Want to Set Up Your Own Mail Server? Try Maddy

Introduction:

Maddy is a mail server developed in Go, easy to deploy, low in resource consumption, and suitable for personal use.

Requirements:

You need to open port 25, which can be detected on the local server with the following command:

telnet [ip address] 25

If the port is open, you will see output like this:

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix

If the port is closed, you will see output like this:

Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

You can try to request to open port 25, but it's usually difficult to succeed.

Deployment Method:

Step One: Update Sources and Install Dependencies

Ubuntu/Debian:

apt update -y && apt upgrade -y    

Centos:

yum update -y && yum upgrade -y   

Step Two: Install and Configure Docker

Install Docker:

curl -fsSL https://get.docker.com -o get-docker.sh && sudo sh ./get-docker.sh

Start Docker:

sudo systemctl start docker

Set Docker to start automatically at boot:

sudo systemctl enable docker

Step Three: Obtain TLS Certificate

Install Certbot:
Ubuntu/Debian:

sudo apt-get install certbot

Centos:

sudo yum install certbot

Obtain TLS certificate [remember to change to your own domain]:

sudo certbot certonly --standalone -d mail.example.com

Follow the prompts to get the certificate and private key, which will be stored in the /etc/letsencrypt/live/mail.example.com/ directory.

Step Four: Create Docker Data Volume

docker volume create maddydata

Step Five: Copy and Rename TLS Certificate

cd $(docker volume inspect maddydata --format '{{.Mountpoint}}')
cp /etc/letsencrypt/live/mail.example.com/cert.pem tls_cert.pem
cp /etc/letsencrypt/live/mail.example.com/privkey.pem tls_key.pem

Step Six: Install and Start maddy Container

docker run -d --name maddy \
  -e MADDY_HOSTNAME=mail.example.com \
  -e MADDY_DOMAIN=example.com \
  -v maddydata:/data \
  -p 25:25 \
  -p 143:143 \
  -p 587:587 \
  -p 993:993 \
  foxcpp/maddy:latest

Step Seven: Configure DNS Record Resolution

You also need to generate a DKIM key to configure DKIM record resolution. The specific steps are as follows:

1. Start a temporary Docker container that will use the same data volume (maddydata) and run the DKIM key generation command.

docker run --rm -it -v maddydata:/data foxcpp/maddy:latest dkim generate example.com default

2. Then retrieve the generated DKIM DNS record from the data volume.

sudo cat /var/lib/docker/volumes/maddydata/_data/dkim_keys/example.com_default.dns

This will display something like v=DKIM1; k=ed25519; p=nAcUUozPlhc4VPhp7hZl+owES7j7OlEv0laaDEDBAqg=. Add a TXT record for default._domainkey.example.com with this content as the value.

Step Eight: Create Sending Account

docker exec -it maddy sh
maddyctl creds create postmaster@example.com
maddyctl imap-acct create postmaster@example.com

Security Precautions:

1. It is recommended to run your own DNS resolver with DNSSEC validation enabled.
2. SMTP itself is not protected from active attacks. It is recommended to use an MTA-STS policy to force sending servers to use authenticated TLS connections when sending emails to receiving servers, to prevent active network attacks.
3. It is recommended to set TLSA (DANE) records.

Related Links:

Project address: http://github.com/foxcpp/maddy