Getting Started with Synology MailPlus Server

This is the first of a series of articles about Synology MailPlus Server.  This one deals with the topics you need to address before you start installation.

Home Synology users will find that many of the packaged applications they use are end-user oriented and just work, out of the box.  Office, Drive, Moments, Note Station, Photo Station, Audio Station, and the mobile apps –  they “install and go.”  Email is more complicated  because of authentication, and the need to filter out malicious content using some very technical functions.

I created these guides because, as a novice, I found that the Synology Knowledge Base materials didn’t cover everything I needed to know; and when I added all the Synology resources to the external ones the information was so fragmented that it made it even harder to follow.  I decided that if I couldn’t describe it, I wouldn’t understand it; and having described it, it made sense to share it.

I have documented what worked for me.  If you have suggestions to improve the processes I’d be delighted to hear about them so I can update and improve these guides.

One invaluable source of information was the Facebook group Synology Admins & Users.  Join now. I have listed below the names of people from that group who have contributed in some way to these articles by commenting on my endless questions.

To complicate things further, there are several ways to implement MailPlus Server.  The two primary methods are:

  1. To offload the responsibility for mail filtering to a 3rd party, to avoid the complexities of SPF, DKIM and DMARC functions.  I implemented this approach first
  2. To do an all out end-to-end Synology MailPlus Server installation where all mail filtering is carried out by MailPlus Server.  This has a much steeper learning curve.

Each method is covered by a separate article but there are decisions to be made and preparation steps to complete, which is what the remainder of this article is about.

It’s a good question.  Why go to the trouble of self-hosting a mail server when there are so many free services out there, for example Gmail?
  • If you own a Synology DiskStation you are already invested in the technology and you have a private cloud that you own. 

  • You may, like me, distrust cloud services and want to take control of your data.

  • MailServer Plus and its client MailServer are free (up to 5 email accounts – after that you have to pay for user licences.)

  • MailServer is part of an integrated set of Synology apps – Office, Note Station, Contacts, Calendar that is a good substitute for G Suite or Office 365.  It is not as full featured, yet, but is already good enough for home use. (And I say that as an advanced user of Microsoft Office and G Suite.)

  • Because you can. 🙂
Beware the elephant in the room – there will be some minor expenses to set up and run your own mail server.

Incidental Costs

ItemCost   
Static IP AddressApprox £5, one off
Domain NameFrom £1.20 for first year and £12 per year thereafter
Email Relay Service (doesn't apply if you use a complete end-to-end MailPlus Server approach.)Dependent on the provider you use, approx £35 a year

You need to decide whether this small outlay is justified for gaining direct control over your data.  If you are going to use a relay service, you may be able to find cheaper service.  Shop around.

There is a second elephant, I’m afraid.  MailServer Plus comes with 5 free perpetual licences.  If you need more you have to pay for them.  In the US a pack of 5 perpetual licences is $250 + sales tax which varies but gives a final price of about $265.  In the UK, Amazon are selling the same pack for £314 ($421).  It looks like opportunistic pricing to me. It might be possible to buy from an overseas outlet if the supplier will ship the licence card to you (many won’t) but whether the licence keys are regionalised is unknown.

You may be required by local laws to have  a postmaster account (although I suspect that may be for corporate email systems and bulk mailers.)   To avoid having to dedicate a licence to postmaster (admin) addresses, create an alias that points the user “postmaster” to the account(s) that administer the system.

Before you go further you need to establish if your DiskStation is MailPlus Server capable – lower end models don’t have the resources to run it.  The easiest way to find out is to login to DSM as administrator and look in Package Center.  If the MailServer Plus package is not visible your DiskStation Model does not support it.  Don’t confuse MailPlus Server with Mail Server.  That’s a totally different “legacy” product, and is the only option on low end models.

Remember that if you go the full hosted rote, with no relay server, you will have to run the anti virus and spam filter engines, which add to the server load

Although it is technically possible to run MailPlus Server with a dynamic IP address, it is not recommended because when your IP address changes you may experience service interruptions.  Your IP address might change if, for example, you reboot your modem/router. 

You need to check that your ISP provides true static IPs.  Some use a technique where IP addresses come from a reserved pool of dynamic address, and some email servers will treat those IPs as dynamic, and untrustworthy.  If your ISP can’t provide a true static IP you may have to look for another provider that does, or abandon self hosting.

Update:  Actually that’s not quite true.  If you go for SpamHero as your 3rd Party Relay service, they support dynamic IPs, but it’s more expensive. (see “Choose an Email Relay / Gateway Service”)

You will also need a domain name. Unless you go for something that is commercially attractive, you can pay as little as £12 a year incl VAT with the first year often heavily discounted.  Some ISPs are also domain registrars. If they aren’t, they may allow you to to transfer a domain you own to them.  But your domain can be with any provider, it doesn’t have to be your ISP.  Shop around for the best deal but don’t forget to look for user reviews of the domain name provider.

Ideally the domain registrar will give you control panel access to Domain Name Services (“DNS Settings”) as you’ll need to make changes here and having to email support and wait a week is a real pain.

If you’re new to all of this, here’s a good place to start:

The Synology guide makes it easy to assume that Reverse DNS is mandatory.  It isn’t but it is important.

Reverse DNS is like the return address on an envelope.  It allows us to see where the mail in the envelope originated and, in the case of email, the receiving server can query the originating server to make sure it’s genuine.  If a Reverse DNS entry is not available, then the receiving mail server can’t validate the address and  may quarantine or even discard the mail as suspicious.

But there’s a problem.  Few ISPs allow static IPs and even fewer support reverse DNS on a residential line. 

Update:  I have since discovered that my ISP automatically assigns a PTR record and by default points it to a site based on the user’s name on their servers.  This fact is clearly not common knowledge as the technician (not a call centre agent, but a technician) had never heard of a PTR record.

This is one of those costs I mentioned earlier.  You don’t have to go this route but you would have to take on a lot of responsibility for maintaining the mail service and could suffer from the lack of Reverse DNS if your ISP doesn’t support a PTR record.

Synology Knowledge Base – How to setup MailPlus Server is quite intimidating on its own, and it is liberally sprinkled with technical terms.  But that’s just the surface.  If you open the Help system inside MailPlus Server / Mail Plus you will discover an even richer seam of technical topics that you need to get to grips with.

There’s a lot to take on board and it’s not a one-time, setup-and-forget thing.  Email remains a prime target for malicious attacks.  You will need to keep on top of developments in the latest filtering needs or risk becoming a juicy target for criminals who are continually developing inventive new ways to exploit weaknesses in email systems.

The alternative is to use a commercial email relay service / gateway through which your incoming and outgoing mail is routed.  This has some benefits:

  1. Your incoming mail will be screened using commercial grade filters that are maintained by experts so that SPAM and malicious mails are identified / quarantined.

  2. If your NAS is down for maintenance, e.g. performing a DSM update, incoming mail will be queued at the gateway until connection is restored, instead of perhaps being discarded. The sending server will normally retry for a period before giving up, but insurance is no bad thing.

  3. You will not have to spend time trying to keep your email server secure.

If you want to go this route there are many to choose from. Some are designed for commercial use for bulk marketing campaigns, some are free but only offer outgoing.  It’s another minefield to negotiate.  In the end I decided to go with  Comodo – a suggestion from a user on the Synology Admins & Users Facebook group.
  1. They handle both in- and outgoing traffic,
  2. They have a 60 day trial period that doesn’t require you to enter payment card details up front
  3. They have a price plan that is suitable for residential users.  

They have dozens of products on their site – you need Comodo Antispam Gateway.  Don’t be put off by the fact that it’s designed for corporate mail servers. That’s a good thing.

An alternative service is SpamHero.  It’s more expensive than Comodo, especially if you want outbound relaying but it has the advantage of supporting:

  • Non standard ports, which is useful if your ISP blocks the standard ports 25 and 587
  • Dynamic IP addresses, if you can’t get a static IP
If, like me, you are transferring an external domain based email service to Mail Plus then you will need that service to continue while you prepare the new server.  The safest way to do this is to set up a subdomain.  Comodo allows you to have two domain or subdomain entries during its trial period and your domain host will probably allow unlimited subdomains.
Be aware that at some point after you start testing your subdomain, you may find that traffic from your main domain gets blocked.  It happened to me!

The reason is that main and sub domain names that share the same IP address may be flagged as suspicious by Comodo’s own gateways, even though they the subdomain is known to them. Go figure.  The solution is to raise a request for them to unblock your site

During installation you will need to test settings. There are several services you can use to do this. Every email expert seems to have their favourite.

As a novice I found two tools to be very user-friendly:

  • During setup, when I needed to test individual components MX Toolbox
  • After go live, when i needed to check my email wasn’t setting off alarms in recipients’ servers Mail-Tester.  This one is particularly user-friendly s it rates every aspect of your email, scores it, tells you what’s wrong and sometimes, how to fix it.

If you made it this far you should be ready to proceed with installation.  There are three steps you need to perform whichever of the two solutions you decide to adopt.  They are widely covered elsewhere so I won’t go into detail here:

  1. Assign a static LAN IP address to the DiskStation that will host MailPlus Server so that external calls to your router are always directed to the correct place.
  2. Set up port forwarding rules on your router to direct external ports 25, 143, 465, 587 and 993 to your DiskStation.
  3. Apply a free security certificate to your DiskStation using DSM’s wizard for “Let’s Encrypt” that will help you do this in a couple of minutes. Tip:  In the window with the field “Subject Alternate Name,” enter the DiskStation’s LAN IP address.  This will allow you to access the DiskStation using the LAN IP address without causing security alerts to appear in your browser.

OK. Ready?  Choose a button and hold on to your hat!

Paul Barrett

  Install complete end-to-end MailPlus Server Solution       Install MailPlus Server with 3rd Party Relay    

Contributors

John Greenwood, Scott Parcher, Ray Jacott, Matt Beardon, André Berends, Dolf Weiner, Christopher A Wichura, James Richards, Marco Panetto, Thorsten Stoeteram, Matt Hall, Kris Kristofferson, Peter Holland, John Henderson, Will Ku, Frans Vindum Tjagvad, Thomas Torpare, Daniel Ellenwood

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>