Configuring a mail server on a local machine running Trisquel and port-forwarding through a shared server (VPS)
- Inicie sesión ou rexístrese para enviar comentarios
Has anyone set up a mail server on a home machine AND routed traffic through a VPS (to get a static IP)?
I can't get the config right. I am confused with IPs.
I started by setting up Wireguard and nftables to "port-forward through a VPS"[1].
When I check on the VPS I get this:
# nft list ruleset
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy accept;
}
}
table ip my_nat {
chain my_prerouting {
type nat hook prerouting priority dstnat; policy accept;
ip daddr redacted_ip_address_of_vps tcp port { 25, 134, 465, 587, 993 } dnat to 192.168.69.2
}
chain my_postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 192.168.69.2 masquerade
}
}
# systemctl status nftables.service
● nftables.service - nftables
Loaded: loaded (/lib/systemd/system/nftables.service; disabled; vendor preset: enabled)
Active: active (exited) since Sun 2023-11-26 14:54:20 UTC; 1 week 2 days ago
Docs: man:nft(8)
http://wiki.nftables.org
Main PID: 15479 (code=exited, status=0/SUCCESS)
CPU: 7ms
Nov 26 14:54:20 redacted_VPS_name systemd[1]: Starting nftables...
Nov 26 14:54:20 redacted_VPS_name systemd[1]: Finished nftables.
# systemctl status name at domaine
● name at domaine - WireGuard via wg-quick(8) for wg/portforward
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2023-12-05 10:19:04 UTC; 5h 45min ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 148941 ExecStart=/usr/bin/wg-quick up wg-portforward (code=exited, status=0/SUCCESS)
Main PID: 148941 (code=exited, status=0/SUCCESS)
CPU: 19ms
Dec 05 10:19:04 redacted_VPS_name wg-quick[148941]: [#] ip link add wg-portforward type wireguard
Dec 05 10:19:04 redacted_VPS_name wg-quick[148941]: [#] wg setconf wg-portforward /dev/fd/63
Dec 05 10:19:04 redacted_VPS_name wg-quick[148953]: Warning: AllowedIP has nonzero host part: 192.168.69.2/24
Dec 05 10:19:04 redacted_VPS_name wg-quick[148941]: [#] ip -4 address add 192.168.69.1/24 dev wg-portforward
Dec 05 10:19:04 redacted_VPS_name wg-quick[148941]: [#] ip link set mtu 1420 up dev wg-portforward
Dec 05 10:19:04 redacted_VPS_name wg-quick[148941]: [#] sysctl -w net.ipv4.ip_forward=1
Dec 05 10:19:04 redacted_VPS_name wg-quick[148970]: net.ipv4.ip_forward = 1
Dec 05 10:19:04 redacted_VPS_name wg-quick[148941]: [#] sysctl -w net.ipv6.conf.all.forwarding=1
Dec 05 10:19:04 redacted_VPS_name wg-quick[148972]: net.ipv6.conf.all.forwarding = 1
Dec 05 10:19:04 redacted_VPS_name systemd[1]: Finished WireGuard via wg-quick(8) for wg/portforward.
On the local machine:
systemctl status name at domaine
● name at domaine - WireGuard via wg-quick(8) for wg/portforward
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2023-12-05 11:05:43 CET; 6h ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Main PID: 1316 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 9405)
Memory: 0B
CGroup: /system.slice/system-wg\name at domaine
Dez 05 11:05:43 computer systemd[1]: Starting WireGuard via wg-quick(8) for wg/portforward...
Dez 05 11:05:43 computer wg-quick[1316]: [#] ip link add wg-portforward type wireguard
Dez 05 11:05:43 computer wg-quick[1316]: [#] wg setconf wg-portforward /dev/fd/63
Dez 05 11:05:43 computer wg-quick[1316]: [#] ip -4 address add 192.168.69.2/24 dev wg-portforward
Dez 05 11:05:43 computer wg-quick[1316]: [#] ip link set mtu 1420 up dev wg-portforward
Dez 05 11:05:43 computer wg-quick[1316]: [#] ip -4 route add 0.0.0.0/0 dev wg-portforward table 69
Dez 05 11:05:43 computer wg-quick[1316]: [#] ip rule add from 192.168.69.2 table 69
Dez 05 11:05:43 computer systemd[1]: Finished WireGuard via wg-quick(8) for wg/portforward.
DNS records look like this:
mail A 1800 redacted_ip_address_of_vps
@ MX 10800 10 mail.redacted_domain_name
About PTR. I tried this:
* PTR 10800 redacted_domain_name
but mail-tester.com tells me emails are sent from a domain name of my ISP, which does not agree with the above PTR setting.
Also, mail-tester.com tells me that emails are sent from my home IP (which makes sense to me since I actually send emails from this machine,) but then, a test fail because the IP address emails are sent from is not the same as the IP (that is the one of the VPS) address entered in the DNS - which I thought is correct since it is the static IP of the VPS.
If someone has done this, or know how to troubleshoot, any help would be appreciated, or a link to a tutorial which explains how to set up a home mail server AND route traffic through a VPS? All tutorials I find are about configuring a mail server *on* a VPS.
Complementary information:
I set DKIM with content of /etc/postfix/dkim/mail.txt.
SPF:
mail TXT 10800 "v=spf1 mx a:mail.redacted_domain_name -all"
DMARC:
_dmarc TXT 300 "v=DMARC1; p=reject; rua=mailto:dmarc@redacted_domain_name; fo=1"
I was inspired by https://trisquel.info/en/forum/free-email-providers-being-banned-gmail-alternatives#comment-163588 and followed https://landchad.net/mail/ so far but I don't know if the latter is a good option.
Hiya, I did attempt this recently. I used Pfsense on a VPS and setup OpenVPN and then just port forward to my machines virtual IP. Works well, did same for a game server without much hassel.
VPN might be the best way to ensure ALL traffic goes through the VPS system. I'm more familiar with OpenVPN so all you wrote about wireguard just confused me, lol :P
Looks like I had got port-forwarding/routing wrong. Wireguard and nftables[2] now seem to be working as expected. I am now trying to get my head around using UFW (Uncomplicated Firewall) before I try to set up Postfix again. I will post here again when I done, in case this interests someone in the future.
Thanks for the response EffingComputer. I saw OpenVPN was an option too. Pfsense is partly proprietary[1].
[1] https://wikiless.org/wiki/PfSense
[2] edit (used to be "it")
Been a while since I've looked at this thread. How's this going for you?
I didn't know pfsense was partly proprietary. This doesn't bother me much though, I use it for VPN servers due to it's web management instead of having to do lots of command-line work. Perhaps I'm getting lazy :P
I followed this guide (for yunohost) and it worked:
https://forum.yunohost.org/t/homemade-wireguard-vpn-on-a-vps-server/15662
Hello . What if VPN and SSH are detected and blocked?
Hello. I don't know sorry. I don't have this issue. I am able to use this setup with a VPN and SSH.
PS I've managed to get the whole setup working: mail server on premise + port forwarding to a remote shared server ("VPS") to get a static IP, EDIT in case someone has questions.
- Inicie sesión ou rexístrese para enviar comentarios