I'd like to set up my own website and mail server probably with the latest Fedora. I have books and been thru many websites online trying to set the server up but have a few questions I can't seem to find the answer to anywhere that leave me confused.

I'd like to set up Postfix and Dovecot for the mail server and apache for the webserver.
The first question would have to do with certificates for the system. I have been looking at LetsEncrypt to do the certificates. I am unsure how they work tho as far as what certificates I need. Let's say my domain name for the server is thedomain.com. Is the only certificate I need to set up for that name? Do I also need one for www.thedomain.com? and as far as the mail server, do I need one for mail.thedomain.com?

Would the reverse dns and pointer records need to be mydomain.com? www.mydomain.com? mail.mydomain.com? I would like to use mail.mydomain.com for the mailserver (Postfix). I know I'll have to get my isp to set this up so I'd like to be clear as to what to use when I ask them. I want to be able to send mail thru my server from my domain name.
This is something I really struggle with understanding. I guess I need a really good tutorial for setting up DNS as well.

If anyone can help I'd truly appreciate it. Links that would explain these things would also be appreciated.
Thanks.
Tim

You will need a cert for anything you're fronting with Apache. So if you'll need a cert with mydomain.com and www.mydomain.com for your main websites and if you're implementing mail you'll need one for mail.mydomwain.com. LetsEncrypt allows you to specify multiple domains in a single cert file, for example all my LetsEncrypt certs have mydomain.com and www.mydomain.com in a single cert. This is easy to achieve assuming you have them both pointed to the same IP in DNS.

Whether or not the ISP will allow setting of the reverse will depend on what your hosting arrangement is. However, it's generally not strictly necessary for the reverse DNS to be in place. It does sometimes help with mail delivery.

Regarding your ISP / IP address / Mail deliverability, if you are using an IP address that's in a "residential" or DHCP CIDR you may have problems with reliable mail delivery as many providers do not allow direct inbound mail from this type of IP address.

1 members found this post helpful.

What type of internet connection do you currently have? i.e. cable, fiber, ADSL etc.

How fast is your upload speed?

I assume you have a public IP address as well as have administrator access to the router's configuration. Does the router also provide telephone service? i.e. do you plug in landline phones into the router? Without access to the router's configuration you can not forward the necessary ports to your web server computer.

Many ISPs do not allow a home internet service to run a web server and some block incoming port 80 traffic as well as mail ports. You might have to upgrade the service to a faster upload speed as well as maybe a commercial account with a static IP address.

The main function of Let's Encrypt is to provide certificates so your site can be secure i.e. recognized as https://...

1 members found this post helpful.

I have a gigabit fiber connection with a fixed IP address.

Yes I have my own router and know how to do port forwarding with it and I already have a temporary site up and it's working. I do not use my connection for phone service.
I've just been really confused as to how the certificates work.

I have set up postfix temporarily to see how it works and am able to send and receive mail. But when I try to send a message to gmail it is refused and I get this message back:

Action: failed
Status: 5.7.25
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.25 x.x.x.x The IP address sending this
message does not have a 550-5.7.25 PTR record setup, or the corresponding
forward DNS entry does not 550-5.7.25 point to the sending IP. As a policy,
Gmail does not accept messages 550-5.7.25 from IPs with missing PTR
records. Please visit 550-5.7.25
https://support.google.com/mail/answ...authentication for more 550
5.7.25 information. d12-20020a811d0c000000b0030c4873d734si1756704ywd.92 -
gsmtp

This is why I was asking about PTR records.

Thanks for the help you guys.

To have a mail server accepted for outgoing mail requires that it have a valid MX record in dns so the server receiving the mail can verify it is an authorized mail server to send and receive mail. That also allows other mail servers to send incoming mail to your domain.

There are 3 parts to the config you are asking about. DNS is one, Proper server config is one, and The Certs is the 3rd. All have to be done well.

Going right along with that is the need to make 100% certain that your mail server will never allow mail to be automatically forwarded (prevents spam forwarding) and that you limit the number of email addresses that can be used in a single post. A friend of mine commonly used 50+ addresses in outgoing mail as well as resending a lot of mail I considered spam and he was subject to frequent blockages on outgoing mail as a result.

This statement is incorrect. While having this in place, along with correct reverse lookups, DKIM signing and SPF records can all help with mail delivery there is no actual RFC requirement for this.

I have home servers sending mail on behalf of one of my domain names and gmail (and other providers) accept them just fine.

A quick search for 'how to have a linux mail server at home' gave me this
https://www.plesk.com/blog/various/s...x-mail-server/
Only one of many links returned.