I want to create a full self hosted email server in my homelab. I have dell servers and host a bundle of services. I have my own webserver haproxy instance. But i cant for the life of me figure out the email server. My isp doesnt block any of the ports needed but im having troubles because i dont have a public ip for the server. I have one dynamic public ip for router. Leaving the mailserver with only a private ip. I have tried forwarding all necessary ports to no avail. Does anyone have a tutorial on how to do this?
1 Like
i use mail-in-a-box
great software
1 Like
Reverse proxy might be necessary as you are likely behind Carrier Grade NAT. Take a look at my wireguard guide and get a cheap basic 1 GB linode
Then just use a proxy on it that points through your wireguard tunnel to your server. Have DNS for your mail server point to the linode
Bare in mind you must tell linode that you will secure your own email server and not be a propagator of spam before they open email ports on their network themselves
1 Like
So there is no way to do on my own? My idp doesnt block ports. Is there no way to passthrough my nat?
Your ISP likely blocks the ports or at the very least has a policy against it. If your already using dyndns and pointing things to the right IP with your domain you bought then your ISP is filtering self hosted email out to block spam. Its easier, more reliable and more secure (wont expose your home IP) to do it via a tunnel and an edge proxy. The last thing you want is your home IP being attacked by a malicious actor.a proxy can be changed. Your home internet is a bit different and your isp wont like it either
1 Like
Sad face
Just for reference.
https
spectrumnet/support/internet/blocked-ports
Also was hoping if i got it set up i could use cloudflares proxy option.
Uhh definitely blocking email
Here there is nothing wrong with buying a vps for 5 bucks. Making an agreement and running a tunnel. Its really reliable way to do it in my experience so dont get discouraged. Just takes a bit more mcjiggery
There are a lot of people here who are skilled and willing to help so take a stab at the approach I suggested and make a thread logging what you do and if you get stumped i think plenty of people can chime in to help
If you decide to go that route and want a free month i can get you a linode referral code. So you can mess around no harm no foul and kill it after a month if you dont like it.
2 Likes
Is it only 5$ a month? And if i do it do you suggest mailcow or mailu?
1 Like
And if i decide to host other services and do the same thing is that possible for same price. Lets say i want to use the vps for email and a front facing proxy for my webserver as well. Basically use it to run anything that is public facing. And just out of curiosity why do you say they definitely block email. Am i missing something in the documentation?
1 Like
Yes sir. Look up the pricing for the shared cpu 1GB linode
I have the Linode 4 GB but thats because my needs increased
Yup many here have used a combination of my guides and wendell’s guides to do just that. @argone @regulareel @HaaStyleCat and @ucav117 all are examples.
As for mailcow vs mailu. I suggest mailcow
As for purchasing a domain name I recommend namecheap but you can use what you want to use.
For ssl cert letsencrypt is okay. I personally buy a cert from name cheap.
However you want to do it all the linode VPS is a linux image hosted in the cloud. You configure it as needed
2 Likes
Here is linodes educational blog post on proxying or hosting email through them
So just to make sure i understand. I would still be hosting the mail server at my house and just using haproxy on cloud to send traffic to my house so isp doesnt block it.
Or will the mail server actally be hosted on cloud
Either way works. Read the email article first. Youll need your MTA and MDA setup properly and your proxy setup properly.i havent written a guide on email. Others are more experienced here.
I use nginx as my reverse proxy but haproxy should support it just the same
It will take more work and a good bit of a learning curve but once its setup its set and forget. Also take notes on everything you do. They will come in handy
I would love to jusy host it on my own servers considering i have an entire rack full. And just use linode as a middle man. I will try and set it up tomorrow. When i install haproxy. The front end would listen on linode and the backend server would be my mail server. After wireguard is installed on linode and my mail server. There would be a tunnel and haproxy would send the traffic to my tunnel ip address/port
1 Like
Thats about correct but i gotta ask. Email servers require a domain name. Have your purchased one?
Yes i already have all the main ones set up. Mx autodiscovery and the other ones in mailcow prerequisite. I used cname to pount to main a record. Just have to plug in public ip when i get lenode up and goign.
1 Like
Yup, sounds like you know what your doing. Good luck. Make sure you record everything youve done to secure your email server dmark spf all the other stuff needed and linode will open up the email ports and your good to setup the proxy to do it. Im making the assumption your familiar with this stuff.
Best of luck. Hope it all works out. It is a holiday weekend so expect a bit of lag time in terms of help on the forum
1 Like
Thanks alot man. Will deffinetly be back here for help. Last question for you. When i set up wireguard instance it will be on lenode my email server passing my firewall wll together.
1 Like
Ahaha yes i thought that question would come up. So ill tell you a bit of my experience. I didnt like the bypass so i setup Wireguard on my pfsense firewall and the routing rules so any system on my home subnets could be accessed and I have granular control
That said if you want to go the simplest route a simple site to site with the end node being your email server and the host node being your linode will do just fine as well. I touch on that a bit in the guide so does wendell if you find wendells guide.
Also linode is awesome and provides a firewall (free) of their own you can put your nodes behind in addition to a firewall you can run on the proxy. I have all of that setup for redundancy purposes and safety (in case i do something retarded). @Novasty showed me it. So Skadi (my linode firewall) has been online safe guarding port rules as well as the rest of my system arch
Already use wireguard for connecting to home while awau so i think i get the jist
1 Like