GTAXLnet Mail

---

GTAXLnet Mail is a free e-mail hosting service for your domains. Our e-mail services are geared towards personal use and small business. If you have thousands of employees or domains our services are not for you. We used to use Google Apps free edition, then that got shut down so we moved to Windows Live domains free edition, that also got shut down. There are very slim choices for free e-mail hosting, and they all suck. GTAXLnet Mail wanted to be better than all the choices, even the paid ones for people that simply want e-mail for their domains. You shouldn’t have to pay an arm and a leg and worry per user costs for a basic necessity of the 21st century. You should also not have to worry about your accounts getting yanked because you don’t politically align with the company’s standards or put trust in major brands like Google or Microsoft that love having your data and the government has an instant backdoor to your e-mails.

Why is GTAXLnet Mail better than any of the free alternatives?

There are very few free e-mail hosting solutions for your OWN domain(s) and they all suck and aren’t trustworthy. I’d say we are even better than paid solutions. The MAJOR free e-mail hosting solution for domains used to be Google Apps, now called “G Suite” that now costs money per user.
Microsoft offered free e-mail hosting for domains as well via their Outlook service but has also shut down their free service.

There are still free ones such as Zoho mail, but they limit the number of domains, accounts, aliases, and inbox size. Plus, can you really trust they will stay around and do you trust a big company with YOUR data? I mean they don’t even do proper DKIM signing. Here is a list of why our FREE e-mail hosting is better,

• Completely FREE, no gimmicks or bullshit
• NOT going anywhere anytime soon, we’ve been around since 2010 and pay our e-mail server off yearly and our domains are paid off in advance of 10 years
• No referrals needed
• Unlimited domains, unlimited accounts, unlimited aliases
• No arbitrary limit on inbox size, just don’t max out our hard drive ;)
• Proper DKIM signing
• DMARC checking and reporting, with aggregate reports
• Client IP address stripped from outbound e-mails for privacy
• 150MB attachment size, we can increase if needed
• Full IPv6 support
• Auto-configuration for Thunderbird, other major clients soon
• Participate in DNS whitelist programs such as dnswl.org
• All our domains are secured with DNSSEC, and all our server’s caching recursors (PowerDNS) validate DNSSEC, so no spoofed MX records
• Secure ciphers for both smtp transport and imap/pop3 along with legit paid SSL cert, if you EVER see a certificate error DO NOT CONTINUE
• Outbound e-mails are sent over SSL/TLS to e-mail servers
• 100 connections per IP, can change to your needs depending on amount of clients/accounts connecting
• No government backdoor, no big nasty company holding onto your private e-mails
• We are a security conscious provider and encourage and help our users engage in the use of PGP, S/MIME and other security principals
• We NEVER use wildcard SSL certs ANYWHERE
• We will not yank e-mail accounts just because we are mad at somebody or even if we don’t agree politically. We are a company that believes in freedom of speech and expression. We still host e-mail accounts for people we are no longer friends with and despise. We never sabotage, yank accounts, go through e-mails, etc.
• Secure e-mail directory, hardened filesystem permissions, we patch the kernel every time there is an update
• Many other reasons!

Some features we are considering in the future,

• Encrypted mail directory container with users password
• DANE
• Option to PGP encrypt all inbound emails on server disk
• Backup MX receivers
• SMTP outbound cluster
• E-Mail newsletter support
• Better registration and management interface
• Virus/Malware scanning server-side, your computer’s antivirus will scan your e-mails
• Our own public DNSBL for IRC and e-mail
• Getting our domains registry locked (corporate grade)
• Getting LLC’d and Trademarked
• IMAP Push, we need to verify that it’s fully working
• Client cert authentication

How we compare to the competition,

Name	Price	Accounts	Domains	Mailbox Size	Attch. Size
GTAXLnet Mail	FREE	Unlimited	Unlimited	No arbitrary limit	150MB
Google G Suite	$5 user/mo	Limited by your budget	600	30GB	25MB
Microsoft Exchange	$4 user/mo	Limited by your budget	900	50GB	150MB
Zoho Mail	FREE	25 (+25 w/ referral)	1	5GB	20MB
Rackspace	$2 user/mo	Limited by your budget	Unlimited	25GB	50MB
FastMail	$5 user/mo	Limited by your budget	100	25GB	50MB
ProtonMail	$24/mo	5	10	20GB	?
GoDaddy	$5 user/mo	Limited by your budget	?	5GB	25MB

FAQ

When was GTAXLnet established?

GTAXLnet has been around since 2010 as an alternative IRC network to GeekShed. Since then we progressed to offer additional internet related services, such as e-mail hosting. Our core business is IRC (Internet Relay Chat) however we have a lot of interest in our GTAXLnet Mail project as well. GTAXLnet Mail was established in 2015.

What software do you use?

We use a Postfix + Dovecot + MariaDB + OpenDKIM + OpenDMARC + SpamAssassin + policySPF configuration running on the latest 64-bit Debian, native kernel, in a KVM container. We store e-mails in the maildir format.

Is it really free, what is the catch 22?

Yup, no bullshit, it is completely free and NO you are not the product. We don’t sell your data nor cipher through it. We offer this because we already pay to host our e-mail server for our own use, the server is gonna be paid regardless. We feel that the overhead for hosting e-mail for others isn’t much of a burden on us to do. 95% of e-mails are relatively small, a few kilobytes if that. We do accept donations though, and there are quite a few people that do pitch in and make this project thrive! We would like to thank the following people that currently have invested in the GTAXLnet Mail project,

• Victor Coss (GTAXL) https://gtaxl.net
• Josh Cheetham (IVIrCheetham) https://ivircheetham.com
• Tony Lloyd (DG) https://darkgamer.me

How much does it cost to operate the GTAXLnet infrastructure?

Well as a whole, including IRC, web hosting, etc. GTAXLnet costs ~$1,000/year. We pay for about a dozen servers, 20+ domains, some SSL certs, etc. We try our best to keep costs minimal and utilize free stuff like Let’s Encrypt when we can.

How can I donate to the GTAXLnet Mail project?

We accept donations of any kind and highly appreciate it! Donations are not required, but they do help keep the project alive and thriving. Please utilize whatever method is convenient for you below,
PayPal: vic@likeacoss.com (Click e-mail to go to PayPal page)
Google Wallet: mastergta2@gmail.com
Bitcoin:3GKQqUjMMEqUipq6uP1WHuhfTomsHyGUSD
Check (US Only):You may mail a check to the following address,
Renew our domains:Another way to donate is to help us renew our domains. If you feel giving and want to add a year you can use Directnic’s Easy Renew feature here, https://directnic.com/easyrenew just type in one of our domains and continue the process. You don’t need our credentials, anyone can renew on our behalf. :)

Are there any limits?

No, as we previously shown by our comparison table against our competition, we don’t have limits on the number of accounts, domains, aliases, nor do we set an arbitrary limit on inbox size. Now if you are medium to large size business with thousands of domains or thousands of accounts, we are not for you. We are geared towards personal use and small business needs. We ask that you don’t flood/e-mail bomb, send mass recipient e-mails, such as a newsletter without our consent, don’t keep large attachments on our server 25MB+, and don’t max out our server’s hard drive. You are allowed to send/receive large attachments, currently up to ~150MB. What we meant was don’t keep them on our server’s disk, like archive them. Once you receive the attachment, download it somewhere, then delete the e-mail, empty trash so it doesn’t eat up our disk space. Once you sent a large attachment, delete the e-mail from the Sent folder, or edit the e-mail in the sent folder to remove the attachment from it. We don’t mind if you keep small attachments on our server. We also are fine with any other e-mails that don’t have attachments, you may keep them in the Sent folder, and you may archive all your received e-mails. We just don’t want you keeping your entire FLAC library, etc. on our e-mail server. This is an e-mail server, not our storage server. What we meant by don’t max out our hard drive, was don’t be obviously excessive. We consider ourselves power users with ~30K e-mails yet that only equates to about 1GB or so of space. Our server has 90GB of space, trust me; this won’t get maxed out unless someone is trying to store their entire FLAC library. If all our users are following guidelines and our server’s hard drive is near full, we will of course upgrade the hard drive.

Why couldn’t I just host e-mail myself?

You can and we aren’t stopping you. Even if you are comfortable with Linux servers and networking, managing an e-mail server isn’t easy. You have to understand how e-mail fully works, how it transits through various networks, and how it gets to the end user successfully. You have to be comfortable reading logs and debugging various software to work in harmony with each other. You have to have a strong knowledge of networking, various DNS records, DNSBLs, reading e-mail headers, etc. You have to understand the e-mail chain, MTAs, MDAs, MUAs, IMAP/POP servers, milters, etc. You have to watch to make sure all your e-mail servers and servers sending from your domain maintain good reputation, don’t get listed in a DNSBL, or don’t bounce for various reasons. You have to be comfortable with understanding bounce replies for outbound and inbound e-mail, and communicating with other e-mail providers to fix said issue. You have to understand SPF, DKIM, DMARC and how to properly implement them for each domain on your server, and to make sure you have the right format and that they pass. Basically there is a lot involved in setting up and maintaining an e-mail server. Some people follow quick tutorials and think boom my e-mail server is all setup, and while it may function; they often don’t fully configure it robustly and leave many security components behind. Once you setup an e-mail server, you should deeply comb through logs, watch e-mail headers, etc. Common flaws I see from people running their own e-mail server is they don’t setup a proper DMARC record, or they don’t set the MTA hostname to match the PTR record, or configure the MTA to try STARTTLS on outbound e-mails, or use self-signed certs, or don’t strip their client IP from e-mail headers, etc. At GTAXLnet Mail, we are very detail oriented and we go back and verify everything is configured correctly and implement all e-mail standards according to RFC.

Where is your server located?

Our main e-mail server is hosted with Ramnode in Atlanta, Georgia, USA. Also known as the home of Coca-Cola. :D

Can I move my current e-mails over to your server?

Yes, if you’re coming from another e-mail provider please ask them to zip your e-mails in maildir format. We use the following file structure, /domain/user/ ex. /gtaxl.net/gtaxl/ = gtaxl@gtaxl.net If they can’t provide a maildir format, another option would be to use your e-mail client and move then over to your new account on GTAXLnet Mail. Before you do this please clean up your inbox and other folders, then empty trash. If using Thunderbird, then Compact all folders. Transferring 1000+ e-mails via your e-mail client can take a very long time, about 1-3 e-mails a second. If your host provides a zip’d maildir and you know how to use PGP please encrypt it to the following key, gtaxl@gtaxl.net 0x7BF99D52

If your host provides a maildir zip, you may e-mail it to gtaxl@gtaxl.net if it is less than 100MB, if bigger please upload it somewhere like Dropbox, etc. and provide me the download link. As I stated before, it is highly recommended you PGP encrypt it. Or if you e-mail it to me you can also use S/MIME, my pub key: CER P7B I highly recommend you sign.

I will touch more on moving your e-mails over later on in the setup tutorial.

How long do you hold onto Spam and Trash?

Our server will automatically delete Spam older than 60 days, and Trash older than 30 days. The script runs every night at midnight eastern time.

Will my account be deleted due to inactivity?

Nope, we aren't like others. ;)

Do you virus/malware scan e-mails?

We only scan e-mails for spam. We don’t do virus/malware scanning server-side yet. If you have an antivirus installed on your computer, almost ALL AV’s will scan e-mails you receive in your email client.

Do you offer web mail?

No, sorry but for overhead and security reasons we currently don’t offer webmail access. You are going to need to get an e-mail client for your particular platform.

What are your recommended e-mail clients?

Windows: Mozilla Thunderbird, eM Client
Mac: Apple Mail
iOS (iPhone/iPad/iPod): Apple Mail
Android: K-9 Mail
Linux: Mozilla Thunderbird

How do I get a @gtaxl.net e-mail address?

You must have been a long-term loyal IRC member to qualify for one. All GTAXLnet Staff and previous staff have one.

If you have any other questions, please ask them on IRC at irc.gtaxl.net #GTAXLnet or you can e-mail Victor Coss at gtaxl@gtaxl.net

** Getting Started **

The first step is to add your user account(s) and domain(s) to our database. If you have an @gtaxl.net e-mail we will just generate the user account, you won’t have to follow the domain records setup. We recommend you use secure long passwords generated by a password manager. We highly recommend you use KeePass instead of an online-based password manager. If you don’t have KeePass already, download and install it. Setup and configure your password database. Setting up a password manager is out of the scope of this tutorial. We assume you already have KeePass and know how to use it.

1. Go to the E-Mail group on your KeePass, if you don't have one create one.
2. Click the yellow key button to Add an entry

Note: Sorry if the colors are a bit dull, our GIF encoder was acting up.

1. Set the Title to GTAXLnet Mail
2. For the User Name put the e-mail address you wish to setup. In this example we are going to demonstrate setting up an e-mail account for the domain verytightsecurity.net
3. For the URL, put the website we are currently on. https://gtaxl.net/email.html
4. For the Notes jot down our e-mail client configuration settings,

IMAP: mail.gtaxl.net 993 SSL/TLS
SMTP: mail.gtaxl.net 587 SSL/TLS
Password authencation required
Username on SMTP is your e-mail address
If you get a certificate error, DO NOT CONTINUE

1. Click the yellow drop down key then click Open Password Generator...
2. Change the password length to 35 characters or more
3. Tick Special
4. Tick Collect additional entropy
5. Click OK

Now you will be in the Entropy Collection for KeePass wizard. Move your mouse around very randomly and fast inside the static screen. Do this whilst also typing random stuff on your keyboard in the text box. Keep doing this until the Generated bits shows 256bits. Then hit OK.Notice how there is an asterisk on your password database, this means there were changes that have yet to be saved. Hit the blue floppy disk to save your changes. Remember, it ain't official without that floppy disk. ;)

Generate encrypted password hash

Now that you've generated a secure password for your e-mail account, it's time to get it added to our database. Please go to https://gtaxl.net/passcrypt.php to generate an encrypted hash.

1. Type in the domain you are setting up e-mail for. If it's an @gtaxl.net e-mail address, you would put in gtaxl.net In this example we are setting up an e-mail account for the verytightsecurity.net domain
2. Put in the full e-mail address you wish to have under that domain
3. Copy and paste your secure password you generated from your password manager
4. Click Submit

This will generate the encrypted hash for your password, which is how we store it in our database. Please copy the two commands that are in bold. Make sure you select the whole thing and don't cut it off or it won't work properly. You have two options, 1) PM the commands to GTAXL on IRC, please be connected to GTAXLnet with SSL and have a registered nick 2) E-Mail the two commands to gtaxl@gtaxl.net
Please wait for Victor Coss (GTAXL) to manually accept your request (up to 48 hours) and add it to the database. We will reply to you when it's complete. Complete this process for any other e-mail accounts you want under your domain. If the e-mail accounts are for other people, we highly recommend you have them to go the passcrypt form and fill it out, e-mail you the commands, then you forward it to me.

Setting up DNS records

Once we've setup the e-mail account credentials, the next step is to setup the DNS records. If you are setting up an @gtaxl.net e-mail, this step does not apply to you. Please skip forward to the e-mail client configuration.

When we manually accept your e-mail account requests we will need to prove that you own the domain. We may either send a code to an e-mail on the whois, or have you set a TXT record. To expedite this process, you can set the following TXT record at the root of the domain, "GTAXLnet Mail VERIFY MM-DD-YYYY" replace MM-DD-YYYY with the current date in said format. Ex "GTAXLnet Mail VERIFY 12-25-2017". Setting up DNS records will depend on what Domain Registrar or DNS provider you are using for your domain. Here is an example of how to set this record using CloudFlare for DNS,
Do NOT delete or change any MX records in DNS until Victor Coss (GTAXL) has verified and approved the e-mail accounts and says they have been added to the database successfully. If you change the MX records before, inbound e-mails will bounce and you will lose e-mails!
Once your e-mail account(s) have been approved the next step is to route e-mails to GTAXLnet Mail. To do this we need to add or edit the MX records for your domain. MX stands for Mail Exchange, and it basically tells other e-mail servers what servers to talk to when sending e-mail to your domain. If you already have an e-mail provider, then you have MX records setup. We will need to delete these and add GTAXLnet Mail. Add the following MX record to your domain's DNS record,

Name	Value	Priority	TTL
@ or blank	mail.gtaxl.net	10	1 day (86400)

Here is an example using CloudFlare as our DNS provider,

Setting up your E-Mail Client

The next step after you have the DNS records setup, is to setup your e-mai client for your platform. Below we list several tutorials for the various operation system platforms. Click the link of the e-mail client you wish to setup to view our tutorial. If you're unsure, click the recommended links for your platform.

• Windows
• Mac
• iOS
• Android
• Linux

---