this post was submitted on 12 Jun 2023
67 points (98.6% liked)

Selfhosted

40347 readers
365 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology.

I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own.

I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don't know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite.

Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 11 points 1 year ago* (last edited 1 year ago) (1 children)

Yes, I still run my own email server. It is not for the faint of heart, but once it's configured and your IP reputation is clean, it's mostly smooth sailing. I have not had any deliverability problems to date, initial setup/learning period notwithstanding.

If you're not scared away yet, here are some specific challenges you'll face:

  • SMTP ports are typically blocked by many providers as a spam prevention measure. Hosting on a residential connection is often a complete non-starter and is becoming more difficult on business class connections as well (at least in the US, anyway).
  • If you plan to host in a VPS, good luck getting a clean IPv4 address. Most are on one or more public blacklists and likely several company-specific ones (cough Microsoft cough). I spent about 2 weeks getting my new VPS's IP reputation cleaned up before I migrated from the old VPS.
  • Uptime: You need to have a reliable hosting solution with minimal power/server/network downtime.
  • Learning Curve: Email is not just one technology; it's several that work together. So in a very basic email server, you will have Postfix as your MTA, Dovecot as your MDA, some kind of spam detection and filtering (e.g. SpamAssassin), some kind of antivirus to scan messages/attachments (e.g. Clamd), message signing (DKIM), user administration/management, webmail, etc. You'll need to get all of these configured and operating in harmony.
  • Spam prevention standards: You'll need to know how to work with DNS and create/manage all of the appropriate records on your domain (MX, SPF, DMARC, DKIM records, etc). All of these are pretty much required in 2023 in order for messages from your server to reach your recipient.
  • Keeping your IP reputation clean: This is an ongoing challenge if you host for a lot of people. It can only take one or two compromised accounts to send a LOT of spam and land your IP/IP block on a blacklist.
  • Keeping up with new standards: When I set my mail server up, DMARC and DKIM weren't required by most recipient servers. Around 2016, I had to bolt on OpenDKIM to my email stack otherwise my messages ended up in the recipient's spam folder. -Contingency Plan: One day you may just wake up and decide it's too much to keep managing your own email server. I'm not there yet, but I've already got a plan in place to let a bigger player take over when the time comes.
[–] [email protected] 2 points 1 year ago (1 children)

Yep. I’ve hosted my own mail server since the early oughts. One additional hurdle I’d add to you list is rDNS. If you can’t get that set up, you’ll have a hard time reaching many mail servers. Besides port blocking, that’s one of the many reason it’s a non-starter on consumer ISP.

I actually started on a static ISDN line when rDNS wasn’t an issue for running a mail server. Moved to business class dsl, and Ameritech actually delegated rDNS to me for my /29. When I moved to Comcast business, they wouldn’t delegate the rDNS for the IPv4. They did create rDNS entries for me, and they did delegate the rDNS for the IPv6 block. Though the way they deal with the /56 IPv6 block means only the first /64 is useable for rDNS.

But, everything you list has been things I’ve needed to deal with over the years.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

Yeah, I totally forgot about reverse DNS. Good catch. I probably left out a few other things what with the repressed trauma of it all. lol.

I had to deal with Suddenlink business, and they were (somehow) surprisingly worse than what you described for Comcast (I didn't know that was possible, TBH). Suddenlink wouldn't even unblock the SMTP ports at all let alone delegate rDNS to our static.

[–] [email protected] 11 points 1 year ago* (last edited 1 year ago) (3 children)

Obligatory PSA: ProtonMail isn't any more secure than Gmail and is likely a honeypot scheme crafted by government agencies: https://encryp.ch/blog/disturbing-facts-about-protonmail/

I know the title of that sounds clickbaity, but they cite their sources. It's worth the read for those curious about ProtonMail's history and their CEOs.

[–] [email protected] 6 points 1 year ago (1 children)

Tbh, that document reads like a discovery channel 2am aliens documentary, but it's not completely without merit.

There are a couple line items about software services they're using that are shitty that sound pretty legit. The fact that they're operating in locations where they might have to hand over data sounds pretty legit. Their warrant compliance and logging/handing over a person's IP address is legit.

The CIA honeypot stuff is all really circumstantial. If the CIA was in as deep as is claimed, a lot of the real evidence people are turning up that they're not a secure as they could be would be unnecessary.

My best guess is they decided to make an email company based in Switzerland with the schtick that they're secure (banks amirite?) They're doing what they can to appear secure without spending too much money. They're not going to have legal battles to keep your data private, and they are going to comply with agencies request for data. Even if they support end-to-end encryption if they are required by an agency to turn that encryption off for you, they're going to do it.

They're probably less likely than Google or Microsoft to sell all of your data to the highest bidder, but realistically there's no such thing as secure email.

[–] [email protected] 7 points 1 year ago (1 children)

The basic assumption every privacy-concerned person should have about email is that it's never secure. Unless you use an offline cryptography program to encrypt your email text and then paste it into the email body before you send it, your emails are insecure.

Email was never designed with that in mind. If you want to communicate securely with somebody, use a medium/method that has been designed from the start for that purpose.

I use ProtonMail because it's not a massive corpo and it's open source, but I don't believe that my emails are significantly more secure than on a service like Exchange or Gmail.

[–] [email protected] 3 points 1 year ago (1 children)

This has been my thinking about ProtonMail, even after reading the article on here, and even after reading https://digdeeper.club/articles/email.xhtml (which I have to reread because it keeps getting bigger).

There is no perfect solution, just different levels of trust. That is right, if I want to be "secure" I got to act like a journalist and use a temporary solution or something that has end-to-end encryption.

Besides, email is meant for public communication. No reason to elevate it into some something it will never be.

[–] [email protected] 3 points 1 year ago (1 children)

Yeah. In my experience, you have to be careful in the world of tech privacy/FOSS to not fall off a cliff to the extremes.

You can always find reasons to not trust some piece of tech hardware or software. It's all too complex and multifaceted to fully vett, and even when you can do that, there isn't anything that isn't touched in some way by mega-corps or glowie agencies.

Tor was developed by the US gov, same with the ancestor of the internet. Your network traffic runs on mega-corp wires, through mega-corp servers. Your hardware is developed, built, and distributed by mega-corps, as is most the firmware and microcode in them.

Even Richard Stallman, one of the most hardcore Free Software advocates has concessions he makes for firmware, microcode, and so forth.

The only way to be truly and completely secure tech-wise is to pull a Ted K. And go run into the woods and live in a little cabin, disown any tech built after the turn of the century lol.

It's "all or something" not, "all or nothing." Determine your threat model, your ethical bounds, and let those principles guide you. I think fundamentally what all FOSS folks have in common is the idea that the tech you use should serve your needs and desires, not the needs/desires of billion dollar mega-corps farming you as a product.

[–] [email protected] 3 points 1 year ago (1 children)

This is the most sane perspective I have read. For sure it is important to have solid principles and do the right things whenever possible, but no one gets to demand changes for something they never contributed to, especially not those things that took a massive amount of money and human power to build. We are all standing on the soldiers of giants, and it is insane to think we can be Ratatouille, controlling them for out benefit.

The only way to change governments and mega-corps is to make it unprofitable when they do the things we don't like, or make it so doing the right thing makes them lots of money.

Thanks for this, it is the reality check I need to make good decisions. Even if I do become the Unidumbass, the people I love who would never follow me into that lifestyle.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

I actually have a formal methodology for how I engage with software/hardware from a FOSS perspective:

Embrace, Subvert, Accept.

For any task I do currently or want to do, I apply this process:

I first try to find and use any FOSS software/hardware that does that thing well enough to use entirely. (Embrace)

If there isn't a FOSS solution that exists or does essential things I need, then I use a proprietary technology in a subversive way to do it. So cracked copies, jail broken or otherwise hacked hardware, or using the proprietary service through an unofficial/unapproved 3rd party app. (Subvert)

If I can't do that either, but the task/need is absolutely critical, only then do I accept using proprietary and unmodified software/hardware. (Accept)

This method has worked pretty great for me. Now about 3 years after starting my FOSS journey, I have almost no software/hardware I use that is in that third category. Basically everything I use is FOSS, hacked, cracked, modded, or runs on platforms that are, and I enjoy tech and computing more than I ever have :)

[–] [email protected] 3 points 1 year ago (3 children)

This is a good method. It is our duty to do everything we can to live by our principles, and be careful about the compromises we make. The more I go deep into FOSS, the more I discover. So much exists, it just takes some work on our part to fit it to our needs. Programming competency does not have to be high, just enough to fix any compile errors.

load more comments (3 replies)
[–] [email protected] 2 points 1 year ago

What's the saying? If you can't tell if it's ignorance or malice, it's probably the former?

however, with all of these points, even if it is ignorance, the lying about encryption (even though I don't really use it) is upsetting. That plus the other lies I've seen them pull is enough to make me consider switching to something else.

Got any recs? Lol

load more comments (1 replies)
[–] [email protected] 10 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago (1 children)

This is has been recommended probably the most. Coming on top as a winner.

[–] [email protected] 2 points 1 year ago (1 children)

I run my own fork where I added MySQL support for aliases. But otherwise it's great.

load more comments (1 replies)
[–] [email protected] 7 points 1 year ago (4 children)

I originally did but the maintenance burden was killing me. Then last year Proton unified their subscription with VPN and Mail (also upgrading my Proton VPN only subscription to Proton plus) and from there I decided to just go all in on Proton mail. I integrated my domain to Proton mail and never looked back.

load more comments (4 replies)
[–] [email protected] 6 points 1 year ago (2 children)

No. But I did consider it. Multiple times.

Why not? I'm too scared! Email is the one service that let's an attacker nuke each and everything. It's still the most central/crucial service that almost any service relies on. If I lose access to my mail account, I lose access to pretty much every service.

As much as I would like to host this myself, I simply do not feel comfortable to do it.

[–] [email protected] 3 points 1 year ago

AAAHHH!. Now I am scared too.

So much to consider it is dizzying.

[–] [email protected] 3 points 1 year ago

Pretty much for this reason for me as well.

I'm a tech hobbyist and I've run/currently run things like Nextcloud, Jitsi, Matrix, XMPP, etc. But all that seems pretty small-scale. However with e-mail, nearly everything relies on it, and from the headaches I've heard about from those who self-host e-mail, it just seems like a perfect way to screw yourself over 😅

[–] [email protected] 6 points 1 year ago

Despite my willingness to self-host almost everything, e-mail remains the last frontier for me. Keeping abreast of standards, keeping up today, avoiding implications in abuse and many, many smaller issues abound ... and that's despite my fixed IP and ISP willing to set up a reverse-DNS for me.

Instead I've gone with a paid email provider that I'm REALLY happy with.

[–] [email protected] 6 points 1 year ago (3 children)

I've been hosting my own mail server, ever since I got into Linux. Most companies where I worked before, used self hosted email.

I've since migrated to using mailcow, which takes a lot of the headache out of it.

When you first start, it's a bit daunting. But easily manageble, once you've gained some experience.

load more comments (3 replies)
[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

I setup my own email server, it was an absolute pain to setup, especially since I had no idea about all the little details of sending and receiving email. It was kind of fun to see everything come together

In the beginning I had a ton of email go into spam boxes, especially with gmail. Later I found out that if you don't add the proper email headers like to: "Name Of Recipient" <[email protected]> it goes straight to the spam folder. (So you always need to provide a name)

I am afraid to touch anything now though, as it is currently very really stable (on a vpn btw)

load more comments (1 replies)
[–] [email protected] 5 points 1 year ago (1 children)

It's bad out there when it comes to hosting your own email server. This blog post shows somebody's experience in detail, and it's worth reading. https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html

It's all so sad.

[–] [email protected] 4 points 1 year ago

That was a sobering read. We all feel victorious when we see big tech fail after they wronged their users, but fundamental technologies that actually run the world have already been lost, and may never be recoverable for egalitarian use.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (2 children)

I use Cloudflares email routing.

Point my domains name servers to Cloudflares and enable email routing. I can then create any email address in that domain and have it forward to any of my email addresses. Works great when signing up for accounts. The only thing you can't do is fire off email FROM said email address

Edit: can to can't

[–] [email protected] 2 points 1 year ago (3 children)

Wow, didn't know this. I already have my ns pointed to cloudflare, i didn't get it though - we can only send emails?

load more comments (3 replies)
load more comments (1 replies)
[–] [email protected] 4 points 1 year ago

It’s a great learning exercise but challenging to get right and ensure your deliverability and basically impossible from a residential-grade IP address (if you have a business class static IP at home you could pull it off).

I ran an email server for decades but gave in and pay to host my email now.

If google decides you’re a bad guy it’s such a pain to crawl back from that and I prefer my email to just work.

[–] [email protected] 4 points 1 year ago (1 children)

I do host my own mailserver for multiple years now without any issues.

I'm using https://docker-mailserver.github.io/docker-mailserver/latest/ on a rented server, not at home. I recently added DKIM and I check my setup via https://mxtoolbox.com and the like in irregular intervals to see if I can improve something.

The only downside I see is spam filtering, which obviously works better with GMail if the whole world population does the filtering for you. But the included SpamAssassin setup does work and catches most of the spam. I do check for false positives/negatives very regularly and have training folders set up so I can easily move messages into the SA training.

load more comments (1 replies)
[–] [email protected] 4 points 1 year ago (4 children)

I've been self-hosting e-mail for over 15 years and hope to continue doing so. Although it's being made increasingly difficult by big tech players. I wrote about it here: https://proycon.anaproy.nl/posts/rant-against-centralising-e-mail/

load more comments (4 replies)
[–] [email protected] 4 points 1 year ago (3 children)

Yes, and I love it.

I use mailjet as a proxy on outgoing emails so that I get fewer of my sent messages rejected, which works.

It was a pain to setup but it's treating me very well.

load more comments (3 replies)
[–] [email protected] 3 points 1 year ago (9 children)

I used to run my own mail server many, many years ago (early 2000s), but today it's a lot more difficult. I personally don't think it's worth it, but I do have my own domain that I can host anywhere I choose. At the moment, I'm using Fastmail. Lots of nice features, and no complaints.

load more comments (9 replies)
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (8 children)

Not worth the hassle - best compromise is to get your own domain but use a provider like fastmail to host it.

If they turn sour you can move your domain to another mail host.

load more comments (8 replies)
[–] [email protected] 3 points 1 year ago (1 children)

I've been running the families mail server for over 6 years now. I'm using mailinabox.email scripts to setup and manage the server.

I've not had any problems (touch wood) with email delivery. You may have issues if your domain is new, it can take a few days for the big guys to accept email from you.

I say go for it, I think too many are worried about deliverbility and that just causes more centralisation.

[–] [email protected] 3 points 1 year ago

Good point. I am really getting pulled down to taking the easy route due to all the complexity and discouragement which is draining my initial motivation, as well as my own laziness settling in on one more thing I can just pay for.

You are right, the fight is not over. I can do my part to decentralize.

[–] [email protected] 3 points 1 year ago (5 children)

E-mail was the first "thing" that got me off of Google (to Proton & then currently Tutanota) but is really the last remaining service I not have self hosted.

I have always read about how difficult and time consuimg it was to run your own mail server, but I felt like I needed to experience it myself. So I purchased another domain and followed the instructions on https://mailinabox.email/.

I am using a small VPS on Hetzner and I have to say the experience has been almost flawless so far. I did need to have my new domain taken off the Domain Block List, but Hetzner gave me a clean IP and defaults to blocking port 25 outbound to prevent spam (simple ticket to open, once account is 30 days old and paid).

I know I'm still early into this journey so far, but it has been really simple and I plan to test this secondary domain for a few months before moving onto it full time.

As an avid self hosted of literally everything else, I can say it has been a lot of fun learning so far!

load more comments (5 replies)
[–] [email protected] 3 points 1 year ago (4 children)

a bit late to the party here, but I didnt see iRedmail mentioned. been using this to host my own email on a VPS for a little over a year now and its great. for me its worth, you can absolutely make it secure, and its not stupid to run it off a local computer. unfortunately most ISPs make it insanely difficult to host on your home network.

load more comments (4 replies)
[–] [email protected] 3 points 1 year ago (5 children)

Just take a look at https://docs.mailcow.email/

This runs from a small box with everything included. It gives you all the tools and config needed for running a secure and feature rich email service. Webmail, some sort of exchange emulation, webcalender on top of a solid postfix/dovecot install with rspamd as spam filter. Everything is configurable via a nice web UI.

After 15y running my own mail service and editing a lot of config files, I use this piece of free and open software and find it very good. All you need is a box somewhere in the internet. Running from a homelab will instantly fail, expect you have a static ip.

load more comments (5 replies)
[–] [email protected] 3 points 1 year ago (7 children)

I run my own email server using Mailcow. It works well.

However, I do not even attempt to directly send outbound email. It's very difficult to get your server trusted by the major providers, especially Microsoft (who are very picky about email servers). I have an account with MXRoute (which is an email provider) but only use it for outbound relaying. Inbound emails go directly to my server.

For what it's worth, MXRoute is a great provider to consider if you want to move away from the large ones (Google, Microsoft, etc) but don't want to self-host.

load more comments (7 replies)
[–] [email protected] 3 points 1 year ago (2 children)

Only people who hate themselves

load more comments (2 replies)
[–] [email protected] 2 points 1 year ago (1 children)

I did but I stopped. My server had everything set up (DKIM, DMARC, SPF, Spam filtering) but I gave up after some providers wanted me to jump through hoops to get my mail delivered. Also I never had enough outgoing mail to build some reputation.

[–] [email protected] 4 points 1 year ago (2 children)

That sucks. I don't even know what to think anymore. It is crazy that anyone with our email address essentially has access to when they use giant corporate services like google of microsoft, but every independent server is a bad actor until proven reputable.

I can't be asking everyone I want to email to put me on a whitelist. They'll just tell me to lose their address.

load more comments (2 replies)
[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (4 children)

@DidacticDumbass
Yes I run my own mailserver. I have done it for the last 15 years or so.

I'm also running my own Friendica instance.

load more comments (4 replies)
load more comments
view more: next ›