Setting up Mail on a Web Server

Web Development Notes

Various Cheat Sheets and Resources by David Egan/Carawebs, copied from this page.

Exim4 Send Only Mailserver

 
 David Egan

Exim4 is a lightweight mail transfer agent that is easy to set up and configure.

These instructions focus on Ubuntu 14.04 Server.

Setting up a send-only mailserver on Ubuntu is relatively straightforward. The tricky bit is ensuring that mail sent by the server is not labelled as spam.

EXIM4 INSTALLATION

  1. Upgrade system: sudo apt-get update && sudo apt-get -y upgrade
  2. Install Exim4 and dependencies: sudo apt-get -y install exim4
  3. Run the config script: sudo dpkg-reconfigure exim4-config

EXIM4 CONFIGURATION

Make selections with arrow keys - select “Ok” with tab key

  1. Select: ‘internet site; mail is sent and received directly using SMTP’
  2. Enter FQDN: hostname.yourdomain.com
  3. SMTP Listener: enter 127.0.0.1 or 127.0.0.1; ::1(for IPv6 support)
  4. Mail destinations - list FQDN, local hostname, localhost.localdomainlocalhost (see NOTE below)
  5. Relay Options: Leave blank - hit tab to highlight “Ok”, then enter
  6. Follow up Screen to Relay Options: Leave blank, hit “Ok”
  7. DNS Queries: Keep DNS queries to a minimum? select “No”
  8. Delivery method: Select “Maildir format in home directory”
  9. Choose default unsplit config file by entering “No”

In Ubuntu 14.04, that’s it - there is no option to specify postmaster mail recipients. This must be set - or email clients like gmail will place sent emails in the recipient’s spam folder. Most tutorials refer to a final configuration window - but this will not appear on Ubuntu 14.04.

SPECIFY POSTMASTER ADDRESS

Amend /etc/email-addresses to include:

username: no-reply@yourdomain.com
  • Replace “username” with the system username that is running the mail process.
  • Enter new username/email values on separate lines

TEST EMAIL FROM COMMAND LINE:

echo "Hello - this is a test!" | mail -s Testing you@yourweb.com

ACCESS LOGS

The main log is held in: /var/log/exim4.

This directory is owned by Debian-exim:adm - and is hence inaccessible, unless you log in as root.

Add your user to the adm group to access logs:

sudo usermod -a -G adm username

You can then access the main exim4 log at: /var/log/exim4/mainlog

Use eximstats to see a text report:

eximstats /var/log/exim4/mainlog

POST INSTALLATION CONFIGURATION

The initial configuration settings are stored in the /etc/exim4/update-exim4.conf.conf file.

To re-configure the program, either re-run the configuration wizard: sudo dpkg-reconfigure exim4-config or manually edit this file:

sudo nano /etc/exim4/update-exim4.conf.conf

After editing the settings, you need to generate the master configuration file:

sudo update-exim4.conf

Restart the exim4 service:

sudo /etc/init.d/exim4 restart

SET UP REVERSE DNS

Reverse DNS maps an IP address to a domain name - and is crucial to avoid having outgoing mail labelled as spam.

The reverse DNS zone must be created on the “authoritative DNS nameserver for the main IP address of your server” - so to set reverse DNS, you need control over the nameserver for your main IP address.

For Linode VPS:

  1. Log in to Linode Manager
  2. Select the Linode
  3. Select “Remote Access”
  4. Enter the domain name in the hostname field and click “lookup”
  5. A message should appear stating that a match has been found between your domain and your IP address
  6. Select “yes” for the desired address (IPv4 & IPv6 will need to be selected separately)

That’s it!

SPF RECORDS

Publishing a Sender Policy Framework (SPF) Record in your domain’s DNS specifies which server IP addresses are allowed to send emails from your domain.

Having a properly set up SPF record makes it less likely that outgoing mail will be tagged as spam.

Although it is best practice is to publish SPF records via DNS as both a SPF and TXT record, the DNS management utilities for many registrars (e.g. Heart Internet, Blacknight) only provide for the addition of txt records. For a good description of SPF as TXT records, see here.

The following SPF record, added as a TXT record is a reasonable sample:

v=spf1 a mx ip4:123.45.678.90 mx:mail.yourdomain.com ~all

BIZZARRE SPAM ISSUES

After following the above setup, I noticed the following weird behaviour with regard to gmail recipients.

  • Send mail from WordPress to a gmail account (the www-data user, not aliased in /etc/email-addresses): Success
  • Send mail from command line (echo "This is a test." | mail -s Testing emailaddress68@gmail.com) to same address: Designated as Spam
  • Send the same mail from command line to a different gmail account: Success

There were two SPF records on the DNS settings for the domain - which isn’t allowed. Deactivated the old one.

In addition, the header in gmail showed that gmail was looking for an IP address in the ipv6 format…so I added this to the SPF record.

To determine ipv6 for the server: ip -6 addr show - the public IP is on the line labelled ‘scope global’.

You can only add a single SPF record - but ipv6 and ipv4 IP addresses can be included. Sample TXT record for SPF:

v=spf1 a mx ip4:123.45.67.890 ip6:3a00:9a00::b14d:12aa:ab67:a3c5/64 mx:mail.yourdomain.com ~all

SEND EMAIL FROM COMMAND LINE

echo "Hello - this is a test!" | mail -s Testing you@yourweb.com

RESOURCES