Author Topic: mail server only  (Read 3996 times)

0 Members and 1 Guest are viewing this topic.

Offline
***
mail server only
« on: March 06, 2023, 06:02:14 PM »
Thinking about running server from home and keeping mail server on small vps.

Can I use cwp with mail only?
Listen to everything Pixelpadre says.

Offline
***
Re: mail server only
« Reply #1 on: March 07, 2023, 12:15:21 AM »
Heres the scenario.  If I put all of my domains on a server in my house, how do I get to configure my email client with a server that only has one domain, that of the server itself.

I have never tried anything like this.  I do know that DNS records can be configureed to allow other domains to use the mail server.
Listen to everything Pixelpadre says.

Offline
*****
Re: mail server only
« Reply #2 on: March 07, 2023, 03:23:15 AM »
You can, for sure run a mail-only server. Probably the easiest thing would be to only allow the mail ports with CSF -- 25,465,587,110,143,993,995, as well as SSH and CWP ports. Don't allow any other standard ports (FTP, HTTP, HTTPS, etc.). And you could disable other services permanently so nothing auto-starts with the server.

And as you said, configure DNS appropriately and the MX and SPF records and you should be good.

Offline
***
Re: mail server only
« Reply #3 on: March 07, 2023, 12:25:17 PM »
You can, for sure run a mail-only server. Probably the easiest thing would be to only allow the mail ports with CSF -- 25,465,587,110,143,993,995, as well as SSH and CWP ports. Don't allow any other standard ports (FTP, HTTP, HTTPS, etc.). And you could disable other services permanently so nothing auto-starts with the server.

And as you said, configure DNS appropriately and the MX and SPF records and you should be good.

I don't know how to work around the rsa keys for each domain with a dkim generated by cwp.   I am thinking that we are going to have to add fake domains to cwp so that cwp will auto generate dkim records as it does under normal configurations.  Follow?
Listen to everything Pixelpadre says.

Offline
*****
Re: mail server only
« Reply #4 on: March 07, 2023, 03:27:58 PM »
From my experience, a valid FQDN and rDNS are the paramount factors for mail delivery, as well as proper SPF records. DKIM is spottily applied out there and not as well understood, so it doesn't tend to be a make-or-break factor for successful delivery. But if your mail server is on a dynamically assigned IP block, you will tend to be blocked by various DNSBL, so hopefully you are looking to do this on a static IP address and can get rDNS assigned by your provider.

Offline
***
Re: mail server only
« Reply #5 on: March 08, 2023, 01:22:39 AM »
From my experience, a valid FQDN and rDNS are the paramount factors for mail delivery, as well as proper SPF records. DKIM is spottily applied out there and not as well understood, so it doesn't tend to be a make-or-break factor for successful delivery. But if your mail server is on a dynamically assigned IP block, you will tend to be blocked by various DNSBL, so hopefully you are looking to do this on a static IP address and can get rDNS assigned by your provider.

Yes the rDNS is the trick here. 
Listen to everything Pixelpadre says.

Offline
*****
Re: mail server only
« Reply #6 on: March 09, 2023, 09:17:02 AM »
I can't stress enough how important rDNS is for mail delivery. I moved a VM from one co-located server to another. One static IP to another. The move went off without a hitch and updating the server's internal IP references and the new IP in the DNS let it takeover service. But mail delivery was significantly hampered for several days until the network engineering could get a valid rDNS (PTR record) in place. Every bounce or deferred message in the mail queue was pertaining to rDNS. Once the rDNS was set, mail began to flow normally.

Offline
***
Re: mail server only
« Reply #7 on: March 09, 2023, 12:25:11 PM »
I get nightly forensic reports from google on my spf and dkim records.  They are always positive.  Google pays close attention to both of these records.

But I still have the question of how do I set up individual emails on the mail server without domains on the same server:

info@domain1.com
info@domain2.com
info@domain3.com

etc etc.
Listen to everything Pixelpadre says.

Offline
***
Re: mail server only
« Reply #8 on: March 10, 2023, 04:06:46 PM »
I get nightly forensic reports from google on my spf and dkim records.  They are always positive.  Google pays close attention to both of these records.

But I still have the question of how do I set up individual emails on the mail server without domains on the same server:

info@domain1.com
info@domain2.com
info@domain3.com

etc etc.

You will have to create a domain in order to create emails for those domains. After that, just don't point any DNS A-record to this server.
Block http/https ports with firewall as well if you like to completely block them.
« Last Edit: March 10, 2023, 04:08:27 PM by iraqiboy90 »

Offline
*****
Re: mail server only
« Reply #9 on: March 11, 2023, 10:35:24 AM »
Be aware that if you are using LetsEncrypt for SSL cert generation, AutoSSL defaults to HTTP authentication (/.well-known/acme-challenge/). So if you lock down HTTP/HTTPS, you would have to choose another authenticator. On one server, I am using authenticator = dns-cloudflare and it works flawlessly with their token authentication.

Offline
***
Re: mail server only
« Reply #10 on: March 13, 2023, 11:15:08 PM »
I get nightly forensic reports from google on my spf and dkim records.  They are always positive.  Google pays close attention to both of these records.

But I still have the question of how do I set up individual emails on the mail server without domains on the same server:

info@domain1.com
info@domain2.com
info@domain3.com

etc etc.

You will have to create a domain in order to create emails for those domains. After that, just don't point any DNS A-record to this server.
Block http/https ports with firewall as well if you like to completely block them.

OK thats what I was suggesting in my post.  Just create the fake domains so that the mail server can create email accounts.  TY
Listen to everything Pixelpadre says.

Offline
***
Re: mail server only
« Reply #11 on: March 14, 2023, 04:18:59 PM »
oh wait, I havnt though about the part of SSL renewal. I think this CWP process needs those http ports open? and even possibly requiring correct DNS configuration to the same server.

On my server, I have not installed individual email SSL certificates for each domain. What I have done is to let all email account use the same smtp/imap hostname which is the same address as the server hostname/URL. This way I only need to renew the SSL for the hostname instead of all of them. This way, you may also create a script that will manually renew the certificate without using http-verification method

Offline
***
Re: mail server only
« Reply #12 on: March 14, 2023, 06:18:47 PM »
I think that was my plan.  Modify the spf record for the host to allow all of my domains.
Listen to everything Pixelpadre says.

Offline
*****
Re: mail server only
« Reply #13 on: March 18, 2023, 03:16:26 AM »
This way, you may also create a script that will manually renew the certificate without using http-verification method
Under a normal system, you would look at /etc/letsencrypt/renewal/domain.com.conf
and you set 
Code: [Select]
authenticator = dns-cloudflareand it works flawlessly with their token authentication. No need for a custom renewal script, in my experience. Under CWP, it looks as though you would need to edit:
Code: [Select]
/root/.acme.sh/cwp_certs/www.domain.com/www.domain.com.conf
/root/.acme.sh/cwp_certs/www.domain.com/www.domain.com.csr.conf

Offline
*
Re: mail server only
« Reply #14 on: May 15, 2023, 11:51:38 AM »
Yes, you can definitely use CentOS Web Panel (CWP) for managing your mail server on a small VPS. CWP provides a user-friendly interface and robust features specifically designed for managing mail services. It allows you to easily configure and manage various aspects of your mail server, such as domains, mailboxes, spam filters, and more. So, if you're looking to run your server from home while keeping your mail server on a separate VPS, CWP can be a suitable choice for managing your mail services efficiently.