I have a raspberry pi running postfix. I Realised unless I open port 25 I absolutely cannot receive emails (I have 587 open and can send but not receive them). However I heard there are scaries online which someone could potentially send emails from your server without consent. I believe as well my ISP doesn’t block port 25. Is there anything I should do right now before opening port 25, or should everything be safe enough?
Avoid being an open relay indeed. Some background information : https://www.postfix.org/SMTPD_ACCESS_README.html#relay But with the defaults in postfix you should be fine unless you made a lot of changes and made a mistake in it.
Ideally, don’t. Self-hosting email is complicated, easy to get wrong (and dangerously wrong, where people could use your server as an open relay and send spam).
That said, if you really want to, make sure you’re not accepting email except for what’s destined for you. There are a bunch of postfix best-practice guides out there that can be easily found with a Google search. I don’t host my own email, so I can’t vouch for any.
Agreed. I used to host email professionally and would not recommend managing your own mail server. It will constantly be under attack by spammers and if the inbox email address is exposed at all, soon 90% of incoming mail will be spam and you’ll need antispam software to filter it.
Not sure about you latter point tbh. I run an email server, with nothing but grey listing and spamassassin and the amount of spam is absolutely minimal.
Proper config and fail2ban easily takes care of direct attacks.
Nevertheless, I wouldn’t recommend it to anyone but the most determined.
You can check for being an open relay with tools like this one: https://mxtoolbox.com/diagnostic.aspx
You should be aware that a large number of mail hosters will block all mail from your server merely because it is sent from a dynamic IP address.
The domain won’t change that. Even with a static IP if it’s coming from an ISP owned up block you’re likely going to get banned. Even with reputable VPS’ it’s hard. Make sure you have DMARC, DKIM, and SPF setup, but even then almost certainly going to get banned. The big player are creating and inherent monopoly instead of improving their spam filters.
If you manage to get a good SMTP relay host or authenticated SMTP account for your outgoing email then playing around with small scale self hosting email (Granted that it is not your important daily driver email accounts) can be an interesting and fun experience. But you will have to invest some time reading and tweaking and figuring things out. Slightly comparable with installing Arch Linux. Lots of people will warn you to not do it but you might learn a few valuable things on the way there.
Have you ensured that your setup will pass email authentication processes?
It has been a long time since email from random hosts is accepted for forwarding or delivery. This Wikipedia may help https://en.wikipedia.org/wiki/Email_authentication
