How to configure a mail server with a Digital Ocean droplet in 2021
Mail servers and Digital Ocean, two things that don’t particularly go well with each other.
I was in need of a mail server for my Digital Ocean droplet in order to send and receive emails for the website that was being hosted using Apache2. I received the following error,
“Diagnostic-Code: smtp; 553 5.7.2 [TSS09] All messages from <ip address> will
be permanently deferred; Retrying will NOT succeed. See
https://postmaster.verizonmedia.com/error-codes”.
After looking further into it, a user by the name of Routhinator on this Stack Exchange thread mentioned that Digital Ocean was not ideal for mail servers, reason being that “Digital Ocean networks have a bad reputation for email and mail servers on them will be frequently flagged as spam”.
It is possible, however, to set up a mail server with a Digital Ocean droplet using SendGrid’s SMTP Relay using the steps below. The following steps assume you have a Digital Ocean droplet running any modern Linux operating system.
It’s worth noting that Postfix uses your droplet’s hostname in order to identify itself, you can get the FQDN (Fully Qualified Domain Name) version of your hostname:
hostname -f
If the results are not what you want for your email address (e.g. mail.mydomain.com), then you can set it manually via:
sudo hostnamectl set-hostname my-fqdn
Make sure you replace my-fqdn with what you want your email address to me (like the example above). After that’s finished, our next step begins with SendGrid.
- Register for an account at SendGrid.
- Create a Sender Identity
3. On the next screen, it will ask you to select your DNS host.
4. On ‘Authenticate Your Domain’, insert the FQDN we set up (or located) above.
5. Update your DNS records with your DNS host
SendGrid will provide CNAME entries for you to insert on your DNS host. Note: some DNS hosts will automatically append your domain name to a CNAME DNS name. For example, if you have s1_domainkey.yourdomain.com, it might be automatically changed to s1_domainkey.yourdomain.com.yourdomain.com. To rectify this, just remove ‘your-fqdn.com’ from the end of the DNS name:
s1_domainkey
If you are setting it up on a subdomain (e.g. mail.your-fqdn.com) then you will need to set it to s1_domainkey.mail (or whatever the subdomain is) instead. After you’ve successfully set up your mail servers, the next step is to integrate your server with SendGrid.
3. Generate an API Key
4. Configure Postfix
Postfix must be configured in order for us to continue. The following commands will vary depending on your droplet’s OS.
sudo apt-get update
sudo apt-get install postfix -y
Insert the system mail name on the next screen, which is whatever you want to appear after the @ icon in an email — this would be the FQDN I mentioned earlier (i.e. mail.mydomain.com). The following commands will open inbound port needed by Postfix.
sudo ufw allow 25/tcp
After that’s finished, edit /etc/postfix/main.cf and add the following:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
header_size_limit = 4096000
relayhost = [smtp.sendgrid.net]:587
After doing so, you will need to create /etc/postfix/sasl_passwd:
sudo touch /etc/postfix/sasl_passwd
and open it with your preferred text editor. On the first line, insert the following:
[smtp.sendgrid.net]:587 apikey:YOUR_API_KEY
Be sure to replace ‘YOUR_API_KEY’ with the API key we received from SendGrid. Now we need to update the file permissions on our credentials file and update Postfix’s hashtables to utilize the file:
sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd
sudo systemctl restart postfix
We can now test our service, either via SendGrid or with the following command on our droplet:
echo “hello world” | sendmail youremail@address.com
To verify that it worked, check your email. If you haven’t received one and it’s not in your spam folder, check the contents of your mail file:
cat /var/mail/root
If there was an error, it will tell you here.
As an additional tidbit, you can create a new user within your droplet which will be the user that sends and receives emails, i.e:
useradd no-reply
This will create a new user, no-reply, that can send and receive emails. The email address will look like no-reply@mydomain.com.
That’s it! You’ve successfully configured your Digital Ocean droplet to send and receive mail. If you have any issues, feel free to comment and I will help you in whichever way I can.
