So I just finished moving my server in Iceland. Some of you may know, my upstream providor there decided to go out of business. I didn't see it coming though. If this happened in USA, I would have gotten a 72 hour notice or something. Here I got a few months notice. Not that I took advantage of it, I've recently had a medical situation that sucked the time out of my life. And truth be told, I've recently ended up in a much more time consuming family situation. I don't mind, but it does infringe on my time to geek out on stuff. That being said, I had to move my Icelandic server to another providor. This allowed me time to reassess what I was doing over there. The big success of my first few private servers ended up being email. And what I mean is this, email became the thing I used many times a day. Sure, I had my own small webserver too, but now that I am no longer doing citizen journalism, I even forgot where I was hosting the content, let alone that I was self hosting the content. But moving was an ideal time to re-assess what I wanted to be doing. It turned out if it wasn't email, it was tunnelling a connection to Iceland to grab a piece of media that was not being allowed in USA. So proxy was in. And my partner has a gopher server, so gopher was in. As matter of fact, the fact that I am maintaining a gopher server is why i'm re-starting a gopher "phlog." Which is a gopher weblog. I mean if all your technology choices you want are considered obsolete merely because you like to keep things simple, the most logical choice is to stick with something with a partner. But read my last phlog post for more about that. Ah, well what to do with email. Well, the other half of the hosting partnership is a shared unlimited cpanel-based webhosting account in NYC. This is necessary, as it's cheap but always up and there is a support system. The support is the driving force here. No support is perfect, but you can always text chat with an operator over their webpage. The server itself, big and anonymous and monitored by a paid staff whose job is to keep it up "four nines," which is to say 99.99% of the year. So I thought about the benefits vs the cost in maintenence time, and I figured out that I really didn't want to deal with spam. Spam is essentially an arms race situation, where shady spammers are constantly trying new ways to send you their marketing BS. There is a new legitimate bulk email environment, where you can actually unsubscribe from what you don't want. But we're talking about the underside of the situation here. Ever configure a mail client manually? Where you put in the incoming and outgoing servers individually? That's where I had my epiphany! I wanted to recieve email on the big professionally run server so I didn't maintain as much software. But would I lose any benefit? Well, it turns out there was a benefit I wasn't willing to part with, and that was sending my own emails through my own server. I bounced some of these ideas off a freind who is a great computer consultant, and he pointed out to me that the only way to truly not be associated with an outbound mail server that was temporarily blacklisted because it somehow got co-opted by a spammer, was to send email from your own leased ip address. Well, I had one of those. So, the trick was to set up email from the big massive server, then add the option of sending through my own ip in Iceland from my desktop. One inbound server, two outbound servers. Hence the title of this text file, "Interesting Postfix Install." So I don't want to get too technical here, a lot of the preliminary steps are probably already known to you. First being to set up a new server. Making a machine name point to your new Debian Linux virtual machine instance, creating a reverse pointer pointing back. Also, moving the mail back to a big cpanel instance, changing a mail-exchanger record. No surprises there. Then it was time to "break ground" with a new postfix install. It starts with a "sudo apt-get install postfix" and the install system asks you what kind of mail server. The right choice is "internet facing mail server." Then let apt-get do it's magic. So what turns out to be the first thing to making an outbound-only email server? Tell postfix to stop listening for incoming connections. The line in the configuration file turns out to be "inet_interfaces," Change this to "loopback-only" and postfix stops listening to the internet for port 25 connections. Now, this actually wasn't my first move. I did want to connect with my desktop email client to send mail. But what I found to my chagrin was that postfix actually uses the remote authentication method for imap servers that normally get installed alongside of postfix. One of my technical friends recently did a few podcasts on software requirements. I was not yet ready to install another software suite just to authenticate. What to do. As it turns out there was a solution, you create a tunnel to server server with ssh (secure shell) so that a local port at home stateside comes out inside your server and connects to localhost on port 25! How convenient! As a home internet user I'm not allowed to use port 25 here, and ssh with a "ssh -L 8025:localhost:25" was quite willing to go around the isp's firewall, as well as go around me telling postfix not to listen to the internet but only the localhost! Welcome to the world of smtp-over-ssh! The last step was to actually publish an spf record to tell the internet that I, the domain owner, actually intend to send email from both the big server in NYC and my own server in Iceland. The recommended spf record from the cpanel isp is something like "+mx +include:websitewelcome.com" turns out websitewelcome.com is the entire network of smtp servers the isp runs. I found out I had to change this too +mx +a:ada.info-underground.net +include:websitewelcome.com" But I tested by sending test emails to a free spf verifyer at verifier.port25.com. As I tested by sending from different places, I kept noticing that my smtp came from "gateway0.websitewelcom.com" Where the zero could be any of ten smtp servers. Yes, the big server farm in NYC actually generated so much outbound email that my stuff was getting pumped into the internet round-robin through any of 10 email servers! But it's working now, and I hope it was as interesting to you as to me, dear reader!