Liberty Bell Jerseys

View Original

Email!

We have a new email address! With our own domain! Hooray!

But why? Gmail is free and all, right?

Yup. Gmail is free and easy and convenient and makes all of your email problems seem to disappear. You don’t have to worry about spam or whatever, but you also are tied to a gmail.com address. I didn’t want that. I own the libertybelljerseys.com domain - I should use it!

I’ll put this out here first - this will be a technical narrative with lots of jargon. So for those not interested in that, here’s the tl;dr:

Contact us at our new email, contact@libertybelljerseys.com!


The background

For those that don’t know, I have a background in IT - mainly on security and reliability. Projects like “setting up your own email server” are pretty small in the scope of what I do on a normal basis, and I decided to take a trip back to 1998 and host my own email. There are about 1000 different ways to do this, but I wanted a secure and modern variant, with an easy to use web interface, IMAPS, and all that jazz. Not your daddy’s crap POP3 email server.

I also wanted to be super secure in the day and age of phishing and spam, so I wanted a solution that would allow me to pass any spam test with flying colors. DKIM, DMARC, SPF - all that jazz. When you get an email from libertybelljerseys.com - it better be legit!


Research.

The first thing I thought was “well I’ll spin up a VPS with postfix and call it a day.”

That’s uh…not a great idea. Postfix has a lot of merits but it lacks a lot of the nifty features I wanted, like spam filtering, anti-virus, reputation management, web interface, etc.

I didn’t want to just pay some random site to host email for me, that kind of defeats the purpose of controlling my domain and controlling my data integrity.

Next thought - Is there an ansible playbook that someone has set up already? I know I’m not the first one to do this. This led me to Excision Mail, which is a BSD-centric playbook. I don’t have a ton (read: any) experience with BSD so I have git a crack one evening. I have a Linux background, so most of it made sense but in the end it just didn’t want to cooperate with me, so I moved on.

Alright, what about something more…docker-y? That way I could be OS-agnostic and run what I’m comfortable with, and it could be more reliable than typical old-school daemons.


Mailcow!

One of my good IT friends recommended Mailcow. It’s a bit more resource intensive, sure, but it’s super duper straightforward to run. It also starts me on the path of all of the neat security features I want. It was pretty easy to deploy, but it was slooooooow, and it’s my own fault.

Initially, I spun up a baby instance in Vultr since I had some credit there. It quickly maxed out the instance, and I had to upsize, and then upsize again. Suddenly, I was on a $24/month VPS, which is well outside of the budget for this. I wanted to keep it under $10/month, otherwise I’d just pay someone else to host it! Back to the drawing board for hosting, it seems.


Hosting Woes

Ok. I’ve got my mail suite solution figured out, great. Now I have to figure out hosting costs.

Vultr? Nope.

Linode? Nope.

DigitalOcean? Nope.

EC2? Noooope.

All over budget. It’s easy to say $50/month for an instance is cheap when it isn’t your own money!

Ok - what about self-hosting? That could work! I have a beefy ol’ server that basically just sits idle when Plex isn’t being used, that could work? Nah. I don’t want to put too much crap on to one server - that’s how you get monoliths and then if the main server kicks it, that’s a lot of stuff to fix. I like to spread out things if possible.

Ok…I have an old Pi 3B that’s not doing much? Not enough memory.

A 4GB Pi 4? Still not adequate memory, plus storage is always shaky on those (blame my cheap MicroSD cards) and I don’t want to have it running off a USB external drive, or relying on an NFS share from the main server - that kind of defeats the purpose of a little computer sitting in the corner that I can forget about.

How about a NUC? Just a little baby box sitting there with plenty of memory and storage for cheap! That could work!


Nuc nuc nuc

So it turns out that new NUCs aren’t cheap. That’s cool - I don’t want to necessarily buy a brand new one, I don’t need that kind of performance. I set up an eBay watch for i5 and i7 NUC’s as the Celeron/Pentium/i3 ones are just generally kinda slow. There were a lot of “$250+ for a 4th gen i5” listings which doesn’t scream “value city” to me.

Finally, one came up - $170+ship for a 7th gen i5, with 8G of RAM and two storage devices already in it - a 256G volume and a 128G volume. Perfect! I threw a meme offer out which was surprisingly accepted, and it showed up few days later.

Semi-related, my laptop is on its dying legs. I’ve kept it alive for years but it’s at the point where it struggles to do a lot of modern stuff. I had a 500G Evo 960 in it, which is quite frankly overkill for that laptop. You can probably guess where this is going.

Normally, I’d guess that the smaller disk was the boot, and the larger was the secondary storage. In the case of this NUC I was pleasantly surprised to find that the larger 256G disk was actually the NVMe drive! That’s a huge score for me. I took out the 120GB SATA SSD, and cloned my laptop’s drive on to it…and broke the install. Welp, good thing I didn’t have anything on there important (back up your data, kids!). Whatever.

Loaded up my OS of choice (CentOS Stream 8), and got to work. Keep the core stuff on the NVMe, backup to the SSD and to an NFS share on a nightly basis, encrypt the data, bingo. We’re in business.

I followed hatem ben tayeb’s mailcow guide and despite a few little hangups, we’re in business. Mostly.


Reputation

Now, my reputation was on the line. Spam filters generally are not fans of home-hosted systems, but we had a plan. Mailcow is great at setting up all the lovely reputation things like DMARC and DKIM.

Dmarcian solved my DMARC issues, and I don’t plan on mailing out TONS of stuff, so I qualify for their free tier. Nice!

DKIM was easy enough. All of my DNS is done through Route53, so that was easy to populate.

One thing caught me though - PTR. As a home user, my ISP told me to kick rocks when I asked for PTR to be set up. No way am I paying through the nose for business-class internet for something so basic - I’ll risk it with the less-than-static IP that I get.

One solution was to use a relay for someplace that could do PTR. Was I really going to go back and launch a VPS in Vultr just for PTR? Nah.

A solution was given to use AWS’s Simple Email Service (SES) as a relay - I just had to get out of the sandbox first! Once cleared, I pointed Mailcow at SES and suddenly my PTR records were solved.

Getting all green check marks on Dmarcian’s domain checker, establishing my reputation, and now getting a near-perfect score on the Spammyness Tester meant that this project was close to completion.

Until I typed “docker-compose down -v” and had to start all over again. Don’t do that, kids.


Conclusion

Well, here we are! The long and twisting road of “I’d like to not have my email on a mystery gmail server” is coming to an end. I was able to set up my new email address at my own domain, and now it’s ready to go live! My old gmail will still of course work, but I’m going to start forwarding mail to my own domain.

I’ve worked to update all the email links on the site, and you can now reach me at my shiny new email:

contact@libertybelljerseys.com