Editing Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software (section)

== TL;DR of self-hosted email firewall rules: ==

<span id="using-openvpn-to-connect-to-your-mailserver"></span>
=== Using OpenVPN to connect to your mailserver? ===

Port 25 is all you have to open to the public so you receive mail from other servers.

<span id="need-clients-outside-lan-that-dont-have-vpn-access-to-connect-to-your-mailserver"></span>
=== Need clients outside LAN that don’t have VPN access to connect to your mailserver? ===

Then you gotta make an alias with their IPs &amp; make all of the rules I provided above.

Let’s say you want ANY IP from ANYWHERE IN THE WORLD to connect to your mailserver; which is a horrible idea; instead of an alias, you’d specify “any” in the “source” section.

This is a bad idea, IMO, on par with the bad idea of being a newbie &amp; doing self-hosted mail.

<blockquote>'''What you should do:''' Just stick to using a VPN to access your inbox, install OpenVPN &amp; K9 Mail on your Android phone and be done with it. Connecting to your VPN on a laptop as well is very easy, it’s one click or one command in the terminal &amp; you should be doing that so you can access all of your other services anyway.**
</blockquote>
<span id="port-25-smtp"></span>
=== Port 25 (SMTP) ===

* '''Why it is open to everyone''': Port 25 is used for server-to-server email transmission, which means email servers from around the world need to be able to reach your Mailcow server to deliver incoming mail. Since this is a very important function for your mail server, it makes sense to allow traffic on port 25 from any source.
* '''Security concerns''': Since port 25 is open to the world, it can be targeted by spammers or malicious actors trying to exploit the service. However, this is mitigated by using tools such as <code>fail2ban</code>, <code>rspamd</code>, and strong SMTP authentication policies to detect and block abuse.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu55028jxdmy_tmp_d4378b80.png
File:lu55028jxdmy_tmp_7ea57844.png
File:lu55028jxdmy_tmp_9d6a661d.png
File:lu55028jxdmy_tmp_279c986f.png
File:lu55028jxdmy_tmp_84524b73.png
File:lu55028jxdmy_tmp_6660b4ba.png
File:lu55028jxdmy_tmp_9116781d.png
File:lu55028jxdmy_tmp_a783a2bb.png
File:lu55028jxdmy_tmp_e9001ea9.png
File:lu55028jxdmy_tmp_690c5265.png
File:lu55028jxdmy_tmp_a8761f8d.png
</gallery>

<span id="step-7-verify-smtp-relay-setup"></span>