Scales Lifted?

Given how much I enjoy administering, and particularly deploying, mail servers - which is to say, not at all - I should consider using hosted email service.

But I would rather drink a broken glass milkshake than give control of my email to one of The Great Old Ones.

But perhaps there is another way:

• https://www.namecheap.com/hosting/email/
• Client Setup: https://www.namecheap.com/support/knowledgebase/subcategory/2175/private-email-client-setup/
  • Thunderbird: https://www.namecheap.com/support/knowledgebase/article.aspx/9186/2175/private-email-account-setup-in-thunderbird/

Postfix Tutorials

• RedHat: https://www.redhat.com/sysadmin/install-configure-postfix
• Linux.com: https://www.linux.com/training-tutorials/install-and-configure-postfix-mail-server/
• Postfix: http://www.postfix.org/BASIC_CONFIGURATION_README.html
• DigitalOcean: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-20-04
  • Interesting - see: sudo DEBIAN_PRIORITY=low apt install postfix

SPF DNS Entry

Traxel Settings

• IPV4: 69.10.40.10
• IPV6: fe80::d227:88ff:fe34:7999/64
• Format: v=spf1 ip4:40.113.200.201 ip6:2001:db8:85a3:8d3:1319:8a2e:370:7348 include:thirdpartydomain.com ~all

• Start with the SPF version, v=spf1.
  • Indicates that this is an SPF record.
  • Will always be spf1 as other SPF versions have been discontinued.
    • We'll only ever need 640K of RAM.
• Next, all IP addresses that are eligible to send email on behalf of your domain.
  • Space delimited
  • prefix ip[n]:
  • ip4:69.10.40.10 ip6:fe80::d227:88ff:fe34:7999
• Next comes the include statement, which lists every third party organization that sends email on your behalf.
  • Does this mean interserver? Is this the part where reverse lookups come in?
  • include:thirdpartydomain.com
• The end of the SPF record is the strictness level.
  • "-all" - strictest, fail email that doesn't come from this ip list
  • "~all" - accept but flag email from other servers
  • "+all" - anything goes
  • I'll be using "-all".

Looks like the only remaining question is the "include" tag. How do I handle the include tag and/or flag my server from the reverse lookup standpoint?

• If no include:
  • v=spf1 ip4:69.10.40.10 ip6:fe80::d227:88ff:fe34:7999 -all
  • This works. Problem solved. Grumble.
• If yes include:
  • v=spf1 ip4:69.10.40.10 ip6:fe80::d227:88ff:fe34:7999 include:systemicbias.com -all

DeadmanDAO

See DeadmanDAO_Mail_Server

IMAP Daemon

IMAP Server

apt-get install dovecot-imapd

Next should be Let's Encrypt, I think. I didn't make it to the part where I secure the service.

Cataloging Interserver v. Diffie

conf.d/10-auth.conf

$ diff interserver/dovecot/conf.d/10-auth.conf diffie/dovecot/conf.d/10-auth.conf 
8a9
> # See also ssl=required setting.
99c100
< auth_mechanisms = plain login
---
> auth_mechanisms = plain

adding "login" to Diffie.

conf.d/10-logging.conf

$ diff interserver/dovecot/conf.d/10-logging.conf diffie/dovecot/conf.d/10-logging.conf 
24c44
< auth_verbose = yes
---
> #auth_verbose = no
41c62
< mail_debug = yes
---
> #mail_debug = no

Not changing this yet, but you can tell I was having just as much fun setting up Dovecot on Interserver. :D

conf.d/10-mail.conf

$ diff interserver/dovecot/conf.d/10-mail.conf diffie/dovecot/conf.d/10-mail.conf 
30,31c30
< # mail_location = mbox:~/mail:INBOX=/var/mail/%u
< mail_location = mbox:~/mail
---
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
113c114
< # mail_privileged_group = 
---
> mail_privileged_group = mail

Interesting, but not changing yet...

conf.d/10-master.conf

$ diff interserver/dovecot/conf.d/10-master.conf diffie/dovecot/conf.d/10-master.conf 
96,98c107,109
<   unix_listener /var/spool/postfix/private/auth {
<    mode = 0666
<   }
---
>   #unix_listener /var/spool/postfix/private/auth {
>   #  mode = 0666
>   #}

seems like it could be important, leaving it for now, but may come back.

diffie does not have anything at /var/spool/postfix/private/auth, but does have other things in that directory.