I have a raspberry pi running postfix. I Realised unless I open port 25 I absolutely cannot receive emails (I have 587 open and can send but not receive them). However I heard there are scaries online which someone could potentially send emails from your server without consent. I believe as well my ISP doesn’t block port 25. Is there anything I should do right now before opening port 25, or should everything be safe enough?
Ideally, don’t. Self-hosting email is complicated, easy to get wrong (and dangerously wrong, where people could use your server as an open relay and send spam).
That said, if you really want to, make sure you’re not accepting email except for what’s destined for you. There are a bunch of postfix best-practice guides out there that can be easily found with a Google search. I don’t host my own email, so I can’t vouch for any.
Agreed. I used to host email professionally and would not recommend managing your own mail server. It will constantly be under attack by spammers and if the inbox email address is exposed at all, soon 90% of incoming mail will be spam and you’ll need antispam software to filter it.
Not sure about you latter point tbh. I run an email server, with nothing but grey listing and spamassassin and the amount of spam is absolutely minimal.
Proper config and fail2ban easily takes care of direct attacks.
Nevertheless, I wouldn’t recommend it to anyone but the most determined.
To be fair, they said that you would need anti spam software and you do use anti spam software.
You should be aware that a large number of mail hosters will block all mail from your server merely because it is sent from a dynamic IP address.
I’ve got a domain
The domain won’t change that. Even with a static IP if it’s coming from an ISP owned up block you’re likely going to get banned. Even with reputable VPS’ it’s hard. Make sure you have DMARC, DKIM, and SPF setup, but even then almost certainly going to get banned. The big player are creating and inherent monopoly instead of improving their spam filters.
It’s time to learn the difference between a domain and a dynamic IP.
If you manage to get a good SMTP relay host or authenticated SMTP account for your outgoing email then playing around with small scale self hosting email (Granted that it is not your important daily driver email accounts) can be an interesting and fun experience. But you will have to invest some time reading and tweaking and figuring things out. Slightly comparable with installing Arch Linux. Lots of people will warn you to not do it but you might learn a few valuable things on the way there.
Avoid being an open relay indeed. Some background information : https://www.postfix.org/SMTPD_ACCESS_README.html#relay But with the defaults in postfix you should be fine unless you made a lot of changes and made a mistake in it.
IMHO a RasPi is just not reliable enough. Your internet connection is just not reliable enough. You are going to lose some of your incoming mail and NOT notice it, unless you have somebody who hosts a secondary MX for your domain.
Chances are also that it’s not powerful enough when some of these automated attacks come knocking.
If you know how to set it up, RPI can be reliable enough
Even, IMAP is TCP already, any coming mail should be cached by the router until delivered, and your router usually doesn’t loose connection as often as the connected devices
If you follow the ISPMail guide at https://workaround.org/ you’ll be safe.
I heard there are scaries online which someone could potentially send emails from your server without consent
That’s called an open relay and websites like https://mxtoolbox.com/diagnostic.aspx can test for it.
Either way your biggest issue won’t be that, if you’re running on a residential internet connection the IP is already flagged as such and will have a very low reputation with other e-mail providers causing Microsoft, Google and any other large provider will simply refuse your email. You’ll also need reverse DNS for your IP pointing at the domain you’re using that your ISP is most likely not going to provide.
What do you mean reserve DNS?
You can check for being an open relay with tools like this one: https://mxtoolbox.com/diagnostic.aspx
Thank you so much! It just tested it for me
Hi, I recommend you read the book “Run Your Own Mail Server”. The fact that a book exists for this topic is all the proof you need to not do this decision. But if you absolutely must, this is the way.
🤣
Have you ensured that your setup will pass email authentication processes?
It has been a long time since email from random hosts is accepted for forwarding or delivery. This Wikipedia may help https://en.wikipedia.org/wiki/Email_authentication
Don’t do that
too late.
