Mastodawn

DidacticDumbass

Does anyone run their own email server?

https://lemmy.one/post/81542

Does anyone run their own email server? - Lemmy.one

All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology. I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own. I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don’t know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite. Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?

Album Jun 12, 2023

Your own email server requires near 100% uptime or you risk not receiving critical emails. If a remote email server is trying to contact your email server and it can't it's only going to retry a few times and then give up. Hosting this yourself sounds great until you realize high uptime is not cheap and requires constant attention.

Setting it up securely can be difficult depending on your understanding of server infrastructure as well as protocols like DNS. You need to set up SPF, DKIM, DMARC, etc in order to prevent someone from faking an email from your server.

Of course, federated email does not use SPF/DKIM/DMARC because the whole point is that someone from another server could use your server to send an email (hence the federation). Open email servers were common 20 years ago but very rare today. That makes setup easier, but the main caveat is that most known non-federated email servers will reject email from servers that don't have SPF/DKIM/DMARC because they generally end up being havens for bots and spam since there is no verification or authenticity of the sender.

As someone who self hosts a lot of things, I would never self host my email. If i did I would be paying for two boxes in different parts of the world on different ISPs to provide that uptime. I would definitely set it up securely and not as a federated server otherwise it would be practically unusable for day to day emails.

albemmy Jun 14, 2023

This is disingenuous on many counts.

A mail server does not require 100% uptime. The only messages you would miss from a brief downtime would be from a bad behaving mail sender. Even if your server was down for a day you likely wouldn't miss any mail, if it was longer than 24 hours you might start missing some.

SPF is all that's really needed to prevent someone from faking mail from your domain, if it's set to strict most mail providers will reject fake/spoofed mail at this point. This let's the receiving mail server know which servers/IP Addresses are allowed to send mail for the domain.

DKIM - before sending an email your server will create a signature and add it as a header. The DKIM DNS record stores the public key so the receiving mail server can verify the email's authenticity.

DMARC - Largely I only ever get reports from Google. MS and others rarely send them. Anyway, this is basically a tool that alerts you that unauthorized emails are being sent from your domain. If this happens, likely your SPF record is incorrect.

There are tools to help make sure your setup is correct, such as this https://mxtoolbox.com/SPFRecordGenerator.aspx

The rest of your comment contains outdated information. This post is about running a mail server in 2023. Some anecdotal statements about what it might have been like to run a mail server 20+ years ago serve no purpose here other than to scare people off from trying to host their own mail. If you succeed in that at least we could continue to sit around whining that Google and Microsoft have email all locked up and us little guys can't do anything about it but to continue to regurgitate how hard it is and you just shouldn't even try.

albemmy Jun 14, 2023

This is disingenuous on many counts.

A mail server does not require 100% uptime. The only messages you would miss from a brief downtime would be from a bad behaving mail sender. Even if your server was down for a day you likely wouldn't miss any mail, if it was longer than 24 hours you might start missing some.

SPF is all that's really needed to prevent someone from faking mail from your domain, if it's set to strict most mail providers will reject fake/spoofed mail at this point. This let's the receiving mail server know which servers/IP Addresses are allowed to send mail for the domain.

DKIM - before sending an email your server will create a signature and add it as a header. The DKIM DNS record stores the public key so the receiving mail server can verify the email's authenticity.

DMARC - Largely I only ever get reports from Google. MS and others rarely send them. Anyway, this is basically a tool that alerts you that unauthorized emails are being sent from your domain. If this happens, likely your SPF record is incorrect.

There are tools to help make sure your setup is correct, such as this https://mxtoolbox.com/SPFRecordGenerator.aspx

The rest of your comment contains outdated information. This post is about running a mail server in 2023. Some anecdotal statements about what it might have been like to run a mail server 20+ years ago serve no purpose here other than to scare people off from trying to host their own mail. If you succeed in that at least we could continue to sit around whining that Google and Microsoft have email all locked up and us little guys can't do anything about it but to continue to regurgitate how hard it is and you just shouldn't even try.

Milan Jun 12, 2023

Well i kinda did that when i started selfhosting way too much a number of years ago... it can be quite annoying trying to get your server out of blocklists and unless you use something like Servercow, it is easy to break things and it kinda hard to find proper tooling for selfservice and stuff.. nowadays i mostly keep it like it is because i don't want to deal with trying to migrate people to a different setup. It's okey and most of the time it just does it job, but it doesn't give too much joy :P

DidacticDumbass Jun 12, 2023

Hah. Not the fun DIY project I hoped it would be. Oh well. Yeah, don't want to get to the point of being responsible for other people's data.

Anders Rytter Hansen Jun 12, 2023

@DidacticDumbass
Yes I run my own mailserver. I have done it for the last 15 years or so.

I'm also running my own Friendica instance.

DidacticDumbass Jun 12, 2023

Could you share you solution? You don't have to! I am just curious how you do it since a lot of people seem to hate it, compared to self-hosting everything else.

Anders Rytter Hansen Jun 13, 2023

@DidacticDumbass Wrote it here:
♲ rytter.me/display/4c906314-276…

Does anyone run their own email server?

All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how em...

DidacticDumbass Jun 13, 2023

Thank you. You and others are giving me a lot of options to consider!

Anders Rytter Hansen Jun 13, 2023

@DidacticDumbass
You're welcome :)

Anders Rytter Hansen Jun 13, 2023

@DidacticDumbass But yeah you're right. It's a mess nowadays with email hosting because Google for example just rejects everything except the other big services even if you comply with DKIM etc. Fuck them honestly

DidacticDumbass Jun 14, 2023

Fuck them. Even after completely degoogling they still manage to fuck everyone over.

Lightning66 Jun 23, 2023

Wow. What is this. I did not know they do this. Google is looking more and more evil to me.

kylian0087 Jun 13, 2023

Everything i have found online is very much against self hosting a email server. Because your email will almost always end up in people their spam or wont be delivered. How true is this statement?

Anders Rytter Hansen Jun 13, 2023

@kylian0087
Well in my experience it's only true for Gmail. At Google there isn't really anything to do other than people whitelisting your email address individually. At Microsoft you can fill a form to get your server's IP whitelisted.

In addition I registered at Zoho so in my email client I have two SMTP servers - my own and Zoho so I can get through to Gmail if I need to. Any other service accepts your emails if you comply with DKIM, SPF etc.

kylian0087 Jun 13, 2023

Ahh oke. Thank you for the reply. This clears some clear misconceptions i hat.

Anders Rytter Hansen Jun 13, 2023

@kylian0087
You're welcome :)

Thoms Jun 12, 2023

Just take a look at https://docs.mailcow.email/

This runs from a small box with everything included. It gives you all the tools and config needed for running a secure and feature rich email service. Webmail, some sort of exchange emulation, webcalender on top of a solid postfix/dovecot install with rspamd as spam filter. Everything is configurable via a nice web UI.

After 15y running my own mail service and editing a lot of config files, I use this piece of free and open software and find it very good. All you need is a box somewhere in the internet. Running from a homelab will instantly fail, expect you have a static ip.

DidacticDumbass Jun 12, 2023

Neato! There seems to be a lot of solutions for running a mail server.

Yeah, I think it is time, I need to get familiar with Docker.

Yeah, I was clueless thinking I could run it from my home. Hah. I just wanted to avoid paying for a VPS. Which is silly because I buy too much crap all the the time and have multiple subscriptions.

This is actually valauable.

Thoms Jun 13, 2023

mailcow lists a small german vps hoster with a fair price and the right sizing. It's not a big hoster, gmail and microsoft are not blocking the ip-range and the ASN is not listed on any blacklist.

The support is quick and helpful, rDNS was a matter of minutes to set up. You don't need any deeper knowlegde of docker, since it is a one-time job to set the things up und get the stack running. The documentation of mailcow is very good.

You can run it from home, but you will need a forward host like sendgrid and maybe a backup mx. You can set a primary ip and a backup ip wich will get all the mails when the primary host is down. I guess, there a comercial or free backup-mx services out there. No problem. If you have a static ip for your homelab or at least a dynamic dns-name, it will work. Recieving is easy. But you will need a good forward-service for sending.

DidacticDumbass Jun 14, 2023

Needing an extra service to forward emails seems to defeat the purpose of having everything local. Everything I read about email, being clear-text and whatever, makes it so it is impossible to improve. Email is a dead end, so I probably don't actually want to get too involved with it the more I learn.

I mean, growing up I really thought the internet would become a way to connect directly to people, computer to computer interaction. Everything requires an intermediate service, making everything insecure and expensive. What a stupid future.

Thoms Jun 14, 2023

That's right. Also important, email is not a playground for experiments. Once it runs, you should not touch it anymore, except for updates. Otherwise, you will do harm to your own way of communicating. One error, and you will lose all your reputation and someone spams half of the internet with your domain as sender.

An when it runs, the only thing to improve is tuning the spam-filter for your instance. Implementing all the rules that you fight the other day, because otherwise your inbox explodes. So you have to do all the shady things and block ips, filter with blacklists and check every dns for all those extra entries, needed for delivering mail... You must become a part of the problem, spammers all behind every cracked wordpress and insecure vps out there.

DidacticDumbass Jun 14, 2023

Damn, email seems to fragile. I am getting so many perspective, but the main thing that seems like such a gotcha is managing spam, which seems like such a headache.

No, I do not want to become part of the problem.

ricecake Jun 12, 2023

I have run my own email server, and have worked in the commercial web hosting sector.

Honestly, I wouldn't run your own email except as a side project.

It's certainly possible and all the tools are available and easy enough to use, but email in general is a rough combo of super old, and a "big target".

The super old part means that a lot of things that we might consider standard for a modern federated system just aren't there for email. Security is profoundly lacking, and if something gets dropped because of an update, or your computer crashed, there's no guarantee that the system will find a way to get it to you, and the sender might not even know it didn't get to you.

Security wise, you basically have to set everything up correctly all at once, or some system somewhere between you and the recipient will just throw the messages away, and they may or may not tell you.
They do this because all the tools are old, crufty and there's a lot of good exploits that misconfiguration leaves open that automated tools can use to send spam.

Be sure to keep your computer fully patched, and install a malware scanner, even on Linux.

Ultimately, I wouldn't bother running one because the ratio of reward to work is just off for me. I would recommend setting something up for an afternoon though, just so you can see how the pieces work, and get to send yourself an email and know what steps it took.

DidacticDumbass Jun 12, 2023

Good point! I had not considered that the technolog itself is a bit of a vampire, and really only lives on due to its legacy as a cheap form of communication.

I guess the world could have a better more secure kind of email, but change is expensive and the biggest companies are cheap.

falcon15500 Jun 12, 2023

Interestingly enough, I read a thread about this yesterday - https://beehaw.org/post/214684

DidacticDumbass Jun 12, 2023

Damn. This author really spelled out what I inferred was the case, Google and other big tech companies killed email.

In that case I probably will pay for Proton. Maybe I will wait for a sale, they seem to have them once in awhile, get a deal before it gets too expensive.

Seph Harrison Jun 12, 2023

@DidacticDumbass I use hosted email from Polaris Email, $25/yr, and my domain from Porkbun at $5 for the first year, and access the mail through Thunderbird on phone and computer.

DidacticDumbass Jun 12, 2023

Hell yeah, I can afford that! Thank you, I will look into it.

emhl Jun 12, 2023

I use https://github.com/docker-mailserver/docker-mailserver with sendgrid.com as an SMTP relay (recieving emails is easy, sending them successfully is a pain)

DidacticDumbass Jun 13, 2023

Thank! I will look into this.

PriorProject Jun 13, 2023

If you're serious about self-hosting mail... this is the best advice here by a long way. The hassles around SMPT sender validation and reputation management are a big deal. Receiving is not so bad if you know what you're doing.

DidacticDumbass Jun 13, 2023

Yeah, it sucks that there is EXTRA responsibility on top of just the administration, but the internet is made of people and people like to ruin things for everyone else.

Sascamooch Jun 13, 2023

As much as I enjoy self hosting my own services, email just seems like more trouble than it's worth. I let Protonmail take care of that for me.

DidacticDumbass Jun 13, 2023

Yeah. I am getting great suggestions, but also a lot of hard truths. I think a basic paid email is probably less than I would ever pay to get the setup right.

cow Jun 13, 2023

I run my own on digitalocean. I used https://github.com/lukesmithxyz/emailwiz to set it up. I do not use it as my main email account. Relating to hosting it with your own hardware, your isp probably blocks forwarding port 25 which would make that impossible.

DidacticDumbass Jun 13, 2023

Ah, I knew there was a gotcha. Yeah, I can't even entertain the idea of local email server... Well, sure, maybe some kind of intranet for family and friends, but they none of them really care for this stuff.

I am familiar with Luke Smith, hell I have probably seen the video explaining this. I jist thought it was like a CLI mail client. I will look into it.

givingsomelove Jun 13, 2023

I just decommissioned the mail server I was running, because I didn't have the capacity with the rest of life to keep on top of it. Mailu was my choice of suite, and it was really great once I figured out how to get it behaving nicely behind my reverse proxy. For the most part it was low maintenance, but I would occasionally have issues with cert renewal and subsequently my email clients would stop connecting. I didn't have issues with non-delivery once I set up the various DNS records and did a lot of test emails that I could mark as not junk to various providers. I ended up switching to using icloud+, which includes email with a custom domain. Would I host my own email again? Possibly if I really need more than 6 addresses. But icloud+ costs less per month than the power consumption of the tiny server I was running mailu on over 3 days. Which is... Not insignificant in the current financial climate.

DidacticDumbass Jun 13, 2023

Yeah. I need to stop pretending. I am not that tech savvy, just aware of tech from sites like Lobste.rs and the fediverse of course.

givingsomelove Jun 13, 2023

I will say that I initially started hosting mine as a learning exercise, so from that point of view I think it's totally worth trying out, even if you don't keep it long term. :)

DidacticDumbass Jun 13, 2023

For sure, there is value in learning how something you use all the time likely take for granted actually works.

A bit of a tangent, but the amount of emails my mother gets because she is always signing up for shit and giving out her address to anyone who asks is mind numbing.

Systemic implementation of security can only go so far, people really need to be more critical of the information they give away.

gabek Jun 13, 2023

It's bad out there when it comes to hosting your own email server. This blog post shows somebody's experience in detail, and it's worth reading. https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html

It's all so sad.

After self-hosting my email for twenty-three years I have thrown in the towel. The oligopoly has won.

Many companies have been trying to disrupt email by making it proprietary. So far, they have failed. Email keeps being an open protocol. Hurray? No hurray. Email is not distributed anymore. You just cannot create another first-class node of this ne

DidacticDumbass Jun 13, 2023

That was a sobering read. We all feel victorious when we see big tech fail after they wronged their users, but fundamental technologies that actually run the world have already been lost, and may never be recoverable for egalitarian use.

Moonrise2473 Jun 13, 2023

I want to do a setup where i use mailcow at home for receiving emails but Amazon ses SMTP for sending, it's possible? Looks like it is, but i didn't investigate it

MaggiWuerze Jun 13, 2023

You could set it up, but the necessary DNS settings are usually not possible with a standard consumer contract.

DidacticDumbass Jun 13, 2023

I am not keen on using any Amazon services. Working at a warehouse near the holidays, on top of all the evidence of awful labor conditions, makes me never want to give them my money ever again.

chewbakartik Jun 14, 2023

Yes, it's possible, that's similar to my current setup. Mailcow in my homelab, but sending through a service called Postmark. It was better when Postmark had a credit based system, $1 for 1000 credits (sent emails). They've recently switched to a subscription model that is like $10-15 / mo. I find it works really well.

PlexSheep Jun 13, 2023

I run my own Mailserver on a vps with mailcow dockerized. Was a real pain to set up, even through it mostly works right now.

DNS stuff isn't just some A or AAAA records, also txt stuff reverse DNS and much more. As the others said, that's completely impossible with a regular ISP.

I'm on some dumb blacklist because my IP is obviously in the IP range of my hosting provider, and some lists generally block all vps ranges.

Now imagine the following: your bank wants to contact you and your primary mail is selfhosted, for some reason they block your IP (yes outgoing blocks, those idiots) and you don't get some real important mail. Or your server is down for maintenance, certificate issues, so on.

The best solution is most probably letting a professional email holster take care of your domain, for email at least. Protonmail offers that but the problem I have with them is that they don't allow a regular login through thunderbird, restricted to their own software.

DidacticDumbass Jun 14, 2023

Yeah, ProtonMail does that so it can force them to pay to be logged in to multiple accounts at once, which is really frustrating. I mean, the business model makes sense, but damn, I only got 2 email addresses, I don't know what I would do with 10.

PM_ME_FLUFFY_SHIBES Jun 13, 2023

I used to but all the tweaking with DKIM etc rules took a bit too much of my time. Now I'm using Zoho Mail to host email on my own domain.

Thewanderer Jun 13, 2023

I'm using openbsd with dovcot, opensmtpd on a pi. I used mailhardener to get it scoring well. I've had no issues with it getting flagged.

DidacticDumbass Jun 13, 2023

That is cool. This is the solution I was hoping existed, but someone brought to my attention the need for 100% uptime, an by inference the lack of redundancy on a home solution, so I need to reconsider what I am will to do.

databender Jun 13, 2023

I have a friend in a neighboring state that I visit regularly - we're setting up disparate SANs, one at his location, the other at mine. We each get half the storage space; we back up to the half onsite and overnight the onsite SAN data gets backed up to the offsite. This has nothing to do with mail, but if you can host a mail server on something as inexpensive as a pi then you could have one at multiple locations for redundancy purposes.

DidacticDumbass Jun 14, 2023

That is cool. I wish I had technical friends like that.

beepboopdanger Jun 13, 2023

Running a mail server these days is not that difficult. While using pre-assembled stacks like mailcow only the DNS entries needs to be done. If you want to run it at home you should do some research on routing all the traffic through a wireguard tunnel to preserve a public IP other mail instances will accept

DidacticDumbass Jun 13, 2023

Yeah, it really comes down to IP management and hygeine it seems.

I have so many options now. Hah.

thekernel Jun 13, 2023

Not worth the hassle - best compromise is to get your own domain but get something like fastmail to host it.

If they turn sour you can move your domain to another mail host.

DidacticDumbass Jun 13, 2023

I think this is the solution I was thinking about in the first place. I was just musing about it being part of a home lab. I have to consider whether this solution is is better than just paying for secure email.

thekernel Jun 13, 2023

There are advantages to having your own domain - you can use something like [email protected] so each site you sign up to gets their own unique "to" address, that way you can easily send their mail to trash when you dont' need to deal with them anymore, and will also let you know what company had a data breach if that unique email address starts to get spam.

DidacticDumbass Jun 13, 2023

This is what I want! I want that granular control of having an email address compartmentalized for specific kinds of communication. I mean, I know it is something provided by basically all email providers, but I don't know, for sure there are limitations. A unique address for each website seems like such a smart thing to do, on top of being stingy with giving out my email address.