It’s a bad title, but I’m trying to figure out how to describe what I want.

First, I got my photoprism working thru cloudflare. Now, on the same domain I would like an email address.

So mysite.com gets routed to 56.654.234.12 let’s say by cloudflare such that a global user never sees my ip. But mail.mysite.com that’s different, they don’t proxy email so if you do a reverse lookup you can find the origin IP.

I heard about tunnels so I stupidly signed up for that, only to learn that a tunnel just lets you into an internal network. So an SMTP server can’t get emails from outside that way.

Ideally, somehow I could setup one user at Gmail or proton mail, then somehow setup the same or different user...user1@mysite.com and I could then use mailu, mailcow, mail docker to house my user1@mysite.com which routes mail thru Gmail or protonmail. I know all this makes little sense because I don’t know the proper way, so that’s my question for you smart people who have done this twice over. Could someone point me to the best way of setting up a local mail server that routes thru cloudflare but is not easily reverse looked up? Is that even a problem at all?

Super cool story though.

@farcaller@fstab.sh
link
fedilink
English
23M

The biggest certainty is that just having an open port for an SMTP server dangling out there means you will 100% be attacked.

True.

Not just sometimes, non-stop.

True

So you don’t want to host on a machine with anything else on it, cuz security.

I don’t think “cuz security” is a proper argument or no one would be ever listening on public internet. Are there risks? Yes.

So you need a dedicated host for that portion

Bullshit. You do not need a dedicated host for smtp ingress. It won’t be attacked that much.

and a very capable and restrictive intrusion detection system (let’s say crowdsec), which is going to take some amount of resources to run, and stop your machine from toppling over.

That’s not part of the mail pipeline the OP asked for.

Here, I brought receipts. There are two spikes of attempted connections in the last month, but it’s all negligible traffic.

Self-hosting mail servers is tricky, same as self-hosting ssh, http, or whatever else. But it’s totally doable even on an aging RPi. No, you don’t need to train expensive spam detection because it’s enough to have very strict rules on where you get mail from and drop 99% of the traffic because it will be compliant. No, you don’t need to run crowdstrike for a server that accepts bytes and stores them for another server (IMAP) to offer them to you. You don’t even need an antivirus, it’s not part of mail hosting, really.

Instead of bickering and posturing, you could have spent your time better educating OP on the best practices, e.g. like this.

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 127 users / day
  • 422 users / week
  • 1.16K users / month
  • 3.85K users / 6 months
  • 1 subscriber
  • 3.68K Posts
  • 74.2K Comments
  • Modlog