This is a install guide for the common human, who has just learned that she wants to set up and email server. She know nothing about anything related to setting up a mail server and only has a domain name and couple of bucks (<$10) in her hand.
We will use those $10 to do some really cool things:
Hosting your own email is not going to be free. I’m just putting it out there for our younger enthusiasts and students who want to try out things in their home without shelling out any money.
BUT, that was kind of a lie. You could host the email in your house but it is going to require certain considerations. I will mention those in places where appropriate, about what steps to take if you are working at home. Most of which is going to be related to nameserver configurations. But even with all of that, if you host it from home, you will not be able to use it for anything other than testing and learning, as all home ip addresses are banned from sending out email, as a precaution against virus infected computers which perpetually keep sending spam.
One of the first things that you need to understand is that you are going to need a static IP. The easiest way to get this is to use a VPS hosting provider, who also supports OpenBSD, the best of which is Vultr.
You can select the lowest plan for $5 per month, which gives you the enough computing power to try out Excision without turning off any features :) The smaller ones are a bit too small for anything worthwhile, imho.
You server requirements:
I am also assuming that you have a domain to your name and that you hold the power to configure everything related to that domain. This includes access to the domain registrar for setting primary nameservers, access to a horrible web-ui for doing “AdVanCEd” DNS condigurations and all that. The first thing that we do is to start making preparations for our DNS setup, which we want to manage ourself.
If you skipped to this section, the prerequisites are:
One of the first things that we are going to do is to get a secondary nameserver service. Excision comes with a automated stealth master NSD configuration using the default NSD service in OpenBSD. The advantage of this is to be able to modify complex DNS records easily via text configuration which is nicely documented, explaining each option. If anybody has ever tried to work with a web ui based dns configuration and tried to set SRV records, they will know how insanely tedious and complicated it really is. Thankfully the worst part of the DNS configuration is automated leaving you with almost nothing to manage yourself (though you can if you want to).
For a secondary nameserver, the minimum requirements are to be able to accept NOTIFY (which informs the secondary about any updates from your computer). Look at the pinned issue for a recommended list of secondary providers. Most services are really cheap at < $2 per month, for more than 10 domains at a time. So if you have a friend it is useful to do this together, as Excision also supports multiple domain email handling.
The secondary DNS provider will give you two kinds of ip lists
These two are the longest configuration options and everything after this is smooth sailing.
The configuration file for Excision is called `vars.yml` which is supposed to be the filled-in version of the `vars-sample.yml` file. Read the `vars-sample.yml` file in depth because all the options have been explained in great detail, so please make sure that you understand each of them.
You will see that you need to enter the two lists of ip addresses in the two options provided for the stealth master configuration to work.
First step that you need to do is to make sure that your system is bootstrapped correctly, to get ansible working.
The assumption going forwarded is that you have downloaded and extracted Excision to some directory and it is the current working directory.
This installs the necessary packages, Ansible and GnuPG on your server. (Currently GnuPG is to be installed manually because it cannot be installed through Ansible due to package ambiguity)
After the system finishes bootstrapping you need to run the first playbook: `site-preinstall.yml`
This is going to take a while because it installs quite a bit of packages, so I suggest going and getting some Kombucha.
Also after running this playbook it is advisable to wait a couple of minutes for the site updates to propogate through the interwebs and letting your secondary nameservers update their configurations. Because even though they do accept NOTIFY, I have found that certain servers take some time to update the configuration. Generally 5-10 minuts is enough.
Now that everyone on the webz knows about your new server names and services, it is time to install the full playbook:
After this finishes running you should reboot your server to make sure that all the services are going to be using the proper configurations.
AND YOU ARE DONE!
Excision has finished installing on your system and you have a working mail server (which you are unable to access because you don’t know the password of your email account :P)
Now that the server has been rebooted and Excision is running, you need to reset the password of you admin account:
Supposing that your adminstrator is called `notaisha` and your domain was `aisha.cc`, run the following command to change the password and reload the services
You can read the github wiki for some general purpose server maintenance commands that Excision adds to the system. They are supremely helpful :)
Now that you know your email address and password, its time to test out the shiny new email while it still has that new-email smell.
There is no web-mail configured yet (it is going to be soon), you need to use an email client to access this server.
Some recommended email clients are:
Your username is `
Try sending mails to some other accounts and see if they reach correctly.
A good test is to go on https://mail-tester.com and see what score you get. You should see a 10/10, cuz this setup is fire.
Don’t hesitate to ask any questions on IRC or github. I might not be able to respond immediately but I will try to be fast.
Take care, be safe and get back your privacy from Big Brother :)