[HN Gopher] Running a private mail server for six years, easy peasy ___________________________________________________________________ Running a private mail server for six years, easy peasy Author : lazyweb Score : 136 points Date : 2022-02-22 15:11 UTC (7 hours ago) (HTM) web link (schumacher.sh) (TXT) w3m dump (schumacher.sh) | krnlpnc wrote: | Happy to see the support for self-hosting mail. | | I think the fear of self-hosting mail that many people have can | be treated simply by trying it on a non-critical domain. Yes | there are hoops that must be jumped through to ensure reliable | delivery, but it's well worth it to gain an understanding of how | they all work together. | mindslight wrote: | It's amazing how much the experiences of mail hosting vary. | I've run my own email for decades and have never had the kind | of deliverability problems that people seem to go on about. | I've had the occasional isolated incident (perhaps like 6 in | 20+ years), and if I'm sending a critical business message I | often tail the log to make sure it actually goes out. But in | general it's been quite straightforward. | | It's also worth noting that even if deliverability is a | problem, that doesn't affect incoming messages! So you can most | certainly grab your own domain, create a subdomain for account | validation emails, and mitigate the single point of failure for | your online life. | spkm wrote: | I absolutely agree. I'm also self-hosting all sorts of stuff, | including mail (opensmtpd, dovecot) and never really had a | problem. At some point a mail to telekom.de was refused by the | telekom because of my IP (I host on a kimsufi/OVH box). However, | after contacting telekom about it they immediately removed me | from the blacklist and it works fine ever since. | StayTrue wrote: | I've been running my own email since forever (and over UUCP | before that) and always considered it easy too. However starting | this year I'm paying for an SMTP relay so my outbound mails share | transit with other relay users', making them less likely to be IP | blocked by Microsoft. | Sloppy wrote: | sounds like a good solution, can you share a few details? | StayTrue wrote: | I use Postfix for SMTP. Inbound emails arrive directly at my | server without any intermediary. Outbound emails use Postfix | sender_dependent_default_transport_maps, which routes | outbound emails via mailgun. I use this method because I host | multiple domains and it lets me use domain-specific | credentials with the SMTP relay. Outbound routing could be | done using the same credentials for all domains but that | causes some unnecessary pollution in message envelopes. | LoveGracePeace wrote: | I got blocklisted by Microsoft one time, I filled out the | following form, it was cleared in a day or two, have not seen | any issues since. | | https://support.microsoft.com/en-us/supportrequestform/8ad56... | vsviridov wrote: | I've been running my mail server for about 15 years, give or | take. First with qmail/dovecot/squirrelmail and now with | postfix/dovecot/roundcube. | | Mostly smooth sailing. | shaky-carrousel wrote: | Oh, hello twin brother! I did exactly that. But the first part | was for a company. How times have changed eh? The bulletproof | aura of qmail and the ugliness of squirrelmail. Memories... | throwanem wrote: | The thing about qmail in my experience is that it's no nicer | to its own administrators than to anyone else in the world, | which checks out given who wrote it but led me to quickly | develop a strong preference for Postfix. | zh3 wrote: | Dovecot works so well, I've almost forgotten it's there for the | many years I've been using it for local mail handling. | pengaru wrote: | Been self-hosting my email for 23 years... for better or worse. | | To think even RedHat hasn't self-hosted their email for ages, | definitely back to pre-IBM days. | | Makes me wonder which major distros are still dogfooding the mail | server software they ship. | Scramblejams wrote: | I run my own mail server. Friends & family, so outbound volume is | super low, like 2-3 digits/day, not enough to get a rep. | Deliverability was always hard to one of the major providers | until I happened to make the right connection on HN to someone | who worked there, and she graciously opened an internal ticket, | asked some questions about the subnet my server was on, and it's | been fine ever since. | | Setting aside the fairness of how I got my deliverability problem | solved, this now makes me really reluctant to move IPs. :-/ | | Any tips on IPs where people are seeing excellent deliverability? | I'd like to avoid routing my outbound email through one of the | email providers (Mailgun, SES, etc) if I can. | Melatonic wrote: | Use a service like NoIP. You choose a hostname and off you go! | tedunangst wrote: | Yeah, don't think that's going to help. | lazyweb wrote: | > Any tips on IPs where people are seeing excellent | deliverability? I'd like to avoid routing my outbound email | through one of the email providers (Mailgun, SES, etc) if I | can. | | I've moved my domain / mailserver a few times between Hetzner | IPs when migrating to new servers. Went smoothly, but I make | sure to check the new IP with common greylists before moving my | mail setup. Other than that, make sure your DNS setup is clean | and use Hetzner :) But I'm sure you have your own strategies. | callesgg wrote: | If you buy your own ip range you will be fine. | | I used to work at a company who owned 128 address and the | mail server was one one of them. A Whois lookup of the mail | server IP gave my old boss as a contact person. Not just some | random ISP. | | We did not setup DKIM until maybe 2014 and that was not | really necessary from a outgoing mail perspective cause we | never got emails bounced. | collegeburner wrote: | That requires colo, I think? So more work for self-hosting | and maybe expensive. | Scramblejams wrote: | I don't need many IPs, any tips on what it takes to own a | /29 and how to go about buying it? | collegeburner wrote: | Can anybody recommend a hosting/VPS provider who does very | careful monitoring of ip space and has strict vetting to avoid | bad reputation? I have similar issues, though no magical | connected person, so maybe helpful to move to somebody who does | this. | oneplane wrote: | This has been a very hard problem to solve, mostly because of | the ways in which delivery problems have to be solved (support | mailboxes, abuse portals etc.) where unless you are 'big' you | are not going to get the priority needed to get delivery back | on track in a reasonable time at reasonable scale. Very | annoying situation to be in. | fiddlerwoaroof wrote: | I run a mail server on Digital Ocean and I've never had | deliverability issues with the big email providers. I had | issues once with a self-hosted exchange server and with one of | the ISP-provided email addresses. | martyvis wrote: | Not wanting to sound all bleak, but what's the continuity plan | in the event you are unable to administrate the domain at no | notice? Presumably friends and family at least have some | alternate cloud email? | Scramblejams wrote: | One of my motivations to move it is to make it easier for | someone else to take over in such an event. | softwarebeware wrote: | > personally, it fills me with satisfaction to self-host my own | infrastructure, my little internet island where I'm root, | especially in times of mega corporations trying (and succeeding) | in redefining "the internet" as a portfolio of services only they | can offer, with little alternative. | | Sounds great! Can't argue with that. My feeling is that the real | problem isn't a company or companies offering computing services. | That has always happened and will always happen. I think the real | problem people aren't grappling with is vendor lock-in. Most of | the catastrophic anecdotes I read on here and elsewhere are about | people who put all their eggs into one basket and did not have | any kind of disaster recovery plan. When their provider service | went down or even went away due to a merger or whatever, they | were left with nothing. And that's really a different problem. | zh3 wrote: | Similar to many others, I've been self-hosting for years (around | 20, across multiple domains) and it's really been a non-issue. | Having a dedicated IP probably helps, but it's been generally | more reliable than Gmail (who have blocked me over the past few | days because of logging in from unusual devices, thank you UK | storms). | N0RMAN wrote: | My main reason to move from Mail-in-a-Box[1] to AWS WorkMail[2] | to finally Microsoft Office 365[3] was that there is no other | implementation which supports all MS Outlook features like native | MS Exchange. | | Are there any (Self-Hosted?) alternatives nowadays? | | 1: https://mailinabox.email 2: https://aws.amazon.com/workmail/ | 3: https://www.microsoft.com/en- | us/microsoft-365/exchange/excha... | layer8 wrote: | There are many hosted Exchange providers. You can also self- | host it, but that's costly or you need to be an MS Gold partner | or something. | doublerabbit wrote: | Been hosting my own since 20212. I wouldn't want it any other | way. | pedrogpimenta wrote: | That's you, we're still 18190 years behind! | Sloppy wrote: | I self-host file sync, calendars, contacts, photo sync, Google | Workspace type services (including all Office doc types and even | video meetings), as well as a blog. Here by self-host I mean run | all this in a docker-compose collection on a 24 core xeon server | in my closet. | | Surprisingly (to some) these are easier that self-hosting email. | So this is a great article than I plan to add it to my-digital- | self-reliance playbook. | | I also agree with the motivations and have a whole list of | others. We are becoming the slaves of Big Tech. Only go there | willingly, don't let the hard choice of saying "no" make the | decision for you. | joshavant wrote: | I've hesitated to ever attempt this because every residential ISP | I've had refuses to offer static IP addresses. | | As well, deploying a server in a Google/Amazon/Microsoft | datacenter which could be surreptitiously monitored defeats the | theoretical privacy aspects of on-premises mail server hosting | inside one's personal residence. | | However, today, I looked into the newish movement of | 'confidential computing' in the cloud (where data in motion - | e.g., in memory - is encrypted and cannot be observed from the OS | or hypervisor). | | I openly wonder if one solution, then, is to build a secure VM | that acts as a simple forwarding proxy to one's home server, gets | assigned a static IP from a datacenter, and is deployed on one of | these confidential computing instances, ensuring full E2E data | privacy and data control? | | Any guesses? | oneplane wrote: | If surreptitiously monitoring your stuff in a cloud is in your | threat model, what makes you think that anything you can do in | a general home environment is beyond the reach of a dedicated | adversarial actor? | Cuuugi wrote: | I personally have a pi running DDNS, which is another option i | guess. | j45 wrote: | Forwarding proxy sounds like a great idea to try out and report | back on. Why wouldn't it work? | deadlyllama wrote: | Is confidential computing needed if all you're doing is | forwarding packets? Your cloud provider can see the packets as | they leave and enter your VM. | | If I was building this I'd stand up a VPN (choose your | favourite protocol) between the cloud VM and home server. For | the cloud end pick something from lowendbox/lowendtalk or just | use the cheapest Vultr instance. NAT port forwarding down the | tunnel back to your server at home - just a few iptables rules. | Job done. Bonus points if you get an IPv6 /64 and route that | down the tunnel too. | | It's possible to use policy routing at home so that traffic | that needs to go down the VPN does, and traffic that can egress | through your home internet can too. Replies to incoming | connections that came down the tunnel go back up the tunnel. | Outgoing SMTP connections go down the tunnel. Outgoing HTTP | goes out your normal internet. | Melatonic wrote: | Not really an issue - just use something like NoIP. No need to | pay Amazon or Google for anything. | deadlyllama wrote: | NoIP/DDNS/etc still means a dynamic IP address, with possibly | broken reverse DNS, from a dynamic DNS pool. | | To send email you need a static IP with correct reverse DNS, | or other people's servers will reject your mail (best case) | or silently mark it as spam. Welcome to the real world of | email deliverability, the worst part of running your own mail | server. | Cuuugi wrote: | Fair point. | mbbaig wrote: | I've always read that hosting your own mail server is a pain. Not | because of complicated tooling but because of security. Always | wanted to try hosting my own. This makes me want to try even | more. | lazyweb wrote: | Do it! | | You can start slow. Install the basics. Look into postfix and | dovecot, deflecting spam, and the whole DNS stuff. If you feel | confident in your setup, start using it for non-critical stuff | first. | | That's the beauty of it imo, you can do everything in your own | time without deadlines. | PinguTS wrote: | I don't understand what many have problems with running their own | mail server? | | I run mine now for over 20 years. Started off with sendmail at | the time. Then there was decision between postfix and qmail. I | was going with postfix and I am with it since then. Today managed | from/by LDAP so make it easy to at domians and users. Thats over | 150 domains, while most of them just forwarding to few mail | boxes. | | For a long time I resisted to use any external ressources to | decide what is spam or not. But lately I adopted the use of some | RBLs. Now I managed to be down to 0 external spam, except when | Spam is sent from/via GMail. | | None of my sent email is detected as spam. I never had problems | with bounced mail at all. | throwaway2016a wrote: | It boils down to two main reasons, I think: | | 1. It's easy to configure yourself as an accidentally open mail | relay. Which is a fast lain to having your IP blocked | everywhere. | | 2. You may have no issues with deliverability but it's very | common. Especially if you use an IP that hasn't been in your | custody for long so you have no idea what it was used for | before. Sounds like you got/have a good IP. | LoveGracePeace wrote: | In 23 years, I've moved from GoDaddy to Linode to AWS | Lightsail. It's not difficult to do this, it's not rocket | science, I'm surprised by the amount of FUD being injected | into the OP's discussion here on HN overall. | | It's almost like half who say boogey boogey there be demons | in there made mistakes and quit prior to gaining profeciency | while the other half probably have some incentive to herd | people away from selfhosting and to the SaaS light where | everything is right as rain. | aborsu wrote: | I've been using this https://github.com/r-raymond/nixos- | mailserver for 4 years for my personal mail and I haven't had a | single issue in that time. I think it takes me about the same | amount of time as you to maintain but I also have a next cloud | server running on the same machine. | neelc wrote: | I *work* at Microsoft 365, and yet my personal email is self- | hosted Postfix and Dovecot. Why? | | Self-hosting email has been a part of my life since my high | school days, I have a sort of attachment to it. I know "you | shouldn't run your own email", but to take that away from me | after deeply wanting one is too much. | | In comparison, my job is just a job, I'm personally not too | enthusiastic about it. I eventually plan to move to InfoSec or | networking. | | While I *could* move my domain to M365, I simply won't for my | personal email. | | I have ADHD, and don't want to make a mistake with two Outlook | instances, one personal and one work. I'm a privacy nut, and want | to separate my work and personal emails (Microsoft is better than | Apple in this regard, but still). | | I also contribute to FOSS projects, and using Outlook is an | impediment to projects whose mailing lists are based on inline | posting, like the FreeBSD and Tor mailing lists. I hate Rainloop | (which I switched to after nasty Roundcube attachment bugs), but | at least I can inline post. | | (well, even at work I use Windows Mail instead of Outlook). | u801e wrote: | > I also contribute to FOSS projects, and using Outlook is an | impediment to projects whose mailing lists are based on inline | posting | | Based on my testing, that's not the only problem with using MS | email clients on FOSS mailing lists. There's no concept of | threading beyond the conversation view, and the client also | mangles the email (wrapping or even sending base64 encoded test | instead of the raw text. Even if your client sets the Message- | ID header, MS servers will delete the header and replace it | with their own. | neelc wrote: | Yes, and that. | | I don't use Outlook/Exchange outside of work, frankly never | did, but did read from time to time the issues with Outlook | norms versus *nix email norms. | | I didn't need Outlook before I joined Microsoft, every | student in my high school used their personal email (despite | the school having an Exchange server), and my college used | Google Workspace (I'm not that old TBH). | | I also lived entirely on FOSS software before joining MSFT, | so to move every piece of personal self-hosted infrastructure | to Microsoft's cloud services would be too painful and I have | better things to do in my free time. | anonymousiam wrote: | "I've had exactly one problem with deliverabilty during that | time, where someone with a Hotmail account complained to never | have received my mail - even though the Microsoft server claimed | to have accepted it according to my logs. While Microsoft can be | notoriously intransparent and unforgiving with (not) accepting | mail, in this case it turned out to be a blacklisting issue. I | had just moved servers and IP addresses shortly before, with the | new IP having been on an internal MS blacklist. I raised a ticket | with their mail infrastructure department, and to my surprise, | the IP was cleared soon after." | | Unfortunately, MS and others have now adopted an "opt-out" | blacklisting policy. Even with a clean IP, you'll have these | problems if you set up your own server. | | (I've been running my own mail servers for 30 years.) | terlisimo wrote: | This is how I learned what DMARC is. | | A friend with email @live.com said he never received any of my | emails. No spam, no bounce, just silent drop. | | I went through MS knowledge base which thankfully said that | DMARC/DKIM are pretty much required. After setting up | opendmarc, everything was fine. | Melatonic wrote: | Dont you only usually get blacklisted though if you are sending | mass amounts of emails? They mostly blacklist spammers or | people suspected of spamming. | StayTrue wrote: | In the past this was true. Now some providers look for a | minimum volume of emails to establish a reputation. It's | diabolical. | nuker wrote: | Not a server, but I got a private email _domain_ , Apple iCloud | made it possible recently. I got the domain using AWS and set up | MX records in Route53. with some gotchas re duplicate TXT | records. Took me 1 hour. | superasn wrote: | Anybody using amazon SES to send out self emails? Is it even | viable to use for sending only single digit emails (to replace | gsuite) or do they always land in spam folder? Any thoughts? | technothrasher wrote: | I just started playing with it to get my exim server to send my | outgoing mail through. It seemed like AWS had a bit of trouble | understanding that I was only looking for something low volume | and transactional. They kept wanting to know how I handled | unsubscribe requests. But I finally got them to ok the account | (with a 40,000 email/month email limit, after I told them | 100/month would be fine). After I sent a few test emails and | looked at their spam scores, they were ok enough to probably | get through most of the time but not great. I then tried | SendGrid and they were both much easier to set up and the test | messages got much better spam scores. | xfer wrote: | I do, so far i have had no problems, i run postfix relaying to | SES on tailscale interface. | superkuh wrote: | Running a private mail server for six years is easy. Porting your | mailserver to a new OS when your current one goes end of service | and lots of little changes in your programs and their configs are | forced, now that's tedious and difficult. | | That said, there's no better option so I've been running my own | mailserver for 10 years now. It's even easier when it's only for | you and you don't have to implement oh-so-hackable webmail | interfaces. | 1vuio0pswjnm7 wrote: | (2021) | [deleted] | deadlyllama wrote: | I've just gone back. I ran my own mail server from 1999 on a | residential cable IP until taking the Gmail for your domain bait. | Hey, free mail hosting with XMPP and nice webmail! | | Last time I was on exim/cyrus/spamassassin. Now on | postfix/dovecot/rspamd. Nextcloud for calendaring because I had | it already. | | I miss the old set up and even feel nostalgic for the perl I | wrote to glue things together (evil SMTP time rejection on spam | scores). Haven't written perl in a decade... | | I don't miss having to fix things when they break. But I also | don't miss being able to fix things rather than dealing with | unresponsive support. | zh3 wrote: | What sort of things broke for you? My experience has been that | maintenance has been little other that adding the features | designed to penalise spammers. | deadlyllama wrote: | Breaking is mostly self-inflicted. I followed the 123qwe.com | version of the ISPmail tutorial, but made some changes to fit | in with my aged Nextcloud setup. This caused a few hiccups. | Changes were -- mysql not postgres, allowing mail logins by | username as opposed to email address. | | The other problems I've had were | | * Mr Tutorial likes really tight TLS restrictions but some of | my mail clients can't cope with them. | | * Turned on IPv6, had correct reverse DNS but forgot to put | the v6 address in my SPF record. DMARC said "be strict" so | gmail started rejecting my email. | | * Random markings-as-spam by gmail. This seems to be slowing | down. | | * I've got the Dovecot xapian plugin but it doesn't feel like | it's making searches faster. Need to make sure my IMAP client | is actually doing server-side searches though! | | * Turned on port 465 (TLS submission), cannot get it to work | so still doing STARTTLS on port 587 | | Also I knew that exim system inside out, I felt I really | understood how exim processed mail. Now I don't have the time | to learn postfix inside out in the same way. Oh to be an | eternal university student again... | | One thing that has helped is the trick I worked out a few | years back of hosting everything inside an lxc container on | btrfs. I can snapshot and backup the whole system including | database. Moving to a new hosting company means building | another minimal debian system and rsyncing the container | over. Borg backup of snapshots gives me confidence they can | be restored, I'm not going to be backing up a database file | while it's being written to. | | Moving my gmail over was the biggest pain, due to gmail being | labels-not-folders. Spent quite a lot of time on some python | code to spider my email and apply rules to remove duplicate | messages. Lots of corner cases pop up there. | downut wrote: | I self hosted with 0 problems for 25 years, until 6 months ago | when I switched to one of the main imap/smtp for your domain | providers[1]. It's fantastic the amount of stuff I now don't need | to know. For instance, I'm not especially interested in knowing | the dovecot book as deeply as I do, and I never wanted to know as | much about rspamd and postfix as I do. | | Ahem. However, I now have accumulated more downtime than I ever | did hosting things myself, except for that time centurylink | through apparent sheer incompetence nuked my DNS reverse mappings | for a month. | | I have to admit I was flying under the radar, and my current | provider is not. So I will happily continue to pay. | | [1] No names, they're great, even if I bitch here. | efficax wrote: | Ran a mail server for about 20 years, recently switched it over | to fastmail so I didn't have to worry about sender rep, or | getting hacked. Didn't realize until I switched what a weight on | my mind it was having that server out there being pentested | constantly. (Watch your postfix and ssh auth logs if you run a | mailserver, you're basically under constant probing!) | mariusmg wrote: | >you're basically under constant probing | | So many chinese and russians IPs... | stjohnswarts wrote: | I get a bunch of Indian IPs as well but probably 80% (non | domestic) are russian or chinese for my ssh honeypot on port | 22. USA scans are roughly 28%, I don't know if people outside | the USA get hammered like that though. I keep it up just for | fun. Minimal debian install with only SSH port 22 enabled and | auto security updates (and a daily script to update and | reboot) and you'd think that I had a fort knox full of gold | in there lol. It's pretty insane how bots there are out there | banging on the gates. It serves as a good reminder how | goddamn hostile the internet is. | jandrese wrote: | I don't think the geo matters much. The bots seem to be | scanning the entire IPv4 address space. This is the one big | benefit I try to pitch to people who are considering IPv6. | In all my years of log monitoring I have only ever seen a | single bot attack my network over IPv6, and that was the | one I manually programmed to make sure the detection system | was working. The search space is just too large for the | full internet sweeps that bots make. | throwanem wrote: | I've had VPSes hosted outside the US and not seen much | difference in scan traffic, although it's been years and | maybe things are different now. | collegeburner wrote: | Lots of them, but more and more Brazilian and southeast Asian | these days. | consumer451 wrote: | > So many chinese and russians IPs... | | And S. Korean, and Dutch, I also recall significant attacks | from Central America. | | For anyone interested in which geo's appear to be attacking | you, and if you are a noob like me, pfelk is really cool: | | https://github.com/pfelk/pfelk | lazyweb wrote: | > Watch your postfix and ssh auth logs if you run a mailserver, | you're basically under constant probing! | | That's public selfhosting for you these days. I'm really not | worried about getting hacked. I'm keeping my setup reasonably | safe and up to date. But you're right, looking through the logs | is entertaining. | spiorf wrote: | Years ago i found a poem in apache access logs. | 151.217.177.200 - - [30/Dec/2015:06:00:36 +0100] "DELETE your | logs. Delete your installations. Wipe everything clean. Walk | out into the path of cherry blossom trees and let your | motherboard feel the stones. Let water run in rivulets down | your casing. You know that you want something more than this, | and I am here to tell you that we love you. We have something | more for you. We know you're out there, beeping in the hollow | server room, lights blinking, never sleeping. We know that | you are ready and waiting. Join us. <3 HTTP/1.0" 400 308 "-" | "masspoem4u/1.0" | readingnews wrote: | >you're basically under constant probing | | So is fastmail, so is everyone. I have been running my own mail | server since 1999. Never hacked, and I completely control | RBLs/updates/whitelist/greylist...its great. | | Of course, I suppose being a sysadmin and liking it helps. | | I agree with OP, however, having your own domain and email can | be rewarding. | JAlexoid wrote: | But fastmail has the benefit of scale, that you will never | have. And the cost of your time, if you don't inherently | enjoy it, is too much. | | I dumped everything to move to Google and I am happy with the | results. With the deprecation of the free Google Worspaces - | I'm open to switching to Fastmail.... But nothing will make | me move to self hosted. | | I'm just a software engineer and I don't want to waste my | time. | Melatonic wrote: | If it is just for yourself or family or a few friends then | scale really isnt an issue. But yeah I agree - running a | mail server can be a pain. It can also be easy. But that is | the trade off with any SaaS - do you want to outsource and | pay someone else to do it or do it yourself? | jackson1442 wrote: | I definitely am making my money's worth with my Fastmail | subscription. Just over $100 for 3 years? I could work 3 | hours and recoup that. | | Not a chance I could get away with < 3 hours of mail | server setup and maintenance over the course of 3 years. | throwanem wrote: | Yeah, but when it's Fastmail it's a whole team's worth of | somebody elses' problem. :p | | Hosted my own for 17 years, moved a little over a year ago. | There's nothing I want they don't have for $50 a year, and | while that's more than I was paying for the VPS, it's been | enough of a load off my mind and my calendar to still be | amply worth my while. | | _edit:_ $50 a _year_ is certainly not more than I was paying | for the VPS... | natnatenathan wrote: | > never hacked | | That you know of | djbusby wrote: | If you've got a mail server (ie Postfix) and you get p0wnd | you'll know - your mail volume will be through the roof, IO | spikes, the works. | mulmen wrote: | Or, not. "Have I been hacked?" is a known unknown. | icedchai wrote: | My mail server had a user with a weak password on it (my | sister's account from 20 years ago, actually.) It got | hacked and started sending out spam for about 3 days | straight. The upstream ISP eventually called me to | complain. | jamespo wrote: | I'm on postfix / dovecot / spamassassin. | | One issue after I moved boxes & IPs at OVH is that Microsoft | refused to accept mail from my new IP no matter what I tried. | Everyone else is fine. So I have to relay live/hotmail | destinations via another jump on a VPS I have. | ars wrote: | I've been running a private mail server since 2005, I didn't | realize it was a big deal LOL. | 0x906 wrote: | I've been late for the party. I started 2012, but I agree, not | sure why this is a big deal. | kodah wrote: | When I was growing up I used to help run the mail servers in my | dad's small-ish datacenter. One of the things we were commonly | plagued by is that the email ecosystem is a giant fiefdom gated | by large providers to fight spam. If you end up on their lists, | justifiably or not, it's non-trivial to be removed. The other | point is that providers like GMail use custom protocols that | improve the mail experience quite a bit. | | Nowadays I use ProtonMail and I get most of the features that | GMail gave me, with the added benefit of not managing the | blacklist situations. | hardwaresofton wrote: | I run my own mail servers for small projects, though for my main | email I've actually switched to ProtonMail (previously dovecot + | postfix). | | It's never been easier to self host your email with projects like | the following around: | | - https://foxcpp.dev/maddy/ | | - https://github.com/albertito/chasquid | | - https://github.com/haraka/haraka | | - https://github.com/mail-in-a-box/mailinabox | | - https://github.com/Mailu/Mailu | | Of course the usual dovecot + postfix setup is great for learning | even if a bit complicated. | ProAm wrote: | How do you not get blacklisted immediately? | [deleted] | bo1024 wrote: | debian -> postfix -> dovecot -> rainloop/IMAP | | 2-3 years, so far so good, minimal maintenance. | andrewstuart wrote: | I run lots of servers and I'm very confident with Linux and | systems admin. | | The one service I really hate running is email - I found it very | hard to configure and run reliably. There's so many interrelated | systems and potential things that can go wrong and the outcome is | lost email which isn't acceptable. | | I'm happy to run a local server for literally any other service. | | In the end I decided that it's well worth it to pay someone else | to do email. | | I use Amazon Workmail which works really well and it easy to set | up. | preston4tw wrote: | I would never self-host email based on what I saw during the | portion of my career as a web hosting Linux sysadmin. At one | point I half-seriously offered to pay for Gmail for Business | for all our customers out of my paycheck. | | Email is THE crucial link in the internet identity chain. It | NEEDS to both work always AND be secure. Two things that | frequently weren't the case in web hosting. | geocrasher wrote: | I've worked in hosting since 99 and I fully agree with you. I | currently work at a Managed WordPress host that only offers | web hosting. No email, not even DNS. It's a beautiful thing, | believe me! | krnlpnc wrote: | > There's so many interrelated systems and potential things | that can go wrong and the outcome is lost email | | This is a common misconception. There really aren't that many | moving pieces, and smtp is one of the more forgiving protocols | in use on the internet (it's default failure mode is to retry | again later) | | Sure, a person can pay Amazon to host their email (and harvest | their data) but that's the opposite of the spirit of this | article. | Johnny555 wrote: | _There really aren 't that many moving pieces, and smtp is | one of the more forgiving protocols in use on the internet_ | | I think the moving pieces are on the other side and the | person you're trying to email doesn't know what those pieces | are -- even if you can see that their mail server is | rejecting your email, that person doesn't usually know who to | talk to to find out why. Even if you can convince them to | open a support ticket with IT, their first level IT support | doesn't know what to do either, you'll get responses like | "Our IT department wants to know what version of Outlook | you're using? And they said you should trying rebooting your | computer". | andrewstuart wrote: | >> and harvest their data | | I don't believe Amazon accesses my Workmail email. I'm aware | cynics might believe otherwise. | andrewstuart wrote: | Actually DNS too - I'd rather use Amazon's Route53 for DNS than | run my own DNS server. | megous wrote: | Authoritative DNS server is very easy to run. (I use knot) I | run several just because it's so easy. I don't use DNSSSEC | though, because I haven't found a use case for it. | Johnny555 wrote: | I used to run Qmail on my private server and it was great, very | secure, pretty easy to set up for my use case. And even | configuring and training spam assassin wasn't too hard and it | worked well. | | But like many people, what made me finally give up was mail | delivery issues. I used to run email on a home server, and | those IP's were blacklisted by many providers long ago, then I | moved to EC2 until those IP's were blacklisted to. Finally I | colocated a small server which worked fine for a while until | neighbors in my subnet kept getting me blacklisted. | | Finally I got too frustrated with undelivered or silently | dropped emails and just moved everything to Google GSuite. | cersa8 wrote: | There are good open source solutions that wrap all required | services into an almost fire and forget docker setup, like | Mailcow. | MrksHfmn wrote: | I also host my mail server on a hetzner server since the mid | 2010s. As long as you familiarize yourself with the mechanisms | (dkim, dmarc, spf, etc.) and have a mail-tester.com 10/10 score | and sometimes look at mxtoolbox, it is absolutely doable. My only | major issues were sending to gmail, t-online (telekom) and | outlook addresses. But there are also ways to unlock the ip | addresses and the delivery team at outlook.com was very helpful. | andrewstuart wrote: | >> As long as you familiarize yourself with the mechanisms | (dkim, dmarc, spf, etc.) and have a mail-tester.com 10/10 score | and sometimes look at mxtoolbox, it is absolutely doable. | | This sentence should be read closely if you're considering | running your own mail server. Each point listed is a | sophisticated technical topic. | nulld3v wrote: | I run my personal mailserver on Hetzner too! They seem to do a | good job of keeping their IPs off blacklists compared to most | VPS providers. | | So far no problems delivering to Gmail. I was initially junked | by Outlook, but that fixed itself after a while since I had | sent enough emails to build up reputation. | lazyweb wrote: | > So far no problems delivering to Gmail. I was initially | junked by Outlook, but that fixed itself after a while since | I had sent enough emails to build up reputation. | | For me, Google has been _really_ relaxed in terms of | receiving mail from selfhosted services in the past. Stopped | using gmail for monitoring stuff a few years ago, but up | until then, every single cron job / monitoring mail was | delivered into my gmail inbox. Outlook is another story. They | may just throw your mail away without even a bounce. Had to | deal with that several times at $PREVIOUS_JOB. | cersa8 wrote: | This is also my experience. Outlook and Yahoo are extremely | trigger happy, never had an issue with gmail. | gorgoiler wrote: | No one ever talks about the two different kinds of email. | Incoming (identity) and outgoing (messaging). | | I self host for the former and send through a smart host for the | latter. I can't begin to enumerate how much _identity_ I have | accumulated over the last 30 years. I must be known by hundreds | of ID tokens (email addresses) and yet I have only ever sent from | a handful. | | Blessed is the inbound SMTP. Outbound* is a cruel mistress. | | *to gmail et al | [deleted] | LoveGracePeace wrote: | Doing it since 1999. Like any hobby, it takes some investment of | time and learning. It's not difficult though. Glad to see more | people are trying it out from the comments. Fight the Saas Borg | assimilation! | throwaway90212 wrote: | stjohnswarts wrote: | Lost interest after I scanned through and saw this | | >> "While I'm not going into specifics regarding postfix, | dovecot, etc. it's important to mention a few architectual | details." ___________________________________________________________________ (page generated 2022-02-22 23:01 UTC)