Embed Notice
HTML Code
Corresponding Notice
- Embed this noticeIve finally moved my email internal to my homelab
- imaps and SMTP are on an internal VM
- SMTP outbound is relayed to the public VM relay server
- SMTP inbound for known domains is relayed across the wireguard vpn to the internal SMTP server using the public SMTP listener/forwarder.
Certs are renewed each week (or attempted) and upon renewal copied to the mailserver over ssh using a systemd timer target. The mailserver then has a timer to copy those certs to their secure resting place on the mailhost.
Next step is Nat forwarding authoritative DNS over the tunnel into a new knot server, and moving the unbound cacher off the vps and into the homelab. One complete I can move letsencrypt renewals to DNS 01 style renewal with txt records and completely internalize cert management and distribution from the lab.
Complex but fun.