How To Make Your Own Email Service For Free

How to run your own e-mail server with your own domain, part 1 — Aurich Lawson

Email is old and complex. It's the oldest still-recognizable component of the Internet, with its modern incarnation having coalesced out of several different decades-sometime messaging technologies including ARPANET node-to-node messaging in the early on 1970s. And though it remains a cornerstone of the Internet—the original killer app, really—information technology's besides extraordinarily hard to exercise right.

We most often interact with eastward-mail servers through friendly Web-based front end-ends or applications, but a tremendous amount of work goes into hiding the complexity that allows the whole arrangement to work. E-mail service functions in a poisoned and hostile environs, flooded past viruses and spam. The seemingly simple exchange of text-based messages operates nether complex rules with complex tools, all necessary to keep the poisonous substance out and the arrangement performance and useful in spite of the corruption it'due south constantly under.

From a normal person's perspective, electronic mail seems similar a solved problem: sign upwards for Internet access and your ISP gives you an eastward-postal service address. Google, Apple tree, Yahoo, or any number of other free e-mail providers will hook you up with e-mail accounts with gigabytes of space and enough of cool value-added features. Why do battle with arcane dragons to scroll your own e-mail solution?

I'll tell y'all why: considering if it's in the cloud, information technology's not yours.

From my inbox. Wrong Ken Fisher, but still creepy, Google. — Enlarge / From my inbox. Wrong Ken Fisher, but withal creepy, Google.

Considering you must rely on others for your security. Y'all take no control over who tin read your correspondence—you must allow your data to be mined and your marketing profile extracted. You won't be told if your metadata is collected or if your inbox is vacuumed up by a secret government request. You consent to exist non a client just a product, and a product has no rights.

Well, to hell with that. It's your e-mail. And nosotros're going to take it back.

This is hard and even a fleck scary...

Electronic mail is difficult. If you want an easier sysadmin project, get set a Spider web server. E-mail is a lot more complex, with many more than moving parts. On the other hand, your correspondence with others is 1 of the most personal aspects of your online life—in a medium ultimately made of text, your words are you. It's worth learning how to claw your online life dorsum from those who would data mine and monetize it.

There are pitfalls and caveats—the biggest of which is that if yous run your ain email server, you lot will be the sysadmin. The upside of this is that no bored or tired customer service rep virtually to become off-shift is going to fall for a social technology attack and reset your due east-mail password. The downside is that you are responsible for the care and feeding of your arrangement. This is not an impossible task—it's not even really difficult—only information technology is non-trivial and never-ending. Applying critical updates is your responsibility. When practice disquisitional updates come up out? That's your responsibility to proceed rail of, too.

Worst of all, if you lot screw upwards and your server is compromised or used as spam relay, your domain volition most certainly wind up on blacklists. Your ability to transport and receive electronic mail will exist diminished or perhaps fifty-fifty eliminated altogether. And totally scrubbing yourself from the multitude of e-mail blacklists is about as hard as trying to get off of the TSA'southward No Fly list.

You have been warned.

...but information technology's also worth doing

OK, that ought to be plenty to scare away the people who aren't serious. For those of you withal with me: this is going to be a hell of a lot of fun, and yous're going to learn a lot.

This is going to exist multi-function series, and here in this first role we're going to ask (and answer) a bunch of questions about how we're going to fix our electronic mail server upward. We'll also outline the applications we're going to use and talk about what they do. We expect this series will run over the course of the next few weeks; unlike our serial on setting up a Spider web server, though, you won't exist able to become started firing off e-mails after role i—y'all need the whole thing in order for it all to work right.

This certainly isn't the only DIY e-mail tutorial on the Web. If yous're eager to skip ahead and get started now, we suggest consulting Christoph Hass' fantabulous tutorial on Workaround.org—he makes many (but nowhere nigh all) of the same configuration choices that we will exist making. However, Ars wouldn't exist putting this guide together if we didn't have a few tricks up our sleeves—nosotros've been in an east-mail configuration cave for the past calendar month, and we take a lot of good information to share.

Prerequisites and assumptions—the where and the how

And then yous want your own electronic mail server. Excellent! The offset determination, earlier we even get into things similar operating systems and applications, is where you're going to put it. If yous're on a residential ISP connexion, you lot will confront a number of challenges in running an e-postal service server out of your closet. In addition to nearly certainly finding the standard prepare of electronic mail TCP ports blocked, your IP address is as well almost certainly already on ane or more blacklists in lodge to cut down on the corporeality of spam beingness spewed out by virus-infected home computers. Whether or non yous're actually spewing any spam is irrelevant—that ship has long since sailed, and residential IP addresses are almost universally considered poisoned. In that location are numerous tools you lot tin can use to see if your address is on a blacklist—make sure to check before you showtime.

If y'all merely want to mostly follow along at home with a non-functional test domain for learning, then a virtual motorcar or spare closet server will do but fine; if you desire to exercise information technology for real, y'all'll either demand to be on a business-form connexion with unblocked ports and a non-blacklisted IP accost, or you'll need a hosting service. You lot don't demand a monster dedicated server or anything, only you practice need at least a VPS you can install software on from the command line. There are many options; I always recommend A Small Orange or Lithium Hosting, but if yous're willing to sacrifice some performance, you lot can almost certainly host a pocket-sized electronic mail server on a costless Amazon EC2 instance.

You're too going to need a domain (once more, unless you're going to simply play forth and use a nonexistent exam domain), and that means you're going to need a registrar and an external DNS provider. My personal recommendations for registrars are Namecheap and Gandi.net; both took difficult anti-SOPA stances (encounter these links) and both offer ii-factor authentication options. I have used both registrars, and they are both splendid.

One of the lessons reinforced by the recent @N Twitter account theft is that y'all should segregate your online services where it makes sense to do so. A significant component of the @N compromise came from the attacker gaining access to Naoki Hiroshima'southward GoDaddy account, with GoDaddy functioning non but as his registrar but as well as the authoritative DNS source for Hiroshima's domains. Once in, the assailant was able to change at to the lowest degree one of those domains' MX records and thereby hijack delivery of that domain's e-mail.

We're going to endeavour to mitigate that specific risk past using a separate DNS provider—specifically, nosotros're going to use Amazon's Route 53 DNS service. That volition limit the amount of immediate damage an attacker can practice in the unlikely issue of a compromise at your registrar.

"Ah," you say, "simply if I use Amazon EC2 for my electronic mail server and Amazon Route 53 for DNS, then I'1000 non segregating at all!" This is true, simply Amazon gives you rich access control between unlike services; information technology's not difficult to ensure that one set of login credentials tin can but modify your EC2 server and a different prepare of credentials can only change your Route 53 DNS settings.

There are also many other DNS providers if you desire to physically distribute your eggs rather than rely on access control—and being paranoid virtually security is never unwise. For this guide, though, we'll be walking through the specific steps that I took when taking my own existing Google Apps-hosted domain and email private—that means a physical server and Route 53 DNS (which ends up costing me well-nigh $2 a month).