Whenever we talk about email delivery to inbox first thing that pops up in our mind is email security protocols, which are none other than DKIM, DMARC, and SPF. They play key important role inbox delivery. In order to understand what role they play, let’s understand how receiving server concludes a particular email is spam or not. Though there are hundreds of factor which affect inbox delivery but in this article, our discussion is limited to email security protocols.

How do mail servers block spam?

When email is sent out receiving mail servers need to confirm identity of the sender.

What this means, for example, you use Zimbra mail server to send email to Gmail. Here, Google’s mail server will check some information about your Zimbra mail server.

If it’s eligible, Gmail will allow email to arrive. Conversely, Gmail will block your mail or put it in the Spam folder.

So what is this information? That is DKIM, SPF and DMARC.

Let’s understand these protocols one by one starting with DKIM.

What is DKIM?

The very first question is what is DKIM?

According to information from Zimbra, DKIM has the following definition:

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication

Understand simply. DKIM helps the receiving mail server confirm that the email is fake or not fake. Spoofing mail domain names to send fake emails is very common, so DKIM as a tool helps mail server to distinguish real mail and fake mail.

How to create DKIM key?

You can create or more specifically generate DKIM in many ways. This has already been discussed extensively.

How to use DKIM?

After you have generated DKIM key, go to domain registrar and then create a TXT entry into DNS records

Host recordTypeValue
TXT

Note: Notice the double quotes in the Value section.

How to verify DKIM data

After you have created the DNS record for DKIM of the mail domain, you need to verify that it is correct. There are several online tools that let you verify your DKIM record

A very useful tool for email system administrators is MXToolbox.

Now go to the DKIM check link and type the following information.

  • Domain Name: just type domain mail domain to this box.
  • Selector: type the key to this box, the key look like 5FB56121-7BDF-21E9-8459-20D59831E3AB in Zimbra and postal-xhee82 in Postal SMTP. It could be different in some other DKIM as well. Look at the Host record column above, remove the text phrase ._domainkey and the rest is the key.
check-dkim-for-mail-server

And the results should be green as image below, which shows that you have successfully set DKIM for your mail domain.

dkim-test-result-mxtoolbox-verify

What is an SPF?

Right, first, we need to know what SPF is? Why do we need to configure it?

According to Zimbra, SPF defines:

Sender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS TXT record with a SPF content.

So, like DKIM, SPF help the receiving mail system confirm whether the email sent is real or fake?

Validating through the contents of the DNS record contains the IP of the mail server.

You can look at the image below and find out more information about it at this page.

So can you understand why we need to configure it?

That’s because every email that your mail server sends, other mail servers around the world will check for SPF information before deciding whether to put it in inbox or spam or block mail.

How to Create SPF record for mail server?

You can take help of online SPF record generator. MXToolbox provides a tool called SPF Record Generator. You only need to declare your information in the data fields.

  • Step 1: type domain mail domain to box name Domain Name or URL and press button Check SPF Record.
mxtoolbox-spf-generator

Step 2: Fill all data fields in SPF WIZARD to get final dns record.

create-spf-record

At the “How strict should should the SPF Policy be?”

You have 4 choices (this explanation is based on information from Zimbra):

  1. --: do not choose anything
  2. Strict: will only mark the email like pass if the source Email Server fits exactly, IP, MX, etc. with the SPF entry
  3. Neutral: without policy
  4. Soft Fail: allows to send the email, and if something is wrong will mark it like softfail

Usually, we will choose number 4.

How to use SPF record?

Based on the content Suggested Record, you need to create a record with the following content:

Host recordTypeValue
@TXT“v=spf1 a mx a:mail.yourdomain.com ip4:192.168.10.10 ~all”

Note: Put content Value of SPF records in double quotes

How to check whether SPF record is set correctly ?

You open the SPF test tool on MXToolbox. Enter your domain and click SPF Record Lookup button.

The returned result should look like the image below. Every Test step is green.

verify-spf-record

What is DMARC?

According to information from Zimbra, we define DMARC as:

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.

It seems a little confusing to you, but you should understand it simply. DKIM combined with SPF, and now DMARC, all of these technologies are primarily to make sending emails from your mail server more reliable.

Other mail servers around the world will trust your system, they will distinguish whether your email is fake or not.

Take a look at the image below, the source image from Zimbra. You can understand what DMARC will do in the process of receiving emails.

If the DMARC of the email is sent to the pass, the mail will be put into the inbox, otherwise, it may be put into spam or returned.

How to create DMARC Record ?

DMARC record is rather easy to create compared to DKIM or SPF. You can either create it manually or online.

To create online visit this website. After that enter your domain and select the options as shown in the image below, then click the Get DMARC Record button.

generate-dmarc-record-online

At last you will get the result as image below. You need to pay attention to the following 3 contents:

dmarc-record-dns-entry
  • DMARC record for: yourdomain.com
  • Record should be published at _dmarc.yourdomain.com
  • v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; sp=quarantine

To create manually, just copy the above record and replace [email protected] with your admin email address like [email protected] or, if already have created [email protected] then you can use that as well.

How to use DMARC record?

Now we will create DNS record for DMARC for your mail domain.

Host recordTypeValue
_dmarcTXT“v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; sp=quarantine”

Note: Notice the double quotes in the Value section.

How to check the DMARC record is correct or not ?

Now go to the DMARC test page, enter your domain in the Domain Name box and click the DMARC Lookup button.

If you have set up exactly what I instructed, the results will be correct and the test fields are green.

What is reverse DNS?

When you build mail server, you have to configure the DNS record to resolve the mail domain mail.yourdomain.com to the IP address of the server.

However, that may not be enough. Some companies around the world like AOL, they will reject your email if you don’t have a reverse DNS record.

Take a look at the image below, and you’ll know what the reverse dns record is.

reverse-dns-lookup

The rDNS (reverse dns) record allows IP resolution to be a domain name, which helps confirm your mail server correctly.

Where do we need to configure rDNS?

  1. You need to configure rDNS in the hosting provider. Most of the hosting provider let you create rDNS yourself but some of them but for some like AWS, Oracle, Google, Azure you will to ask them.

Conclusion

Email security protocols plays important role in inbox delivery. Unless you have all protocols in place email is bound to go in spam/junk. Therefore, you must pay attention to these protocols.

Mailwizz is a very popular email marketing application. It includes feature like autoresponder, bounce handling, drip campaign, templates, SMTP rotation, feedback loop, etc. Basically, Mailwizz is pretty good email automation script which provides every feature you need for successful email marketing.

How to Get Mailwizz?

Getting Mailwizz is super simple. Just follow the link to buy Mailwizz. The Mailwizz license cost is $69 for one time. You will continue to get update forever but support will expire in 6 months. Also, you can check it’s demo here. If you want to use MailWizz for free then register yourself at inSend to get started.

Requirements

Installation of Mailwizz on cloud/VPS

I am using Contabo VPS for demonstration, but you can use Digitalocean, Linode, OVH, etc. While installing VPS select any of the following operating system.

  • CentOS 8
  • Ubuntu 18.04

Now, we are going to install Virtualmin open source control panel on VPS. Steps involved in installation is already discussed in this article. Please go through that.

After installation and setup of Virtualmin is complete, it’s time to install Mailwizz. First of all get the MW file from Codecanyon. Then, go to the FileManager and upload the zip file.

Move the content of latest folder into public_html direrctory. Now it’s time to create database. After you have created the database go to https://yourdomain.com/install and follow the screen.

Installation of Mailwizz on Shared Hosting (cPanel)

Installing Mailwizz on shared hosting is fairly simple. Get shared hosting from any popular hosting like Bluehost, Hostgator, Dreamhost, etc. Many of them provide cPanel hosting. Or, if you like free cPanel hosting go to inSpaceHosting and get started. I am also using inSpaceHosting for Mailwizz. After you have successfully registered your account, you will get login credentials.

Login to cPanel and go to File Manager. Then upload the Mailwizz zip file to public_html directory. Next extract it. After that, go to the extracted folder and then further into the latest folder. Now move the content of latest folder into public_html. Finally, go to the URL https://yourdomain.com/install

In the article Install Postal SMTP server on Ubuntu 18.04, I already have discussed steps to install Postal Successfully. Now in this article, I will tell you the commands and steps required to configure Postal, create organizations, add domains, create SMTP etc. Apart from that, I will also discuss the steps required to install SSL certificate. Now, here note that SSL for click tracking is handled by Postal and therefore you don’t have to do anything for that. It’s only the SSL for web ui and SMTP that we are going to install and configure.

Creating First SMTP on postal

First of all login to your Postal and then create your first organization.

postal-dashboard

Next create your First SMTP server

build-smtp-server-postal

On next screen fill the details

build-smtp-server-postal

After you have successfully built the server, it’s time to add a domain.

postal-add-domain

Next, you will be given set of DNS records to create. So, just create them.

Creating DNS records for Postal

Their is very nice article already written by developers of Postal to create DNS records. But if you follow along, you might get lost and miss mail-tester 10/10 score.

Create the following records

NameTypeValue
mailA1.2.3.4
rp.mailA1.2.3.4
track.mailA1.2.3.4
psrpCNAMErp.mail.inguide.in
@MX10; mail.inguide.in
routes.mailMX10; mail.inguide.in
rp.mailMX10; mail.inguide.in
@TXTv=spf1 a mx include:spf.mail.example.com ~all
rp.mailTXTv=spf1 a mx include:spf.mail.example.com ~all
spf.mailTXTv=spf1 ip4:1.2.3.4 ~all
postal-a1b2c3._domainkeyTXTv=DKIM1; t=s; h=sha256; p=MIGfMA0GC…;
_dmarcTXTv=DMARC1; p=reject; sp=reject; rua=mailto:[email protected]

Creating SMTP server

Go to credentials tab and add credentials

postal-create-credentials

After you have created credentials, key will automatically appear which is none other then your SMTP password in case you have selected SMTP from drop down list. Otherwise, it can be used as API key.

Now you can do the testing with several email marketing tools available.

Installing Free SSL on Postal

First to all get the certbot

apt install certbot

To get the SSL certificate execute the following command.

certbot certonly --webroot --webroot-path /opt/postal/app/public --domains mail.yourdomain.com

This will procure SSL certificate and store it on your server. Also, Certbot will tell you where the certificate is located. Subsequently, you have to specify the certificate location inside the nginx configuration and postal.yml

Open nginx config file

nano /etc/nginx/sites-available/default

Next edit the already present private certificate to add the following lines to it.

ssl_certificate     /etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.yourdomain.com/privkey.pem;

After that open the Postal config file postal.yml

nano /opt/postal/config/postal.yml

Then add the following line to it

smtp_server:
  tls_enabled: true
  tls_certificate_path: /etc/letsencrypt/live/postal.yourorganisation.com/fullchain.pem
  tls_private_key_path: /etc/letsencrypt/live/postal.yourorganisation.com/privkey.pem

Next restart the Nginx to reload the new certificate into the browser.

sudo systemctl reload nginx

Now go to the browser and reload the webpage.

How to Renew SSL Certificate?

As long as you got the certificate from Lets encrypt, Certbot will automatically renew the certificates so you don’t have to worry about replacing them yourself.

Video

Conclusion

Installing and configuring Postal for beginners could be daunting task. But with the help of this and previous article along with video guide, I hope you would be able to install successfully.

Building Postal SMTP server to send bulk emails is a good choice for email marketers. Postal is very powerful and backed by a large community of developers. It is an open-source mail server script written in JavaScript and Ruby. It can be used to build in-house SMTP server just like Mailgun, Sendgrid, Mailchimp, etc.

Postal installation is not very straight forward. The process is fairly complex. It’s because Postal needs several packages to be installed before hand, it can be used. I have tried to make it as simple as possible.

Requirement for Postal SMTP server

  • A domain name from Namecheap or Namesilo
  • A VPS or cloud with Ubuntu 18.04 & 8 GB of RAM

I am using Contabo for the purpose of demonstration.

Initial Setup

In order to start with installation, you will need to connect to the server. If you are on you have to get SSH client for this purpose. One such SSH client is Putty. But if you are on Linux or Mac, just open the terminal and type [email protected] where xx.x.x.xxx is your server IP address.

First of all switch to root user

sudo -i

After that update and upgrade your Ubuntu

apt update -y
apt upgrade -y

Next setup hostname

hostnamectl set-hostname mail.yourdomain.com

Updating DNS records

Login to domain registrar and create A record for mail.yourdomain.com

Now let’s begin with installation

Installation and Configuration of MariaDB

First of all, install MariaDB database on your server.

apt-get install mariadb-server libmysqlclient-dev -y

After installing MariaDB, it’s time to do some configuration to MariaDB

mysql_secure_installation

Answer all the questions as shown below:

    Enter current password for root (enter for none):
    Set root password? [Y/n]: N
    Remove anonymous users? [Y/n]: Y
    Disallow root login remotely? [Y/n]: Y
    Remove test database and access to it? [Y/n]:  Y
    Reload privilege tables now? [Y/n]:  Y

Next login to MariaDB to create mysql database

mysql -u root -p

Enter your root password, then create a database and user for Postal. Here I am creating database name “postal” and database user “postaluser”. Also, replace postaluser password “your_password” with a password of your choice.

CREATE DATABASE postal CHARSET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'postaluser'@'localhost' IDENTIFIED BY 'your_password';

Next, grant all the privileges to the postal database:

GRANT ALL ON postal.* TO 'postaluser'@'localhost';
GRANT ALL PRIVILEGES ON `postal-%`.* to `postaluser`@`localhost` IDENTIFIED BY "password";

After that save and exit from the MariaDB shell

FLUSH PRIVILEGES;
QUIT;

Installing Ruby and RabbitMQ

It’s time to install Ruby on the server. By default, Ruby is not available in the Ubuntu 18.04 default repository. Therefore, we need to add Ruby repository first.

apt-get install software-properties-common -y
apt-add-repository ppa:brightbox/ruby-ng

Next, update the repository and install the Ruby.

apt-get update -y
apt-get install ruby2.6 ruby2.6-dev build-essential -y

Now we need to install RabbitMQ for message queueing. For that, we need to add Erlang repository. Let’s download and add Erlang GPG key.

wget -O- https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc | apt-key add -

Next, add the Erlang repository with the following command:

echo "deb https://packages.erlang-solutions.com/ubuntu bionic contrib" | tee /etc/apt/sources.list.d/erlang.list

At last step, update the repository and install Erlang.

apt-get update -y
apt-get install erlang -y

Now Erlang is installed let’s download RabbitMQ with GPG key.

wget -O- https://dl.bintray.com/rabbitmq/Keys/rabbitmq-release-signing-key.asc | apt-key add -
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | apt-key add -

Next, add the RabbitMQ repository with the following command:

echo "deb https://dl.bintray.com/rabbitmq/debian $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/rabbitmq.list

At last update the repository and install RabbitMQ

apt-get update -y
apt-get install rabbitmq-server -y

Now we have RabbitMQ installed, let’s check the status of RabbitMQ

systemctl status  rabbitmq-server

After that we need to create RabbitMQ vhost and user for postal. Simply run the following command:

rabbitmqctl add_vhost /postal
rabbitmqctl add_user postal password
rabbitmqctl set_permissions -p /postal postal ".*" ".*" ".*"

Installing Nodejs

By default, the latest version of Nodejs is not available in the Ubuntu 18.04 default repository. Therefore, add the repository for that first.

curl -sL https://deb.nodesource.com/setup_12.x | bash

Next install it.

apt-get install nodejs -y

Installing Postal

Before installing Postal, you will need to create a user for postal mail server on Ubuntu.

useradd -r -m -d /opt/postal -s /bin/bash postal

Now, enable ruby to listen on web ports.

setcap 'cap_net_bind_service=+ep' /usr/bin/ruby2.6

After that, install all the required gems with the following command:

gem install bundler

Next, install procodile with gem:

gem install procodile

Finally, install nokogiri with gem:

gem install nokogiri -v '1.7.2'

Install git with the following command

apt install git -y

Now, create a directory structure for Postal. Here all the files will be kept related to Postal

mkdir -p /opt/postal/app

It’s time to download the latest version of Postal.

wget https://postal.atech.media/packages/stable/latest.tgz

Once the download is completed, extract the downloaded file with the following command:

tar zpxvf latest.tgz -C /opt/postal/app

Next, change ownership of postal directory.

chown -R postal:postal /opt/postal

Now, create a symlink for Postal binary

ln -s /opt/postal/app/bin/postal /usr/bin/postal

After that, install all the required dependencies with the following command:

postal bundle /opt/postal/vendor/bundle

If above steps fails and you get the error, then execute the following command. This error is because mimemagic got updated.

cd /opt/postal/app
bundle update mimemagic
bundle install
cd ~

Next, generate Postal Configuration files with the following command:

postal initialize-config

Now, open Postal configuration file and edit it to reflect correct information:

nano /opt/postal/config/postal.yml

Make the following changes as per your environment:

web:
  host: postal.example.com
  # The protocol that requests to the management interface should happen on
  protocol: https

main_db:
  # Specify the connection details for your MySQL database
  host: localhost
  username: postal
  password: password
  database: postal

message_db:
  # Specify the connection details for your MySQL server that will be house the
  # message databases for mail servers.
  host: localhost
  username: postal
  password: password
  prefix: postal

rabbitmq:
  # Specify the connection details for your RabbitMQ server.
  host: 127.0.0.1
  username: postal
  password: password
  vhost: /postal
  
dns:
  # Specifies the DNS record that you have configured. Refer to the documentation at
  # https://github.com/atech/postal/wiki/Domains-&-DNS-Configuration for further
  # information about these.
  mx_records:
    - mx.postal.example.com
  smtp_server_hostname: postal.example.com
  spf_include: spf.postal.example.com
  return_path: rp.postal.example.com
  route_domain: routes.postal.example.com
  track_domain: track.postal.example.com

smtp:
  # Specify an SMTP server that can be used to send messages from the Postal management
  # system to users. You can configure this to use a Postal mail server once the
  # your installation has been set up.
  host: 127.0.0.1
  port: 2525
  username: # Complete when Postal is running and you can
  password: # generate the credentials within the interface.
  from_name: Postal
  from_address: [email protected]

Save and close the file with CTRL + X. Then, initialize database with the following command:

postal initialize

Next, you will need to create a admin user for Postal.

postal make-user

Answer all the questions as shown below:

Postal User Creator
Enter the information required to create a new Postal user.
This tool is usually only used to create your initial admin user.

E-Mail Address      : [email protected]
First Name          : Admin
Last Name           : Postal
Initial Password:   : *********

User has been created with e-mail address [email protected]

Finally, start the Postal application.

postal start

Now, check the status of Postal

postal status

Just in case, if you like to stop postal service, you can do so by

postal stop

Create Systemd Service file for Postal

Next, you will need to create a systemd service file to manage Postal service. This can be done with the following command:

nano /etc/systemd/system/postal.service

Add the following lines:

[Unit]
Description=Postal Mail Platform
After=mysql.service rabbitmq-server.service
Wants=mysql.service rabbitmq-server.service

[Service]
ExecStart=/usr/bin/postal start
ExecStop=/usr/bin/postal stop
ExecReload=/usr/bin/postal restart
User=postal
Restart=on-failure
Type=forking

[Install]
WantedBy=mysql.service rabbitmq-server.service

Save and close the file. Then, reload the systemd with the following command:

systemctl daemon-reload

Next, start Postal service and enable it to start on boot with the following command:

systemctl start postal 
systemctl enable postal 

You can check the status of Postal service with the following command:

systemctl status postal

Install and Configure Nginx

Next, you will need to install Nginx to access Postal mail server. First, install Nginx with the following command:

apt-get install nginx openssl -y

Next, copy Nginx configuration file with the following command:

cp /opt/postal/app/resource/nginx.cfg /etc/nginx/sites-available/default

Next, create a self-signed SSL certificate with the following command:

mkdir /etc/nginx/ssl/
openssl req -x509 -newkey rsa:4096 -keyout /etc/nginx/ssl/postal.key -out /etc/nginx/ssl/postal.cert -days 365 -nodes

Answer all the questions as shown below:

Generating a 4096 bit RSA private key
...............................++
.................++
writing new private key to '/etc/nginx/ssl/postal.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Bihar
Locality Name (eg, city) []:Patna
Organization Name (eg, company) [Internet Widgits Pty Ltd]:IT
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:Dhiraj
Email Address []:[email protected]

Next, open the Nginx default virtual host file and define your domain:

nano /etc/nginx/sites-available/default

Here, you need to make the following changes:

server_name postal.example.com;

Save and close the file. After that, restart Nginx service with the following command:

systemctl restart nginx

Access Postal Web Interface

Now, open your web browser and type the URL https://mail.yourdomain.com. You will be redirected to the admin page. Login with email id and password.

Postal-login-screen

After that, you will postal dashboard.

postal-dashboard

In, next article we will learn to create organization, domain management and SMTP creation, etc.

Video Lesson

Conclusion

Installing Postal is somewhat complex procedure. Nonetheless, it’s worth to give it a try considering the Postal features.

Installing SSL certificate on iReadMail, especially Let’s encrypt is not so straight forward. Therefore, I had to write an article for it. If you have been following the installation of iRedMail, then already know I user iRedMail installer. So the steps to install SSL certificate are as follows.

Requesting a free cert from Let’s Encrypt

First of all we need to install certbot to get certificate from Let’s encrypt.

apt install certbot

Next verify the request process with dry run. This will not install the certificate rather verify the DNS records.

certbot certonly --webroot --dry-run -w /var/www/html -d mail.inguide.in

Next you will be asked for email address and to accept tos. Answer that.

Now if everything went smoothly and you didn’t get any error then run the following command to get the certificate.

certbot certonly --webroot -w /var/www/html -d mail.inguide.in

After successful execution of this command SSL certificate were store in the directory /etc/letsencrypt/live/mail.inguide.in/

Now we need to change the premission of this directory.

chmod 0644 /etc/letsencrypt/{live,archive}

Using the SSL certificate

Now we have SSL certificate ready to put in use. Run the following command to backup existing private keys

mv /etc/ssl/certs/iRedMail.crt{,.bak}   
mv /etc/ssl/private/iRedMail.key{,.bak}

It’s time to create symbolic link to the Let’s Encrypt files, or in simple words to install the certificate

ln -s /etc/letsencrypt/live/mail.inguide.in/fullchain.pem /etc/ssl/certs/iRedMail.crt
ln -s /etc/letsencrypt/live/mail.inguide.in/privkey.pem /etc/ssl/private/iRedMail.key

Restart the services with following command

systemctl restart dovecot
systemctl restart postfix
systemctl restart nginx
systemctl restart slapd

Now, go refresh the page to load new certificate.

Automatically renewing the certificate

Install new crontab with command:

crontab -e

In order type anything inside crontab press A on your keyboard. And then copy the following line

1   3   *   *   *   certbot renew --post-hook '/usr/sbin/service postfix restart; /usr/sbin/service nginx restart; /usr/sbin/service dovecot restart'

After the close the editor with esc + :wq

Conclusion

The brand new Let’s Encrypt SSL is ready on your iRedMail server. You can check it by visiting iRedMail admin, Webmail etc. Also, you will not receive any warning while submitting emails via SMTP or connecting from popular Email client like Outlook, Thunderbird, etc.

Building SMTP server with iReadMail could be a little tricky for beginners. But it’s still easy compared to building SMTP with mailcow or Postal. If you are looking for the easiest way to build your own SMTP server then perhaps you should check building SMTP server with Mailinabox.

About iRedMail

iRedMail is an open-source mail server script with a very good number of developers contributing to its development on GitHub. It is free of cost but if you want an advanced admin panel to manage users then you have to pay for it, though the basic admin panel is free.

Features of iRedmail

iRedMail comes with inbuilt Webmail, Calendar, Contacts, ActiveSync, Antispam, Antivirus, greylisting, whitelisting, blacklisting, etc. It also supports MariaDB, PostgreSQL, OpenLDAP backends. This means you have complete freedom to choose database type.

Perhaps iRedMail is the only mail server solution that can be installed on all version of Linux. So, here also you have flexibility to deploy iRedMail on your favorite Linux distribution.

Requirement

Like every mail server you will need

  • a domain from Namecheap
  • A VPS or Cloud with minimum 2 GB RAM

I will be using Contabo for demonstration but you are absolutely free to make your choices. I already have demonstrated steps to get domain name and VPS in the following video.

Updating DNS records

First thing first make changes to DNS records. Login to your domain registrar and create A record for mail.inguide.guru.

After that create or update MX record pointing to mail.inguide.guru with priority 10.

Then create TXT record for SPF entry and all following in value

v=spf1 mx ~all

Initial Setup

First of all we need a way to connect to the server. Though it’s simple on Linux or MacOS, for Windows you will need a SSH client like putty or Bitvise. Download it and connect to your server

Switch to root user

sudo -i

Set the hostname or Fully Qualified Domain Name (FQDN) with following command on Ubuntu

hostnamectl set-hostname mail.inguide.in

Don’t forget to replace inguide.in with your domain name.

Then open hosts with following command

apt install vim -y
vim /etc/hosts

Now add following lines and don’t forget to replace domain name and IP

45.354.212.212 mail.inguide.in mail

Let’s update the OS.

apt update -y
apt upgrade -y

Next install gzip package

apt install gzip

Our initial setup is complete now.

Installing iRedMail

Here first step would be to get the iRedMail. Go to iRedMail website and download installer.

download-iredmail

Now connect to your server with any FTP client, let’s say WinSCP or FileZilla and upload the iRedMail installer. Or, alternatively download with following command

wget https://github.com/iredmail/iRedMail/archive/1.4.0.tar.gz

Next extract it and begin the installation with following command

ls
tar zxvf 1.4.0.tar.gz
ls
cd iRedMail-1.4.0
ls
bash iRedMail.sh

Answer the series of questions appearing on your screen to finalize iRedMail installation.

Select email directory location

iredmail-select-email-directory-location

Select webserver type, if you don’t want to run any applications on this server you can skip it.

select-webserver

Select database type. If you want to run mail only server use OpenLDAP but if you are planning to host application as well then select MariaDB or PostgreSQL.

The following screen pops up only if you select OpenLDAP.

Specify LDAP suffix

Now type the MySQL administrator password

Finally enter the domain name here

enter-the-domain-name

Now you will be asked to enter postmaster password

Here on this final screen, you have option to install Webmail, Calendar, Address book & Activesync. Do not select SOGo unless your system has at least 8 GB of RAM. Make your selection then hit next.

Finally the summary of all your choices. If you want to make any modification press CTRL+C to stop the installation and start once again. Otherwise type y and continue.

At the end of installation you will be asked to change SSH port (port 22) or continue

Now installation has been finished. Reboot the system to enable all mail service.

Also, copy the different URLs generated for your application.

To open webmail go to https://mx.inguide.guru/mail

To open admin panel go to https://mx.inguide.guru/iredadmin

Login with you username and password

Now here you can add domain, create users etc.

Copying DKIM record to the DNS

To get the DKIM record go to the terminal and run the following command.

amavisd-new showkeys

Output would be something like this

dkim._domainkey.mydomain.com.   3600 TXT (
  "v=DKIM1; p="
  "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYArsr2BKbdhv9efugByf7LhaK"
  "txFUt0ec5+1dWmcDv0WH0qZLFK711sibNN5LutvnaiuH+w3Kr8Ylbw8gq2j0UBok"
  "FcMycUvOBd7nsYn/TUrOua3Nns+qKSJBy88IWSh2zHaGbjRYujyWSTjlPELJ0H+5"
  "EV711qseo/omquskkwIDAQAB")

Copy the output of command inside ( ) in one line and remove all quotes.

 v=DKIM1; p= MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYArsr2...................

After these steps secure your iRedMail server to deal with SSL warning.

Conclusion

Installing iRedMail is easy and quick. It is loaded with several features and you have options to make selection of features you like to install. It is very robust system and it can easily handle good amount of traffic.

There are many ways to create SMTP and send unlimited emails and Mailinabox is just one of them. Basically, as long as it’s your SMTP server you can send unlimited emails, no restriction at all from your side unless you want to put one. But wait!! There’s a catch. The catch is that ISP doesn’t accept unlimited emails from New SMTP. Anyway, I will discuss more in ISP another article. Here’s I am going to demonstrate, how you can install Mailinabox and create SMTP.

Requirement

I am using Contabo in this demo. But of course, you are free to select any VPS hosting. Select Ubuntu 18.04 during placing an order. Just in case you ordered VPS with some other OS, follow the screenshot to reinstall Ubuntu 18.04.

contabo-OS-reinstall

Update Nameservers

Before you begin, you need to create custom name servers with domain registrar. Go to custom nameserver and create it.

namecheap-custom-nameservers

Then update the nameservers to

ns1.box.inguide.in

ns2.box.inguide.in

With this our work at domain registrar finishes off.

Connect to the server

If you are on windows machine, you will need an special SSH client to connect to Linux server. I am using Putty here. It’s open source and light weight. 

putty-connecting-to-server

First of all switch to root user

sudo -i

Now the first step would be test whether port 25 is open or not

apt install telnet -y
telnet smtp.gmail.com 25

You would see Connected status. €if you didn’t this means port 25 is blocked and you must ask hosting provider to open it.

Next, set the hostname with the following command,

hostnamectl set-hostname box.inguide.in

Replace inguide.in with your domain name. But don’t replace box with anything else. After that, update the server with following command

apt update && apt upgrade -y

Now run the following command

curl -s https://mailinabox.email/setup.sh | sudo bash

Answer questions which will appear on your screen. If asked for email id type

[email protected]

not [email protected]

At the end of installation you will asked for user name and password. Enter it.

Finalizing the installation

Now go to URL https://box.inguide.in/admin and login. If any thing is not in green address that issue. After that provision SSL certificate.

You can add users and find SMTP details in relevant tabs.

Testing the SMTP server

Go to Mail tester to and get email id from there and then send a test email to it. You will get 10/10 score without any issue. You can do further testing with these tools.

Summary

Installing Mailinabox is absolutely simple and no brain storming in that. Just one command and you are good to go. Nameserver configuration could be little tricky for beginners, but I have made that simple as well.

Generating and Validating DKIM could be a difficult task sometimes. Therefore, in order to make this task easier there are several tools available online. If you are email marketer then needless to say DKIM plays very important role in email delivery. Whether you are using postfix or powerMTA, you must have valid DKIM entries in DNS records.

About DKIM

DKIM stands for Domain Key Identified Mail. It helps ISP to establish identity of sender. It could be 1024 bits or 2048 bits. Now a days 2048 bits is more preferable. DKIM composed of 3 parts.

  • Private Key
  • Public Key
  • Selector

Private key is kept safe on server and used to sign email before sending out. Public key is entered into DNS records, which is used by ISP to validate private key sent along email. Sometimes, you might need more than one DKIM key or you might want to sign transactional emails and promotional emails to be signed with different key. In simple words, selector ensures different DKIM doesn’t mix up and they could be authenticated by ISP.

Let’s discuss some of the tools available online first, then we will discuss steps to troubleshoot DKIM issues.

1. Sparkpost DKIM Generator

Sparkpost as we know, developer of powerMTA, has create very user friendly interface to generate DKIM. Just fill in the details and it will generate DKIM with instructions.

generate-dkim-key

Copy the DKIM private key to your server and public key to DNS records.

validate-dkim-key

You can also validate DKIM key, after configuration, by sending them to their one of the email address.

sparkpost-dkim-key

2. DKIMCORE

DKIMCORE is another popular tool for DKIM generation. It just asks you for domain name.

In DKIMCORE you will not be able to enter DKIM selector of your own choice. It will automatically generate for you.

generate-DKIM-Key-in-dkimcore

3. Command line

If you don’t like going to online tools, there’s simple way to generate DKIM key on Linux using opendkim command.

Just execute the following commands

openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout -out public.key
opendkim

Now you can list generated keys using ls command and cat command to display the key public key, so that you can copy it to the DNS.

ls
cat public.key
generating-dkim-key-opendkim

If you like to know the location of private key, you can use pwd which stands for the present working directory. In the above screenshot, my working directory is /root and therefore private key location is /root/private.key

Note here, I haven’t used any selector. Therefore, I can create any name form selector.

Creating the DNS record

Creating DNS records is simple. Login to your domain registrar and look for Advanced DNS in namecheap and manage DNS in Godaddy. Similar, option would be available in other domain registrars. There you would find option to create TXT record. Create one and fill the details as follows:

creating-dkim-record-in-namecheap

In above screenshot in place of Host type

selector._domainkey

Replace selector with your choice.

Then in the Value enter the public key like

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyLHWXYdMiSdg83MmBPA
lXjdMxVmPWb5qWetxu7RqzP59saNXRtL/3I6K1zFZY85bljAB7Xa1fjZ42hWESCN
VK99o9R5RBFV6R62LLOHpwxxaD6rsskWqI7PgD99OuS5VHHaaMrxn8anx110FIhX
vs4T7ghcu7NVkDSawJ2dZUTfo8vRj7igc3/ySGrB1SNstTEghv0RazSnq9l9q+qV
jp9NzTh4FnxjAijMsG7AoIY6XRWbS3BC87sk6880bPosrRkw1ubQt4bpfp2rfgSw
DbzTlPuDDrNArZ9p7pS8OURP4CEDNe2dkwMhoVrKGDJ9VM/gAHgCyfe317igFEaJ
wwIDAQAB

At some places, you might to put double quotes in Value field, so be careful about that.

Validation of DKIM keys

After you have completed above steps, it’s time to validate the DKIM keys. There are several email marketing tools which are available online to validate keys.

1. MXToolBox DKIM Validator

MXTOOLBOX is favorite tool of email marketer. It provides several tools like DKIM validator, SPF checker, IP blacklist checker and so on. Go to MXTOOLBOX and fill the domain name and selector.

mxtoolbox-dkim-checker

After you run DKIM Lookup, you will get nice green ribbon if DKIM passes or red ribbon indicating DKIM issues.

mxtoolbox-validation-result

2. DKIMCORE

DKIMCORE is also let you validate your DKIM keys in simple steps. Just fill in the details and you are good to go.

dkimcore-validator

Conclusion

These simple tools could easily generate and validate and DKIM keys without any hassle. DKIM key is very important to ensure inbox delivery, therefore it’s sender duty is to use right DKIM key and format.

Read: How to install Mailwizz

Before, I discuss the list of bulk email verifier and validation software and website, let’s discuss why you should verify the list.

  • To get better inbox delivery
  • Verification minimizes hard bounce
  • Low bounce rate means boost IP and domain reputation
  • It prevents getting blacklisted by ISP
  • To get better return on investment

Now the question arises, how often one should verify emails? Well, if you are sending newsletter weekly or at least monthly to all your subscribers then you won’t have to verify the list at all, provided automatic bounce removal is in place on your SMTP server. However, if you are not sending the newsletter to all subscribers at once or you send it once in a while, then I would say cleaning up the list every 6 months.

What is the difference between Software and Services?

The major difference between email verification software and services is in terms of functioning. While services usage their huge database build over years to quickly run customers’ email lists, software checks all email ids one by one. Several requests to ISP, without actually sending emails, irks ISP which could lead to IP blacklisting. ISP’s doesn’t like email verification tools or services.

Having said that it’s time to look at the list.

Software

1. Atomic Mail Verifier

Atomic Mail Verifier is quite old email verifier. It verifies top ISP like Gmail, Yahoo mail, etc., and cost-effective. They also offer free trial on their software. It also checks for syntax errors in email ids and domain existence. Though it is loaded with many good features, it does have downside. It fails to verify the email addresses of many ISP.

Services/Websites

There is a number of services available nowadays. And, all of them claim to be better than others. I have listed few services along with a comparison table to help you get started.

Comparison Table

Bulk Email VerifiersPriceAccuracyRatingsDisposable & Catch AllIntegrationsFree TrialTime Taken for 100kCustomer Support
Debounce500K: $300
1M: $500
97.50%4.7/5.0 Capterra
4.5/5.0 G2
YesMailChimp
+8 More
One Time 1002 HourTicket Support
Live Chat
Zerobounce500K: $1100
1M: $1590
98.80%4.7/5.0 Capterra
4.7/5.0 TrustPilot
YesCloudflare
+45 More
Monthly 1001 HourTicket Support
LiveChat & Phone
myEmailVerifier500K: $199
1M: $299
99.00%4.8/5.0 G2
4.4/5.0 LCA
YesGetResponse
+5 More
One Time 2003 HourTicket Support
MillionVerifier500K: $199
1M: $299
99.00%5.0/5.0 AWH
4.5/5.0 TrustPilot
YesAny Application
Softwares
One Time 2001 HourTicket Support
Live Chat
EmailVerifyList500K: $547
1M: $947
99.00%5.0/5.0 AWHYesAny Application
Softwares
Every Day 501 HourTicket Support
Live Chat
Snov500K: €900
1M: €1400
98.00%5.0/5.0 G2
3.8/5.0 TrustPilot
YesIcontact
+10 More
One Time 1001 HourTicket Support

1. Zerobounce

Zerobounce is well known and quite popular but not cheaper. It’s probably the most expensive service. But nonetheless, they have billions of email ids in their databases that get your job done in minutes. It also claims to use Artificial Intelligence.

2. Debounce

Debounce is another well-known service. With simple, clean UI and faster service, they have earned the top position in the industry. Many of my students were satisfied with the services. They also offer free email extractor and free disposable detector API. You can integrate this API with your service to stay away from spammers.

3. myEmailVerifier

myEmailVerifier is easy to integrate with popular services like mailchimp, GetResponse, AWeber, SendGrid, etc. It pricing is competitive and par to other counterparts.

4. MillionVerifier

MillionVerifier is one of the cheapest email verification and validation service. It also has accuracy of 99% for verification.

5. EmailListVerify

EmailListVerify with 4.7/5 Capterra rating, user satisfaction is all time high this service.

Conclusion

To sum up all software have limited capability and slow but cheapest to run, while services are fast but expensive. Among various services all claims to be better than another. At this point, it would be wise to begin with cheapest service.

Email marketing though sound easier, but it’s not the case any more. Unlike old times you cannot send bulk emails without every emails protocols in place. Here are some tools which will help you test your SMTP server to achieve industry standard protocols. These tools will show you reason for deviation from protocols, therefore you would be able to fix it in time. Here, I have listed 10 best email marketing tools and website which would prove useful.

1. Mail-Tester

Mail-tester website let you test your SMTP server to check all standard protocols like DKIM, SPF, reverse DNS, DMARC, etc., are in place. It will also test IP of SMTP server against 3rd party blacklisting. Additionally it gives score on scale of 10. You could rectify issues easily if your score is less than 10.

2. appmaildev

Appmaildev is website for testing SPF, DKIM, DMARC, DomainKey and RBL of your server. Just send email to id given by appmaildev and it will give the result.

3. MXtoolbox

MXtoolbox is mother of all the tool box for testing SMTP. It can test almost every aspect of your email server. Some of them are MX, DKIM, SPF, DNS, DMARC, Blacklist, Blocklist, etc. It can also analyze email headers which you very important information that actually help in better inbox delivery. Apart from that it can also extract emails from text content, all you need is just copy the text and paste.

4. GMass

GMass is perhaps best tool for email marketer. It certainly has features more than many tools combined. You can verify email addresses, test your SMTP, test where your email is landing (Inbox, Spam, promotions), check links, test your email for DKIM, SPF, DMARC, blacklisting, etc. The best part of GMass is many services are absolutely free. However, there is one limitation with GMass is that only Gmail ids work. I hope some day they will expand their portfolio to include other services as well.

gmass

5. Glock Apps

GlockApps is different from above two. It actually gives you about 70-80 email addresses of different ISP where you send emails. Then glockapps will analyze whether emails

  • has been delivered to inbox
  • has been delivered to spam
  • not delivered at all

Finally analysis report will provide insight into your email deliverability, authentication, reputation and DMARC compliance. This way you will able to make necessary amendments into your SMTP.

6. Sender Score

Sender Score is another fantastic tool to analyze your SMTP server. It gave you lots of insight about your email server. Also you will get the score out of 100. Note you might not get score if your server is comparatively new.

7. Talos Intelligence

Cisco Talos Intelligence is basically a internet threat analyzer. Along with many services it also analyze IP & Domain reputation which is of extreme importance for email marketer. The best part is Talos Intelligence doesn’t charge you for this information.

8. SMTP Tester

There are several SMTP tester available but the one I use frequently is SMTPer.

9. Wormly

Wormly is uptime monitoring website but also let you test SMTP.

10. SSL-Tools

SSL-Tools let you check encryption of your mail servers. It also test server vulnerability to Heartbleed.

11. DNSQUERIES

DNSQUERIES as the name suggest checks DNS and tells you if connection could be established with mail server, [email protected] & [email protected] exists, server is accepting mail over [email protected]_address etc.. These information is valuable, though comfortably ignored by many people, play an important role in domain reputation and therefore inbox deliverability.

Conclusion

Though, there are several tools available to test efficacy of your mail server, but none of the solution is all in one. Therefore, you need to bookmark most of them.

I have added tools and website best to my knowledge, but I will add more as soon as I find one. Let me know in comments if you know any other fantastic tool.