Zero to Email: A Simple Guide to Sending Emails from Your Server

In this guide, we'll tackle one of server administration's more challenging tasks: reliable email delivery. We'll streamline the entire process—from Postfix setup to SPF, DKIM, and DMARC implementation - transforming what's typically a difficult problem into a straightforward guide that anyone can follow.

So let's dive in and learn how to set up your server from scratch to sending signed, authenticated emails that are less likely to end up in the spam folder.

Introduction to Server Email Setup

This guide assumes that you already have a server running a Linux distribution like Ubuntu or Debian. But the steps can be adapted to other distributions with minor modifications. It also assumes that you own a domain name that you want to send emails from. But other than that, will cover the whole process of setting up a server to send emails, including:

• Postfix Configuration - Setting up the mail transfer agent for handling outgoing emails
• SPF Records - Authorizing your server to send emails for your domain
• DKIM Signing - Digitally signing emails to verify their authenticity
• DMARC Policy - Instructing receiving servers how to handle authentication failures

By implementing all these components, you'll create a professional email sending system that minimizes the chance of your messages being marked as spam.

Step 1: Setting Up Postfix

First, we need to install and configure Postfix, a popular mail transfer agent (MTA) for Linux servers.

sudo apt install postfix

During installation, select "Internet Site" and enter your domain name when prompted.

It's good practice to back up the default configuration before making changes:

sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.backup

Now, edit the Postfix configuration file with your preferred text editor:

# Basic Settings
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 3.6

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# Network Settings
myhostname = example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = loopback-only
inet_protocols = ipv4
mydestination = localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

# Mail Delivery
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mailbox_size_limit = 0
recipient_delimiter = +
relayhost =

# Restrictions
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

Make sure to replace "example.com" with your actual domain name. After making your changes, restart Postfix:

sudo systemctl restart postfix

Key Points

• Setting inet_interfaces = loopback-only restricts Postfix to only listen on localhost, which is suitable for most server email sending scenarios
• The configuration above is optimized for sending emails, not receiving them
• TLS is configured to improve security and deliverability

Step 2: Setting Up SPF Records

Sender Policy Framework (SPF) records authorize specific servers to send emails on behalf of your domain. This helps receiving servers identify legitimate emails and reduces the chance of your emails being marked as spam.

Add the following TXT record to your domain's DNS settings:

v=spf1 ip4:YOUR_SERVER_IP -all

Replace YOUR_SERVER_IP with your server's actual IP address. The -all directive indicates that servers not specified in the record are not authorized to send mail for your domain.

Note that DNS changes may take some time to propagate across the internet.

Step 3: Configuring DKIM

DomainKeys Identified Mail (DKIM) adds a digital signature to your emails that verifies they haven't been tampered with during transit and confirms they originated from an authorized server for your domain.

First, install the necessary packages:

sudo apt install opendkim opendkim-tools

Edit the OpenDKIM configuration file:

sudo nano /etc/opendkim.conf

Add the following configuration, making sure to comment out any conflicting default settings:

Domain                  example.com
KeyFile                 /etc/opendkim/keys/example.com/mail.private
Selector                mail
Socket                  inet:12301@localhost

Create the necessary directories and generate keys:

sudo mkdir -p /etc/opendkim/keys/example.com
sudo chown -R opendkim:opendkim /etc/opendkim
cd /etc/opendkim/keys/example.com
sudo opendkim-genkey -s mail -d example.com
sudo chown opendkim:opendkim mail.private

Now, update your Postfix configuration to use DKIM by adding these lines to /etc/postfix/main.cf:

# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

Extract the public key information to create a DNS record:

sudo cat /etc/opendkim/keys/example.com/mail.txt

Create a TXT record with the following details:

Host: mail._domainkey
Value: [content of mail.txt without the surrounding quotes, all on one line]

After adding the DNS record, restart both services:

sudo systemctl restart opendkim
sudo systemctl restart postfix

Step 4: Setting Up DMARC

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a policy framework that builds on SPF and DKIM. It tells receiving servers what to do when an email fails authentication checks.

Add the following TXT record to your domain's DNS settings:

Host: _dmarc
Value: v=DMARC1; p=reject

This policy instructs receiving servers to reject emails that fail SPF and DKIM authentication checks, providing strong protection against email spoofing.

Step 5: Testing Email Delivery

Now that everything is set up, let's test sending an email using a simple Python script:

import smtplib
from email.message import EmailMessage

msg = EmailMessage()
msg.set_content("This is a test email.")
msg["Subject"] = "Test Email"
msg["From"] = "no-reply@example.com"
msg["To"] = "recipient@example.com"

with smtplib.SMTP("localhost", 25) as server:
server.send_message(msg)
print("Test email sent!")

Remember to replace email addresses with real ones. You can check the Postfix logs to confirm the email was sent:

sudo tail -f /var/log/mail.log

Step 6: Evaluating Email Quality

To ensure your emails have the best chance of reaching inboxes, test the quality of your configuration using a service like mail-tester.com. This will give you a comprehensive report on your email deliverability and suggest improvements if needed.

Conclusion

Setting up a server to send emails reliably involves multiple steps, but the result is worth the effort. With properly configured Postfix, SPF, DKIM, and DMARC, your emails will be more likely to reach recipients' inboxes rather than being marked as spam.

This approach ensures your server can send authentic, verifiable emails while protecting your domain's reputation. The configuration described in this guide is suitable for transactional emails, notifications, and other automated messaging from your applications or services.

Remember that email deliverability is an ongoing process. Monitor your server logs regularly and adjust your configuration as needed to maintain high delivery rates.