which occasionally means jumping trough hoops microsoft(mostly) and others throw at you by flagging your server as spam for no apparent reason.
No. I do that for my job and wouldn’t do it for personal use. HA/redundancy/security is too expensive.
Yes! I started like a year ago and am very happy. I strongly recommend mox. It’s lightweight and the configuration makes it very clear how to set it up properly. I had some weird issue with sending mail to Apple accounts but (believe it or not) I reached out to Apple and they seemed to fix it.
I’m not an apple hater, but that’s kinda insane considering how hostile they are towards developers.
I have self hosted my email since 2006. I gave up on self hosting outgoing mail in 2021, but I still keep the server up for incoming mail, and still set up throwaway accounts on there.
The hard part of hosting email is getting Google and Microsoft to accept outgoing mail. Tons of businesses that do not have visibly outlook .com or gmail .com addresses are still hosted by those servers.
I had SPF, DKIM, and a static datacenter IP address with no reputation problems. I still couldn’t get through to Microsoft, not even in people’s junk mail directory, until they manually whitelisted my address. Microsoft didn’t allow them to whitelist a whole domain. Google was a little easier, but they added new demands monthly.
In 2025, I can’t get reliable delivery to gmail .com addresses even sending from a hotmail .com address in the outlook .com web interface.
