Run your own email server, part 1

In this how-to we'll set up an email server from scratch using NetBSD.

The initial attempt to do this how-to was with a VAXstation 4000/30 (otherwise known as a VAXstation VLC) with a defective (and therefore no) CPU cache, which proved to be too slow to reliably exchange email. The SSL / TLS exchange took too long for certain servers, so it was decided to move the project to a VAXstation 4000/60. If the CPU cache in the VLC did work, I think it'd have been fine as an email server.

Let's get right in to things. We're going to set up email for the domain zia.io. The domain could be anything you purchase, but here I wanted to use a real domain with actual, working examples instead of example.com and the like.

First we'll have to decide on a name for the server. While this doesn't seem difficult, it's actually quite important and will definitely matter later. We could use just the domain itself, zia.io, but what happens if we want to host the web site for zia.io on a machine other than the email server? The MX can point to any machine, but the DNS name for the server itself needs to stay the same.

We could use a name describing the service, like mail.zia.io, or we could use the server's name, which is vax.zia.io. Or anything else, really - what's important is that this name is what we're going to use when we set up our email client, and it's what people will see if they examine their email headers, so make sure you're happy with what you choose.

In this example, mail.zia.io or vax.zia.io both work. mail.zia.io is fine if this machine's primary function is to serve email, but it'll be doing other things. Using the server's usual name (vax.zia.io) is less ambiguous when it comes to making sure that the machine's forward and reverse DNS match, and these match the HELO / EHLO name reported by the machine. Therefore, in these examples, we're going to use vax.zia.io.

The first thing we're going to need to do is to install some software. Since our VAX is running NetBSD, we're going to use NetBSD's pkgsrc. While pkgsrc supports installation of binary packages, I prefer to build from source. By building from source we make sure we have the very latest versions of all the software (we care about security), and it gives us the option to set some package options for compiling.

If you're not familiar with pkgsrc, check out the excellent NetBSD pkgsrc guide to learn more. It's an excellent and clean package management system that doesn't treat alternate architectures any less importantly as any other. It works on many platforms in addition to NetBSD, too.

We'll add these to /etc/mk.conf:


PKG_RCD_SCRIPTS=YES
ACCEPTABLE_LICENSES+=sendmail-license
ACCEPTABLE_LICENSES+=sendmail-open-source-license
PKG_OPTIONS.sendmail=sasl tls sendmail-ffr-tls
PKG_OPTIONS.imap-uw=imapuw-cleartextpwd inet6 ssl

Note that I personally prefer /usr/local (LOCALBASE=/usr/local) as my package prefix, so in configurations below you'll see that instead of /usr/pkg/. Also, setting PKG_RCD_SCRIPTS means that the startup / shutdown scripts will be automatically installed in /etc/rc.d/, so we don't have to do that ourselves.

Your /etc/mk.conf should look like this:


LOCALBASE=/usr/local
PKG_RCD_SCRIPTS=YES
ACCEPTABLE_LICENSES+=sendmail-license
ACCEPTABLE_LICENSES+=sendmail-open-source-license
PKG_OPTIONS.sendmail=sasl starttls
PKG_OPTIONS.imap-uw=imapuw-cleartextpwd inet6 ssl

Then we'll install these packages from pkgsrc:


mail/imap-uw
mail/sendmail
mail/milter-greylist
mail/opendkim
mail/procmail
security/cy2-plain
security/cyrus-saslauthd

Installing packages in pkgsrc is quite easy. To install sendmail, for instance, all one needs to do is:

cd /usr/pkgsrc/mail/sendmail
make update

On a VAX, even on a fast 12 VUP VAXstation 4000/60, this takes some time. So, for now, this wraps up part 1 while we wait for these packages to be built :)

Next I'll put some notes about the rationale behind running one's own email server, plus I'll mention some of the caveats and gotchas which may come up.