Before diving deeper, a preface.
This article will not be discussing how to set up a mail server. Mostly. Instead I’m going over some of the complications that can arise after you have the mail server set up with receiving mail to the domain(s) the server hosts. You’ll need to go elsewhere if you’re expecting a tutorial on setting up and configuring a mail server.
Before continuing, let me explain my setup so you can understand where I’m coming from and going:
- Mail server: virtual machine with 2 cores, 2GB RAM, Ubuntu 18.04
- Software: iRedMail
- Port forwarding: random port number -> port 25 on mail server
- DNS name: NoIP dynamic DNS hostname, dynamic IP address
Assumptions
From here I’ll presume you have a similar starting point to me, that you:
- own one or more domains which may or may not already receive mail through the domain registrar or other service
- want to spin up your own mail server to receive that e-mail to your home network
- have a typical home Internet broadband connection with a dynamic IP address
- have a dynamic DNS name to point to your home network
If you are not already signed up for a dynamic DNS service, do that first before setting up a mail server. I recommend signing up for one that your router directly supports. I use NoIP, and I also pay the $25/yr subscription fee to make things easier.
What I won’t cover
For the sake of brevity, I won’t be delving into setting up and administering a mail server. As I said above, you’ll need to go elsewhere to find that information. There are also several “distributions” – e.g. iRedMail, Mail in a Box, etc. – that can handle much of the dirty work for you, all of which have their own steps for setup and administration.
Basically setting up the mail server is on you. All I’m discussing herein is what you need to do once the server is set up on your home network, with a dynamic IP address, so you can receive mail to it. Since plenty of other articles say you can’t.
Set up a self-hosted VPN
Allow me to establish one additional prerequisite: set up a self-hosted VPN. OpenVPN is one of the more popular packages available for that, and I also have a guide on how to run that in a Docker container if you’re so inclined. Others have set it up to run on a Raspberry Pi. One of my coworkers uses ZeroTier and he seems to like it.
Having the self-hosted VPN means you only need to expose the SMTP port through your router’s port forwarding. You would then access your e-mail by connecting to the mail server through the VPN connection or an SSH tunnel when you’re away from home. Which will provide an additional safeguard for your e-mail.
Overall order of operation
Again, you should already have the mail server set up, with the domains and e-mail accounts configured. So now you need to make it so you can receive that mail on your home network through your dynamic DNS hostname.
- Pick a random port number to map to port 25 on the mail server
- Sign up for a mail relay service (more on this later)
- Modify the DNS settings for your domain for the mail relay service
- Wait a little for the settings to propagate
- Send test e-mails to verify everything is working
- Profit!!!
Random port number? Mail relay service?
By now hopefully you’ve already looked into what is required to establish a mail server for your domain(s). So you should’ve encountered explanations for the DNS entries, in particular how to configure the DNS entries to avoid other mail servers refusing to talk to yours.
Specifically, the “reverse DNS” entry for your mail server’s host name. Which is impossible to create for a dynamic IP address. And with a static IP address, you probably have to jump through a ton of hoops with your ISP.
Mail relay services avoid this complication, accepting the mail for your domain(s) and relaying it to another mail server. They are advertised as allowing you to bypass your ISP blocking port 25, allowing you to host your mail server on a port other than port 25. This should also be coupled with a backup service that retains e-mails for a period of time, in case your mail server can’t be reached for some reason, to avoid e-mails being rejected or black-holed.
Your dynamic DNS service provider may already have this available. NoIP has Mail Reflector for $100/yr per domain. Dynu, on the other hand, has an Email Store/Forward service for $10/yr per domain. The latter is what I currently use, and it works well.
While you don’t need to use a port than 25, I’d highly recommend doing so since the relay service allows for it. I’ll just reiterate what I said in my OpenVPN guide (linked above):
In general, when exposing services where they are accessible outside your network, you want to avoid using default port numbers. Either configure the service to use a different port number, or use the port forwarding on the router to provide a different port number.
Port forwarding for mail relay
So with that explanation out of the way, it should be clear how to expose the mail server via port forwarding. The order of operations means you
- select a random port number for port forwarding
- set up port forwarding: [random port number] -> port 25 on mail server
- set up the mail relay -> [dynamic DNS host name]:[random port number]
- DNS “MX” entries for your domain -> mail relay service
- Profit!!!
Finishing up
So now with everything set up the way you need, send some test e-mails to make sure everything is getting through.
One thing to note: it will take several days for the updated DNS entries to propagate around the world due to DNS server caching. So you may need to continue to check your e-mail through any previous mail hosting service until you confirm all e-mails are no longer being sent there. If you’re planning to transfer domain registrations to another provider, hold off for a few days before initiating the transfer if there are any frequently-used e-mail addresses involved.
And another point: if you use iRedMail, turn off greylisting. If you use another distribution, determine how to disable greylisting with it. Or at least figure out how to whitelist the mail relay service you choose. If you don’t, it’ll take multiple tries for the relay service to get the mail to your system. Turning off greylisting or whitelisting the mail relay service will avoid this.
One additional complication
Mail server blacklisting is something else you need to keep in mind. This doesn’t stop you from receiving mail, since it will be going through a mail relay service. But it might keep you from being able to send messages to some recipients.
As part of an effort to combat spam and scam e-mails (such as this and this), mail transport agents may be blacklisted. It’s up to every mail server administrator as to whether those blacklists will be honored – it should be off by default. And this isn’t an issue exclusive to residential Internet IP addresses. I encountered it with my previous web hosting provider when I tried to forward a phishing e-mail to SunTrust Bank.
So if you find that e-mails you are sending are routinely being rejected, check your IP address and dynamic DNS hostname and domain through MXToolbox to determine if it’s been blacklisted. You may need to sign up for an outbound mail relay service to bypass this.
An example is Yahoo!. Several months after this article initially went live, my wife and I started shopping for a house. With one home we found, I was attempting to contact the real estate agent representing the property and sellers. The contact e-mail through her realtor’s domain could receive e-mail from my home mail server without issue. That address was set up to forward her e-mail to her personal Yahoo! account. If I tried to reply directly to her Yahoo! address, the e-mails did not go through.
So to end that frustration, I set up outbound mail relay through Amazon’s Simple Email Service and configured my server appropriately while we were still in talks on the home (which we did buy!) and getting everything figured out. Amazon SES has the benefit of a very, very low to practically no cost if you don’t send or receive much e-mail.
Conclusions
So contrary to a LOT of articles, it is possible to host a mail server on your home network. It just requires the additional mail relay service to make it all work, to bypass the “reverse DNS” complication.
It just typically isn’t recommended that you set one up since Internet mail servers can be complicated to set up and administer. But much like web servers, generally once they’re configured, you should only really need to touch it for software updates.