This article will tell you how to set-up an E-Mail server and the shenanigans that come with it. Expect it to be updated whenever I find a new issue.

In today's episode, we will be setting up :

• Postfix and Dovecot to receive mail
• Spamassassin for E-Mail filtering
• OpenDKIM E-Mail signing
• A hellton of DNS records

You will need the following:

• A Debian/Ubuntu server
• The possibility to add Reverse DNS entries for your IP
• A domain name (will be phorcys.net for this tutorial)
• SSL certificates for your domain's mail subdomain

We will be using Luke Smith's emailwiz.

1. Creating a A/CNAME record for mail.phorcys.net
2. Creating a MX record pointing to mail.phorcys.net
3. Setting your IP's Reverse DNS entry to phorcys.net
4. Getting your IP off of Spamhaus PBL

All those steps are pre-install because if you do not do them, you will not be able to send mail anywhere. (if you omit the last 2, big sites like GMail, Outlook will mark your mails as spam or outright deny them)

If you are re-running emailwiz for another time, be sure to run the mailrm.sh script to purge off all failed attempts.

1. Running emailwiz

curl -LO lukesmith.xyz/emailwiz.sh
chmod +x ./emailwiz.sh
./emailwiz.sh

1. Select "Internet site" when prompted by a dialog box
2. Enter your full domain, without the mail subdomain (phorcys.net)
3. Adding the DNS records supplied by emailwiz to your domain
4. Editing the path of the SSL certificates in /etc/postfix/main.cf and /etc/dovecot/dovecot.conf
5. Adding your LAN to /etc/postfix/dkim/trustedhosts (e.g 192.168.1.0/24)
6. Enabling the mail services

systemctl stop dovecot postfix opendkim
systemctl enable dovecot postfix opendkim --now

1. If opendkim refuses to start, check if the /run/opendkim directory exists, if it doesn't, do the following:

mkdir /run/opendkim
chown opendkim:opendkim /run/opendkim

If you don't understand these steps, Luke already made a 20 minutes video of him setting up a Mail server using his script which you can watch directly from my blog, isn't technology great !?

Here are some tools you can use to verify your Mail configuration (1 & 2 are great):

• MX Toolbox
  DNS, SMTP, RBL
• AppMailDev
  DKIM, SPF
• port25.com
  DKIM, SPF
• Mail-tester
  DKIM, DMARC, SPF
• DMARC Analyzer
  DMARC, SPF
• MultiRBL.valli.org
  DNSBL, RBL, FCrDNS

In my case, this is what my DNS records ended up looking like at the end:

;; MX Records
phorcys.net.                    1	IN	MX	    0 mail.phorcys.net.

;; CNAME Record: mail.phorcys.net -> phorcys.net (they share the same IP)
mail.phorcys.net.		1	IN	CNAME   phorcys.net.


;; TXT Records
;; First is DKIM (domainkey), second is DMARC and third is SPF
mail._domainkey.phorcys.net.	1	IN	TXT     "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SfckI3h2JvPIXwekhHQR7J337dTCvDyro1n8zZeSThKLGSEeR3j449i5MPAaeQmqo3S3SMf7Y+ccHvFDqluwoRKenNJCbVCHhJx3RF4PcI16R1hsrcHc4uQOSlMHuv1HIF6KDLwgFLrJXFh3A+JDKmmkc/BGfrK2UiEudhjEeceEFL0lsLesuIK5V49B3ASVckVj7QPoft8c1BVpBOC2hSiuK44VxwE48NwNOu2E2BktxjB91Xs/hf+LVVlt8SnanjIGODZQppgflZQ4pfqbjNM+aI+Vd+g1jASIO/8vg2iWNVzMbpirLO7Nh6qb07aHc3HYNl6WlctI2z300IKSQIDAQAB"
_dmarc.phorcys.net.             1	IN	TXT     "v=DMARC1; p=reject; rua=mailto:dmarc@phorcys.net; ruf=mailto:dmarc@phorcys.net; fo=1"
phorcys.net.                    1	IN	TXT     "v=spf1 mx a:mail.phorcys.net ip4:78.198.1