Yup, sounds like you know what your doing. Good luck. Make sure you record everything youve done to secure your email server dmark spf all the other stuff needed and linode will open up the email ports and your good to setup the proxy to do it. Im making the assumption your familiar with this stuff.
Best of luck. Hope it all works out. It is a holiday weekend so expect a bit of lag time in terms of help on the forum
Thanks alot man. Will deffinetly be back here for help. Last question for you. When i set up wireguard instance it will be on lenode my email server passing my firewall wll together.
Ahaha yes i thought that question would come up. So ill tell you a bit of my experience. I didnt like the bypass so i setup Wireguard on my pfsense firewall and the routing rules so any system on my home subnets could be accessed and I have granular control
That said if you want to go the simplest route a simple site to site with the end node being your email server and the host node being your linode will do just fine as well. I touch on that a bit in the guide so does wendell if you find wendells guide.
Also linode is awesome and provides a firewall (free) of their own you can put your nodes behind in addition to a firewall you can run on the proxy. I have all of that setup for redundancy purposes and safety (in case i do something retarded). @Novasty showed me it. So Skadi (my linode firewall) has been online safe guarding port rules as well as the rest of my system arch
Already use wireguard for connecting to home while awau so i think i get the jist
Yup its just a really nice stateless tunnel. Lightweight and advantageously doesnt need AES-NI on devices so its got better throughput regardless if you run an ARM server or an X86-64 server architecturally speaking
You can check out the protocol if your like me and like to nerd out and understand the tech your running
Btw if you just have quick questions now and then. This thread is really good for sysadmin stuff
Anyways im exhausted. Ive got a lot of garage repair work to do tomorrow. Good luck and have fun.we do these things because they are fun
Straight up I’ve been told to take a look at this thread. Before I toss my suggestions out, if this mail server has any purpose outside of being internal only, then I suggest you start looking at paid services
Novasty has a point. Understand what your getting into. Its not to discourage you but mail servers are critical infrastructure and must be secured properly. If its for something mission critical make sure you have a reliable alternative. If its simply for a home lab its a great way to learn…
I probably should have said this but I made the assumption this was known.
The linode blog post discusses the pros and cons. Doesnt hurt to be educated on that 
Another way I’ve heard is to use Cloudflare Tunnel. They say its easier to use than Wireguard/Tailscale and Zerotier.
Ive no actual experience in using it, so far.
This is litterally an email to be used for contact fourms on website. And for internal notifications. Say info@blahblah. So when i set up services that require email address they all go to my home server. Also for alerts on my servers such as proxmox. Truenas. Stuff like that. Basically anything related to my home lab this will handle.
Can you get me the 1 month free code?
There is the one that supports the guys:
Should give 2 months free / up to $100 of use (if you are a madlad email king)
Mad lad king. Is this really that big of a project?
Ahh yes this is the one I was going to give him. Just couldnt find it on the forum laat night
Couldnt remember if it was 30 or 60 days long. Most links to include even one I could generate are 60 but ive seen 30s floating out there
No not really. Lol based on what you describe. No harm in self hosting. Just make sure you dont cause spam recirculation or linode will shut your ports back off.
Not just that youd need a new IP because every provider in the world would see that and immediately blacklist you for send and receive
No spam. Litterally plan on recieveing maybe 5 emails a week. Also. Just to explain why i use haproxy. Out of my research it is one of the most hardened proxy out there. At least what i have been told. I tried ngnix. But because i use it as a plugin on opnsense i got used to ha and stuck with it. Have a http to https redirect and i server all of my web services with ssl through lets encrypt. When i get home i will fire up lenode with wiregaurd and haproxy and do some tests. May be back here immediately for help lol. Since i will be forwarding the mail ports im guessing i would use the tcp options in ha instead of http
Either of the proxies mentioned can be equally hardened you just have to know what your doing more with nginx
What I mean is use spam assassin or whatever on your back end so your doing the bare minimum. Its horrendously easy to exploit email servers and stuff. Its why people dont do it that often and its why you hear reperpetuated “dont host your own email its a pain”. But it is doable so dont get discouraged by those not willing to do it.
Excellent then stick with what you know! A proxy is a proxy theres nothing too special between the big three; haproxy, nginx and apache. All of them can do what the other does.
Yes but there should be a mail proxy plugin just like nginx. In nginx the mail {} section is far more reliable than stream{}
Anyways im off to repair some vehicles. I think you have all you need now. Good luck
Sorry, I was being silly.
A small node will probably suffice, so over the 60 days free which Linode offer, you will have used $10 of services, well under the max.
Remember to stop and destroy the linode if you decide it is not for you before trial expires…
Sounds like a job for SimpleLogin. I suppose you only need aliasing. As for internal notification, say from proxmox or alert manager, an internal mail server is all you need, as long as you don’t want the emails forwarded to your actual email address, but just an internal one.
I haven’t used anything besides simple bare basic postfix + dovecot and Zimbra (the later is a full stack of everything you would need in a mail server). People on the internet are not very talkative about Zimbra (which is fine, given that it’s a corporate-backed open source project, people don’t typically get excited about it - or mail in general, really). I see many people being “excited” (kinda butchering the meaning, as I said, email is pretty boring) about mailcow online. Probably for good reasons. Nowadays I suggest people stay away from corporate-backed projects as much as possible (there’s no avoiding Docker or Podman, or even LXC, but if you really are hardcore about it, you use FreeBSD jails).
I wouldn’t go into self-hosting for outside internal usage, until you at least know how DNS works (and not just basic “phonebook for the internet” meaning, but the inner workings and how to set it up - although if you use a hosting platform like gandi, I believe you can set up txt records in their interface for your domain).
Lastly, while I encourage people to host their own stuff, if what you are doing is mission critical (which from what I can tell, it’s not), you can have a business account with another entity that will host your emails for you. Google Workspace and Office 365 comes to mind, but these are horrible companies with a track record living up to their bad reputation. I believe (correct me if I’m wrong) that Proton Mail and Tutanota have hosted email offerings (typically for business users). You just provide them your domain name and every email operation (send / receive) is handled by their servers.
Note that SimpleLogin aliasing has been acquired by Proton Mail. Not sure if Proton’s servers is what’s handling the aliasing, but given that the former is in France and the latter in Switzerland and that the former is still somewhat independent, that they have different servers (haven’t verified, correct me if I’m wrong). I’m mentioning this because if you plan on using email aliasing, you might have to trust Proton (if you have a problem with it, you should be informed).
Note 2: SimpleLogin is also self-hostable and it’s open source. Your own mail server can handle aliasing. Well, SimpleLogin is built on postfix and other open source mail projects, these have aliasing built-in, but SimpleLogin is more like a service for many people to use (even outsiders if you so choose), not just the admins of the mail server.
I’m personally had good luck with Mailcow, even on a home connection, but the key is going to be in how you set it up. Dynamic IPs especially have a low reputation, but it’s not impossible to get a decent reputation. I managed to get my stuff reliably delivered to Gmail and Protonmail once I’d gotten SPF, DKIM, and DMARC set up, but I had to set some relatively stringent settings for them - Mailcow’s default docs aren’t a perfect solution, though I’ll admit I can’t remember what I did (though I’m setting one up again soon, so I’ll edit/post once I get it going again!).
For hosts - DigitalOcean is decent, but you have to contact them to unblock SMTP ports if I remember correctly. AWS is also an option with an Elastic IP, but AWS comes with AWS pricing, which is a bit on the high side. OVH I’ve had luck with, but their price makes them the go-to for spam operations, so there’s a non-zero chacne you’ll get a bad IP reputation from the get-go if you’re unlucky.
One thing you definitely need for your use case as a forum emailer - make sure there’s an unsubscribe link! The testers I’ve used explicitly pointed out there wasn’t one in my test emails, so if it’s going to be sending more than a dozen emails a day, make sure there’s one in there.
Self-hosting is a pain and more people should be doing it. Good luck!