All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology.
I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own.
I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don’t know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite.
Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?
You must log in or # to comment.
Yes, I still run my own email server. It is not for the faint of heart, but once it’s configured and your IP reputation is clean, it’s mostly smooth sailing. I have not had any deliverability problems to date, initial setup/learning period notwithstanding.
If you’re not scared away yet, here are some specific challenges you’ll face:
- SMTP ports are typically blocked by many providers as a spam prevention measure. Hosting on a residential connection is often a complete non-starter and is becoming more difficult on business class connections as well (at least in the US, anyway).
- If you plan to host in a VPS, good luck getting a clean IPv4 address. Most are on one or more public blacklists and likely several company-specific ones (cough Microsoft cough). I spent about 2 weeks getting my new VPS’s IP reputation cleaned up before I migrated from the old VPS.
- Uptime: You need to have a reliable hosting solution with minimal power/server/network downtime.
- Learning Curve: Email is not just one technology; it’s several that work together. So in a very basic email server, you will have Postfix as your MTA, Dovecot as your MDA, some kind of spam detection and filtering (e.g. SpamAssassin), some kind of antivirus to scan messages/attachments (e.g. Clamd), message signing (DKIM), user administration/management, webmail, etc. You’ll need to get all of these configured and operating in harmony.
- Spam prevention standards: You’ll need to know how to work with DNS and create/manage all of the appropriate records on your domain (MX, SPF, DMARC, DKIM records, etc). All of these are pretty much required in 2023 in order for messages from your server to reach your recipient.
- Keeping your IP reputation clean: This is an ongoing challenge if you host for a lot of people. It can only take one or two compromised accounts to send a LOT of spam and land your IP/IP block on a blacklist.
- Keeping up with new standards: When I set my mail server up, DMARC and DKIM weren’t required by most recipient servers. Around 2016, I had to bolt on OpenDKIM to my email stack otherwise my messages ended up in the recipient’s spam folder. -Contingency Plan: One day you may just wake up and decide it’s too much to keep managing your own email server. I’m not there yet, but I’ve already got a plan in place to let a bigger player take over when the time comes.
It’s bad out there when it comes to hosting your own email server. This blog post shows somebody’s experience in detail, and it’s worth reading. https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html
It’s all so sad.
That was a sobering read. We all feel victorious when we see big tech fail after they wronged their users, but fundamental technologies that actually run the world have already been lost, and may never be recoverable for egalitarian use.
E-mail was the first “thing” that got me off of Google (to Proton & then currently Tutanota) but is really the last remaining service I not have self hosted.
I have always read about how difficult and time consuimg it was to run your own mail server, but I felt like I needed to experience it myself. So I purchased another domain and followed the instructions on https://mailinabox.email/.
I am using a small VPS on Hetzner and I have to say the experience has been almost flawless so far. I did need to have my new domain taken off the Domain Block List, but Hetzner gave me a clean IP and defaults to blocking port 25 outbound to prevent spam (simple ticket to open, once account is 30 days old and paid).
I know I’m still early into this journey so far, but it has been really simple and I plan to test this secondary domain for a few months before moving onto it full time.
As an avid self hosted of literally everything else, I can say it has been a lot of fun learning so far!
I’ve been self-hosting e-mail for over 15 years and hope to continue doing so. Although it’s being made increasingly difficult by big tech players. I wrote about it here: https://proycon.anaproy.nl/posts/rant-against-centralising-e-mail/
Great post!
I’m a rather dismayed to see those universities and institutes nowadays no longer as pioneers and innovators in this area, but instead as mere consumers of ready-made corporate solutions, following corporate interests and centralising solutions. I have two employers, both academic, and both have resorted to big-tech corporations that offer solutions like e-mail as a service.
Same here, my university recently switched from their Horde webmail to Exchange. The new outlook webmail is absolutely awful and I couldn’t set up all the filters that I had before. Luckily I could enable IMAP login, thankfully without OAuth because imo that’s another awful practice, so I can connect to it with non braindead mail clients. Still a massive downgrade and I bet they now have to run it on a 10x as powerful server because I hear Exchange is an absolute monster in terms of resource usage.
(Also, I’ve been self-hosting mail for probably 4 years at this point. Here’s to many more!)
Gotta say, I’m really happy to see so many people here actually talking about doing it! Usually I see a lot of fear-mongering about self hosting email. You can do it, though, and I think we should encourage more people to do so! It can be a little tricky to set up at first because there’s a lot of different things you need to configure and make talk to each other — I haven’t used them but there’s things like mail-in-a-box that are supposed to make this easier. But the most important thing is to make sure you set up SPF, DMARC, and DKIM DNS records (and set up DKIM signing for your outgoing messages). I’d recommend setting the ruf and rua tags in the DMARC record so you get mailed reports from other mail servers (can help you debug if your mail is getting rejected). I’d also use these tools:
https://www.mail-tester.com/ https://www.learndmarc.com/
Happy mailing :)
Thank you for the encouragement! I am inching my way towards building a server, and I am thankful for all the tips and suggestions I got.
I am starting to think that if email is the hardest to self-host, then perhaps more people should try it. It is worthy to take regain indepedence and autonomy of technology, even if it seen as a lost cause.
Yeah, I hope to get something running soon, just so I can say I did it.
I wish you luck! Some people claim to have troubles sending emails with Outlook blocking whole IP blocks, but it’s a little unclear how much of a problem this actually is to me… it’s a little hard to know if outlook is actually doing this or if people have misconfigured mail servers… In my experience people complaining about this often have a broken dkim key or something. Maybe it’s worth signing up for https://www.dnswl.org/ too, but I’m not sure how big of a difference it makes.
I will definitely look into those things if I run into troubles!
Just take a look at https://docs.mailcow.email/
This runs from a small box with everything included. It gives you all the tools and config needed for running a secure and feature rich email service. Webmail, some sort of exchange emulation, webcalender on top of a solid postfix/dovecot install with rspamd as spam filter. Everything is configurable via a nice web UI.
After 15y running my own mail service and editing a lot of config files, I use this piece of free and open software and find it very good. All you need is a box somewhere in the internet. Running from a homelab will instantly fail, expect you have a static ip.
Neato! There seems to be a lot of solutions for running a mail server.
Yeah, I think it is time, I need to get familiar with Docker.
Yeah, I was clueless thinking I could run it from my home. Hah. I just wanted to avoid paying for a VPS. Which is silly because I buy too much crap all the the time and have multiple subscriptions.
This is actually valauable.
mailcow lists a small german vps hoster with a fair price and the right sizing. It’s not a big hoster, gmail and microsoft are not blocking the ip-range and the ASN is not listed on any blacklist.
The support is quick and helpful, rDNS was a matter of minutes to set up. You don’t need any deeper knowlegde of docker, since it is a one-time job to set the things up und get the stack running. The documentation of mailcow is very good.
You can run it from home, but you will need a forward host like sendgrid and maybe a backup mx. You can set a primary ip and a backup ip wich will get all the mails when the primary host is down. I guess, there a comercial or free backup-mx services out there. No problem. If you have a static ip for your homelab or at least a dynamic dns-name, it will work. Recieving is easy. But you will need a good forward-service for sending.
I used to run my own mail server about 2 years ago but unfortunately the spam got so bad I didn’t have the time to manage all the filters. I moved over to ProtonMail since I can still use my own domain there. So I guess I would say it’s not really worth it also it really sucks if your power is out and not having access to sent your power company a strongly worded email.
Despite my willingness to self-host almost everything, e-mail remains the last frontier for me. Keeping abreast of standards, keeping up today, avoiding implications in abuse and many, many smaller issues abound … and that’s despite my fixed IP and ISP willing to set up a reverse-DNS for me.
Instead I’ve gone with a paid email provider that I’m REALLY happy with.
I want to do a setup where i use mailcow at home for receiving emails but Amazon ses SMTP for sending, it’s possible? Looks like it is, but i didn’t investigate it
I run my own email server using Mailcow. It works well.
However, I do not even attempt to directly send outbound email. It’s very difficult to get your server trusted by the major providers, especially Microsoft (who are very picky about email servers). I have an account with MXRoute (which is an email provider) but only use it for outbound relaying. Inbound emails go directly to my server.
For what it’s worth, MXRoute is a great provider to consider if you want to move away from the large ones (Google, Microsoft, etc) but don’t want to self-host.
Outbound mail seems to be what defeats this entire project. Still, I do enjoy that there are many options to make everything work.
There’s various outbound mail providers, and some have free plans. For example, SMTP2Go is free for 1000 emails per month, and Mailgun is free for 5000 emails per month. What you’d do is set up your own email server, and configure it to relay via SMTP2Go or Mailgun. Your client systems don’t need to know this - they just send their emails to your server, which then relays them to the relevant service.
I use Mailcow and all of this is configurable in its web UI. No need to edit config files.
Nice. That is way more emails than I ever deal with in a month. Maybe in a year. I am really conservative with my online stuff, mostly because I hated the idea of managing so much crap even if it is something I want.
So, I am going to play with Mailcow, Mailinabox, and iRedMail.
Good choices! I also tried those three. Mailcow was my favourite but maybe you’ll like one of the other ones better. Mailcow uses Docker (which I prefer compared to installing software directly on the system) and has a nice admin panel. They’re all good choices though.
I keep saying it but I need to get familiar with docker, especially to run all other kinds of services.
I guess I will try mailcow first.
You don’t need to know too much about Docker to use Mailcow. It comes with a preconfigured
docker-compose.ymlso you just need to install Docker and follow Mailcow’s installation instructions (which are pretty straightforward)If you have any spare domains that you aren’t using (or domains you’re not currently using email with), you could test it out with that domain before moving any domains you care about :) That’s what I did.
Right on. The first domain I will buy will be a personal fun one, just to experiment and mess around. I don’t quite know what professional name I want for my domain, since I don’t have a brand or anything, and having just my name seems odd.
Obligatory PSA: ProtonMail isn’t any more secure than Gmail and is likely a honeypot scheme crafted by government agencies: https://encryp.ch/blog/disturbing-facts-about-protonmail/
I know the title of that sounds clickbaity, but they cite their sources. It’s worth the read for those curious about ProtonMail’s history and their CEOs.
@DidacticDumbass@lemmy.one I do, it is a pain and I understand why it is not worth for some people.
This is way out of my comfort zone and I am firmly in the research phase, almost ready to make some decisions, but I need to carve out time to set it all up.
@DidacticDumbass@lemmy.one If it helps you, I started with https://mailinabox.email, which is incredibly easy to set up.
Right now I’m using https://github.com/docker-mailserver/docker-mailserver which I feel it is a bit trickier, but more escapable in the long term
Obligatory PSA: ProtonMail isn’t any more secure than Gmail and is likely a honeypot scheme crafted by government agencies: https://encryp.ch/blog/disturbing-facts-about-protonmail/
I know the title of that sounds clickbaity, but they cite their sources. It’s worth the read for those curious about ProtonMail’s history and their CEOs.
Tbh, that document reads like a discovery channel 2am aliens documentary, but it’s not completely without merit.
There are a couple line items about software services they’re using that are shitty that sound pretty legit. The fact that they’re operating in locations where they might have to hand over data sounds pretty legit. Their warrant compliance and logging/handing over a person’s IP address is legit.
The CIA honeypot stuff is all really circumstantial. If the CIA was in as deep as is claimed, a lot of the real evidence people are turning up that they’re not a secure as they could be would be unnecessary.
My best guess is they decided to make an email company based in Switzerland with the schtick that they’re secure (banks amirite?) They’re doing what they can to appear secure without spending too much money. They’re not going to have legal battles to keep your data private, and they are going to comply with agencies request for data. Even if they support end-to-end encryption if they are required by an agency to turn that encryption off for you, they’re going to do it.
They’re probably less likely than Google or Microsoft to sell all of your data to the highest bidder, but realistically there’s no such thing as secure email.
I do. Run about a half dozen email servers for various organizations. Been doing it for almost a decade for some. Other than initial setup pain, I’ve had zero problems others describe. I have used (and still run) docker-mailserver, mailcow, mail-in-a-box and mailu. All are lovely in their own way and fit various use cases better than others.
This is so encouraging! For sure it takes a level of technical proficiency and experience, but any technology that has been around for decades has been simplified and automated in one way or another. In retrospect, it is ridiculous to think that all these email providers could exist if they could not overcome the stranglehold of Google and Microsoft, so it must be possible for individuals to do it too,
Not worth the hassle - best compromise is to get your own domain but use a provider like fastmail to host it.
If they turn sour you can move your domain to another mail host.
