Production guide

[mrbluecoat]

This was a great solution for a specific use case of mine. Thanks!

In case others need some setup help, here are the steps I took (replace 11.22.33.44, mydomain.com, and 55.66.77.88 with your values):

# Purchase a cloud server that supports email (port 25) and a static IP address -- in this example guide we'll use 11.22.33.44

# Purchase a domain for your mail server -- in this example guide we'll use mydomain.com

# In the domain's DNS settings area, delete all records and then create:
#   A record:
#      Host = leave blank to create a record for the root domain
#      Answer = 11.22.33.44
#      TTL = 600
#   MX record:
#      Host = leave blank to create a record for the root domain
#      Answer = mydomain.com
#      TTL = 600
#      Priority = 10

# Wait for DNS to propagate (can take up to a day), then run these tests on your cloud server to verify
sudo apt install -y dnsutils
dig @1.1.1.1 mydomain.com a                    # should return 11.22.33.44
dig @1.1.1.1 mydomain.com mx                   # should return: mydomain.com.  600  IN  MX  10 mydomain.com.

# SSH into the cloud server to set up TMail

sudo apt update && sudo apt install -y git golang-go make curl jq iptables iptables-persistent netfilter-persistent nginx snapd

mkdir /tmp/go && export GOPATH=/tmp/go
go get -u -d github.com/mgerb/tmail

cd /tmp/go/src/github.com/mgerb/tmail/
sed -i 's/0.0.0.0/localhost/' webserver/webserver.go  # see https://github.com/mgerb/tmail/issues/1
go mod init tmail
go mod tidy
rm -f Gopkg.lock Gopkg.toml
make linux
cp build/tmail-linux /usr/local/bin/tmail

cd /tmp
cat > tmail.service <<EOF
[Unit]
Description=TMail Service

[Service]
Restart=always
RestartSec=1
Environment="GIN_MODE=release"
ExecStart=/usr/local/bin/tmail

[Install]
WantedBy=default.target
EOF

sudo mv tmail.service /etc/systemd/system/

sudo systemctl start tmail && sudo systemctl enable tmail
sudo systemctl status tmail

# send a test email to your server, then verify it arrived:

curl -s localhost:8090/api/mail | jq .[0]

# prevent DOS (if a source sends more than 20 emails per minute, block them)

sudo su -

iptables -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 --name DEFAULT --rsource -j DROP
iptables -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --set --name DEFAULT --rsource
ip6tables -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 --name DEFAULT --rsource -j DROP
ip6tables -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --set --name DEFAULT --rsource

iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6

systemctl start netfilter-persistent && systemctl enable netfilter-persistent

exit

# set up NGINX to allow whitelisted API access (replace 55.66.77.88 with your remote client IP address that is allowed to query the API)

echo 'TMail' > /var/www/html/index.html

cat > /etc/nginx/sites-enabled/default <<EOF
server {
    listen 80;
    server_name mydomain.com
    root /var/www/html;
    index index.html;
    location / {}
    location /api/mail {
        allow 55.66.77.88;
        deny all;
        proxy_pass http://localhost:8090;
    }
}
EOF
sudo systemctl reload nginx

sudo snap install core
sudo snap refresh core
sudo apt remove -y certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx

curl -s https://mydomain.com/api/mail | jq .[0]

[mgerb]

Thanks for the info! I added a link in the readme.