Not long ago, a well-known games developer posted the following horror story:
I have used and been burned by a number of Google services over the years but certainly didn’t think that attitude would extend to GMail. Yet it apparently has, and even to high profile users, which I am not.
I’m also a bit concerned with the security and privacy implications of their business model, and I decided that it would be the right time to move my email hosting for this domain from Google to my own server, or at least one I control. It turned out to be much easier than I expected. So much so that I recommend it to nearly anyone with a bit of command line experience. I had heard good things about MailInABox and was going to use it, but discovered it didn’t support Ubuntu 20 which I had upgraded my VM to and didn’t allow configuration tweaks afterwards, which maybe I’ll want to do. So instead I used iRedMail, and it was very simple to set up all the configs, which is very impressive given that it does not then prevent modifications like the alternative.
Step 0: Get a domain if you don’t already have one. Ensure you know how to add DNS records.
Step 1: Get a VPS. You can find an endless number of providers. Just be sure to select one that gives you root access to a common-ish Linux VM.
Step 3: Run the following as root on your VM. Substitute out your own domain name (which for me was scriptjunkie.us), mail server hostname (mx) and IP address of your mail server (188.8.131.52).
#configure your hostname (mx.scriptjunkie.us on the box) and set its A record in DNS too! hostnamectl set-hostname mx.scriptjunkie.us echo mx > /etc/hostname sed -i 's/127.0.0.1/127.0.0.1 mx.scriptjunkie.us/' /etc/hosts curl https://github.com/iredmail/iRedMail/archive/1.3.2.tar.gz | tar -xvz # download iRedMail cd iRedMail-1.3.2/ bash iRedMail.sh # follow the prompts reboot # ensure all the servers running # Now make SSL work by getting lets encrypt domains and configuring monthly auto-renewal apt install certbot -y certbot certonly --webroot -w /var/www/html -d mx.scriptjunkie.us cd /etc/ssl/certs/ mv iRedMail.crt iRedMail.crt.bak ln -s /etc/letsencrypt/live/mx.scriptjunkie.us/fullchain.pem iRedMail.crt cd ../private/ mv iRedMail.key iRedMail.key.bak ln -s /etc/letsencrypt/keys/0000_key-certbot.pem iRedMail.key echo "4 8 17 * * root certbot renew -n > /root/certbotrun.txt 2>&1" >> /etc/crontab reboot
And just to be clear, here were the DNS records added:
Name: mx Type: A Address:184.108.40.206 Name: @ Type: MX Address:mx.scriptjunkie.us. Name: @ Type: TXT Address:v=spf1 mx ip4:220.127.116.11 ~all Name: dkim._domainkey Type: TXT Address:v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5MxaFFjo75ZV93SR8pCrgFhJfEvhY+q3WXrKlhtSFF/eirx1fen327ZlnSlK5mDfRr9QVCFdoqW7jr63Cqc+PdjqIjCm566FKEl2GT4U5uKnvCWZRE9z4Ed7JXlwpIwU8hugN6jnZ4n+mYL7HElNls2OlnEVtPkFHyr6DMoQ9HhfwAkQ4H4DFRdtXAOLIrOVWj2mWREAeGerMCaUZZSNk+yZWPsEh1vMj9CWKaQazSdhYufq+WBsD66GBwzEwoY+ReQMI2+AFEZ2vlxo/dm3O7oqsOHhvkArVDbcfZltt+MiKY83ACC3/gTmjdotoKm6mDT7dfK2U97Ec7w+rMZBwIDAQAB
And that’s it. Putting this blog post together took longer.