[HN Gopher] Running a private mail server for six years, easy peasy
___________________________________________________________________
Running a private mail server for six years, easy peasy
Author : lazyweb
Score : 136 points
Date : 2022-02-22 15:11 UTC (7 hours ago)
(HTM) web link (schumacher.sh)
(TXT) w3m dump (schumacher.sh)
| krnlpnc wrote:
| Happy to see the support for self-hosting mail.
|
| I think the fear of self-hosting mail that many people have can
| be treated simply by trying it on a non-critical domain. Yes
| there are hoops that must be jumped through to ensure reliable
| delivery, but it's well worth it to gain an understanding of how
| they all work together.
| mindslight wrote:
| It's amazing how much the experiences of mail hosting vary.
| I've run my own email for decades and have never had the kind
| of deliverability problems that people seem to go on about.
| I've had the occasional isolated incident (perhaps like 6 in
| 20+ years), and if I'm sending a critical business message I
| often tail the log to make sure it actually goes out. But in
| general it's been quite straightforward.
|
| It's also worth noting that even if deliverability is a
| problem, that doesn't affect incoming messages! So you can most
| certainly grab your own domain, create a subdomain for account
| validation emails, and mitigate the single point of failure for
| your online life.
| spkm wrote:
| I absolutely agree. I'm also self-hosting all sorts of stuff,
| including mail (opensmtpd, dovecot) and never really had a
| problem. At some point a mail to telekom.de was refused by the
| telekom because of my IP (I host on a kimsufi/OVH box). However,
| after contacting telekom about it they immediately removed me
| from the blacklist and it works fine ever since.
| StayTrue wrote:
| I've been running my own email since forever (and over UUCP
| before that) and always considered it easy too. However starting
| this year I'm paying for an SMTP relay so my outbound mails share
| transit with other relay users', making them less likely to be IP
| blocked by Microsoft.
| Sloppy wrote:
| sounds like a good solution, can you share a few details?
| StayTrue wrote:
| I use Postfix for SMTP. Inbound emails arrive directly at my
| server without any intermediary. Outbound emails use Postfix
| sender_dependent_default_transport_maps, which routes
| outbound emails via mailgun. I use this method because I host
| multiple domains and it lets me use domain-specific
| credentials with the SMTP relay. Outbound routing could be
| done using the same credentials for all domains but that
| causes some unnecessary pollution in message envelopes.
| LoveGracePeace wrote:
| I got blocklisted by Microsoft one time, I filled out the
| following form, it was cleared in a day or two, have not seen
| any issues since.
|
| https://support.microsoft.com/en-us/supportrequestform/8ad56...
| vsviridov wrote:
| I've been running my mail server for about 15 years, give or
| take. First with qmail/dovecot/squirrelmail and now with
| postfix/dovecot/roundcube.
|
| Mostly smooth sailing.
| shaky-carrousel wrote:
| Oh, hello twin brother! I did exactly that. But the first part
| was for a company. How times have changed eh? The bulletproof
| aura of qmail and the ugliness of squirrelmail. Memories...
| throwanem wrote:
| The thing about qmail in my experience is that it's no nicer
| to its own administrators than to anyone else in the world,
| which checks out given who wrote it but led me to quickly
| develop a strong preference for Postfix.
| zh3 wrote:
| Dovecot works so well, I've almost forgotten it's there for the
| many years I've been using it for local mail handling.
| pengaru wrote:
| Been self-hosting my email for 23 years... for better or worse.
|
| To think even RedHat hasn't self-hosted their email for ages,
| definitely back to pre-IBM days.
|
| Makes me wonder which major distros are still dogfooding the mail
| server software they ship.
| Scramblejams wrote:
| I run my own mail server. Friends & family, so outbound volume is
| super low, like 2-3 digits/day, not enough to get a rep.
| Deliverability was always hard to one of the major providers
| until I happened to make the right connection on HN to someone
| who worked there, and she graciously opened an internal ticket,
| asked some questions about the subnet my server was on, and it's
| been fine ever since.
|
| Setting aside the fairness of how I got my deliverability problem
| solved, this now makes me really reluctant to move IPs. :-/
|
| Any tips on IPs where people are seeing excellent deliverability?
| I'd like to avoid routing my outbound email through one of the
| email providers (Mailgun, SES, etc) if I can.
| Melatonic wrote:
| Use a service like NoIP. You choose a hostname and off you go!
| tedunangst wrote:
| Yeah, don't think that's going to help.
| lazyweb wrote:
| > Any tips on IPs where people are seeing excellent
| deliverability? I'd like to avoid routing my outbound email
| through one of the email providers (Mailgun, SES, etc) if I
| can.
|
| I've moved my domain / mailserver a few times between Hetzner
| IPs when migrating to new servers. Went smoothly, but I make
| sure to check the new IP with common greylists before moving my
| mail setup. Other than that, make sure your DNS setup is clean
| and use Hetzner :) But I'm sure you have your own strategies.
| callesgg wrote:
| If you buy your own ip range you will be fine.
|
| I used to work at a company who owned 128 address and the
| mail server was one one of them. A Whois lookup of the mail
| server IP gave my old boss as a contact person. Not just some
| random ISP.
|
| We did not setup DKIM until maybe 2014 and that was not
| really necessary from a outgoing mail perspective cause we
| never got emails bounced.
| collegeburner wrote:
| That requires colo, I think? So more work for self-hosting
| and maybe expensive.
| Scramblejams wrote:
| I don't need many IPs, any tips on what it takes to own a
| /29 and how to go about buying it?
| collegeburner wrote:
| Can anybody recommend a hosting/VPS provider who does very
| careful monitoring of ip space and has strict vetting to avoid
| bad reputation? I have similar issues, though no magical
| connected person, so maybe helpful to move to somebody who does
| this.
| oneplane wrote:
| This has been a very hard problem to solve, mostly because of
| the ways in which delivery problems have to be solved (support
| mailboxes, abuse portals etc.) where unless you are 'big' you
| are not going to get the priority needed to get delivery back
| on track in a reasonable time at reasonable scale. Very
| annoying situation to be in.
| fiddlerwoaroof wrote:
| I run a mail server on Digital Ocean and I've never had
| deliverability issues with the big email providers. I had
| issues once with a self-hosted exchange server and with one of
| the ISP-provided email addresses.
| martyvis wrote:
| Not wanting to sound all bleak, but what's the continuity plan
| in the event you are unable to administrate the domain at no
| notice? Presumably friends and family at least have some
| alternate cloud email?
| Scramblejams wrote:
| One of my motivations to move it is to make it easier for
| someone else to take over in such an event.
| softwarebeware wrote:
| > personally, it fills me with satisfaction to self-host my own
| infrastructure, my little internet island where I'm root,
| especially in times of mega corporations trying (and succeeding)
| in redefining "the internet" as a portfolio of services only they
| can offer, with little alternative.
|
| Sounds great! Can't argue with that. My feeling is that the real
| problem isn't a company or companies offering computing services.
| That has always happened and will always happen. I think the real
| problem people aren't grappling with is vendor lock-in. Most of
| the catastrophic anecdotes I read on here and elsewhere are about
| people who put all their eggs into one basket and did not have
| any kind of disaster recovery plan. When their provider service
| went down or even went away due to a merger or whatever, they
| were left with nothing. And that's really a different problem.
| zh3 wrote:
| Similar to many others, I've been self-hosting for years (around
| 20, across multiple domains) and it's really been a non-issue.
| Having a dedicated IP probably helps, but it's been generally
| more reliable than Gmail (who have blocked me over the past few
| days because of logging in from unusual devices, thank you UK
| storms).
| N0RMAN wrote:
| My main reason to move from Mail-in-a-Box[1] to AWS WorkMail[2]
| to finally Microsoft Office 365[3] was that there is no other
| implementation which supports all MS Outlook features like native
| MS Exchange.
|
| Are there any (Self-Hosted?) alternatives nowadays?
|
| 1: https://mailinabox.email 2: https://aws.amazon.com/workmail/
| 3: https://www.microsoft.com/en-
| us/microsoft-365/exchange/excha...
| layer8 wrote:
| There are many hosted Exchange providers. You can also self-
| host it, but that's costly or you need to be an MS Gold partner
| or something.
| doublerabbit wrote:
| Been hosting my own since 20212. I wouldn't want it any other
| way.
| pedrogpimenta wrote:
| That's you, we're still 18190 years behind!
| Sloppy wrote:
| I self-host file sync, calendars, contacts, photo sync, Google
| Workspace type services (including all Office doc types and even
| video meetings), as well as a blog. Here by self-host I mean run
| all this in a docker-compose collection on a 24 core xeon server
| in my closet.
|
| Surprisingly (to some) these are easier that self-hosting email.
| So this is a great article than I plan to add it to my-digital-
| self-reliance playbook.
|
| I also agree with the motivations and have a whole list of
| others. We are becoming the slaves of Big Tech. Only go there
| willingly, don't let the hard choice of saying "no" make the
| decision for you.
| joshavant wrote:
| I've hesitated to ever attempt this because every residential ISP
| I've had refuses to offer static IP addresses.
|
| As well, deploying a server in a Google/Amazon/Microsoft
| datacenter which could be surreptitiously monitored defeats the
| theoretical privacy aspects of on-premises mail server hosting
| inside one's personal residence.
|
| However, today, I looked into the newish movement of
| 'confidential computing' in the cloud (where data in motion -
| e.g., in memory - is encrypted and cannot be observed from the OS
| or hypervisor).
|
| I openly wonder if one solution, then, is to build a secure VM
| that acts as a simple forwarding proxy to one's home server, gets
| assigned a static IP from a datacenter, and is deployed on one of
| these confidential computing instances, ensuring full E2E data
| privacy and data control?
|
| Any guesses?
| oneplane wrote:
| If surreptitiously monitoring your stuff in a cloud is in your
| threat model, what makes you think that anything you can do in
| a general home environment is beyond the reach of a dedicated
| adversarial actor?
| Cuuugi wrote:
| I personally have a pi running DDNS, which is another option i
| guess.
| j45 wrote:
| Forwarding proxy sounds like a great idea to try out and report
| back on. Why wouldn't it work?
| deadlyllama wrote:
| Is confidential computing needed if all you're doing is
| forwarding packets? Your cloud provider can see the packets as
| they leave and enter your VM.
|
| If I was building this I'd stand up a VPN (choose your
| favourite protocol) between the cloud VM and home server. For
| the cloud end pick something from lowendbox/lowendtalk or just
| use the cheapest Vultr instance. NAT port forwarding down the
| tunnel back to your server at home - just a few iptables rules.
| Job done. Bonus points if you get an IPv6 /64 and route that
| down the tunnel too.
|
| It's possible to use policy routing at home so that traffic
| that needs to go down the VPN does, and traffic that can egress
| through your home internet can too. Replies to incoming
| connections that came down the tunnel go back up the tunnel.
| Outgoing SMTP connections go down the tunnel. Outgoing HTTP
| goes out your normal internet.
| Melatonic wrote:
| Not really an issue - just use something like NoIP. No need to
| pay Amazon or Google for anything.
| deadlyllama wrote:
| NoIP/DDNS/etc still means a dynamic IP address, with possibly
| broken reverse DNS, from a dynamic DNS pool.
|
| To send email you need a static IP with correct reverse DNS,
| or other people's servers will reject your mail (best case)
| or silently mark it as spam. Welcome to the real world of
| email deliverability, the worst part of running your own mail
| server.
| Cuuugi wrote:
| Fair point.
| mbbaig wrote:
| I've always read that hosting your own mail server is a pain. Not
| because of complicated tooling but because of security. Always
| wanted to try hosting my own. This makes me want to try even
| more.
| lazyweb wrote:
| Do it!
|
| You can start slow. Install the basics. Look into postfix and
| dovecot, deflecting spam, and the whole DNS stuff. If you feel
| confident in your setup, start using it for non-critical stuff
| first.
|
| That's the beauty of it imo, you can do everything in your own
| time without deadlines.
| PinguTS wrote:
| I don't understand what many have problems with running their own
| mail server?
|
| I run mine now for over 20 years. Started off with sendmail at
| the time. Then there was decision between postfix and qmail. I
| was going with postfix and I am with it since then. Today managed
| from/by LDAP so make it easy to at domians and users. Thats over
| 150 domains, while most of them just forwarding to few mail
| boxes.
|
| For a long time I resisted to use any external ressources to
| decide what is spam or not. But lately I adopted the use of some
| RBLs. Now I managed to be down to 0 external spam, except when
| Spam is sent from/via GMail.
|
| None of my sent email is detected as spam. I never had problems
| with bounced mail at all.
| throwaway2016a wrote:
| It boils down to two main reasons, I think:
|
| 1. It's easy to configure yourself as an accidentally open mail
| relay. Which is a fast lain to having your IP blocked
| everywhere.
|
| 2. You may have no issues with deliverability but it's very
| common. Especially if you use an IP that hasn't been in your
| custody for long so you have no idea what it was used for
| before. Sounds like you got/have a good IP.
| LoveGracePeace wrote:
| In 23 years, I've moved from GoDaddy to Linode to AWS
| Lightsail. It's not difficult to do this, it's not rocket
| science, I'm surprised by the amount of FUD being injected
| into the OP's discussion here on HN overall.
|
| It's almost like half who say boogey boogey there be demons
| in there made mistakes and quit prior to gaining profeciency
| while the other half probably have some incentive to herd
| people away from selfhosting and to the SaaS light where
| everything is right as rain.
| aborsu wrote:
| I've been using this https://github.com/r-raymond/nixos-
| mailserver for 4 years for my personal mail and I haven't had a
| single issue in that time. I think it takes me about the same
| amount of time as you to maintain but I also have a next cloud
| server running on the same machine.
| neelc wrote:
| I *work* at Microsoft 365, and yet my personal email is self-
| hosted Postfix and Dovecot. Why?
|
| Self-hosting email has been a part of my life since my high
| school days, I have a sort of attachment to it. I know "you
| shouldn't run your own email", but to take that away from me
| after deeply wanting one is too much.
|
| In comparison, my job is just a job, I'm personally not too
| enthusiastic about it. I eventually plan to move to InfoSec or
| networking.
|
| While I *could* move my domain to M365, I simply won't for my
| personal email.
|
| I have ADHD, and don't want to make a mistake with two Outlook
| instances, one personal and one work. I'm a privacy nut, and want
| to separate my work and personal emails (Microsoft is better than
| Apple in this regard, but still).
|
| I also contribute to FOSS projects, and using Outlook is an
| impediment to projects whose mailing lists are based on inline
| posting, like the FreeBSD and Tor mailing lists. I hate Rainloop
| (which I switched to after nasty Roundcube attachment bugs), but
| at least I can inline post.
|
| (well, even at work I use Windows Mail instead of Outlook).
| u801e wrote:
| > I also contribute to FOSS projects, and using Outlook is an
| impediment to projects whose mailing lists are based on inline
| posting
|
| Based on my testing, that's not the only problem with using MS
| email clients on FOSS mailing lists. There's no concept of
| threading beyond the conversation view, and the client also
| mangles the email (wrapping or even sending base64 encoded test
| instead of the raw text. Even if your client sets the Message-
| ID header, MS servers will delete the header and replace it
| with their own.
| neelc wrote:
| Yes, and that.
|
| I don't use Outlook/Exchange outside of work, frankly never
| did, but did read from time to time the issues with Outlook
| norms versus *nix email norms.
|
| I didn't need Outlook before I joined Microsoft, every
| student in my high school used their personal email (despite
| the school having an Exchange server), and my college used
| Google Workspace (I'm not that old TBH).
|
| I also lived entirely on FOSS software before joining MSFT,
| so to move every piece of personal self-hosted infrastructure
| to Microsoft's cloud services would be too painful and I have
| better things to do in my free time.
| anonymousiam wrote:
| "I've had exactly one problem with deliverabilty during that
| time, where someone with a Hotmail account complained to never
| have received my mail - even though the Microsoft server claimed
| to have accepted it according to my logs. While Microsoft can be
| notoriously intransparent and unforgiving with (not) accepting
| mail, in this case it turned out to be a blacklisting issue. I
| had just moved servers and IP addresses shortly before, with the
| new IP having been on an internal MS blacklist. I raised a ticket
| with their mail infrastructure department, and to my surprise,
| the IP was cleared soon after."
|
| Unfortunately, MS and others have now adopted an "opt-out"
| blacklisting policy. Even with a clean IP, you'll have these
| problems if you set up your own server.
|
| (I've been running my own mail servers for 30 years.)
| terlisimo wrote:
| This is how I learned what DMARC is.
|
| A friend with email @live.com said he never received any of my
| emails. No spam, no bounce, just silent drop.
|
| I went through MS knowledge base which thankfully said that
| DMARC/DKIM are pretty much required. After setting up
| opendmarc, everything was fine.
| Melatonic wrote:
| Dont you only usually get blacklisted though if you are sending
| mass amounts of emails? They mostly blacklist spammers or
| people suspected of spamming.
| StayTrue wrote:
| In the past this was true. Now some providers look for a
| minimum volume of emails to establish a reputation. It's
| diabolical.
| nuker wrote:
| Not a server, but I got a private email _domain_ , Apple iCloud
| made it possible recently. I got the domain using AWS and set up
| MX records in Route53. with some gotchas re duplicate TXT
| records. Took me 1 hour.
| superasn wrote:
| Anybody using amazon SES to send out self emails? Is it even
| viable to use for sending only single digit emails (to replace
| gsuite) or do they always land in spam folder? Any thoughts?
| technothrasher wrote:
| I just started playing with it to get my exim server to send my
| outgoing mail through. It seemed like AWS had a bit of trouble
| understanding that I was only looking for something low volume
| and transactional. They kept wanting to know how I handled
| unsubscribe requests. But I finally got them to ok the account
| (with a 40,000 email/month email limit, after I told them
| 100/month would be fine). After I sent a few test emails and
| looked at their spam scores, they were ok enough to probably
| get through most of the time but not great. I then tried
| SendGrid and they were both much easier to set up and the test
| messages got much better spam scores.
| xfer wrote:
| I do, so far i have had no problems, i run postfix relaying to
| SES on tailscale interface.
| superkuh wrote:
| Running a private mail server for six years is easy. Porting your
| mailserver to a new OS when your current one goes end of service
| and lots of little changes in your programs and their configs are
| forced, now that's tedious and difficult.
|
| That said, there's no better option so I've been running my own
| mailserver for 10 years now. It's even easier when it's only for
| you and you don't have to implement oh-so-hackable webmail
| interfaces.
| 1vuio0pswjnm7 wrote:
| (2021)
| [deleted]
| deadlyllama wrote:
| I've just gone back. I ran my own mail server from 1999 on a
| residential cable IP until taking the Gmail for your domain bait.
| Hey, free mail hosting with XMPP and nice webmail!
|
| Last time I was on exim/cyrus/spamassassin. Now on
| postfix/dovecot/rspamd. Nextcloud for calendaring because I had
| it already.
|
| I miss the old set up and even feel nostalgic for the perl I
| wrote to glue things together (evil SMTP time rejection on spam
| scores). Haven't written perl in a decade...
|
| I don't miss having to fix things when they break. But I also
| don't miss being able to fix things rather than dealing with
| unresponsive support.
| zh3 wrote:
| What sort of things broke for you? My experience has been that
| maintenance has been little other that adding the features
| designed to penalise spammers.
| deadlyllama wrote:
| Breaking is mostly self-inflicted. I followed the 123qwe.com
| version of the ISPmail tutorial, but made some changes to fit
| in with my aged Nextcloud setup. This caused a few hiccups.
| Changes were -- mysql not postgres, allowing mail logins by
| username as opposed to email address.
|
| The other problems I've had were
|
| * Mr Tutorial likes really tight TLS restrictions but some of
| my mail clients can't cope with them.
|
| * Turned on IPv6, had correct reverse DNS but forgot to put
| the v6 address in my SPF record. DMARC said "be strict" so
| gmail started rejecting my email.
|
| * Random markings-as-spam by gmail. This seems to be slowing
| down.
|
| * I've got the Dovecot xapian plugin but it doesn't feel like
| it's making searches faster. Need to make sure my IMAP client
| is actually doing server-side searches though!
|
| * Turned on port 465 (TLS submission), cannot get it to work
| so still doing STARTTLS on port 587
|
| Also I knew that exim system inside out, I felt I really
| understood how exim processed mail. Now I don't have the time
| to learn postfix inside out in the same way. Oh to be an
| eternal university student again...
|
| One thing that has helped is the trick I worked out a few
| years back of hosting everything inside an lxc container on
| btrfs. I can snapshot and backup the whole system including
| database. Moving to a new hosting company means building
| another minimal debian system and rsyncing the container
| over. Borg backup of snapshots gives me confidence they can
| be restored, I'm not going to be backing up a database file
| while it's being written to.
|
| Moving my gmail over was the biggest pain, due to gmail being
| labels-not-folders. Spent quite a lot of time on some python
| code to spider my email and apply rules to remove duplicate
| messages. Lots of corner cases pop up there.
| downut wrote:
| I self hosted with 0 problems for 25 years, until 6 months ago
| when I switched to one of the main imap/smtp for your domain
| providers[1]. It's fantastic the amount of stuff I now don't need
| to know. For instance, I'm not especially interested in knowing
| the dovecot book as deeply as I do, and I never wanted to know as
| much about rspamd and postfix as I do.
|
| Ahem. However, I now have accumulated more downtime than I ever
| did hosting things myself, except for that time centurylink
| through apparent sheer incompetence nuked my DNS reverse mappings
| for a month.
|
| I have to admit I was flying under the radar, and my current
| provider is not. So I will happily continue to pay.
|
| [1] No names, they're great, even if I bitch here.
| efficax wrote:
| Ran a mail server for about 20 years, recently switched it over
| to fastmail so I didn't have to worry about sender rep, or
| getting hacked. Didn't realize until I switched what a weight on
| my mind it was having that server out there being pentested
| constantly. (Watch your postfix and ssh auth logs if you run a
| mailserver, you're basically under constant probing!)
| mariusmg wrote:
| >you're basically under constant probing
|
| So many chinese and russians IPs...
| stjohnswarts wrote:
| I get a bunch of Indian IPs as well but probably 80% (non
| domestic) are russian or chinese for my ssh honeypot on port
| 22. USA scans are roughly 28%, I don't know if people outside
| the USA get hammered like that though. I keep it up just for
| fun. Minimal debian install with only SSH port 22 enabled and
| auto security updates (and a daily script to update and
| reboot) and you'd think that I had a fort knox full of gold
| in there lol. It's pretty insane how bots there are out there
| banging on the gates. It serves as a good reminder how
| goddamn hostile the internet is.
| jandrese wrote:
| I don't think the geo matters much. The bots seem to be
| scanning the entire IPv4 address space. This is the one big
| benefit I try to pitch to people who are considering IPv6.
| In all my years of log monitoring I have only ever seen a
| single bot attack my network over IPv6, and that was the
| one I manually programmed to make sure the detection system
| was working. The search space is just too large for the
| full internet sweeps that bots make.
| throwanem wrote:
| I've had VPSes hosted outside the US and not seen much
| difference in scan traffic, although it's been years and
| maybe things are different now.
| collegeburner wrote:
| Lots of them, but more and more Brazilian and southeast Asian
| these days.
| consumer451 wrote:
| > So many chinese and russians IPs...
|
| And S. Korean, and Dutch, I also recall significant attacks
| from Central America.
|
| For anyone interested in which geo's appear to be attacking
| you, and if you are a noob like me, pfelk is really cool:
|
| https://github.com/pfelk/pfelk
| lazyweb wrote:
| > Watch your postfix and ssh auth logs if you run a mailserver,
| you're basically under constant probing!
|
| That's public selfhosting for you these days. I'm really not
| worried about getting hacked. I'm keeping my setup reasonably
| safe and up to date. But you're right, looking through the logs
| is entertaining.
| spiorf wrote:
| Years ago i found a poem in apache access logs.
| 151.217.177.200 - - [30/Dec/2015:06:00:36 +0100] "DELETE your
| logs. Delete your installations. Wipe everything clean. Walk
| out into the path of cherry blossom trees and let your
| motherboard feel the stones. Let water run in rivulets down
| your casing. You know that you want something more than this,
| and I am here to tell you that we love you. We have something
| more for you. We know you're out there, beeping in the hollow
| server room, lights blinking, never sleeping. We know that
| you are ready and waiting. Join us. <3 HTTP/1.0" 400 308 "-"
| "masspoem4u/1.0"
| readingnews wrote:
| >you're basically under constant probing
|
| So is fastmail, so is everyone. I have been running my own mail
| server since 1999. Never hacked, and I completely control
| RBLs/updates/whitelist/greylist...its great.
|
| Of course, I suppose being a sysadmin and liking it helps.
|
| I agree with OP, however, having your own domain and email can
| be rewarding.
| JAlexoid wrote:
| But fastmail has the benefit of scale, that you will never
| have. And the cost of your time, if you don't inherently
| enjoy it, is too much.
|
| I dumped everything to move to Google and I am happy with the
| results. With the deprecation of the free Google Worspaces -
| I'm open to switching to Fastmail.... But nothing will make
| me move to self hosted.
|
| I'm just a software engineer and I don't want to waste my
| time.
| Melatonic wrote:
| If it is just for yourself or family or a few friends then
| scale really isnt an issue. But yeah I agree - running a
| mail server can be a pain. It can also be easy. But that is
| the trade off with any SaaS - do you want to outsource and
| pay someone else to do it or do it yourself?
| jackson1442 wrote:
| I definitely am making my money's worth with my Fastmail
| subscription. Just over $100 for 3 years? I could work 3
| hours and recoup that.
|
| Not a chance I could get away with < 3 hours of mail
| server setup and maintenance over the course of 3 years.
| throwanem wrote:
| Yeah, but when it's Fastmail it's a whole team's worth of
| somebody elses' problem. :p
|
| Hosted my own for 17 years, moved a little over a year ago.
| There's nothing I want they don't have for $50 a year, and
| while that's more than I was paying for the VPS, it's been
| enough of a load off my mind and my calendar to still be
| amply worth my while.
|
| _edit:_ $50 a _year_ is certainly not more than I was paying
| for the VPS...
| natnatenathan wrote:
| > never hacked
|
| That you know of
| djbusby wrote:
| If you've got a mail server (ie Postfix) and you get p0wnd
| you'll know - your mail volume will be through the roof, IO
| spikes, the works.
| mulmen wrote:
| Or, not. "Have I been hacked?" is a known unknown.
| icedchai wrote:
| My mail server had a user with a weak password on it (my
| sister's account from 20 years ago, actually.) It got
| hacked and started sending out spam for about 3 days
| straight. The upstream ISP eventually called me to
| complain.
| jamespo wrote:
| I'm on postfix / dovecot / spamassassin.
|
| One issue after I moved boxes & IPs at OVH is that Microsoft
| refused to accept mail from my new IP no matter what I tried.
| Everyone else is fine. So I have to relay live/hotmail
| destinations via another jump on a VPS I have.
| ars wrote:
| I've been running a private mail server since 2005, I didn't
| realize it was a big deal LOL.
| 0x906 wrote:
| I've been late for the party. I started 2012, but I agree, not
| sure why this is a big deal.
| kodah wrote:
| When I was growing up I used to help run the mail servers in my
| dad's small-ish datacenter. One of the things we were commonly
| plagued by is that the email ecosystem is a giant fiefdom gated
| by large providers to fight spam. If you end up on their lists,
| justifiably or not, it's non-trivial to be removed. The other
| point is that providers like GMail use custom protocols that
| improve the mail experience quite a bit.
|
| Nowadays I use ProtonMail and I get most of the features that
| GMail gave me, with the added benefit of not managing the
| blacklist situations.
| hardwaresofton wrote:
| I run my own mail servers for small projects, though for my main
| email I've actually switched to ProtonMail (previously dovecot +
| postfix).
|
| It's never been easier to self host your email with projects like
| the following around:
|
| - https://foxcpp.dev/maddy/
|
| - https://github.com/albertito/chasquid
|
| - https://github.com/haraka/haraka
|
| - https://github.com/mail-in-a-box/mailinabox
|
| - https://github.com/Mailu/Mailu
|
| Of course the usual dovecot + postfix setup is great for learning
| even if a bit complicated.
| ProAm wrote:
| How do you not get blacklisted immediately?
| [deleted]
| bo1024 wrote:
| debian -> postfix -> dovecot -> rainloop/IMAP
|
| 2-3 years, so far so good, minimal maintenance.
| andrewstuart wrote:
| I run lots of servers and I'm very confident with Linux and
| systems admin.
|
| The one service I really hate running is email - I found it very
| hard to configure and run reliably. There's so many interrelated
| systems and potential things that can go wrong and the outcome is
| lost email which isn't acceptable.
|
| I'm happy to run a local server for literally any other service.
|
| In the end I decided that it's well worth it to pay someone else
| to do email.
|
| I use Amazon Workmail which works really well and it easy to set
| up.
| preston4tw wrote:
| I would never self-host email based on what I saw during the
| portion of my career as a web hosting Linux sysadmin. At one
| point I half-seriously offered to pay for Gmail for Business
| for all our customers out of my paycheck.
|
| Email is THE crucial link in the internet identity chain. It
| NEEDS to both work always AND be secure. Two things that
| frequently weren't the case in web hosting.
| geocrasher wrote:
| I've worked in hosting since 99 and I fully agree with you. I
| currently work at a Managed WordPress host that only offers
| web hosting. No email, not even DNS. It's a beautiful thing,
| believe me!
| krnlpnc wrote:
| > There's so many interrelated systems and potential things
| that can go wrong and the outcome is lost email
|
| This is a common misconception. There really aren't that many
| moving pieces, and smtp is one of the more forgiving protocols
| in use on the internet (it's default failure mode is to retry
| again later)
|
| Sure, a person can pay Amazon to host their email (and harvest
| their data) but that's the opposite of the spirit of this
| article.
| Johnny555 wrote:
| _There really aren 't that many moving pieces, and smtp is
| one of the more forgiving protocols in use on the internet_
|
| I think the moving pieces are on the other side and the
| person you're trying to email doesn't know what those pieces
| are -- even if you can see that their mail server is
| rejecting your email, that person doesn't usually know who to
| talk to to find out why. Even if you can convince them to
| open a support ticket with IT, their first level IT support
| doesn't know what to do either, you'll get responses like
| "Our IT department wants to know what version of Outlook
| you're using? And they said you should trying rebooting your
| computer".
| andrewstuart wrote:
| >> and harvest their data
|
| I don't believe Amazon accesses my Workmail email. I'm aware
| cynics might believe otherwise.
| andrewstuart wrote:
| Actually DNS too - I'd rather use Amazon's Route53 for DNS than
| run my own DNS server.
| megous wrote:
| Authoritative DNS server is very easy to run. (I use knot) I
| run several just because it's so easy. I don't use DNSSSEC
| though, because I haven't found a use case for it.
| Johnny555 wrote:
| I used to run Qmail on my private server and it was great, very
| secure, pretty easy to set up for my use case. And even
| configuring and training spam assassin wasn't too hard and it
| worked well.
|
| But like many people, what made me finally give up was mail
| delivery issues. I used to run email on a home server, and
| those IP's were blacklisted by many providers long ago, then I
| moved to EC2 until those IP's were blacklisted to. Finally I
| colocated a small server which worked fine for a while until
| neighbors in my subnet kept getting me blacklisted.
|
| Finally I got too frustrated with undelivered or silently
| dropped emails and just moved everything to Google GSuite.
| cersa8 wrote:
| There are good open source solutions that wrap all required
| services into an almost fire and forget docker setup, like
| Mailcow.
| MrksHfmn wrote:
| I also host my mail server on a hetzner server since the mid
| 2010s. As long as you familiarize yourself with the mechanisms
| (dkim, dmarc, spf, etc.) and have a mail-tester.com 10/10 score
| and sometimes look at mxtoolbox, it is absolutely doable. My only
| major issues were sending to gmail, t-online (telekom) and
| outlook addresses. But there are also ways to unlock the ip
| addresses and the delivery team at outlook.com was very helpful.
| andrewstuart wrote:
| >> As long as you familiarize yourself with the mechanisms
| (dkim, dmarc, spf, etc.) and have a mail-tester.com 10/10 score
| and sometimes look at mxtoolbox, it is absolutely doable.
|
| This sentence should be read closely if you're considering
| running your own mail server. Each point listed is a
| sophisticated technical topic.
| nulld3v wrote:
| I run my personal mailserver on Hetzner too! They seem to do a
| good job of keeping their IPs off blacklists compared to most
| VPS providers.
|
| So far no problems delivering to Gmail. I was initially junked
| by Outlook, but that fixed itself after a while since I had
| sent enough emails to build up reputation.
| lazyweb wrote:
| > So far no problems delivering to Gmail. I was initially
| junked by Outlook, but that fixed itself after a while since
| I had sent enough emails to build up reputation.
|
| For me, Google has been _really_ relaxed in terms of
| receiving mail from selfhosted services in the past. Stopped
| using gmail for monitoring stuff a few years ago, but up
| until then, every single cron job / monitoring mail was
| delivered into my gmail inbox. Outlook is another story. They
| may just throw your mail away without even a bounce. Had to
| deal with that several times at $PREVIOUS_JOB.
| cersa8 wrote:
| This is also my experience. Outlook and Yahoo are extremely
| trigger happy, never had an issue with gmail.
| gorgoiler wrote:
| No one ever talks about the two different kinds of email.
| Incoming (identity) and outgoing (messaging).
|
| I self host for the former and send through a smart host for the
| latter. I can't begin to enumerate how much _identity_ I have
| accumulated over the last 30 years. I must be known by hundreds
| of ID tokens (email addresses) and yet I have only ever sent from
| a handful.
|
| Blessed is the inbound SMTP. Outbound* is a cruel mistress.
|
| *to gmail et al
| [deleted]
| LoveGracePeace wrote:
| Doing it since 1999. Like any hobby, it takes some investment of
| time and learning. It's not difficult though. Glad to see more
| people are trying it out from the comments. Fight the Saas Borg
| assimilation!
| throwaway90212 wrote:
| stjohnswarts wrote:
| Lost interest after I scanned through and saw this
|
| >> "While I'm not going into specifics regarding postfix,
| dovecot, etc. it's important to mention a few architectual
| details."
___________________________________________________________________
(page generated 2022-02-22 23:01 UTC)