I want to outline how my MX records are setup for my home email server. My setup is a little more complicated than the typical network because my ISP blocks all traffic on port 25[1], hard stop. That limitation prevents my home server from directly receiving most mail as port 25 is used for server to server SMTP relaying. So, in a nutshell, I have a small VPS which acts as my domain’s only MX host. Internally though, that host proxies incoming traffic on port 25 and redirects it to port 2525 on my home server which is not blocked by my ISP. In addition I have this host act as a backup mail host, should my home server be unavailable. With the story out of the way, let’s dive into how this is implemented.
DNS
Let’s start with the DNS records for the borgerstudio.com domain. This is a subset of the records hosted on Cloudflare.
| Name | Type | Value |
|---|---|---|
pidgey.borgerstudio.com |
A |
45.92.162.97 |
terrace.borgerstudio.com |
A |
dynamic |
borgerstudio.com |
MX |
pidgey priority=10 |
Notice how there is only on MX record. Since my ISP is blocking port 25, it is pointless to have an MX record pointing to my home server.
Backup Postfix
This instance of Postfix serves as my backup mail queue duing an IP address change or downtime of my home server.
For this instance, the main smtp service running on port 25 will be disabled and the submission service on port 587 enabled.
This is because HAProxy will take over listening on port 25.
Below is a section of the Postfix master.cf with these changes.
#smtp submission
In addition I configured the following options to have Postfix behave as a queuing relay.
relay_domains = borgerstudio.com, borgernet.com
relayhost = [terrace.borgerstudio.com]:2525
smtp_tls_policy_maps = inline:{ [terrace.borgerstudio.com]:2525 = encrypt }
maximal_queue_lifetime = 30d
HAProxy
All traffic will enter pidgey through a HAProxy instance.
If my home server is available, forward the connection over the non-standard port to avoid the ISP block.
Otherwise deliver the mail to the local Postfix server where it will be queued until my home server is available again.
Below is the relevant listen section.
listen smtp
mode tcp
bind :25
server terrace terrace.borgerstudio.com:2525 ssl
server pidgey localhost:587 backup
Destination Postfix
The setup on the destination mail server is standard with an additonal smtp service running on port 2525.
Below is a section of the Postfix master.cf with these changes.
smtp 2525 -o smtpd_tls_wrappermode=yes
Firewalls
Finally, don’t forget to puch the needed holes in your system firewalls and network NATs. In my case I had to add an additional port forwarding rule for 2525 to my home server.