jbranso
/
gnucode.me


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
							<!DOCTYPE html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><meta name="keywords" content="GNU, Emacs, Libre Software, Hurd, Guile, Guix" /><meta name="description" content="GNUcode.me is a website focusing on libre software projects, especially the GNU project." /><link type="application/atom+xml" rel="alternate" title="GNUcode.me -- Feed" href="/feed.xml" /><a rel="me" href="https://fosstodon.org/@thegnuguy"></a><link type="text/css" href="css/footer.min.css" rel="stylesheet"></link><link type="text/css" href="css/header.min.css" rel="stylesheet"></link><link type="text/css" href="css/main.min.css" rel="stylesheet"></link><title>Hosting your Own Email Part 1 — GNUcode.me</title></head><body><header><nav><ul><li><a href="index.html">GNUcode.me</a></li><li><a href="services.html">Services</a></li><li><a href="about.html">About</a></li><li><a href="business-ideas.html">Business-ideas</a></li></ul></nav></header><h1>Hosting your Own Email Part 1</h1><main><section class="basic-section-padding"><article><h3>by Joshua Branson — October 10, 2020</h3><div><p>I have wanted to host my own email for some time now.  I have not realized this
goal yet, but I am discovering that hosting your own email involves a fair
amount of different moving parts.  I have often heard from fairly technical
people that hosting your own email, is really complicated!  This post is an
explanation of what email is, and how guix system may be the best solution for
setting up email.  Please note that this is a multi-series blog post.  This is
part 1.</p><p>The <a href="https://wiki.archlinux.org">Archlinux wiki</a> is perhaps the best wiki to
help you configure software.  The <a href="https://wiki.archlinux.org/index.php/Mail_server">Mail server wiki
page</a> is a great place to
start learning about hosting your own email.  Let's start with the high level
view, as outlined by the archlinux guide.  Essentially hosting your own email
requires three bits of software:</p><ul><li>a mail transfer agent (MTA) receives and sends email  (opensmtpd)</li><li>a mail delivery agent (MDA), which gets the email from the MTA, and stores it
for a user.  (opensmtpd)</li><li>Remote users can access the emails via an MUA (mail user agent), via an IMAP
server. (dovecot)</li></ul><p>Since, guix has packaged an opensmtpd service already, I decided to use it, and
according to the arch wiki it looks like opensmtpd is an mail transfer agent and
a mail delivery agent!  So that's two of my issues sorted right there!  The last
set, which is letting remote users access the email, is handled by dovecot,
which is the IMAP email server.</p><p>By convention sending emails is done by <code>smtp.&lt;yourdomainname&gt;.com</code>, and your
mail user agent (like Mozilla's Thunderbird), retrieves your email via
<code>imap.&lt;yourdomainname&gt;.com</code>.  So I've decided get Let's Encrypt certificates
for my domain &quot;gnucode.me&quot; for the subdomains <code>smtp</code> and <code>imap</code>.  Like so:</p><pre><code class="language-scheme">(use-service-modules certbot)

(define %nginx-deploy-hook
  (program-file
   &quot;nginx-deploy-hook&quot;
   #~(let ((pid (call-with-input-file &quot;/var/run/nginx/pid&quot; read)))
       (kill pid SIGHUP))))

(service certbot-service-type
         (certbot-configuration
          (email &quot;jbranso@dismail.de&quot;)
          (webroot &quot;/srv/www&quot;)
          (certificates
           (list
            (certificate-configuration
             (name &quot;gnucode.me&quot;)
             (domains '(&quot;gnucode.me&quot; &quot;www.gnucode.me&quot; &quot;imap.gnucode.me&quot;
             &quot;smtp.gnucode.me&quot; &quot;mail.gnucode.me&quot;))
             (deploy-hook %nginx-deploy-hook))))))</code></pre><p>The <a href="https://wiki.archlinux.org/index.php/OpenSMTPD#Simple_OpenSMTPD/mbox_configuration">Archlinux opensmtpd
page</a>
has a great guide on setting up a simple mail server.  I've modified it to
deliver emails in the maildir format.</p><pre><code class="language-scheme">(use-modules (guix gexp))

(define creds
  (plain-file &quot;creds&quot;
              &quot;joshua $6$somelonghashofstrings&quot;))

(define vdoms
  (plain-file
   &quot;vdoms&quot;
   &quot;gnucode.me
gnu-hurd.com&quot;))

(define vusers
  (plain-file
   &quot;vusers&quot;
   &quot;joshua@gnucode.me  joshua
jbranso@gnucode.me     joshua&quot;)

(service opensmtpd-service-type
         (opensmtpd-configuration
          (config-file
           (mixed-text-file &quot;smtpd.conf&quot;
                            &quot;
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.
# borrowed from the archlinux guix
# https://wiki.archlinux.org/index.php/OpenSMTPD#Simple_OpenSMTPD/mbox_configuration

# My TLS certificate and key
table aliases file:/etc/aliases
pki mail.gnucode.me cert \&quot;/etc/letsencrypt/live/gnucode.me/fullchain.pem\&quot;
pki mail.gnucode.me key \&quot;/etc/letsencrypt/live/gnucode.me/privkey.pem\&quot;

table creds \&quot;&quot; creds &quot;\&quot;
table vdoms \&quot;&quot; vdoms &quot;\&quot;
table vusers \&quot;&quot; vusers &quot;\&quot;

# listen on eth0, fairly explainatory
listen on eth0 tls pki mail.gnucode.me
listen on eth0 port 465 mails pki mail.gnucode.me auth &lt;creds&gt;
listen on eth0 port 587 tls-require pki mail.gnucode.me auth &lt;creds&gt;

action receive maildir virtual &lt;vusers&gt;
action send relay

match from any for domain &lt;vdoms&gt; action receive
match for any action send&quot;))))</code></pre><p>To serve your emails via imap, you also need a program to serve those files.
Dovecot is probably one of the better ones to use.  And it is conveniently
packaged in guix!</p><pre><code class="language-scheme">(use-service-modules mail)
;; be default dovecot-service serves mail located in ~/Maildir, which is
;; what we have configured above.
(dovecot-service)</code></pre><p>Ideally the above would be enough to get you sorted, but it's not.  There are
three things you should do to make certain that your sent email is not flagged
as spam:</p><ul><li>proving you sent your email (DKIM)</li><li>Sender Policy Framework (SPF)</li><li>What should other email account do if your email fails the above two tests?
(DMARC)</li></ul><p>I found <a href="https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/">this detailed email setup
guide</a>
that I've found helpful.  Fair warning, it's like trying to drink water from a
fire hose.</p><p>The above configuration for opensmtpd is enough for me to receive emails for
joshua AT gnucode.me, but I am unable to send emails.  Also dovecot refuses to
authenticate my email client (gnus).  Fixes to those problems will appear in a
later post.</p></div></article></section></main><footer><p>© 2020 Joshua Branson.  The text on this site is free culture under the Creative Commons Attribution Share-Alike 4.0 International license.</p><p>This website is build with Haunt, a static site generator written in Guile Scheme.  Source code is <a href="https://notabug.org/jbranso/gnucode.me">available.</a></p><p>The color theme of this website is based off of the famous <a href="#3f3f3f" target="_blank">zenburn</a> theme.</p></footer></body>