NixOS Mailer

· 286 words · 2 minute read

There has been a lot of talk in recent years how running your own email server is too hard. But it’s quite healthy for the email ecosystem to not have everyone use Gmail and Outlook. In my experience it isn’t too hard, just takes some work.

Some of the alternatives include:

  • Using Gmail (or Outlook, Fastmail, Zoho, …)
  • Using a transactional email sending service (Amazon SES, Scaleway Transactional Email, EmailLabs, SMTP2GO, …)
  • Hosting yourself using something like an Ansible playbook (MailCow, Mail-in-a-box, Mailu, …)

I’ve used Simple Nixos Mailserver on Hetzner (20€ referral link) successfully (Hetzner apparently has a wait period for sending SMTP for new customers in order to avoid spammers). But very often I don’t need to set up a full email server with IMAP and spam filtering. I just need to send email.

It’s actually quite simple to set up something that can send email successfully in NixOS. Here’s what I’ve used:

environment.systemPackages = with pkgs; [ mailutils ];

services.postfix = {
  enable = true;
  networksStyle = "host";
  postmasterAlias = "";
  rootAlias = "";
  config = {
    smtpd_milters = [ "unix:/run/opendkim/opendkim.sock" ];
    non_smtpd_milters = [ "unix:/run/opendkim/opendkim.sock" ];

services.opendkim = {
  enable = true;
  selector = "mail";
  domains = "csl:${config.networking.domain}"; # default is hostname
  configFile = pkgs.writeText "opendkim.conf" ''
    UMask 0007
    SubDomains yes

services.prometheus.exporters.postfix.enable = true;

users.users.${}.extraGroups = [ ];

networking.firewall = { allowedTCPPorts = [ 25 ]; };

After that I’ve used the excellent to fix all DNS settings so that my email passes. And of course you need to keep an eye on logs (or use something to alert you) in case there are deliverability problems because things change. But it’s been quite smooth for me.