This was a great solution for a specific use case of mine. Thanks!
# Purchase a cloud server that supports email (port 25) and a static IP address -- in this example guide we'll use 11.22.33.44
# Purchase a domain for your mail server -- in this example guide we'll use mydomain.com
# In the domain's DNS settings area, delete all records and then create:
# A record:
# Host = leave blank to create a record for the root domain
# Answer = 11.22.33.44
# TTL = 600
# MX record:
# Host = leave blank to create a record for the root domain
# Answer = mydomain.com
# TTL = 600
# Priority = 10
# Wait for DNS to propagate (can take up to a day), then run these tests on your cloud server to verify
sudo apt install -y dnsutils
dig @1.1.1.1 mydomain.com a # should return 11.22.33.44
dig @1.1.1.1 mydomain.com mx # should return: mydomain.com. 600 IN MX 10 mydomain.com.
# SSH into the cloud server to set up TMail
sudo apt update && sudo apt install -y git golang-go make curl jq iptables iptables-persistent netfilter-persistent nginx snapd
mkdir /tmp/go && export GOPATH=/tmp/go
go get -u -d github.com/mgerb/tmail
cd /tmp/go/src/github.com/mgerb/tmail/
sed -i 's/0.0.0.0/localhost/' webserver/webserver.go # see https://github.com/mgerb/tmail/issues/1
go mod init tmail
go mod tidy
rm -f Gopkg.lock Gopkg.toml
make linux
cp build/tmail-linux /usr/local/bin/tmail
cd /tmp
cat > tmail.service <<EOF
[Unit]
Description=TMail Service
[Service]
Restart=always
RestartSec=1
Environment="GIN_MODE=release"
ExecStart=/usr/local/bin/tmail
[Install]
WantedBy=default.target
EOF
sudo mv tmail.service /etc/systemd/system/
sudo systemctl start tmail && sudo systemctl enable tmail
sudo systemctl status tmail
# send a test email to your server, then verify it arrived:
curl -s localhost:8090/api/mail | jq .[0]
# prevent DOS (if a source sends more than 20 emails per minute, block them)
sudo su -
iptables -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 --name DEFAULT --rsource -j DROP
iptables -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --set --name DEFAULT --rsource
ip6tables -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 --name DEFAULT --rsource -j DROP
ip6tables -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --set --name DEFAULT --rsource
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
systemctl start netfilter-persistent && systemctl enable netfilter-persistent
exit
# set up NGINX to allow whitelisted API access (replace 55.66.77.88 with your remote client IP address that is allowed to query the API)
echo 'TMail' > /var/www/html/index.html
cat > /etc/nginx/sites-enabled/default <<EOF
server {
listen 80;
server_name mydomain.com
root /var/www/html;
index index.html;
location / {}
location /api/mail {
allow 55.66.77.88;
deny all;
proxy_pass http://localhost:8090;
}
}
EOF
sudo systemctl reload nginx
sudo snap install core
sudo snap refresh core
sudo apt remove -y certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx
curl -s https://mydomain.com/api/mail | jq .[0]