Hacker News new | ask | show | jobs
by ProxCoques 3494 days ago
While I hear you on Gmail's overbearing influence, I'm not a sysadmin (I'm a designer and I spend most of my time talking to people about "user journeys" and fonts), but I run my own (and my family's) email using Ubuntu on a VM. There are lots of easy HOWTOS on setting up Postfix with DKIM and bind with SPF. I've got an alert on one of those blacklist monitors and not been in any blocking lists at all in several years.

So if I can do it, you can too.

BTW I use Gmail as the front end though - it picks up the mail up from my POP3 server and sends it out via my server over TLS/SSL. That last step was a bit complicated to set up since Gmail doesn't accept self-signed certificates for SMTP sending. But I managed to work out how to set up and renew a free cert from StartCom.
1 comments
abverma 3494 days ago
You might want to switch to Lets Encrypt or a paid SSL certificate provider.

https://en.wikipedia.org/wiki/StartCom#Criticism

https://blog.mozilla.org/security/2016/10/24/distrusting-new...

https://wiki.mozilla.org/CA:WoSign_Issues

link
ProxCoques 3493 days ago
LetsEncrypt needs port 80 open to the outside so that it can verify/renew certificates. I don't have port 80 open on the mail server though.
link
Whitestrake 3493 days ago
LetsEncrypt actually has multiple options available for validation. Only one challenge type, http-01, requires port 80 to be open. Another, tls-sni-01, requires port 443. dns-01 requires configuration of your DNS provider. I personally make use of tls-sni-01 and dns-01 in different situations.
link