How can I build a webmail on FreeBSD??

Hello guys,
so my question is : how can I build a mailserver, in freeBSD, which serves webmail interface (that I made upon php & html) and is public; and by public I mean that the webmail interface can be accessed from anywhere in the world and and the mailserver is able to send and receive mails to/from other mail service like gmail or yahoo ...
to be clear I just need to know the steps I have to go through with examples of programs that can be used in each step ...

I d be thankful for any help ...
 
which serves webmail interface (that I made upon php & html) and is public;
Why do I have the feeling this is an accident waiting to happen? Note that your website can and will get attacked the very minute you put it out on the internet. Judging by your other questions I very much doubt your website is coded securely enough and is likely to get ransacked within a couple of days.

I'm not trying to put you down, you just need to be acutely aware that this isn't something you can whip up in a couple of nights. I would strongly suggest using an existing webmail frontend. Frontends like Roundcube and Squirrelmail have been around for years and even those have regular security issues.
 
There's one important thing to keep in mind: Many ISPs block port 25. You'd better make sure that your ISP doesn't, otherwise you'll have a hard time setting up a mail server.
 
okay guys ... just for you to know, this is for learning purposes ... I'm not going to create my own domain ... I'm just testing a little env for study ... so don' t worry about me guys I' m fine ...
 
And thanks a lot guys ... was really tough talk ...
special thanks to Obsigna , the article was just perfect👌
 
I suggest you try mailpile.is, roundcube or rainloop as webmail, with roundcube probably the most common and with the most extensions
 
..... Many ISPs block port 25. You'd better make sure that your ISP doesn't...

this is called the Outgoing Relay , which you setup in your MTA.
To say it simpler:
You cannot send mail e.g. to Google from your non authorised host,
if your MTA is not setup to send from an authorised ISP which acts as your Outgoing relay.
just try it out: boot up your "naked" MTA , send mail to google and receive your your message, that you're rejected.
---edit: --
don`t do that so often, you won't like that your ip will be publicly blacklisted as spam attacker ;-)
--
 
That's Google using an RBL or some other form of verification. That has nothing to do with ISPs blocking incoming or outgoing traffic on port 25 . When an ISP blocks port 25 you just get time-outs. This is to prevent malware from spreading as a lot of malware uses its own SMTP connections to connect to the receiving mail domain directly. Incoming connections to port 25 are often blocked too as it's easy to set up a mail server as an open relay (which then gets abused to send truckloads of spam).
 
Different kind of setup. If your own mailserver delivers mail to gmail (because the recipient is a gmail address) then Google isn't going to block it. If you have your own mail domain and want to use Google as a smarthost then yes, you need to be authorized.
 
....If your own mailserver delivers mail to gmail (because the recipient is a gmail address) then Google isn't going to block it. .....
sorry, but this time not absolutely exactly true :)
It depends to the setup of your MTA and to your ip, whether gmail will block or not.
At least that's my experience
--
the reject - message from gmail looks like so,as far as i remember:
"Your ip is not authorised to deliver mail to gmail....", I don't remember the exact text
 
My mail server isn't anything special and Gmail happily accepts my mail as long as it's destined for Gmail addresses. I don't use Gmail to relay though.

I've had many discussions with brain-dead mail admins that insist outgoing mail servers require an MX record and block you if this isn't the case. Which is stupid, lots of large installations have incoming and outgoing mail split up. The MX records are for incoming mailservers only, so my outgoing mailservers don't require one.
 
I don't use Gmail to relay though.
nearly absolutely correct this time again :)
you don't use gmail to relay through - but I assume you relay through an authorised ip...
so that`s what I said :
without correctly setup Outgoing Relay ( not necessarily gmail) they will block .
---- edit :----
one more thing to pay attention: the PTA ( Reverse Record),
depends on ISPs , whether they check it or not ..
---
 
but I assume you relay through an authorised ip...
There is NO relay involved. My mail server delivers mail to Gmail. Nothing more, nothing less. This doesn't require any authorization whatsoever. If this would require authorization nobody would be able to send email to Gmail addresses.

My own mail server does require authentication for sending mail or else anyone would be able to abuse my server. However incoming deliveries (mail destined for my domain) don't require any authorization either (or else nobody would be able to send mail to my domain).
 
There is NO relay involved. My mail server delivers mail to Gmail.

This proves that your following statement is clearly wrong : -) ( .. just kidding) :
My mail server isn't anything special.....
Its very special: your ip is not blocked by google and you don't host an Open Relay, , very good setup ! well, why did I discuss the relay-thing? The TOs server is sitting in his office and I smell, that its ip could be blocked by gmail.
I could swore, that SirDice`s MTA is in cloud or is co-located elsewhere ;-)

... as always an interesting discussion with you
 
SirDice is correct. I'm also running my own mail server (MTA) for my own domain (I'm also running my own DNS). I can send mail to gmail users without problems. I'm not using my ISP's mail server or anything. My ISP only provides bandwidth, nothing else. All other things I implement myself.

Google (and many others) only blocks IPs that are on common RBLs, or that are otherwise “known bad” (such as dynamic IP ranges from DSL and cable providers). My own mail server also uses several RBLs, of course.
 
“known bad” (such as dynamic IP ranges from DSL and cable providers). ....
exactly that's what I wanted to say to the TO because :
....the server is at my workplace ... .
( from his other thread)

--- edit: ---
even static IPs from cable providers ( which could be in fact from "dynamic ranges") could be blocked
---edit:---
In other words, if Olli and SirDice get their perfectly managed servers from the data center and put them in an office whose ip is known to be bad or unknown ( no matter whether static or dynamic), they might need to re-administer, e.g. with an OutgoingRelay .....
 
here is the case :
...... :
--
[203.0.113.2] The IP you're using to send mail is not authorized to 550-5.7.1 send email directly to our servers. Please use the SMTP relay at your 550-5.7.1 service provider instead. Learn more at 550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError h1si7104782plt.44 - gsmtp (in reply to end of DATA command))
---

.. exactly that ;-)
 
[203.0.113.2]
They're not going accept mail from bogon space. Administering a flaky mail server running under Windows was what brought me to FreeBSD back in the early 2000's. It worked for me but the learning curve is steep and the way is fraught with peril.
 
For successfully operating a home mail server on a dynamic IP, with webmal interface, the following 3 essential requisites must be met:
  1. Your ISP must not block TCP in ports 25, 443, 993, 995, and TCP in/out port 587.
  2. You need at least one outgoing SMTP relay service on a static IP address, which accepts your outgoing mail after SMTP authentication on port 587 for relaying it to the destination.
    (I got 2. One is provided by the domain hosting service which I use, and another one, I setup myself on an AWS-EC2 instance running Postfix on FreeBSD 12)
  3. You should have setup dynamic DNS services which point to your dynamic home IP address, and which must allow to specify the MX (your home server) and ideally also a TXT record. The latter is for SPF - which Google Mail does honor quite a lot when it comes to the decision whether to accept mail for their end users or not, and whether to mark it as spam or not.
It is worth to emphasize that we want TCP in 25, and that in case the ISP does not block TCP out 25, we may want to block it ourselves at the firewall. All our mail only would go out on TCP 587 directly to our external mail relay, which then does the rest of the job.
 
.... Administering a flaky mail server running under Windows was what brought me to FreeBSD back in the early 2000's. .....
lol , that were times , my MS IIS- experiment in the early 2000`s on home-ip was shut down inside 5 minutes by root-attack from friends :)


For successfully operating a home mail server on a dynamic IP,......
your good explanation is even valid for successfully operating a home mail server on a
static ip (depends on provider of course)....
 
Back
Top