@mwl Running port 25 behind a residential IP is an instant block. I have everything running like clockwork behind a mid-sized hosting provider, but I'm always looking to improve things.

@colin @mwl I run my own on a vps but I wonder if it would be too shitty to run it at home and keep the VPs as a proxy with socat services?

@a @mwl @colin This is exactly what you want to do. And setup DANE for your domain, and outgoing DANE enforcement, so malicious party on the VPS side can't MITM you.

@dalias @mwl @colin I assume you have full control of the VPS . At least I di

@a @mwl @colin If the VPS isn't on your premises or locked in fail-closed tamper resistant enclosure at your colo, you don't have full control over it. Law enforcement can mandate hosting provider backdoor it, and there are plenty of cross-guest attacks in virtual hosting environments.

@dalias @mwl @colin true, but idk how DANE could alleviate those problems either.

@a @mwl @colin You don't run the mail server on the VPS, just proxy thru its IP. The TLS is terminated on your premises, so as always, if certificate is validated correctly (this is what you need DANE for; otherwise TLS on mail is opportunistic), MITM is impossible even if the attacker fully controls the VPS.

@dalias @mwl @colin I doubt the impossible words can be used here. I guess people with more evil imagination than me can think of ways to do so. Just a data point https://notes.valdikss.org.ru/jabber.ru-mitm/

@colin @mwl @dalias I'm personally not super concerned about all that because: (a) sending emails means that someone will received and you still need to rely on their infra not to be breached (good luck with that) and (b) I use email mostly to receive messages and as an ID for a bunch of accounts mostly. If I want to share something more personal I would use other mechanism