Once you have a custom domain, you usually want an email to go along with it. Unlike traditional hosts, this isn't built in with DigitalOcean. Usually setting up an entire mail server is overkill and usually insecure. So we're going to set up a way to forward mail to your external email with a tool called Postfix.

Requirements:

  • Custom domain name
  • Digital Ocean droplet with domain name records

First create an A record for mail.domain.com in addition to the MX record previously created.

  • Go to DigitalOcean, login and click Networking. Select the domain add the A record with the name "mail" and paste your droplet's IP.
  • Make sure you also have an MX record with the priority of 5

Setup your mail domain for Apache. If you have a previously setup .conf you can just:

sudo cp www.mydomain.com.conf mail.mydomain.com

sudo nano mail.mydomain.com.conf

and change the relevant variables (ServerName / Server Alias). If you don't have one set up copy the '000-defaulf.conf' file instead.

ServerAlias mail.mydomain.com
ServerName mail.mydomain.com

ServerAdmin yourexternalemail@gmail.com
DocumentRoot /var/www/html/

<Directory /var/www/html/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
</Directory>

Once saved, we'll have to tell apache to use our new .conf file:

sudo a2ensite mail.mydomain.com.conf

and restart apache:

sudo service apache2 restart

Only follow these if you have https set up or want to set it up

Setup letsencrypt for your domain and your mail subdomain. This is a really cool service which will allow you to have a valid HTTPS certificate for your domain and allow us to use secure channels to deliver mail. We'll be using a tool called cert-bot to help us manage them.

sudo apt-get update sudo apt-get install python-letsencrypt-apache

Once those are complete run:

sudo letsencrypt --apache

And make sure all the domains are selected, choose the options wanted for your config (if you haven't switched all your external scripts and stylesheets on your website to https, select easy instead of secure or you'll get warnings about resources being loading insecurely or go in and change them.) Certbot will walk you through renewing your certificates which only last for 90 days but it's easy to set up automatic renewal.

Install Postfix

sudo apt-get install postfix

Configuration can be a bit confusing but follow the first 4 steps in this tutorial and you'll be up and running.

Once those steps are complete, we add the emails we want to forward.

sudo postmap /etc/postfix/virtual

vim /etc/postfix/virtual

youremail@yourdomain.com yourname@externalemail.com
yourotheremail@yourdomain.com yourothername@externalemail.com

Reload postfix

sudo service postfix reload

Now we need to integrate letsencrypt into our config.

sudo nano /etc/postfix/main.cf

Change the smtpd_tls_cert_file= line to:

smtpd_tls_cert_file=/etc/letsencrypt/live/www.mydomain.com/fullchain.pem

and change the smtpd_tls_key_file= line to

smtpd_tls_cert_file=/etc/letsencrypt/live/www.mydomain.com/privkey.pem

Reload postfix: sudo systemctl reload postfix

That's it! Wait for your DNS and MX to propogate and test your setup. Pingability is a nice tool which will show you if you have any errors.

Blog Comments powered by Disqus.