Want to Set Up Your Own Mail Server? Try Maddy
Introduction:
Maddy is a mail server developed in Go, easy to deploy, low in resource consumption, and suitable for personal use.
Requirements:
You need to open port 25, which can be detected on the local server with the following command:
If the port is open, you will see output like this:
If the port is closed, you will see output like this:
You can try to request to open port 25, but it's usually difficult to succeed.
Deployment Method:
Step One: Update Sources and Install Dependencies
Ubuntu/Debian:
Centos:
Step Two: Install and Configure Docker
Install Docker:
Start Docker:
Set Docker to start automatically at boot:
Step Three: Obtain TLS Certificate
Install Certbot:
Ubuntu/Debian:
Centos:
Obtain TLS certificate [remember to change to your own domain]:
Follow the prompts to get the certificate and private key, which will be stored in the /etc/letsencrypt/live/mail.example.com/ directory.
Step Four: Create Docker Data Volume
Step Five: Copy and Rename TLS Certificate
Step Six: Install and Start maddy Container
Step Seven: Configure DNS Record Resolution
Record Type | Domain | Value |
---|---|---|
A | mail.example.com | server ipv4 address |
A | example.com | server ipv4 address |
AAAA | mail.example.com | server ipv6 address (if any) |
AAAA | example.com | server ipv6 address (if any) |
MX | example.com | mail.example.com |
TXT | mail.example.com | v=spf1 mx ~all |
TXT | example.com | v=spf1 mx ~all |
TXT | _dmarc.example.com | v=DMARC1; p=quarantine; ruf=mailto:postmaster@example.com |
TXT | _mta-sts.example.com | v=STSv1; id=1 |
TXT | _smtp._tls.example.com | v=TLSRPTv1;rua=mailto:postmaster@example.com |
You also need to generate a DKIM key to configure DKIM record resolution. The specific steps are as follows:
- Start a temporary Docker container that will use the same data volume (
maddydata
) and run the DKIM key generation command.
- Then retrieve the generated DKIM DNS record from the data volume.
This will display something like v=DKIM1; k=ed25519; p=nAcUUozPlhc4VPhp7hZl+owES7j7OlEv0laaDEDBAqg=
. Add a TXT record for default._domainkey.example.com
with this content as the value.
Step Eight: Create Sending Account
Security Precautions:
- It is recommended to run your own DNS resolver with DNSSEC validation enabled.
- SMTP itself is not protected from active attacks. It is recommended to use an MTA-STS policy to force sending servers to use authenticated TLS connections when sending emails to receiving servers, to prevent active network attacks.
- It is recommended to set TLSA (DANE) records.
Related Links:
Project address: http://github.com/foxcpp/maddy
Original link:http://enblog.fuyiran.link/Technology/18.html
Copyright: All posts on this blog, unless otherwise stated, are published using theCC BY-NC-SA 4.0 license agreement. Please indicate the source for reprinting Fu Speaking (enblog.fuyiran.link)