Jonathan's blog

I’ve had a server at home for years now, and I’ve also been a professional sysadmin for at least three years. I know my way around Linux pretty well and for some time I’ve run my own web server and also other services.

But one thing I’ve steered clear of until now is running my own email server.

I’ve always thought it would be fairly easy to set up, but much harder to make secure. I don’t want to receive tonnes of spam and I don’t want spammers using my SMTP server as an open relay. In the past I’ve read about building SMTP servers with sendmail, postfix and exim but there was all sorts of conflicting information when it came to integrating milters and so on. Different guides all seemed to give contradictory advice and require all sorts of strange configuration steps that I couldn’t understand.

But all that changed when I heard about ClearOS. In short, it’s a spin of CentOS which uses a custom web interface to configure various software “modules”, including things like web server, email server, firewall gateway, database server, and so on.

I installed it on a virtual machine and after only a few clicks I was running a mail server: an MX for receiving mail for my domains, an authenticated SMTP server for personal outgoing mail, and a secure IMAP server for storing and accessing my mail. The frontend sets up postfix and cyrus to do its dirty work.

For ultimate ease, users (just me, in this case) are authenticated using a local LDAP directory, rather than by using system accounts. All SSL certificates for IMAPS and HTTPS were added automatically. Email antivirus scanning is done by Amavis and spam filtering is done by Spamassassin.

I had a little bit of trouble setting up Horde to access webmail and a web interface for configuring sieve rules. By “trouble” I mean the default Apache virtual host declarations needed some changing around and some aliases adding. If you’re familiar with Apache this won’t be a problem.

There are some aspects of ClearOS I don’t like so much, and I would prefer to use CentOS. But now ClearOS has written out all my configs it should be trivial to move my new mail setup to a plain old CentOS installation, where I already run my websites from. I have definitely learnt a lot about how email works by simply reading and understanding the config files written by the frontend.

So if you want to build an email server but don’t know where to start – try ClearOS. It’s a great introduction to the “scary” parts of setting up an email server, like milters and certificates.

Chances are if you have a Linux server in your home, you’ll want it to be able to send you emails, e.g. its daily logwatch or the output from cron jobs.

But most ISPs block SMTP so you can’t directly send emails from your server to wherever they need to go, which is what the default config of sendmail does.

So you need to tell sendmail to forward its mail through something called a Smart Host, which is just an SMTP server that your ISP runs.

First, find out from your ISP what their Smart Host or SMTP server is called. This is usually available somewhere on their website.

Now open up /etc/mail/sendmail.mc for editing. Locate the following block, remove the dnl markers and change the name of the server to match your ISP’s.

dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
define(`SMART_HOST', `mail.my-isp.com')

After editing, you have to run the /etc/mail/make program to write the sendmail config file. Then restart the sendmail daemon.

service sendmail restart

Your server is now capable of sending outoing mail through an external mail server. But there’s one final tweak. Open /etc/aliases and change the very last line so that you receive root’s mail.

# Person who should get root's mail
root:           me@jonathangazeley.com