I want to run an email server for myself (I'm leaning towards postfix), but I need it to look something like this:
[MUA] [Home MTA] [External MTA]
The Home MTA sits on a virtualization server at my home, and only accepts mail from the external MTA (through its config but also firewall). The external MTA only accepts email for my domain, has DKIM/SFP, and (initially, anyway) isn't going to be delivering email to anyone except my home MTA.
I think if I do this right, that should prevent me from being blacklisted and also from doxxing my home IP as that won't be the MTA listed using my domains’s MX records. I think of this almost like a bastion or jump server, but for mail instead of ssh.
1. is this possible to do?
2. what else should I be thinking about? e.g. I found a page talking about preventing backscatter email, which hadn't occurred to me.
3. I'm assuming the MTA-to-MTA can be encrypted and authenticated. Is that SASL?
4. Is there a term for this type of setup so I can find a basic config and go from there? E.g. is this called smart-relay with a satellite or something?
EDIT: I think I would want to disable SMTP in favour of SMTPS, and configure postfix not to accept outbound email from an unauthenticated user. That prevents spammers from using my MTA to get mail out, right? If that’s the case why is it still generally recommended not to run your own mail server due to having to deal with all the spam?
Asked by Harv
(2512 rep)
Jan 12, 2025, 09:02 PM
Last activity: Jan 13, 2025, 08:18 AM
Last activity: Jan 13, 2025, 08:18 AM