this post was submitted on 12 Jun 2023
1 points (100.0% liked)

Selfhosted

39937 readers
360 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
1
[Question] Does anyone run their own email server? (lemmy.one)
submitted 1 year ago* (last edited 1 year ago) by DidacticDumbass@lemmy.one to c/selfhosted@lemmy.world
14 comments fedilink hide all child comments
 

All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology.

I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own.

I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don't know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite.

Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?

top 14 comments
sorted by: hot top controversial new old
[–] thekernel@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

Not worth the hassle - best compromise is to get your own domain but use a provider like fastmail to host it.

If they turn sour you can move your domain to another mail host.

[–] ptz@dubvee.org 1 points 1 year ago* (last edited 1 year ago)

Yes, I still run my own email server. It is not for the faint of heart, but once it's configured and your IP reputation is clean, it's mostly smooth sailing. I have not had any deliverability problems to date, initial setup/learning period notwithstanding.

If you're not scared away yet, here are some specific challenges you'll face:

  • SMTP ports are typically blocked by many providers as a spam prevention measure. Hosting on a residential connection is often a complete non-starter and is becoming more difficult on business class connections as well (at least in the US, anyway).
  • If you plan to host in a VPS, good luck getting a clean IPv4 address. Most are on one or more public blacklists and likely several company-specific ones (cough Microsoft cough). I spent about 2 weeks getting my new VPS's IP reputation cleaned up before I migrated from the old VPS.
  • Uptime: You need to have a reliable hosting solution with minimal power/server/network downtime.
  • Learning Curve: Email is not just one technology; it's several that work together. So in a very basic email server, you will have Postfix as your MTA, Dovecot as your MDA, some kind of spam detection and filtering (e.g. SpamAssassin), some kind of antivirus to scan messages/attachments (e.g. Clamd), message signing (DKIM), user administration/management, webmail, etc. You'll need to get all of these configured and operating in harmony.
  • Spam prevention standards: You'll need to know how to work with DNS and create/manage all of the appropriate records on your domain (MX, SPF, DMARC, DKIM records, etc). All of these are pretty much required in 2023 in order for messages from your server to reach your recipient.
  • Keeping your IP reputation clean: This is an ongoing challenge if you host for a lot of people. It can only take one or two compromised accounts to send a LOT of spam and land your IP/IP block on a blacklist.
  • Keeping up with new standards: When I set my mail server up, DMARC and DKIM weren't required by most recipient servers. Around 2016, I had to bolt on OpenDKIM to my email stack otherwise my messages ended up in the recipient's spam folder. -Contingency Plan: One day you may just wake up and decide it's too much to keep managing your own email server. I'm not there yet, but I've already got a plan in place to let a bigger player take over when the time comes.
[–] proycon@lemmy.world 1 points 1 year ago

I've been self-hosting e-mail for over 15 years and hope to continue doing so. Although it's being made increasingly difficult by big tech players. I wrote about it here: https://proycon.anaproy.nl/posts/rant-against-centralising-e-mail/

[–] bassomitron@lemmy.world 1 points 1 year ago* (last edited 1 year ago) (1 children)

Obligatory PSA: ProtonMail isn't any more secure than Gmail and is likely a honeypot scheme crafted by government agencies: https://encryp.ch/blog/disturbing-facts-about-protonmail/

I know the title of that sounds clickbaity, but they cite their sources. It's worth the read for those curious about ProtonMail's history and their CEOs.

[–] linearchaos@lemmy.world 1 points 1 year ago

Tbh, that document reads like a discovery channel 2am aliens documentary, but it's not completely without merit.

There are a couple line items about software services they're using that are shitty that sound pretty legit. The fact that they're operating in locations where they might have to hand over data sounds pretty legit. Their warrant compliance and logging/handing over a person's IP address is legit.

The CIA honeypot stuff is all really circumstantial. If the CIA was in as deep as is claimed, a lot of the real evidence people are turning up that they're not a secure as they could be would be unnecessary.

My best guess is they decided to make an email company based in Switzerland with the schtick that they're secure (banks amirite?) They're doing what they can to appear secure without spending too much money. They're not going to have legal battles to keep your data private, and they are going to comply with agencies request for data. Even if they support end-to-end encryption if they are required by an agency to turn that encryption off for you, they're going to do it.

They're probably less likely than Google or Microsoft to sell all of your data to the highest bidder, but realistically there's no such thing as secure email.

[–] sunbeam60@lemmy.one 1 points 1 year ago

Despite my willingness to self-host almost everything, e-mail remains the last frontier for me. Keeping abreast of standards, keeping up today, avoiding implications in abuse and many, many smaller issues abound ... and that's despite my fixed IP and ISP willing to set up a reverse-DNS for me.

Instead I've gone with a paid email provider that I'm REALLY happy with.

[–] Moonrise2473@feddit.it 0 points 1 year ago (1 children)

I want to do a setup where i use mailcow at home for receiving emails but Amazon ses SMTP for sending, it's possible? Looks like it is, but i didn't investigate it

[–] MaggiWuerze@feddit.de 0 points 1 year ago

You could set it up, but the necessary DNS settings are usually not possible with a standard consumer contract.

[–] NochMehrG@feddit.de 0 points 1 year ago

I don't. But I do have my domain and use a hosted solution, so I'm kind of independent and own my data.

[–] emhl@feddit.de 0 points 1 year ago

I use https://github.com/docker-mailserver/docker-mailserver with sendgrid.com as an SMTP relay (recieving emails is easy, sending them successfully is a pain)

[–] Scratch2003@feddit.de 0 points 1 year ago

I do host my own mailserver for multiple years now without any issues.

I'm using https://docker-mailserver.github.io/docker-mailserver/latest/ on a rented server, not at home. I recently added DKIM and I check my setup via https://mxtoolbox.com and the like in irregular intervals to see if I can improve something.

The only downside I see is spam filtering, which obviously works better with GMail if the whole world population does the filtering for you. But the included SpamAssassin setup does work and catches most of the spam. I do check for false positives/negatives very regularly and have training folders set up so I can easily move messages into the SA training.

[–] lunarnexus@infosec.pub 0 points 1 year ago (1 children)

Only people who hate themselves

[–] flauschke@feddit.de 0 points 1 year ago

I've been apparently hating myself for a few years now. It's going alright though. Google still accepts my emails. Hotmail appears to have blocked me but I'm working on it. I haven't noticed any other problems so far

[–] PlexSheep@feddit.de 0 points 1 year ago

I run my own Mailserver on a vps with mailcow dockerized. Was a real pain to set up, even through it mostly works right now.

DNS stuff isn't just some A or AAAA records, also txt stuff reverse DNS and much more. As the others said, that's completely impossible with a regular ISP.

I'm on some dumb blacklist because my IP is obviously in the IP range of my hosting provider, and some lists generally block all vps ranges.

Now imagine the following: your bank wants to contact you and your primary mail is selfhosted, for some reason they block your IP (yes outgoing blocks, those idiots) and you don't get some real important mail. Or your server is down for maintenance, certificate issues, so on.

The best solution is most probably letting a professional email holster take care of your domain, for email at least. Protonmail offers that but the problem I have with them is that they don't allow a regular login through thunderbird, restricted to their own software.