Skip to content
  • emails
  • hosting
  • mailcow
  • postfix
  • dovecot
  • iredmail

The different platforms

If you're like me, you want your own email. Front to back, it's not as easy as one might think considering how old the technology is.

Challanges

I want to host it for as cheaply as possible, preferably on my home server. The problem is my ISP refuse to set up reverse dns entries, even if I pay for a static IP address. This is only an issue for sending out emails though. My solution here was to use a $5/mo linode instance, the tiniest nanode available, and set up two applications there.. Postfix obviously as a relay that requires a single username and password and will relay anything sent through it with that username and password given, and then to harden the security a wireguard client that calls home, so the only traffic that can be sent to postfix has to come through that wireguard interface, where it can then be sent out the non-wireguard regular interface on the static ip at linode with a reverse dns record. I had to convince them I'm not going to spam, and that wasn't hard, just told them about the setup I had already put into place where the only traffic that can be sent to the relay is through the wireguard connection to my domain (which runs on ddns at my home), and that I planned on setting up SpamAssassin and ClamAV and things on my end. Which I did plan on doing.

Email Ingress

So now that egress (sending emails) is taken care of by a relay on a linode that only I should be able to access given two layers of security, I need email ingress. I also want to be able to run it for multiple domains, I'm hosting my brothers business email after all, and my own centerionware.com email too.

First attempt

The first attempt I did was simply installing postfix and dovecot on my raspberry pi internet gateway router. It worked well. I had set it up to use PAM authentication and stored the emails encrypted in the local users home directories. It works sure, but maintainance was .. difficult. Not only could I never get any updates because the OpenWRT's devs focus is on making a router, not on making a router that's also an email server, I had to manually patch some build files to make it work with IPV6.. They got a little weird about their patch requirements, and changed them after telling me to do it one way, so I said fuck it. There's better ways anyway. Docker is a thing and even available on openwrt so there's no need to run postfix directly on the openwrt os, not that I ever went that route.

Second attempt

Mailcow. I have a base VM image based on Alpine Linux and Podman that I use to quickly deploy effecient, fast, unbloated, and secure vm's accessible only via ssh with my personal ssh key. So I launched one up, and tried to get Mailcow going. I almost had it working too, everything was running, but I was trying to run it in an IPV6 only environment, which should be okay if everything gets routed through my main Traefik ingress anyway before reaching the mailcow server. But of course things in this modern era still don't like to operate in ipv6 only environments. After mucking around, getting the containers all finally actually running, i still couldn't access anything due to the ipv6 issue.

Third attempt

After reading some praises about iredmail, I decided to give that a shot. Instead of using my preconfigured VM I went and installed Ubuntu 22.04.03 to a fresh VM and ran their installer. The process went pretty smooth, and pretty quickly it was mostly running, albeit with self signed certs and things. Obviously I solved that with letsencrypt using a neat docker compose I'd whipped up for the Gitlab's certificates. It's nice, for entry level, at least the free version. The paid version looks a lot better but honestly I'm never going to pay for it. I really wish more companies would adopt the freemium model like Proxmox has, but this is such a niche area (I mean really, who's hosting their own emails these days?!) where every feature works and you pay for support and faster updates (and priority when a bug is found). But that's not here nor there. I managed to replicate the entire pi setup, including a catch-all email address, and allowing a specific user to spoof addresses so services (eg gitlab, authentik, nextcloud, netdata, etc) can send emails out to addresses from addresses that don't actually exist (Such as gitlab@centerionware.com), and it's not to bad.

Migration woes

Now I had to migrate my users emails from the old ras pi and postfix to the new server. First I simply tried to copy the maildirs, but as it turns out I had set up a little bit of encryption on the at rest emails on the old server, just to add a small layer of protection against prying eyes in case anyone ever got ahold of my ras pi. This made it impossible for doveamn import to directly import the maildirs though, as encryption wasn't set up the same on the new iredmail server.

What I ended up doing was figuring out how to finally create a master user and password on the old server, that let me login as any user. there were two secrets to setting this up, using + instead of * as the master user separator, and to set pass=no because I am using the PAM authentication method. with pass=yes it would keep trying to use the master password as the users password, which obviously failed. Once that was finally set up I was able to the following very long command for each user to use imap to connect to the old server and import that users emails to the new server.

doveadm -Dv -o imapc_host=imap.centerionware.com -o imapc_user=example@centerionware.com+migrate -o imapc_password=supersecretmasterpassword -o imapc_features=rfc822.size -o impac_ssl=tls -o mail_fsync=never sync -1 -R -u example@centerionware.com imapc:

This had some challanges to it however. One user had a Sent folder, and a Sent Items , and for some reason I kept getting this error (mailbox_symlink_exists): assertion failed: (ret > 0) - This is not my post but it's the only reference I could find to someone having the same issue. I went into the Maildir for that specific user, moved the one email from Sent Items to Sent, and removed the Sent Items folder. Then there was some date mismatch on the one item that caused another issue, so I ended up just erasing that one email. Luckily for me that one email was just a test email I had created when I was testing their user account. I don't know how it all happened, or what the underlying issue was. I couldn't find any symlinks to anything, and ensured the Maildir didn't even exist before running the doveadm command so the files on the new server would be as fresh as possible. After these steps the users account successfully migrated finally.

The only thing left to do now was to go to each of the services, change the mail server from imap.centerionware.com (the old hostname) to mail.centerionware.com, and change the settings since this time I'm using starttls instead of forcing ssl only. And set up autoconf and autodiscover, which weren't things I had before. It's pretty nice, although seems to only really work sometimes. Thunderbird works great, Outlook doesn't want to use it all the time (it did the first time, now it does, but I tried their test autoconf thing and it does pull the info it should seemingly).

More attempts?

I want to try mailcow again. I'd love to see their administration interface and compare it to iredmail. iredmail is working fine however, and will probably just leave it as is for now. If I ever get into the business of hosting emails for others I may opt for their pro admin panel, but that depends on how mailcow is looking when I attempt that again. For now I need a break. This took me 18 hours to migrate and solve all the issues enough to recreate my very modest setup with 5 users, one catch-all, and one user that can spoof addresses for services. I've gone through the various software stacks and set up and tested all the new email settings, and everything is working fine for now.

I need sleep.