Moving Off Google

Not long ago, a well-known games developer posted the following horror story:

Moving Off Google

I have used and been burned by a number of Google services over the years but certainly didn’t think that attitude would extend to GMail. Yet it apparently has, and even to high profile users, which I am not.

I’m also a bit concerned with the security and privacy implications of their business model, and I decided that it would be the right time to move my email hosting for this domain from Google to my own server, or at least one I control. It turned out to be much easier than I expected. So much so that I recommend it to nearly anyone with a bit of command line experience. I had heard good things about MailInABox and was going to use it, but discovered it didn’t support Ubuntu 20 which I had upgraded my VM to and didn’t allow configuration tweaks afterwards, which maybe I’ll want to do. So instead I used iRedMail, and it was very simple to set up all the configs, which is very impressive given that it does not then prevent modifications like the alternative.

Step 0: Get a domain if you don’t already have one. Ensure you know how to add DNS records.

Step 1: Get a VPS. You can find an endless number of providers. Just be sure to select one that gives you root access to a common-ish Linux VM.

Step 3: Run the following as root on your VM. Substitute out your own domain name (which for me was scriptjunkie.us), mail server hostname (mx) and IP address of your mail server (104.200.137.175).

#configure your hostname (mx.scriptjunkie.us on the box) and set its A record in DNS too!
hostnamectl set-hostname mx.scriptjunkie.us
echo mx > /etc/hostname
sed -i 's/127.0.0.1/127.0.0.1 mx.scriptjunkie.us/' /etc/hosts
curl https://github.com/iredmail/iRedMail/archive/1.3.2.tar.gz | tar -xvz # download iRedMail
cd iRedMail-1.3.2/
bash iRedMail.sh # follow the prompts
reboot # ensure all the servers running

# Now make SSL work by getting lets encrypt domains and configuring monthly auto-renewal
apt install certbot -y
certbot certonly --webroot -w /var/www/html -d mx.scriptjunkie.us
cd /etc/ssl/certs/
mv iRedMail.crt iRedMail.crt.bak
ln -s /etc/letsencrypt/live/mx.scriptjunkie.us/fullchain.pem iRedMail.crt
cd ../private/
mv iRedMail.key iRedMail.key.bak
ln -s /etc/letsencrypt/keys/0000_key-certbot.pem iRedMail.key
echo "4 8 17 * * root certbot renew -n > /root/certbotrun.txt 2>&1" >> /etc/crontab
reboot

And just to be clear, here were the DNS records added:

Name:   mx
Type:   A
Address:104.200.137.175
Name:   @
Type:   MX
Address:mx.scriptjunkie.us.
Name:   @
Type:   TXT
Address:v=spf1 mx ip4:104.200.137.175 ~all
Name:   dkim._domainkey
Type:   TXT
Address:v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5MxaFFjo75ZV93SR8pCrgFhJfEvhY+q3WXrKlhtSFF/eirx1fen327ZlnSlK5mDfRr9QVCFdoqW7jr63Cqc+PdjqIjCm566FKEl2GT4U5uKnvCWZRE9z4Ed7JXlwpIwU8hugN6jnZ4n+mYL7HElNls2OlnEVtPkFHyr6DMoQ9HhfwAkQ4H4DFRdtXAOLIrOVWj2mWREAeGerMCaUZZSNk+yZWPsEh1vMj9CWKaQazSdhYufq+WBsD66GBwzEwoY+ReQMI2+AFEZ2vlxo/dm3O7oqsOHhvkArVDbcfZltt+MiKY83ACC3/gTmjdotoKm6mDT7dfK2U97Ec7w+rMZBwIDAQAB

And that’s it. Putting this blog post together took longer.

By admin