As per my previous posts around removing myself from Google’s clutches, I’ve setup my email server. And it was hard. Something that’s very common in open source howto’s are very detailed explanations of how to configure things. What’s not very common are high level overviews of how technologies interlink. Which makes troubleshooting things difficult. Did I choose the right option in my IMAP server? Have I misconfigured my authentication modules? Or is it broken because what I’m trying to do is fundamentally wrong because I haven’t properly understood what I’m doing?
Running a service on the public internet is a dangerous thing. Part of the logic behind moving my email to a personal server instead of using one of the free public services Google or Microsoft provide is for enhanced privacy and control over my own data. As such setting up an email server full of security holes isn’t going to achieve that goal.
The upshot therefore is
- Choose the right software. Take a look at the product history. Is it still frequently updated? Is it well documented? Does it have a history of being insecure or is it well patched?
- Make sure you update that software. No point running “secure” products if you’re running an old version of that software
- Have a think about how you’re configuring that software. For different server components that need to communicate (such as Apache talking to MySQL), configuring them to talk over localhost (127.0.0.1) instead of the internet facing IP address will limit the servers exposure to the internet.
That’s just a few ideas. It’s not an exhaustive list but they illustrate that once you’ve worked out what software you want, and you’ve worked out how it should work you’ve then got an initial task of making sure the product is configured properly and securely and then an ongoing job making sure it’s still secure. By taking on the job yourself you’re actually taking on a level of responsibility for your own security. Something you currently take for granted.
I’ve written an email server overview here. It’s not designed to be a configuration HOWTO. There’s plenty of those out there written to a high quality. What I have tried to do is describe the different email server components so you can understand what you want to configure, before trying to delve into how you’re going to configure it.
It’s easy to see why getting all this stuff for free is so tempting