Summary

This article documents setting up a open source email server Mail-in-a-Box on Google Cloud Platform (GCP) VM, and configure it to use 3rd party SMTP relay service to delivery outbound emails.

Preface

There are many hosted email services available on the Internet, such as Gmail, Outlook.com, Yahoo etc. With some not very complicated work, you can even have your own domain email services running off these free email services. However, being an IT engineer myself, it is always intriguing for me to have my own email server serving my own domains.

Nowadays running your own email server and ensuring effective email delivery is no longer a simple task. Due to the email spam issue, all email services on the Internet have employed strict measures to ensure only legitimate emails will get through.

Mail-in-a-Box (aka MIAB) open source project combines a bunch of common open source products and offers a relatively unique solution that allows normal users to setup their own email system and not to be worried about how to maintain their system’s reputation on the Internet. It is close to be a turnkey solution albeit there are still steps user needs to take to get everything up and running.

Why 3rd party SMTP relay service

AWS, Azure and GCP now all block outbound traffic through port 25, for the purpose of making malicious people harder to setup email spam systems on their cloud networks. Inevitably this also make it harder for people like us to setup a legitimate email system on their networks. On the other hand, inbound traffic through port 25 is usually not blocked, that means your email server should be able to receive emails from other email servers on the Internet.

The recommended approach by these cloud service providers is to forward outbound emails through TLS encrypted channel via port 587 or 465 to 3rd party SMTP relay services and let them delivery the emails to the destination email system. Because these 3rd party SMTP relay services are doing their job professionally, they can make sure the highest successful email delivery rate.

Mailgun, Sendgrid, Sendinblue, Mailjet are some of the popular names in this area. I was using Sendinblue but encountered issues when setting up SPF, DKIM and DMARC records on my email server. At last I used Mailjet who offers the same amount of 200 emails per day on free plan with my Mail-in-a-Box server.

Power Mail-in-a-Box fork

The original Mail-in-a-Box doesn’t allow user to manipulate any configurations on the system with ease, because it is meant to be a self-managed solution that won’t bother user with too technical details. Unfortunately this also means it doesn’t allow me to configure it to use 3rd SMTP relay service with ease. It is doable but the customisation gets wiped out every time the system is updated.

Luckily I came across a brilliant fork by David Duque, the Power Mail-in-a-Box. This fork allows me to configure 3rd party SMTP relay service and it also offers few other extra features. You can get to know more about this fork by visiting his Github page.

Free tier on GCP

As of Feb 2022, as per GCP’s free trial and free tier offers, you can run a or more e2-micro VM instances on GCP for free, forever supposedly, as long as you don’t go over the usage limit imposed. You will also get an external IP address for free. I used this e2-micro VM to run the Power Mail-in-a-Box.

Procedure

The steps of getting everything up and running can be summarised as follows

1. Get your own domain name if you haven’t got it yet
2. Setup the VM in the cloud
3. Install the Power Mail-in-a-Box
4. Setup reverse DNS record for your VM’s external IP address (PTR)
5. Configure firewall in the cloud to allow necessary traffics to come through to your VM
6. Setup your domain’s glue records and NS records
7. Log into your email server admin page, and check the system status, address all issues found
8. Provision SSL certificates from admin page
9. Test all functions (email, contact, calendar)
10. Check and configure the backup
11. Enable DNSSEC and add DS record

Notes about setting up SPF, DKIM and DMARC

I originally used Sendinblue for outbound SMTP relaying. However when I am configuring SMTP relay from the admin page of the Power Mail-in-a-Box server, I encountered the following issues and couldn’t finish the job.

1. Sendinblue requires configuring 4 DNS records (SPF, DKIM, DMARC and one TXT record) whereas the Power Mail-in-a-Box “SMTP relays” admin web page only allows configuring 2 of them (SPF & DKIM)
2. Sendinblue requires the DKIM record to be mail._domainkey.example.com, in other words the selector of the DKIM has to be mail. This clashes with the Power Mail-in-a-Box because MIAB has already setup one DKIM record that uses the same selector mail and doesn’t allow user to change its value

Because of these issues I changed to use the Mailjet which only requires 2 DNS records to be configured, the SPF and DKIM. In addition Mailjet doesn’t use mail as the selector for DKIM record, it needs mailjet as the selector (i.e. mailjet._domainkey.example.com), hence allowing me to configure a new DKIM record that doesn’t clash with the existing mail._domainkey.example.com. Ideally I would also like to setup the DMARC record for Mailjet for the reporting purposes but it is optional.

There is one small issue with configuring SPF record for Mailjet. Power Mail-in-a-Box “SMTP relays” admin web page for some reason couldn’t properly configure the SPF record to be exactly what Mailjet needs, which is:

v=spf1 include:spf.mailjet.com mx a:spf.mailjet.com -all

Power Mail-in-a-Box “SMTP relays” admin web page will configure the SPF record to be as follows:

v=spf1 mx a:spf.mailjet.com -all

At the end I had to setup a custom SPF DNS record with the correct value using the Power Mail-in-a-Box “Custom DNS” admin web page to pass the Mailjet SPF verification.