Start by going to your DNS provider (often your domain name registar) and adding an MX record pointing to your VPS host name. If you only have one mail server, you can arbitrarily assign it a preference of 10.
To allow for the possibility of sending and receiving encrypted mail, we will start by installing the GPG software and generating a public-private key pair:
sudo apt-get install haveged sudo apt-get install gnupg2 gpg2 --gen-key
When
--gen-key
runs, you can use the defaults: RSA, 2048 bits, and 0 expiry. Enter your real name, your email address (userid@yourdomain.com, though it will not exist as an email account at this point), and leave the comment blank. When prompted, enter a passphrase that will protect access to your private key.
Install the Mutt mail client:
sudo apt-get install mutt
(Depending on your operating system, you may be asked to configure Postfix at this point. Since we are not using Postfix, ignore any prompts and set the configuration to “No configuration” if necessary.)
Copy the sample GPG parameters to your home directory:
cp /usr/share/doc/mutt/examples/gpg.rc .gpg.rc
Edit your personal Mutt configuration file:
vi .muttrc
Here is a Mutt configuration file you can use to get started (and which you can change as you learn more about Mutt):
set mbox_type=Maildir set folder="~/Maildir" set mask="!^\\.[^.]" set mbox="~/Maildir" set spoolfile="~/Maildir" set sort=reverse-date-received set sort_aux=reverse-date-received set editor="vim" source ~/.gpg.rc set pgp_autosign=yes set pgp_replyencrypt=yes set pgp_replysign=yes set pgp_replysignencrypted=yes
Edit the global colors file:
sudo vi /etc/Muttrc.d/colors.rc
Substituting “default” for “black” improves the appearance of Mutt:
Esc:%s/black/default/g
Open the firewall to allow mail in through port 25:
sudo iptables -A INPUT -p tcp --dport 25 -j ACCEPT sudo dpkg-reconfigure iptables-persistent
Install Exim4, which we will use instead of Postfix:
sudo apt-get install exim4
Configure Exim4:
sudo dpkg-reconfigure exim4-config
Answer the questions as follows:
- General type of mail configuration: internet site
- System mail name: yourhost.yourdomain.com
- IP-addresses to listen on for incoming SMTP connections: 127.0.0.1, then a semicolon, then your VPS public IP address
- Other destinations for which mail is accepted: yourdomain.com (i.e., without hostname prefix)
- Domains to relay mail for: leave blank
- Machines to relay mail for: leave blank
- Keep number of DNS-queries minimal: No
- Delivery method for local mail: Maildir format in home directory
- Split configuration into small files: No
- Root and postmaster: put your user id here
Make a certificate to allow Transport Level Security (TLS) for mail delivery:
sudo bash /usr/share/doc/exim4-base/examples/exim-gencert
You will be prompted for country code (2 letters), state or province name, locality name, organization name, organizational unit name, server name (e.g. yourhost.yourdomain.com — required), and your email address.
Edit the Exim4 configuration file:
sudo vi /etc/exim4/exim4.conf.template
Find the line that says:
.ifdef MAIN_TLS_ENABLE
and just before it, insert a new line that reads:
MAIN_TLS_ENABLE = yes
Find the
REWRITE CONFIGURATION
section:###################################################################### # REWRITE CONFIGURATION # ###################################################################### begin rewrite
Just after
begin rewrite
, insert a new line:*@*.yourdomain.com $1@yourdomain.com
(This causes Exim4 to omit your hostname, and just put your domain name, when sending mail.)
Restart Exim4 for all these changes:
sudo service exim4 restart
Once your DNS changes have had time to propagate (usually 24 hours is enough), test your mail server is set up properly by opening a browser and going to: