diff --git a/docs/email/running-a-mail-server.md b/docs/email/running-a-mail-server.md index f73bdbfb3aa..31cbc7a3606 100644 --- a/docs/email/running-a-mail-server.md +++ b/docs/email/running-a-mail-server.md @@ -2,80 +2,86 @@ author: name: Linode email: docs@linode.com -description: 'Our guide to running a mail server on your Linode.' -og_description: 'This guide explains how to install a mail server on your Linode and create mail accounts for your own domains' +description: 'This guide shows how to run an email server on a Linode. It shows how to install the mail service, configure components, create DNS records and SSL certificates, and manage users.' +og_description: 'Take control of your email with your own mail server. This guide explains how to install a mail server on your Linode, configure the necessary components and users, and send and receive your first emails.' keywords: ["mail server", "linode guide", "running a mail server", "Self-host Mail"] license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)' aliases: ['mailserver/'] -modified: 2017-01-17 +modified: 2018-01-23 modified_by: - name: Alex Fornuto + name: Linode published: 2013-06-05 title: Running a Mail Server --- -This guide offers an overview of installing a mail server on your Linode. This guide covers creating mail accounts, common mail server configurations, and basic overviews of tools relevant to hosting an email webserver. +This guide offers an overview of installing a mail server on your Linode. It covers mail server configuration, creating mail accounts, and basic overviews of tools relevant to hosting an email webserver. ![Running a Mail Server](/docs/assets/mail_server_tg.png "Running Mail Server") ## Should You Run a Mail Server? -First, you'll need to decide whether or not you want to run your own mail server. If you do, you'll have control over your domain's email, but you'll also have to deal with the hassles associated with setting up a complex environment of software. Using a third-party mail service is easier, but you'll sacrifice control and flexibility. In this section, we'll be discussing the benefits and drawbacks to running your own mail server, as well as how to choose an external mail service, if you decide to go that route. +If you do, you'll have control over your domain's email, but you'll also have to deal with the hassles associated with setting up a complex environment of software. Using a third-party mail service is easier, but you'll sacrifice control and flexibility. In this section, we consider the benefits and drawbacks to running your own mail server, as well as how to choose an [external mail service](#external-mail-services), if you decide to go that route. ### Benefits -If you want or need full control of your email, running your own mail server might be ideal solution. Doing so allows you to store your own email, access the mail server's logs, and access the raw email files in a user's mailbox. The benefits of running a mail server are: - -- Full control over both the server and your email -- Pick the applications you want to use, and tune them for your needs -- View logs for incoming and outgoing messages -- View logs for connection and authorization attempts from local mail clients for IMAP, POP3, and SMTP -- Mail will cost no more than the price of your Linode - -### Drawbacks +If you want or need full control of your email, running your own mail server might be ideal solution. Doing so allows you to store your own email, access the mail server's logs, and access the raw email files in a user's mailbox. -By now you know that running your own mail server isn't for the faint of heart. Setting up the software is tricky, filtering spam is a pain, and keeping everything running smoothly is challenging. You should carefully consider all of your options before deciding to run a mail server. Here are a couple of the drawbacks: +Some benefits of running a mail server are: -- Configuration is complicated -- Downtime can result in lost email -- Spam and virus filtering need to be tuned just right to block unwanted emails and allow legitimate ones -- If a spammer discovers an exploit, they could use your Linode to send spam, and your IP address could be black-listed -- No third party support to troubleshoot e-mail issues. +- Full control over both the server and your email +- Pick the applications you want to use, and tune them for your needs +- View logs for incoming and outgoing messages +- View logs for connection and authorization attempts from local mail clients for IMAP, POP3, and SMTP +- Mail will cost no more than the price of your Linode +### Drawbacks -{{< note >}} +Running your own mail server isn't for the faint of heart. Setting up the software is tricky, filtering spam can be difficult, and keeping everything running smoothly is challenging. You should carefully consider all of your options before deciding to run a mail server. Here are a couple of the drawbacks: -You're responsible for everything related to your Linode. Maintaining, upgrading, and troubleshooting the mail server is your responsibility. +- Configuration is complicated +- Downtime can result in lost email +- Spam and virus filtering need to be tuned just right to block unwanted emails and allow legitimate ones +- If a spammer discovers an exploit, they could use your Linode to send spam, and your IP address could be black-listed +- No third party support to troubleshoot e-mail issues. -{{}} +You're responsible for everything related to your Linode. Maintaining, upgrading, and troubleshooting the mail server is your responsibility. Visit Linode's [Terms of Service](/tos) for more information about acceptable use. ### External Mail Services -If the prospect of managing your own mail server is too daunting, you should consider using a third-party mail service. For a fee, these services provide managed mail servers and take care of all hosting, maintenance, and troubleshooting tasks. You won't have as much control when something goes wrong, but you also won't need to worry about the pitfalls of running a mail server. There are several third-party mail services available: +If the prospect of managing your own mail server is too daunting, you should consider using a third-party mail service. For a fee, these services provide managed mail servers and take care of all hosting, maintenance, and troubleshooting tasks. You won't have as much control if something goes wrong, but you also won't need to worry about the pitfalls of running a mail server. + +There are several third-party mail services available: -- [Fastmail](https://www.fastmail.fm) -- [Google Apps](http://www.google.com/intl/en/enterprise/apps/business/) uses the familiar Gmail interface. Check out this [guide](/docs/email/google-mail) on how to use Google Apps with your Linode. -- [Office 365](https://login.microsoftonline.com/) is the successor to Outlook.com and can support custom domains for email, amongst other services. +- [Fastmail](https://www.fastmail.fm) +- [Google Apps](http://www.google.com/intl/en/enterprise/apps/business/) uses the familiar Gmail interface. Check out our guide to [using Google Apps with your Linode](/docs/email/google-mail). +- [Office 365](https://login.microsoftonline.com/) is the successor to Outlook.com and can support custom domains for email, amongst other services. If you decide to use an outside mail service, you will still need to set up [DNS](/docs/networking/dns/dns-manager) for your mail and use the settings provided by the third-party mail service. ## How Mail Servers Work -Every mail server that lets you send and receive email with a local mail client has three separate software components - a Mail Transfer Agent (MTA), a Mail Delivery Agent (MDA), and an IMAP/POP3 server. The MTA relays mail between your Linode and the wider Internet, whether it's delivering an outside email to one of your users, or sending an email from one of your users. Accepted incoming mail gets added to the MTA's queue on the server. The MDA takes mail from the MTA's queue and saves it to individual mailboxes on your Linode. The IMAP/POP3 server manages users and their mailboxes as they check their email over IMAP/POP3 connections. +Every mail server that lets you send and receive email with a local mail client has three separate software components: -### How does it work? +* **MTA**: The *Mail Transfer Agent* relays mail between your Linode and the wider Internet, whether it's delivering an outside email to one of your users, or sending an email from one of your users. Accepted incoming mail gets added to the MTA's queue on the server. -First, an incoming message is directed to your Linode via DNS. Once it passes through the MTA and MDA, it is stored in the user's mailbox on the server. When the message is requested, the IMAP/POP3 server mediates the connection between your Linode and the user's local mail client. Outgoing mail is sent from the user's local mail client, processed by your Linode's MTA, and is then sent to its destination on the Internet. +* **MDA**: The *Mail Delivery Agent* takes mail from the MTA's queue and saves it to individual mailboxes on your Linode. -![E-mail Diagram](/docs/assets/1300-mail_server.jpg) +* **IMAP/POP3 Server**: Manages users and their mailboxes as they check their email over IMAP/POP3 connections. -## Choosing Mail Server Components +### The Mail Server Process -The next step is choosing the components for your mail server. There are several software packages that can be used as MTAs, MDAs, and IMAP/POP3 servers, and this section will present some of the most popular options. +1. An incoming message is directed to your Linode via DNS. +2. Once it passes through the MTA and MDA, it is stored in the user's mailbox on the server. +3. When the message is requested, the IMAP/POP3 server mediates the connection between your Linode and the user's local mail client. +4. Outgoing mail is sent from the user's local mail client, processed by your Linode's MTA, and is then sent to its destination on the Internet. -{{< note >}} -For the purpose of this guide, you should use Postfix as your MTA and Dovecot as your MDA and IMAP/POP3 server. These are the packages used in the guide examples. -{{}} +![E-mail Process Diagram](/docs/assets/1300-mail_server.jpg "E-mail Process Diagram") + +## How to Choose Mail Server Components + +There are several software packages that can be used as MTAs, MDAs, and IMAP/POP3 servers, and this section will present some of the most popular options. + +The examples in the [later sections](#build-your-mail-server) of this guide use Postfix as the MTA and Dovecot as the MDA and IMAP/POP3 server. ### Mail Transfer Agents @@ -83,12 +89,12 @@ MTAs are responsible for handling SMTP connections to your Linode from both outs Here are the most popular MTA services available: -- [Courier Mail Server](http://www.courier-mta.org) comes with Courier-IMAP, which is the popular part of the Courier mail server suite, but Courier-MTA also includes mail relaying features. It's a simpler MTA but somewhat limited. -- [Exim](http://www.exim.org) is modern and oriented towards flexibility. It's secure, but not quite as security-oriented as Postfix. It's very customizable, but is one of the most complex MTAs to configure. -- [Postfix](http://www.postfix.org) is part of Linode's [recommended mail server build](/docs/email/postfix/email-with-postfix-dovecot-and-mysql). It's modern, security-oriented, and very flexible. It is slightly simpler to set up than Exim. -- [Qmail](http://www.qmail.org/top.html) is a modern MTAs and supports [Maildir-style](https://en.wikipedia.org/wiki/Maildir) directories. Qmail has not received an update since 2007, but remains very popular. -- [Sendmail](http://www.sendmail.com/sm/open_source/) is a legacy MTA that has a large following and good support. -- [Zimbra](http://www.zimbra.com) is an all-in-one mail service. Zimbra offers a simple install, but few configurable options. +- [Courier Mail Server](http://www.courier-mta.org) comes with Courier-IMAP, which is the popular part of the Courier mail server suite, but Courier-MTA also includes mail relaying features. It's a simpler MTA but somewhat limited. +- [Exim](http://www.exim.org) is modern and oriented towards flexibility. It's secure, but not quite as security-oriented as Postfix. It's very customizable, but is one of the most complex MTAs to configure. +- [Postfix](http://www.postfix.org) is part of Linode's [recommended mail server build](/docs/email/postfix/email-with-postfix-dovecot-and-mysql). It's modern, security-oriented, and very flexible. It is slightly simpler to set up than Exim. +- [Qmail](http://www.qmail.org/top.html) is a modern MTAs and supports [Maildir-style](https://en.wikipedia.org/wiki/Maildir) directories. Qmail has not received an update since 2007, but remains very popular. +- [Sendmail](http://www.sendmail.com/sm/open_source/) is a legacy MTA that has a large following and good support. +- [Zimbra](http://www.zimbra.com) is an all-in-one mail service. Zimbra offers a simple install, but few configurable options. ### Mail Delivery Agents @@ -96,12 +102,12 @@ MDAs move email from the MTA's queue to individual mailbox directories within yo These are some of the most popular MDAs available: -- [Cyrus's MDA](http://www.cyrusimap.org/index.php) is part of the Cyrus IMAP/POP3 server. Cyrus is a modern, security-oriented IMAP/POP3 server designed to run on servers where users do not log in directly. -- [Deliver](http://linux.die.net/man/8/deliver) is a simple Linux mail delivery utility that is configured in the Imapd configuration files by default. -- [Dovecot's LDA](http://wiki2.dovecot.org/LDA) and [Dovecot's LMTP server](http://wiki2.dovecot.org/LMTP) are part of the Dovecot IMAP/POP3 server. Dovecot is a lightweight, modern, and configurable mail server. -- [maildrop](http://www.courier-mta.org/maildrop/) is Courier's MDA. Courier is an all-in-one mail server. -- [Postfix's MDA](http://www.postfix.org/OVERVIEW.html#delivering) is part of the Postfix MTA software. Postfix is a modern, security-oriented, flexible MTA. -- [Sendmail's MDA](http://www.sendmail.com/sm/open_source/) is part of the Sendmail MTA software. Sendmail is an older MTA that is still popular. +- [Cyrus's MDA](http://www.cyrusimap.org/index.php) is part of the Cyrus IMAP/POP3 server. Cyrus is a modern, security-oriented IMAP/POP3 server designed to run on servers where users do not log in directly. +- [Deliver](http://linux.die.net/man/8/deliver) is a simple Linux mail delivery utility that is configured in the Imapd configuration files by default. +- [Dovecot's LDA](http://wiki2.dovecot.org/LDA) and [Dovecot's LMTP server](http://wiki2.dovecot.org/LMTP) are part of the Dovecot IMAP/POP3 server. Dovecot is a lightweight, modern, and configurable mail server. +- [maildrop](http://www.courier-mta.org/maildrop/) is Courier's MDA. Courier is an all-in-one mail server. +- [Postfix's MDA](http://www.postfix.org/OVERVIEW.html#delivering) is part of the Postfix MTA software. Postfix is a modern, security-oriented, flexible MTA. +- [Sendmail's MDA](http://www.sendmail.com/sm/open_source/) is part of the Sendmail MTA software. Sendmail is an older MTA that is still popular. ### IMAP and POP3 Servers @@ -111,127 +117,147 @@ Most servers and clients support both IMAP and POP3. POP3 clients connect to the Here are the most popular IMAP and POP3 servers available: -- [Citadel](http://www.citadel.org) is an all-in-one mail service that includes mail, calendars, instant messaging, mailing lists, and other collaboration tools. It's open source and geared towards small and medium-sized organizations. Linode has guides for [Citadel on Ubuntu 12.04](/docs/email/citadel/ubuntu-12-04-precise-pangolin) and [Citadel on Debian 6](/docs/email/citadel/debian-6-squeeze). -- [Courier](http://www.courier-mta.org) has a very popular IMAP server called [Courier IMAP](http://www.courier-mta.org/imap/). It's an all-in-one mail server software suite, but Courier IMAP can be installed by itself if that's the only part you need. -- [Cyrus](http://www.cyrusimap.org/index.php) is a modern, security-oriented IMAP/POP3 server designed to work on sealed servers where users do not log in directly. -- [DBMail](http://www.dbmail.org) is an open source project that stores mail in databases instead of flat files. -- [Dovecot](http://www.dovecot.org) is a lightweight, modern, and configurable mail server, and is part of our [recommended mail server build](/docs/email/postfix/email-with-postfix-dovecot-and-mysql). -- [Xmail](http://www.xmailserver.org) is a full-featured POP3 server, but does not support IMAP. -- [Zimbra](http://www.zimbra.com) is an all-in-one mail service that's much simpler to install than other options, but less customizable. - -## Building Your Mail Server +- [Citadel](http://www.citadel.org) is an all-in-one mail service that includes mail, calendars, instant messaging, mailing lists, and other collaboration tools. It's open source and geared towards small and medium-sized organizations. Linode has guides for [Citadel on Ubuntu 12.04](/docs/email/citadel/ubuntu-12-04-precise-pangolin) and [Citadel on Debian 6](/docs/email/citadel/debian-6-squeeze). +- [Courier](http://www.courier-mta.org) has a very popular IMAP server called [Courier IMAP](http://www.courier-mta.org/imap/). It's an all-in-one mail server software suite, but Courier IMAP can be installed by itself if that's the only part you need. +- [Cyrus](http://www.cyrusimap.org/index.php) is a modern, security-oriented IMAP/POP3 server designed to work on sealed servers where users do not log in directly. +- [DBMail](http://www.dbmail.org) is an open source project that stores mail in databases instead of flat files. +- [Dovecot](http://www.dovecot.org) is a lightweight, modern, and configurable mail server, and is part of our [recommended mail server build](/docs/email/postfix/email-with-postfix-dovecot-and-mysql). +- [Xmail](http://www.xmailserver.org) is a full-featured POP3 server, but does not support IMAP. +- [Zimbra](http://www.zimbra.com) is an all-in-one mail service that's much simpler to install than other options, but less customizable. +## Build Your Mail Server ### SSL Certificate -The first step is to obtain and install an SSL certificate. An SSL certificate encrypts connections to your mail serv. It's possible to run a mail server without an SSL certificate, but it's not recommended. +An SSL certificate encrypts connections to your mail server. It's possible to run a mail server without an SSL certificate, but it's not recommended. + +Any type of SSL certificate will work, but some certificates have different degrees of trustworthiness for your users. If you want the highest level of trustworthiness, you should [purchase a signed SSL certificate](/docs/security/ssl/obtaining-a-commercial-ssl-certificate) from a reputable company. -Any type of SSL certificate will work, but some certificates have different degrees of trustworthiness for your users. If you want the highest level of trustworthiness, you should [purchase a signed SSL certificate](/docs/security/ssl/obtaining-a-commercial-ssl-certificate) from a reputable company. You can also use a free self-signed certificate if you are comfortable with the warnings it generates. You can [make your own](/docs/security/ssl/how-to-make-a-selfsigned-ssl-certificate), or, if you're following our recommended build, you can use the one that comes with Dovecot by default. Decide what type of SSL certificate you need and acquire and install it now. +You can also use a free self-signed certificate if you are comfortable with the warnings it generates. You can make your own [self-signed SSL certificate](/docs/security/ssl/how-to-make-a-selfsigned-ssl-certificate), or, if you're following our recommended build, you can use the one that comes with Dovecot by default. ### Software Installation -The second step is installing and configuring the MTA, MDA, and IMAP/POP3 server. You'll also want to install a database server like MySQL or PostgreSQL to help you manage your domains, email addresses, user credentials, aliases, etc. Providing step-by-step instructions for every possible mail server build is beyond the scope of this article. For detailed instructions, see our [Postfix, Dovecot, and MySQL](/docs/email/postfix/email-with-postfix-dovecot-and-mysql) guide. +Install and configure the MTA, MDA, and IMAP/POP3 server. To help manage domains, email addresses, user credentials, aliases, etc., install a database server like MySQL or PostgreSQL. + +For detailed configuration instructions, see our [Postfix, Dovecot, and MySQL](/docs/email/postfix/email-with-postfix-dovecot-and-mysql) guide. -{{< note >}} -We've written a variety of mail server guides, including guides for older software versions and other mail-related services. See the [Email Server Guides](/docs/email) webpage for more information. -{{< /note >}} +For more mail server guides, including guides for older software versions and other mail-related services, visit our [Email Server Guides](/docs/email). ### DNS Records -The third step is to create the DNS records, which help email reach your Linode. The right DNS records also help designate your Linode as a legitimate mail server. In this section, you'll learn how to set the appropriate MX, SPF, and PTR records for your domain and Linode. +DNS records help email reach your Linode. The right DNS records also help designate your Linode as a legitimate mail server. In this section, you'll learn how to set the appropriate MX, SPF, and PTR records for your domain and Linode. -{{< note >}} -You should lower the time to live (TTL) on your existing DNS records to the lowest allowed value at least 24-48 hours before you make any other DNS changes. That way, any changes you make later will propagate quickly. It's also a good idea to keep your old mail server running for at least 48 hours after you start directing mail to your Linode, just in case the DNS changes take a while to propagate. -{{< /note >}} +#### Time to Live (TTL) + +You should lower the Time to Live (TTL) on your existing DNS records to the lowest allowed value at least 24-48 hours before you make any other DNS changes. That way, any changes you make later will propagate quickly. + +It's also a good idea to keep your old mail server running for at least 48 hours after you start directing mail to your Linode, just in case the DNS changes take a while to propagate. #### MX Records -MX records tell the Internet where to send your domain's email. If someone sends an email to `user@example.com`, the outgoing server looks up the DNS settings for `example.com`. When it finds the MX record pointing to your Linode, it sends the message to your Linode. +MX records tell the Internet where to send your domain's email. If someone sends an email to `user@example.com`, the outgoing server looks up the DNS settings for the domain `example.com`. When it finds the MX record pointing to your Linode, it sends the message to your Linode. + +Create an MX record for each domain and subdomain for which you want to receive mail on your Linode. -You'll need an MX record for each domain and subdomain for which you want to receive mail on your Linode. You can also set multiple MX records with different priorities for the same domain. This creates fallback mail servers for your domain in case the first one on the list is down. Lower numbers have a higher priority. Your MX record has a domain or subdomain, TTL (time to live), type (which is MX), and a priority and target (can be a domain or an IP that resolves to your Linode). +You can also set multiple MX records with different priorities for the same domain. This creates fallback mail servers for your domain in case the first one on the list is down. Lower numbers have a higher priority. + +Your MX record has a: + +| **Domain** | **TTL** | **Type** | **Priority** | **Target** | +| ------------ |:--------:|:----:|:----:| ----- | +| example.com | 86400 | MX | 10 | 203.0.113.0 | A typical MX record looks like this: - example.com 86400 MX 10 example.com - example.com 86400 MX 10 12.34.56.78 - mail.example.com 86400 MX 10 12.34.56.78 +{{< output >}} +example.com 86400 MX 10 example.com +example.com 86400 MX 10 203.0.113.0 +mail.example.com 86400 MX 10 203.0.113.0 +{{< /output >}} -If you use Linode's [DNS Manager](/docs/dns-manager), you'll need to point your MX records to a target domain or subdomain that resolves to your Linode. Make sure that domain or subdomain has an A record that points to the correct IP address. +If you use Linode's [DNS Manager](/docs/dns-manager), point your MX records to a target domain or subdomain that resolves to your Linode. Make sure that domain or subdomain has an *A record* that points to the correct IP address. #### SPF Records -SPF records help establish the legitimacy of your mail server and reduce the chances of spoofing, which occurs when someone fakes the headers on an email to make it look like it's coming from your domain, even though the message did not originate from your Linode. Spammers sometimes try to do this to get around spam filters. An SPF record for your domain tells other receiving mail servers which outgoing server(s) are valid sources of email, so they can reject spoofed email from your domain that has originated from unauthorized servers. +SPF records help establish the legitimacy of your mail server and reduce the chances of *spoofing*, which occurs when someone fakes the headers of an email to make it look like it's coming from your domain, even though it didn't. Spammers may try to do this to get around spam filters. + +An SPF record for your domain tells other receiving mail servers which outgoing server(s) are valid sources of email, so they can reject spoofed email from your domain that has originated from unauthorized servers. -In your SPF record, you should list all the mail servers from which you send mail, and then exclude all the others. Your SPF record will have a domain or subdomain, TTL (time to live) type which is plain text, or SPF if your name server supports it, and text which starts with `v=spf1` and contains the SPF record settings. +In your SPF record, list all the mail servers from which you send mail, and exclude all the others. Your SPF record will have a domain or subdomain, TTL type which is plain text, or SPF if your name server supports it, and text which starts with `v=spf1` and contains the SPF record settings. If your Linode is the only mail server you use, you should be able to use the example record below. With this SPF record, the receiving server will check the IP addresses of both the sending server and the IP address of `example.com`. If the IPs match, the check passes. If not, the check will "soft fail" (i.e., the message will be marked but will not automatically be rejected for failing the SPF check). - example.com 86400 TXT "v=spf1 a ~all" +{{< output >}} +example.com 86400 TXT "v=spf1 a ~all" +{{< /output >}} -{{< note >}} Make sure your SPF records are not too strict. If you accidentally exclude a legitimate mail server, its messages could get marked as spam. Visit [openspf.org](http://www.openspf.org/SPF_Record_Syntax) to learn how SPF records work and how to construct one that works for your setup. Their [examples](http://www.openspf.org/FAQ/Examples) are also helpful. -{{< /note >}} #### Reverse DNS -If you haven't yet [set reverse DNS](/docs/hosting-website#setting-reverse-dns) for your mail server's domain or subdomain, do so now for the sake of your mail server. The reverse DNS for your mail server *must* match the hostname of your Linode. If your Linode's reverse DNS and hostname do not match, email from your server may get rejected with the warning "Reverse DNS does not match SMTP Banner." If you need to check or set the hostname, see our [Getting Started](/docs/getting-started#setting-the-hostname) article. +[Set reverse DNS](/docs/hosting-website#setting-reverse-dns) for your mail server's domain or subdomain. -## Next Steps +The reverse DNS for your mail server must match the hostname of your Linode. If your Linode's reverse DNS and hostname do not match, email from your server may get rejected with the warning "Reverse DNS does not match SMTP Banner." + +If you need to check or set the hostname, see our [Getting Started](/docs/getting-started#setting-the-hostname) article. + +## Spam and Virus Protection, Mail Clients, and More At this point, you should have a basic mail server up and running. There's a bit more to do, however, if you want to provide your users with the best possible mail experience. This includes adding spam and virus filtering to protect your users, setting up mail clients, providing a webmail solution, and adding any extras you want, such as mailing lists. -### Spam and Virus Protection +### Configure Spam and Virus Protection -Outgoing spam, or spam originating from your Linode is not good for the health of your mail server. You should take steps to ensure that your Linode is not used as an "open relay" server, which would allow anyone to send messages anywhere using your server. To prevent your Linode from being used as an open relay, make a list of allowed domains and users for your MTA, and make sure it rejects everything else. +Spam that originates from your Linode may be a violation of [Linode's Terms of Service](/tos), and may lead to your server being blacklisted by a [variety of organizations](https://mxtoolbox.com/blacklists.aspx). -There are also a few other scenarios where your server could be sending spam. Your server or an installed application might get hacked, one of your users might have a compromised account, or you may be sending out email messages that are getting marked as spam. The best way to stay on top of outgoing spam is to keep an eye on your outgoing mail logs and pay attention to bounceback errors. +Take steps to ensure that your Linode is not used as an *open relay* server, which would allow anyone to send messages anywhere using your server. To prevent your Linode from being used as an open relay, make a list of allowed domains and users for your MTA, and make sure it rejects everything else. -{{< note >}} -If you do get added to a block list, take steps to mitigate the source of the spam. Then you will have to contact the mail provider that blocked you and follow their steps to be allowed to send mail again. -{{< /note >}} +There are also a few other scenarios where your server could be sending spam. If your server or an installed application are hacked, or if a user's account is compromised, or if the emails you send are getting marked as spam by recipients. The best way to stay on top of outgoing spam is to keep an eye on your outgoing mail logs and pay attention to bounceback errors. Incoming spam can also be a problem. Spam filters help you deal with spam sent to your own users. They let you filter incoming messages based on origin, content, etc. Some spam contains viruses, which can cause more serious damage to recipients. Here are some of the most popular spam and virus filter services: -- [Amavis](http://www.amavis.org) is an open source content filter for email that integrates directly with your MTA. It does some checking on its own, and can also be used in conjunction with more robust spam and virus filters. -- [Clam AntiVirus](http://www.clamav.net/lang/en/) is a popular, free, and open-source virus scanner. -- [SpamAssassin](http://spamassassin.apache.org) is a very popular free spam filter. +- [Amavis](http://www.amavis.org) is an open source content filter for email that integrates directly with your MTA. It does some checking on its own, and can also be used in conjunction with more robust spam and virus filters. +- [Clam AntiVirus](http://www.clamav.net/lang/en/) is a popular, free, and open-source virus scanner. +- [SpamAssassin](http://spamassassin.apache.org) is a very popular free spam filter. + +#### What to do if your server has been blacklisted + +If your Linode is added to a [block list](https://mxtoolbox.com/blacklists.aspx), take steps to mitigate the source of the spam. Once mitigated, contact the mail provider that blocked you and follow their steps to be allowed to send mail again. ### Mail Clients -Mail clients are an integral part of the email experience for your users. Microsoft Outlook, Apple Mail, and Mozilla Thunderbird are all examples of mail clients. Most mail clients are compatible with most mail servers – you just need to make a note of the settings you configured on the server side, and make sure you use compatible settings on the client side. Here are some to consider: +Mail clients are an integral part of the email experience for your users. Microsoft Outlook, Apple Mail, and Mozilla Thunderbird are all examples of mail clients. + +Most mail clients are compatible with most mail servers – you just need to make a note of the settings you configured on the server side, and make sure you use compatible settings on the client side. Here are some clients to consider: -- Protocols: Choose IMAP or POP3 for receiving, and SMTP for sending. -- Encryption: Choose SSL and/or TLS encryption, based on your server settings. -- Authentication: Make sure the format of the credentials entered in the mail client matches the format expected by the server. Sometimes just the "user" part of the email address is the username, and sometimes the entire email address, including the `@` sign, is the username. You can also have usernames that are not related to their corresponding email addresses, but this is not recommended. -- Mailbox format: Make sure your users will be able to read, create, and use all of the folders they need. -- Ports: Not only do your mail client(s) and server have to work on the same ports, but your internet service provider has to allow them as well. +* **Protocols**: Choose IMAP or POP3 for receiving, and SMTP for sending. +* **Encryption**: Choose SSL and/or TLS encryption, based on your server settings. +* **Authentication**: Make sure the format of the credentials entered in the mail client matches the format expected by the server. Sometimes just the "user" part of the email address is the username, and sometimes the entire email address, including the `@` sign, is the username. You can also have usernames that are not related to their corresponding email addresses, but this is not recommended. +* **Mailbox format**: Make sure your users will be able to read, create, and use all of the folders they need. +* **Ports**: Not only do your mail client(s) and server have to work on the same ports, but your internet service provider has to allow them as well. Here are some of the typical mail ports: -- 110 for POP3 -- 995 for SSL-POP (encrypted) -- 143 for IMAP -- 993 for IMAPS (encrypted) -- 25 for SMTP (sometimes blocked by ISPs) -- 587 for SMTP (actually the preferred non-encrypted port for outgoing connections from mail clients) -- 465 for SSMTP (encrypted) +* `110`: POP3 +* `995`: SSL-POP (encrypted) +* `143`: IMAP +* `993`: IMAPS (encrypted) +* `25`: SMTP (sometimes blocked by ISPs) +* `587`: SMTP (actually the preferred non-encrypted port for outgoing connections from mail clients) +* `465`: SSMTP (encrypted) -{{< note >}} -If you're using a firewall, be sure to edit the rules for your mail server's ports. See [these instructions](/docs/securing-your-server#creating-a-firewall) for more information. -{{< /note >}} +If you're using a firewall, be sure to edit the rules for your mail server's ports. See Linode's guide to [configuring a firewall](/docs/security/securing-your-server/#configure-a-firewall) for more information. ### Webmail -Webmail is a type of mail client that can be installed on your server and accessed from a web browser. It allows your users to access their email from your website (example: `http://example.com/mail`) anywhere they have access to the internet. Running a web server is a prerequisite for running a webmail client, so you should follow the [Hosting a Website](/docs/hosting-website) guide if you want to run webmail on your Linode, in addition to installing a mail server. +Webmail is a type of mail client that can be installed on your server and accessed from a web browser. It allows your users to access their email from your website (example: `http://example.com/mail`) anywhere they have access to the internet. Running a web server is a prerequisite for running a webmail client, so follow the [Hosting a Website](/docs/hosting-website) guide if you want to run webmail on your Linode, in addition to installing a mail server. Here are some of the most popular webmail clients: -- [Mail-in-a-box](https://mailinabox.email/) is an all in one Mail option that offers a hassle-free approach to setting up a mail server the webmail component. -- [Citadel](http://www.citadel.org) is an all-in-one mail service that includes mail, calendars, instant messaging, mailing lists, and other collaboration tools. It's open source and geared towards small and medium-sized organizations. -- [Horde Webmail](http://www.horde.org/apps/webmail) is an open-source IMAP client paired with some additional functions like account management and calendars. -- [RoundCube](http://roundcube.net) is an IMAP client with modern functionality and a clean layout. -- [SquirrelMail](http://squirrelmail.org) is a solid option, but has an older user interface. -- [Zimbra](http://www.zimbra.com) is an all-in-one mail service that's much simpler to install than other options, but less customizable. - +* [Mail-in-a-box](https://mailinabox.email/) is an all-in-one mail option that offers a hassle-free approach to setting up a mail server and webmail component. +* [Citadel](http://www.citadel.org) is an all-in-one mail service that includes mail, calendars, instant messaging, mailing lists, and other collaboration tools. It's open source and geared towards small and medium-sized organizations. +* [Horde Webmail](http://www.horde.org/apps/webmail) is an open-source IMAP client paired with some additional functions like account management and calendars. +* [RoundCube](http://roundcube.net) is an IMAP client with modern functionality and a clean layout. +* [SquirrelMail](http://squirrelmail.org) is a solid option, but has an older user interface. +* [Zimbra](http://www.zimbra.com) is an all-in-one mail service that's much simpler to install than other options, but less customizable.