You Can't grep a Lost Email
There is nothing more frustrating than watching a client's critical invoice vanish into the abyss of a Hotmail junk folder. If you are relying on default ISP configurations or, god forbid, a shared hosting sendmail relay, you are essentially gambling with your infrastructure's reputation. I have spent the last week cleaning up a mess for a client whose previous provider let a WordPress exploit turn their server into a spam cannon. Their IP reputation score hit rock bottom. We had to migrate.
Building a mail server in 2011 requires more than just yum install postfix. You need to understand the relationship between DNS, Reverse PTR records, and the disk I/O latency that chokes mail queues during high traffic. This guide assumes you are running CentOS 6.x or Debian 6 (Squeeze).
1. The Foundation: Hostname and DNS
Before you even touch a config file, look at your DNS. If your Forward DNS (A Record) does not match your Reverse DNS (PTR Record), you are dead in the water. Major providers like Gmail and Yahoo will drop your packets immediately.
Pro Tip: Most budget VPS providers hide the PTR record setting deep in their UI or don't offer it at all. At CoolVDS, we give you full control over your Reverse DNS directly in the panel because we know it's mandatory for a working mail server.
2. Postfix Configuration: The Essentials
Forget the monolith that is Sendmail. Postfix is modular, faster, and easier to secure. Open /etc/postfix/main.cf. We are moving to the Maildir format because mbox locks up under concurrency. If you have fifty users checking mail via IMAP simultaneously, mbox on a standard SATA drive will spike your load averages.
home_mailbox = Maildir/
inet_interfaces = all
myhostname = mail.yourdomain.no
mydomain = yourdomain.no
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
smtpd_banner = $myhostname ESMTPRestart the service: service postfix restart.
3. Security: SASL and TLS
Sending credentials in plain text is negligence. We need SASL for authentication and TLS for encryption. Ensure you have the cyrus-sasl packages installed.
In main.cf, add:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.pem
smtpd_tls_key_file = /etc/pki/tls/private/mail.keyYou can generate a self-signed cert with OpenSSL for internal testing, but for production, buy a cheap cert from a valid CA. The "snake oil" self-signed certs trigger warnings that scare users.
4. Deliverability: SPF and DKIM
This is where the amateurs get filtered out. Sender Policy Framework (SPF) tells the world which IPs are allowed to send mail for you. Add this TXT record to your DNS:
v=spf1 mx a ip4:192.0.43.10 ~allNext, DomainKeys Identified Mail (DKIM). This cryptographically signs your emails. While DomainKeys (the Yahoo standard) is fading, DKIM is the future standard. Install opendkim from the EPEL repo.
Generating the keys and configuring the selector takes time, but it signals to ISPs that you are a legitimate sender, not a botnet.
5. The Norwegian Context: Data Retention & NIX
If you are hosting email for Norwegian businesses, you must navigate the Personal Data Act (Personopplysningsloven). Storing personal emails on servers located outside the EEA (like cheap US hosting) creates legal headaches regarding data transfer agreements.
Furthermore, latency matters. If your users are in Oslo, routing their IMAP connections through a server in Texas is inefficient. You want your server peering at NIX (Norwegian Internet Exchange) for the fastest possible routes.
The Hardware Bottleneck
Here is a reality check: Email servers are I/O heavy. Every incoming mail writes to the log, updates the index, writes the body to disk, and triggers the virus scanner (ClamAV). ClamAV is notoriously memory hungry and disk intensive.
| Feature | Standard VPS (OpenVZ/Virtuozzo) | CoolVDS (KVM) |
|---|---|---|
| Isolation | Shared Kernel (Noisy Neighbors) | Full Hardware Virtualization |
| Storage | Standard HDD | RAID-10 Enterprise Storage |
| Swap Usage | Often Disabled/Burstable | Dedicated Partition |
On a standard shared VPS, if your neighbor gets DDOSed, your mail queue stalls. We built CoolVDS on KVM with high-performance RAID arrays specifically to handle the random I/O patterns of a busy mail server running Postfix and MySQL (for Roundcube webmail).
Final Thoughts
Running your own mail server isn't for the faint of heart, but the control is worth it. You own your logs, you own your data, and you aren't subject to the whims of a massive provider scanning your emails for ad targeting.
If you are ready to deploy, don't waste time on hardware that can't keep up with ClamAV and SpamAssassin. Spin up a CoolVDS KVM instance in Norway today. We offer clean IPs and the stability your users demand.