2025:Q2 Demos

Site Feedback
10

:email: Self-Hosted Email with Docker Mailserver

I have been self-hosting an email server for several months now. Many of the services eom.dev have built-in support for notifications over SMTP, and I use an @eom.dev address for online accounts; however, the server has been unable to deliver mail to addresses outside of my personal network. As I discussed in Why Discourse?, this service has additional features for users to read and reply to threads over email, allowing Discourse to function like a mailing list. With several active users on the Luanti thread, I felt this was a good time to try to enable sending mail to external addresses.

:open_book: Chapters

00:00 Intro
00:23 Mail Server Overview
03:21 Docker Mailserver Configuration
04:32 TLS
06:42 Configuration Contd.
14:25 Port Forwarding
19:35 DNS Settings and DKIM
30:25 ISP Restrictions
32:57 Outro

:bank: Architecture of an Email server

The Arch Wiki provides an excellent overview for the components of an email server:

A mail server consists of multiple components. A mail transfer agent (MTA) receives and sends emails via SMTP. Received and accepted emails are then passed to a mail delivery agent (MDA), which stores the mail in a mailbox (usually in mbox or Maildir format). If you want users to be able to remotely access their mail using email clients (MUA), you need to run a POP3 and/or IMAP server.

:whale: Docker Mailserver

Docker Mailserver provides all of the necessary components for an email server in a single, convenient docker container. From the project introduction:

In a nutshell, DMS provides you with the following components:

  • A MTA: Postfix
  • A MDA: Dovecot
  • A bunch of additional programs to improve security and emails

:gear: Configuration

The current configuration for Docker Mailserver on eom.dev is defined in ansible-role-eom, but is being moved to a dedicated repository. Additionally, this configuration needs to be modified to utilize Helm.

DNS&DKIM

Similar to the various ACME challenges used to issue TLS certificates, email vendors utilize a variety of authentication methods to reduce spam. Following Google’s Email sender guidelines, the bare minimum requirements are DKIM for authentication and a PTR record to resolve a reverse DNS lookup. These were configured for postfix.eom.dev on Squarespace.

:globe_with_meridians: AT&T

The postfix.eom.dev SMTP server is able to receive emails from both internal @eom.dev and external accounts (@gmail.com, @outlook.com, etc.), and users can access their mailbox on the client of their choosing using either IMAP or POP3; however, many ISPs, including AT&T - the ISP for eom.dev, block outbound traffic on port 25, which prevents sending emails outside of the network. This is confirmed in the server logs:

2025-05-10T17:08:28.967795+00:00 mail-69bbf5846-2h85k postfix/smtp[10638]: connect to mail.protonmail.ch[176.>119.200.128]:25: Connection timed out
2025-05-10T17:18:28.399802+00:00 mail-69bbf5846-2h85k postfix/smtp[10658]: connect to mx02.mail.icloud.com[17.57.155.25]:25: Connection timed out
2025-05-10T17:53:59.263728+00:00 mail-69bbf5846-2h85k postfix/smtp[10702]: connect to alt1.gmail-smtp-in.l.google.com[172.217.197.27]:25: Connection timed out

I am currently discussing this issue with AT&T customer support, and hope to unblock outbound traffic on port 25 to enable sending emails to external servers.

1 Like