Configure Mailgun

Digital Ocean’s $5/mo. fast SSD servers make a great choice for hosting your email. For a gmail alternative, try FastMail. To get started installing your own private email server, skip ahead to the instructions…

Host Your Own Email Server

Configure Mailgun

I am using Mailgun for a few reasons. Firstly, I’m already using it on another project of mine, Geogram.com – and am very pleased with it. The support team at Mailgun is also excellent.

Mailgun can help your mail server in several key ways:

1) Mailgun can make it super likely that your outbound mail will be delivered. The large email services are so careful of which IPs they accept email from, that your vanilla iRedMail server may actually not get your email to its recipients. Please read: So You’d Like to Send Some Email (Through Code). See also: Sending Email from Amazon EC2.

Jeff Reifman

I’m a technology consultant and writer living in Seattle. If you found this tutorial helpful, please consider sharing it on Twitter. You can follow me at @reifman. You may also be interested in my AWS tutorial for WordPress.

Using Mailgun makes it much more probable that your messages won’t be filtered into spam by large providers. You can also use Mailgun’s SMTP services to send mail from your mobile devices.

Mailgun is also fast.

2) Mailgun has helpful mailing list features. It would be cool if someone wrote a Roundcube plugin to manage and use these. I will likely be writing another tutorial on these soon (follow me on Twitter @reifman for updates).

3) Mailgun provides its own spam filtering (superior to iRedMail’s junk mail prevention services). However, at the time of writing this, I am still communicating with Mailgun about the proper configuration of this option with iRedMail.

By the way, Mailgun is owned by Rackspace, a competitive cloud provider to Amazon.

The basic idea is that MX record for yourdomain.com routes to Mailgun for spam filtering. Then, Mailgun forwards your filtered mail to mx-subdomain.yourdomain.com which points to your iRedMail server. To date, I’m still struggling to configure this. I will post more details when it’s complete.

Mailgun has a free level of service which does not allow custom domains. Your mail has to be sent from x.mailgun.org. So, I suggest the $19 monthly plan.

Setting Up Your Domain DNS for Mailgun

The slides below demonstrate signing up for Mailgun and finding the DNS records you need to configure:




Once you sign up for Mailgun, add a new domain e.g. yourdomain,com.

Mailgun will then provide you a series of DNS records that you need to set up for your domain. Two are TXT records and one is a CNAME e.g. mailo._domainkey.yourdomain.com. These records tell other email servers that Mailgun is protecting your domain from outbound spam. Make these additions at your DNS Registrar (I use NameCheap.com).

Do not add the MX records settings unless you are going to try to set up inbound spam filtering with Mailgun at this time. Instead, for now, point the MX records for yourdomain.com to the IP address of your iRedMail EC2 Instance.

Also, make note of Mailgun’s outbound SMTP Settings for your domain:
mailgun-smtp-settings

Setting Up Mailgun as a Postfix Relay

Sign in to your Amazon EC2 instance. We need to edit the postfix configuration file. These steps are also described by Mailgun: Relaying with Postfix.

sudo nano /etc/postfix/main.cf

Modify the following lines:

relayhost = [smtp.mailgun.org]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:postmaster@yourdomain.com:your_mailgun_smtp_password
smtp_sasl_security_options = noanonymous

If you’re using TLS (optional), you’ll need to provide the location of the security certificates generated by iRedMail and change the relayhost port. Again, see the tips file (e.g. /etc/ssl/certs/iRedMail_CA.pem and /etc/ssl/private/iRedMail.key).

relayhost = [smtp.mailgun.org]:465
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CApath = /etc/ssl/certs

When you’re done, reload postfix:

sudo service postfix reload

Now, when you send messages from RoundCube, they’ll be relayed via Mailgun.

This is also an excellent time to verify that you haven’t inadvertently opened your mail relay.

Please feel free to post corrections, questions or comments below. You can also reach me on Twitter @reifman or email me directly. If this tutorial helped you, please share it on Twitter.

Continue reading…

2 Comments

  1. My relay works fine on sending but i cannot reseive mails even though i setup the MX records you suggest. Any ideas on what I misconfigure?

    Reply

    1. That sounds like something to ask Mailgun.com

      Reply

Leave a reply

Your email address will not be published. Required fields are marked *