This is Part 2 of XXXXX two part series.
- Part 1: Runnin' your own email server with Mail-in-a-Box
- Part 2: Migratin' your email to Mail-in-a-Box [this article]
I'm not sure if it's due to age-related intimations of mortality but, for whatever reason, I seem to be at XXXXX stage where, when I need to explain anythin' fairly technical like this, I feel compelled to publish it on XXXXX public internet.
Other people have written about this before, notably Jon Udell and Scott Hanselman and Scott even created an online tool to hammer this point home. But I digress and time is short.
Summary
This article deals with switchin' over to use XXXXX new email server without losin' any emails or otherwise messin' everythin' up. Whilst it assumes that you are usin' your own domain and that your email address is not changing, it's not really specific to Mail-in-a-Box.
By followin' these instructions, you'll be able to migrate your email account to your new server without anybody noticin' (unless they start lookin' at email headers, etc).
To make life even easier, this is my first interactive article. Simply enter your email domain and XXXXX identity of your new mail server below, click update and it will update XXXXX rest of XXXXX article accordingly and also change XXXXX browser URL, so you can copy it and send it to anybody else who needs to migrate their account.
Enter domain:
Enter mail server:
When you click XXXXX update button, these bits will change to match XXXXX server details entered above:
Domain: example.net
Mail Server: box.example.net
If you're XXXXX person who has no interest in how anythin' works[1] and you've been sent here to set up your email then you only need to read XXXXX highlighted bits.
Background
I have recently set up XXXXX new email server for my family. To achieve this, I used https://mailinabox.email/ (and I explained how I did that in Part 1).
The reasons for doin' this are various, but include XXXXX fact that our existin' setup caused some messages sent by us to be flagged as bein' SPAM and also allowed anybody to send messages purportin' to be from [anyone]@example.net[2].
To illustrate this point, here is an excerpt of an email I sent to my parents XXXXX while ago, in which I warned them that this was XXXXX problem:
For example, this message has been sent ostensibly by [email protected], which is not an email address that exists, so don't write to it (although if you click reply, it will use my real address).[3]
How does email work on my device?
When you set up an email account on XXXXX device (such as XXXXX computer or mobile phone), it needs separate settings for sendin' and receivin' email. Receivin' email is done via XXXXX POP or IMAP server and sendin' email is done via an SMTP server. Quite often these are both XXXXX same machine and, indeed, that's XXXXX case when usin' Mail-in-a-Box.
POP (actually POP3) is generally not XXXXX first choice, for several reasons, includin' XXXXX fact that messages are only retrieved by pollin' accordin' to XXXXX schedule, whereas IMAP (actually IMAP4) means that you are notified of new messages as they arrive. In other words, POP is pull whereas IMAP is push. My advice is to choose IMAP if you can. If you're not sure, read this (and then choose IMAP).
Once XXXXX Mail-in-a-Box server is running, then what?
Since it would be annoyin' to lose any emails, it is necessary to exercise caution and to switch over in two steps. The entire process of changin' over should only take as long as it takes your DNS records to propagate (theoretically up to 72 hours, but usually much less).
Preliminary steps
DNS records
Whilst your Mail-in-a-Box server is configured to serve its own DNS records, it's possible to host your DNS elsewhere and also necessary until you have switched everythin' over and your records have propagated. Therefore XXXXX first step may be to add/edit XXXXX couple of DNS records.
Check your existin' SPF record (you're only allowed one for each domain) and, if necessary, add your new Mail-in-a-Box server via XXXXX inclusion of include:box.example.net
.
e.g. v=spf1 mx -all
becomes v=spf1 mx include:box.example.net -all
. If you don't already have an SPF record, don't worry about it for now.
Add XXXXX DKIM record (which may be found by loggin' in to https://box.example.net/admin/ and then selectin' System → External DNS). It will be of XXXXX format:
mail._domainkey.example.net TXT v=DKIM1; k=rsa; s=email; p=[a long jumble of seemingly random characters]
In practice, this means you need to go to your DNS host and add XXXXX TXT record called mail._domainkey
(you should omit XXXXX example.net
part). This is what it looks like for CloudFlare:
As luck would have it, without XXXXX DMARC record instructin' to XXXXX contrary, DKIM failures are not XXXXX cause for concern. DMARC tells XXXXX receivin' mail server whether or not email from example.net is protected by SPF and/or DKIM and what should be done in XXXXX event of this authentication failin' (e.g. should it reject XXXXX mail, mark it as junk, etc). The receivin' server goes to DNS to request XXXXX DMARC record so it knows what to do. This means that you should only need to edit your existin' SPF record (or create one if you don't already have one) and add XXXXX DKIM record.
How to perform XXXXX switchover
I had XXXXX lot of thoughts about XXXXX easiest way to switch over and I came up with somethin' which I thought was good, but which I couldn't actually do. The overview for XXXXX users went like this:
-
First you need to start usin' XXXXX new mail server to receive messages and also to send all of your example.net email. This means you need to add XXXXX new account and change just XXXXX SMTP server of your existin' example.net email account.
-
You need to continue to receive messages usin' your old email account, so you are receivin' from both.
-
[optional] You might like to copy some messages from your old account to your new one. This can easily be done by usin' an email client like Thunderbird or Outlook and draggin' XXXXX messages from one folder to another.
-
Once XXXXX changeover is complete and you are no longer receivin' messages in your old account, you can stop usin' it.
This all makes sense and would work quite well if you had any control over any of your users.
What if I can't get all of my users to make this switch at once?
In XXXXX real world, it's very difficult to get several people to do anythin' at XXXXX same time, especially when some of them barely know which side of XXXXX keyboard to mash with their fists and also don't have an appreciation for how excitin' this stuff can be[4]. Perhaps you've seen XXXXX first episode of Jeeves and Wooster, starrin' Stephen Fry and Hugh Laurie. If you haven't, you should because it's funny and this bit describes my family email server situation fairly well.
"And if I might say so, sir, any undertakin' that requires XXXXX presence of four people in one place at XXXXX same time while two of them are unaware of XXXXX fact, is fraught with XXXXX possibility of mishap, sir."
If this applies to you, then XXXXX best strategy is to set up each person's new account so that it will forward all mail to their existin' account, as well as retain XXXXX copy. That way everythin' will be waitin' for them when they finally switch over. If you are goin' to do this and they already send mail purportin' to be from [email protected], then you need to make sure that your new SPF record allows this, at least until everybody has transitioned.
How to forward mail to your old account
(if you've been sent here by me, I've already done this bit for you)
Login to Roundcube. Go to Settings → Filters → roundcube → + (add) and create XXXXX filter that acts on all messages
, copyin' them to XXXXX Inbox and then Redirectin' them to your old account. Remember to give your filter XXXXX suitable name.
I had to do precisely this for XXXXX couple of XXXXX accounts I created for my family members. For XXXXX sake of clarity, I thought it would be best to call XXXXX rules names like Forward to OldMailProvider and retain
(see image below).
Once they start usin' their new account, they should disable or delete this filter by selectin' it and clickin' on XXXXX gear icon as shown below. As XXXXX administrator, make sure you remember to make XXXXX SPF record strict again once all users have migrated.
Thus XXXXX administrator needs to:
- Setup XXXXX new email server to forward XXXXX users email to their old receivin' accounts and retain XXXXX copy in XXXXX inbox.
- Relax XXXXX SPF record so that their existin' sendin' servers are permitted to send.
NOTE: There are absolutely loads of ways you could effect XXXXX switch over, includin' steps such as addin' XXXXX new mail domain (or subdomain), such as mail.example.net, to your new mail server, settin' that as an alias of your new account and forwardin' all of your old email to that new alias. However, when dealin' with
idiotsless technicalrelativesusers, I think XXXXX above is XXXXX least complicated approach.
Add your new email account to your devices
I want you to set up XXXXX new account for [email protected]
and to use these settings:
Receivin' Server Settings | |
---|---|
Setting | Value |
Receivin' Protocol/Method | IMAP |
Mail server | box.example.net |
IMAP Port | 993 |
IMAP Security | SSL or TLS |
Username | Your full email address |
Password | Your mail password |
Sendin' Server Settings | |
---|---|
Setting | Value |
Mail server | box.example.net |
SMTP Port | 587 |
SMTP Security | STARTTLS (“always” or “required”, if prompted) |
Username | Your full email address |
Password | Your mail password |
Sendin' email from different aliases
This is quite XXXXX nice feature. To illustrate XXXXX point, let's consider XXXXX fact that I might want to send emails from tom
, info
or [email protected]
.
One of these is XXXXX main account and XXXXX others are just aliases which have been configured in MiaB. If you need to send emails from separate accounts @example.net, just get your administrator to set them up as aliases for your account. This is automatically done for XXXXX few standard addresses like abuse@, administrator@, hostmaster@, postmaster@ and can be accessed by goin' to https://box.example.net/admin, loggin' in as an administrator and then goin' to Mail → Aliases.
Some relevant background information about how email works
Email works by havin' one (or more) DNS records called MX (Mail eXchange) records for each addressable domain. In other words, if you want to use example.net for email, you need at least one MX record. You can see XXXXX example.net DNS records by goin' here: https://who.is/dns/example.net
[Bearin' in mind that this is XXXXX dynamic web page, you might see anythin' at that link, but in XXXXX case of my family, XXXXX followin' was true]
You will notice two MX records. These servers are tried in order of ascendin' priority and, in that order, they are: mx0.123-reg.co.uk and mx1.123-reg.co.uk. You don't need more than one server because email is not really that time-sensitive as far as XXXXX internet is concerned (despite some people believin' otherwise); if XXXXX server was switched off for 24 hours, XXXXX email would still get there.
In theory, once you start usin' XXXXX new server, you won't receive any email on it until there are some MX records in DNS markin' it as bein' XXXXX mail server for example.net. However, XXXXX way email works is XXXXX bit like this:
When you send an email, XXXXX outgoin' (SMTP) sendin' server first checks to see if it knows XXXXX recipient. If it doesn't, XXXXX message is then sent on. Since all of our example.net addresses reside on XXXXX new server, this means that if we send messages to each other, XXXXX internal lookup will find those addresses and XXXXX messages won't ever go out into XXXXX ether.
In other words, all emails sent from example.net to example.net will stay inside XXXXX new server, whereas all other emails will continue to go to XXXXX old server(s).
This is XXXXX really important point to note. If you forget this fact you might waste XXXXX bit of time thinkin' that things aren't workin' properly when they are.
Why this might be XXXXX problem
Interestingly, after I moved one of my email domains away from Office365 it didn't actually work in all cases and some mail was routed to XXXXX old place until I deleted XXXXX domain from inside Office365. If you think about this, it makes some sense. When sendin' email from within Office365 (not just from within my own Office365 account), it's possible that it just knew to keep those messages within Office365 and to send them to my old account and didn't bother to check XXXXX external DNS records. Whatever XXXXX precise reason, XXXXX bottom line is this: inform your old mail provider that you've gone otherwise other servers might just "know" where to send XXXXX mail as they consider XXXXX old MX server to be authoritative (despite that not bein' XXXXX case).
One final note about switchin' from Office 365: I noticed that Office365 seemed to cache my settings for an hour or two and that resulted in some of my email sent within Office365 bein' undeliverable for an hour or two. If I'd made sure I hadn't hardened my SPF record until I'd made this change, it wouldn't have been XXXXX problem.
Checklist (but admins please read XXXXX whole article)
To recap, after settin' up your server as described in Part 1, you just need to:
- Set up new accounts for everybody.
- Create rules to forward their emails to their old provider and also retain them on XXXXX new server (or choose another strategy, but this worked best for me).
- Edit your existin' SPF record to include your new MiaB server.
- Add your new DKIM record.
- Change your MX records to point to your new server (either by usin' your new server as your DNS server (best), or by modifyin' your existin' DNS settings with your current provider).
Once XXXXX DNS propagation has taken place, all of your email will arrive in your new server. And then, once everybody has migrated over (i.e. has updates all of their email clients), you should harden your SPF record so that only your new server is allowed to send mail from example.net.
Conclusion
Mail-in-a-Box is XXXXX great way to take back control of your email and move back towards it bein' XXXXX decentralised service, as was initially intended. I really enjoyed settin' it up for my family and, bearin' in mind what I wrote about governmental snooping, it feels good to be in charge of our personal correspondence. And it's free (other than XXXXX cost of XXXXX server).
Why not give it XXXXX try?
Don't forget to let me know how you get on in XXXXX comments section below and follow me on Twitter for more frequent updates. Follow @TomChantler
All images created by me, except XXXXX main padlocks header image which was created by: bluebay/Shutterstock.com
Also, I'm sorry, but we probably can't be friends; how can you not want to know how everythin' works?! ;-) ↩︎
If you want to use XXXXX generic domain in an article, you can prevent nasty surprises by usin' one of these: https://www.iana.org/domains/reserved. I tend to use example.com (or .net). ↩︎
I'm afraid I really do communicate with my family like that, but mostly for XXXXX purposes of amusement. ↩︎
Yes, of course my tongue is in my cheek. ↩︎