Mail Server on Docker (UPDATED)
Hosting your own email server is not a mandatory task; it increase your attack surface too. But relaying too much on big emails provider (Gmail, Outlook, Aruba, Fastmail) could be a risk for our democracy.
For instance, who decide how Spam is managed (i.e. what could be a Spam email)? Can we trust big providers? Email has legal value, and its content should stay as much as private as possible.
In the last years I used my provider to host emails, manage spam and so on. But because of COVID19 I got a lot of time to "come to basics" and I'd like to try a self-managed solution.
In this blog post I will tell you my story about self hosting a modern email server
UPDATED on 1st May 2020: Added introduction
Introduction
My current Linux provider is rock solid, and my email hosting provider has too much limits (only three accounts, very little quota and so on).When I started reading tutorials, I find them very complex: basic tutorial needs to setup a MySQL database, and overall a powerful VM was needed. Mail in a box seems a good option, but tutorial seem to have sell its soul to Gandi.net and little explanation is given if you already are hosting your domain in another way.
Also, Mail-in-a-box required a full separated Linux box, which could be a valid option if you plan to have a huge email stream (no my case by the way); in either way it seems offensive, because in 2020 I was able to run a website with email and so on with less then half the memory I have now on my box.
Also tutorial often leave you alone on spam and antivirus configuration, which is mandatory nowadays and it is the reason you will prefer relaying on another option.
So I stumbled upon this project, which seems nice done:
A fullstack but simple mailserver (smtp, imap, antispam, antivirus, ssl...) using Docker.
https://github.com/tomav/docker-mailserver
Docker mail server is nice because:
- Provide a full stack of services like antivirus and anti spam
- Can run with very little resources (512MB of RAM!) if you disable some feature.
- Provide a setup script to configure mailbox, aliases, SSL certificate and so on
- The Wiki explain you everything you need for a full customized setup
- It is currently developed and well supported.
Fighting SPAM in 2020
There are a huge set of startegies to deal with spam. The first is SpamAssassin, which detect spam based on a set of rules. Tomav docker-mailserver install also postgray:
Postgrey is a Postfix policy server implementing greylisting developed by David Schweikert.Postgray delays SPAM attacks and SPAM does not bother to send you back emails in case of a delayed refuse.When a request for delivery of a mail is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet is seen, or if the triplet was first seen, less than 5 minutes ago, then the mail gets rejected with a temporary error. Hopefully spammers or viruses will not try again later, as it is however required per RFC.
Spamhous
If in the log you seeClient host [213.142.159.42] blocked using zen.spamhaus.org;you know Spamhous ruled that email:
The Spamhaus CSS list is an automatically produced dataset of IP addresses that are involved in sending low-reputation email.Combining Postgray and Spamhous is very effective, because if you slow down the spam wave, you are able to increase likehood it is detected and marked by the other servers on the Internet
Statistics
You can configure postfix to provide you daily or weekly statistics. We used it to monitor server in day by day usage:Grand Totals ------------ messages 453 received 441 delivered 0 forwarded 0 deferred 15 bounced 164 rejected (27%) 0 reject warnings 0 held 0 discarded (0%)44757k bytes received 45240k bytes delivered 131 senders 92 sending hosts/domains 14 recipients 8 recipient hosts/domains
Ending words: how to copy your emails from your old account(s)
ImapSync is a good tool to copy your data without hassle. Give it a try.