Solved The simplest mail server

hruodr · May 8, 2025

vienuolis said:
What about the old good UUCP?

Sure interesting to try. What software? Taylor UUCP? Sendmail?
It will sure not be easier.

Emrion · May 8, 2025

Seems that my thread has been hijacked.

Some news: a jail that runs mox has been created on my home router. I have disabled all that it is of no use for me like AutoconfigHTTPS, MTASHTTPS, DMARC and TLS reports, ACME settings...

Mails are delivered via SMTP on tcp 465 with SSL connection. They are read via IMAPS on tcp 993. mox offers a web admin interface via HTTPS, it's convenient. You can administrate it as well with CLI.

So far, ssmtp from FreeBSD works (I saw recently that it doesn't verify the SMTP server certificate) and exim4 from debian 11 & 12 works also. I added my CA to their stores and they seem to be happy with that (exim4 does a lot of magic to make all of this works... Almost).

It remains to allow to read these mails from outside my lan, on my phone. Maybe someone knows a simple and configurable android app for that?

RypPn · May 8, 2025

Well, if you don't want it sending off-lan, how are you expecting to communicate with it off-lan? Other than a vpn, it seems a catch22 situation...

hruodr · May 8, 2025

covacat · May 8, 2025

you can leave just imaps access from the outside and you still can read from outside.
or use roundcube and no apps needed

Jose · May 8, 2025

Emrion said:
It remains to allow to read these mails from outside my lan, on my phone. Maybe someone knows a simple and configurable android app for that?

You could expose port 993 to the outside and use any IMAP client, like covacat says. I second his option of installing mail/roundcube and exposing that, though. I've grown disillusioned with Thunderbird, and haven't found a tolerable replacement.

You'll have to play dynamic DNS games as cy@ describes if you don't have a static IP in order to do either.

Emrion · May 8, 2025

I took Spark Mail. It's almost a random choice. I have been obliged to momentarily open TCP 465 for SMTP because Spark didn't want to complete the account creation otherwise. After what, I removed quickly this NAT rule. Of course, Spark works well without access to the SMTP.

So, all is seems working perfectly.

I still don't know how to forbid the acceptance of other domains than mine as mail destination. I asked to the owner of mox, mjl- and if a solution exists, he will find it. That said, it's not mandatory, it's just a security concern.

PS: I use no-ip since ages. It's the sixth service that is (in some ways) open to internet from my box.

ShelLuser · May 8, 2025

Not sure how I should respond here (link) but this is about "mail" aka SMTP servers and well... fun fact is that last week I more or less did the same thing: pick up on my e-mail needs and well, can't resist sharing this.

As much as I respect and admire (!) Sendmail I cannot help but mention my personal preference: Postfix (mail/postfix). The problem with Sendmail (IMO!) is that it may seem easy to set up, but don't get fooled. If you rely on /etc/mail/Makefile then keep in mind that this is all FreeBSD's doing (!), not something Sendmail would provide. In other words: you'll be disappointed the very moment you pick up on mail/sendmail) and decide to rely on that. I mean.. why doesn't that port have its own rc.d entry? Answer: because it relies on what the base system provides, at least for now.

Sendmail is awesome (IMO!), but can also turn into a sheer nightmare the very moment you want to do something outside of its own spectrum. I mean... sometimes it seems as if you're handcoding ("scripting") the whole interaction yourself which I think is both the sheer strength as well as the bane of Sendmail. Why spent time trying to figure out something that 'others' (<cough>, something like Postfix </cough>) have already figured out for you?

When I want to restrict the HELO within an SMPT session then there's only so much I need with Postfix (note: main.cf):

Code:

smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname reject_non_fqdn_helo_hostname

Fact: Sendmail would require you to script a whole lot yourself or... maybe download a 3rd party solution but, why would you?

Maybe food for thought?

bob2112 · May 9, 2025

cy@ said:
I've had dyanamic IPs for 25 years and I've had almost no problems.

The keyword is almost. Your registrar and DNS provider must provide you an interface to update your DNS records, somehow. My registrar uses a web interface to manage DNS records. Until recently I used their DNS services until last November when I set my NS records to point to Cloudflare. Now I use their web interface because of a feature I discovered that November. I don't use Cloudflare's proxy service as I want my IP on the raw internet to exercise ipfilter (which I maintain).

If you're ok with the odd disruption of an hour or two as you register a new IP, you will be fine. Of course this depends on your ISP. My ISP reassigns IP addresses once or twice a year, many times I maintain the same IP for a couple of years, until they do some work on their network necessitating a change in IP address.

One can't say a blanket "no" but a maybe. Do your research. Maybe even register a domain with a registrar who will provide you with some interface to manage your own records and try it. Domain names are cheap.

The problems with dynamic addresses are mostly to do with sending outgoing mail. At the point dynamic addresses came up it was unclear what the OP was actually try to do.

Emrion · May 9, 2025

bob2112 said:
The problems with dynamic addresses are mostly to do with sending outgoing mail. At the point dynamic addresses came up it was unclear what the OP was actually try to do.

Just read my mails with my phone from my home mail server. I need either a static ip address (my ISP doesn't provide me this, for free et least) or a symbolic address with a system like no-ip. I won't send any mail from my phone.

Moreover, I will never send mail outside my lan with my mail server. Therefore, I don't need any form of trust from the mail servers on the internet.

The purpose is: I have several servers on my lan that send reports of their activities. They are now received and stored by my local mail server and shared via IMAPS. I can read them from some local machines, e.g. Windows/Outlook or FreeBSD/Thunderbird but also outside my home with my phone. Am I clear enough?

I hope I will find courage and time to evaluate postfix/dovecot too. I needed a quick solution and mox is perfect for that. But, a custom and precise configuration seems to be complicated, not to speak about the sconf format of its configuration files which I find tricky, ugly and incompatible with ee. I'm obliged to use vi for command line...

astyle · May 9, 2025

Emrion said:
Just read my mails with my phone from my home mail server. I need either a static ip address (my ISP doesn't provide me this, for free et least) or a symbolic address with a system like no-ip. I won't send any mail from my phone.

If you have:

a 'Dynamic DNS' service like no-ip or DynDNS, plus
dumb modem and
an OpenWRT router, plus a
FreeBSD host that is dedicated to email,

That's all you need to be able to read the emails received on your FreeBSD host. But if you wanna be outside of your LAN to use your phone read email that's on your server, you'll really need to set up proper authentication on your mailserver, it will need to match what your phone is looking for. Oh, and that same authentication will also need to match what your Outlook and ThunderBird are looking for, as well.

I'd know what it takes, I've done that kind of setup before. No way around doing something complicated if you want it to work right, even at a bare minimum level. So, plan it out, line it up, and be prepared to make mistakes that require you to start over from scratch.

cy@ · May 9, 2025

bob2112 said:
The problems with dynamic addresses are mostly to do with sending outgoing mail. At the point dynamic addresses came up it was unclear what the OP was actually try to do.

It's actually receiving SMTP connections. If the DNS points to the old IP you're hooped.

Sending shouldn't be a problem.

Emrion · May 9, 2025

astyle said:
If you have:

a 'Dynamic DNS' service like no-ip or DynDNS, plus

dumb modem and

an OpenWRT router, plus a

FreeBSD host that is dedicated to email,

That's all you need to be able to read the emails received on your FreeBSD host. But if you wanna be outside of your LAN to use your phone read email that's on your server, you'll really need to set up proper authentication on your mailserver, it will need to match what your phone is looking for. Oh, and that same authentication will also need to match what your Outlook and ThunderBird are looking for, as well.

I'd know what it takes, I've done that kind of setup before. No way around doing something complicated if you want it to work right, even at a bare minimum level. So, plan it out, line it up, and be prepared to make mistakes that require you to start over from scratch.

Maybe you missed the "Solved" just before the thread title. Everything works perfectly, both on my lan and on my phone.