All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology.
I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own.
I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don’t know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite.
Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?
It’s a great learning exercise but challenging to get right and ensure your deliverability and basically impossible from a residential-grade IP address (if you have a business class static IP at home you could pull it off).
I ran an email server for decades but gave in and pay to host my email now.
If google decides you’re a bad guy it’s such a pain to crawl back from that and I prefer my email to just work.
I am learning this is the case. I think I may be better off running a Nextcloud instance, or similar suite using better applications for stuff like file sharing, which is more important.
I am learning this is the case. I think I may be better off running a Nextcloud instance, or similar suite using better applications for stuff like file sharing, which is more important.
I am learning this is the case. I think I may be better off running a Nextcloud instance, or similar suite using better applications for stuff like file sharing, which is more important.
I host my own mailserver, and to be honest it’s pretty painless. Usually I just let it run without giving it any thought. It’s on rare occasions that I need to put a bit of work into improving the inbound spam scanning.
Selfhosting does need quite some knowledge of the software stack and several additional protocols to set them up correctly to get your outgoing email delivered. Also, like already mentioned in another comment, you absolutely need an IP address from a non-blacklisted subnet (I think most VPS providers will be okay, residential definitely not).
My software stack: Arch Linux (soon NixOS), Postfix, Dovecot, rspamd, opendkim, opendmarc.
As you can see it’s quite a lot, and I’ve been doing for more than 20 years now, so my opinion can be a bit skewed. I’d say go for it if selfhosting is a hobby.
I want to do a setup where i use mailcow at home for receiving emails but Amazon ses SMTP for sending, it’s possible? Looks like it is, but i didn’t investigate it
Could you share you solution? You don’t have to! I am just curious how you do it since a lot of people seem to hate it, compared to self-hosting everything else.
@DidacticDumbass But yeah you’re right. It’s a mess nowadays with email hosting because Google for example just rejects everything except the other big services even if you comply with DKIM etc. Fuck them honestly
Yes, I still run my own email server. It is not for the faint of heart, but once it’s configured and your IP reputation is clean, it’s mostly smooth sailing. I have not had any deliverability problems to date, initial setup/learning period notwithstanding.
If you’re not scared away yet, here are some specific challenges you’ll face:
SMTP ports are typically blocked by many providers as a spam prevention measure. Hosting on a residential connection is often a complete non-starter and is becoming more difficult on business class connections as well (at least in the US, anyway).
If you plan to host in a VPS, good luck getting a clean IPv4 address. Most are on one or more public blacklists and likely several company-specific ones (cough Microsoft cough). I spent about 2 weeks getting my new VPS’s IP reputation cleaned up before I migrated from the old VPS.
Uptime: You need to have a reliable hosting solution with minimal power/server/network downtime.
Learning Curve: Email is not just one technology; it’s several that work together. So in a very basic email server, you will have Postfix as your MTA, Dovecot as your MDA, some kind of spam detection and filtering (e.g. SpamAssassin), some kind of antivirus to scan messages/attachments (e.g. Clamd), message signing (DKIM), user administration/management, webmail, etc. You’ll need to get all of these configured and operating in harmony.
Spam prevention standards: You’ll need to know how to work with DNS and create/manage all of the appropriate records on your domain (MX, SPF, DMARC, DKIM records, etc). All of these are pretty much required in 2023 in order for messages from your server to reach your recipient.
Keeping your IP reputation clean: This is an ongoing challenge if you host for a lot of people. It can only take one or two compromised accounts to send a LOT of spam and land your IP/IP block on a blacklist.
Keeping up with new standards: When I set my mail server up, DMARC and DKIM weren’t required by most recipient servers. Around 2016, I had to bolt on OpenDKIM to my email stack otherwise my messages ended up in the recipient’s spam folder.
-Contingency Plan: One day you may just wake up and decide it’s too much to keep managing your own email server. I’m not there yet, but I’ve already got a plan in place to let a bigger player take over when the time comes.
Yep. I’ve hosted my own mail server since the early oughts. One additional hurdle I’d add to you list is rDNS. If you can’t get that set up, you’ll have a hard time reaching many mail servers. Besides port blocking, that’s one of the many reason it’s a non-starter on consumer ISP.
I actually started on a static ISDN line when rDNS wasn’t an issue for running a mail server. Moved to business class dsl, and Ameritech actually delegated rDNS to me for my /29. When I moved to Comcast business, they wouldn’t delegate the rDNS for the IPv4. They did create rDNS entries for me, and they did delegate the rDNS for the IPv6 block. Though the way they deal with the /56 IPv6 block means only the first /64 is useable for rDNS.
But, everything you list has been things I’ve needed to deal with over the years.
Yeah, I totally forgot about reverse DNS. Good catch. I probably left out a few other things what with the repressed trauma of it all. lol.
I had to deal with Suddenlink business, and they were (somehow) surprisingly worse than what you described for Comcast (I didn’t know that was possible, TBH). Suddenlink wouldn’t even unblock the SMTP ports at all let alone delegate rDNS to our static.
Your own email server requires near 100% uptime or you risk not receiving critical emails. If a remote email server is trying to contact your email server and it can’t it’s only going to retry a few times and then give up. Hosting this yourself sounds great until you realize high uptime is not cheap and requires constant attention.
Setting it up securely can be difficult depending on your understanding of server infrastructure as well as protocols like DNS. You need to set up SPF, DKIM, DMARC, etc in order to prevent someone from faking an email from your server.
Of course, federated email does not use SPF/DKIM/DMARC because the whole point is that someone from another server could use your server to send an email (hence the federation). Open email servers were common 20 years ago but very rare today. That makes setup easier, but the main caveat is that most known non-federated email servers will reject email from servers that don’t have SPF/DKIM/DMARC because they generally end up being havens for bots and spam since there is no verification or authenticity of the sender.
As someone who self hosts a lot of things, I would never self host my email. If i did I would be paying for two boxes in different parts of the world on different ISPs to provide that uptime. I would definitely set it up securely and not as a federated server otherwise it would be practically unusable for day to day emails.
Many services (including postfix by default) will attempt a number of resend operations before it gives up.
Of course, federated email does not use SPF/DKIM/DMARC because the whole point is that someone from another server could use your server to send an email (hence the federation).
What? All email is federated. What are you talking about here? SPF/DKIM/DMARC are on top of email… and have nothing to do with the federated property of email. Federation does not mean that you login or use another server. But that you have your instance, and the servers hash out the cross communication amongst themselves. That’s EXACTLY what email servers do using SMTP.
I would definitely set it up securely and not as a federated server otherwise it would be practically unusable for day to day emails.
If your email wasn’t federated then you would get emails from anyone outside of your own instance. That would make email useless for 99% of the world.
I take “federated email” to refer to a juxtaposition with normal email implementation which harkens back to how it was in the 90s or early 00s where you didn’t need to be registered on many SMTP servers in order to use it and it’s stripped of server-side validation. There’s some discussion on this topic in the fediverse.
You’re right that the default current implementation is already federated.
This runs from a small box with everything included. It gives you all the tools and config needed for running a secure and feature rich email service. Webmail, some sort of exchange emulation, webcalender on top of a solid postfix/dovecot install with rspamd as spam filter. Everything is configurable via a nice web UI.
After 15y running my own mail service and editing a lot of config files, I use this piece of free and open software and find it very good. All you need is a box somewhere in the internet. Running from a homelab will instantly fail, expect you have a static ip.
Neato! There seems to be a lot of solutions for running a mail server.
Yeah, I think it is time, I need to get familiar with Docker.
Yeah, I was clueless thinking I could run it from my home. Hah. I just wanted to avoid paying for a VPS. Which is silly because I buy too much crap all the the time and have multiple subscriptions.
mailcow lists a small german vps hoster with a fair price and the right sizing. It’s not a big hoster, gmail and microsoft are not blocking the ip-range and the ASN is not listed on any blacklist.
The support is quick and helpful, rDNS was a matter of minutes to set up. You don’t need any deeper knowlegde of docker, since it is a one-time job to set the things up und get the stack running. The documentation of mailcow is very good.
You can run it from home, but you will need a forward host like sendgrid and maybe a backup mx. You can set a primary ip and a backup ip wich will get all the mails when the primary host is down. I guess, there a comercial or free backup-mx services out there. No problem. If you have a static ip for your homelab or at least a dynamic dns-name, it will work. Recieving is easy. But you will need a good forward-service for sending.
That was a sobering read. We all feel victorious when we see big tech fail after they wronged their users, but fundamental technologies that actually run the world have already been lost, and may never be recoverable for egalitarian use.
I think this is the solution I was thinking about in the first place. I was just musing about it being part of a home lab. I have to consider whether this solution is is better than just paying for secure email.
There are advantages to having your own domain - you can use something like vendor8832@yourdomain.com so each site you sign up to gets their own unique “to” address, that way you can easily send their mail to trash when you dont’ need to deal with them anymore, and will also let you know what company had a data breach if that unique email address starts to get spam.
This is what I want! I want that granular control of having an email address compartmentalized for specific kinds of communication. I mean, I know it is something provided by basically all email providers, but I don’t know, for sure there are limitations. A unique address for each website seems like such a smart thing to do, on top of being stingy with giving out my email address.
I used to run my own mail server about 2 years ago but unfortunately the spam got so bad I didn’t have the time to manage all the filters. I moved over to ProtonMail since I can still use my own domain there. So I guess I would say it’s not really worth it also it really sucks if your power is out and not having access to sent your power company a strongly worded email.
Despite my willingness to self-host almost everything, e-mail remains the last frontier for me. Keeping abreast of standards, keeping up today, avoiding implications in abuse and many, many smaller issues abound … and that’s despite my fixed IP and ISP willing to set up a reverse-DNS for me.
Instead I’ve gone with a paid email provider that I’m REALLY happy with.
I stopped running my own a while ago. Its no longer really decentralized and the big players (google/microsoft) will often just blacklist you for little reason.
That said I DO maintain my own domain and backups. So i can take my email to whatever hosting provider I want.
I also noticed, during the migration, that if you simply register your domain with one of the big players (ie: Google Workspace or M365) you will often get whitelisted and email will flow easier. This was easier when they had a free tier though.
Got the same issue. Everything was setup properly. SPF, dkim, dmarc was all good. Server IP wasn’t in any blocklists. But my messages would still fall in spam with Gmail.
Ended up setting sendgrid as a relay and all is good now.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
It’s a great learning exercise but challenging to get right and ensure your deliverability and basically impossible from a residential-grade IP address (if you have a business class static IP at home you could pull it off).
I ran an email server for decades but gave in and pay to host my email now.
If google decides you’re a bad guy it’s such a pain to crawl back from that and I prefer my email to just work.
Hosting a mail server is really easy. Making sure Hotmail, Gmail and others accept your emails is a nightmare.
I don’t host my own email, I just delegate my email management to a small provider.
I am learning this is the case. I think I may be better off running a Nextcloud instance, or similar suite using better applications for stuff like file sharing, which is more important.
I am learning this is the case. I think I may be better off running a Nextcloud instance, or similar suite using better applications for stuff like file sharing, which is more important.
I am learning this is the case. I think I may be better off running a Nextcloud instance, or similar suite using better applications for stuff like file sharing, which is more important.
I host my own mailserver, and to be honest it’s pretty painless. Usually I just let it run without giving it any thought. It’s on rare occasions that I need to put a bit of work into improving the inbound spam scanning.
Selfhosting does need quite some knowledge of the software stack and several additional protocols to set them up correctly to get your outgoing email delivered. Also, like already mentioned in another comment, you absolutely need an IP address from a non-blacklisted subnet (I think most VPS providers will be okay, residential definitely not).
My software stack: Arch Linux (soon NixOS), Postfix, Dovecot, rspamd, opendkim, opendmarc.
Additional techniques configured: SPF, DKIM, DMARC, DNSSEC.
As you can see it’s quite a lot, and I’ve been doing for more than 20 years now, so my opinion can be a bit skewed. I’d say go for it if selfhosting is a hobby.
I want to do a setup where i use mailcow at home for receiving emails but Amazon ses SMTP for sending, it’s possible? Looks like it is, but i didn’t investigate it
@DidacticDumbass
Yes I run my own mailserver. I have done it for the last 15 years or so.
I’m also running my own Friendica instance.
Could you share you solution? You don’t have to! I am just curious how you do it since a lot of people seem to hate it, compared to self-hosting everything else.
@DidacticDumbass But yeah you’re right. It’s a mess nowadays with email hosting because Google for example just rejects everything except the other big services even if you comply with DKIM etc. Fuck them honestly
Fuck them. Even after completely degoogling they still manage to fuck everyone over.
Yes, I still run my own email server. It is not for the faint of heart, but once it’s configured and your IP reputation is clean, it’s mostly smooth sailing. I have not had any deliverability problems to date, initial setup/learning period notwithstanding.
If you’re not scared away yet, here are some specific challenges you’ll face:
Yep. I’ve hosted my own mail server since the early oughts. One additional hurdle I’d add to you list is rDNS. If you can’t get that set up, you’ll have a hard time reaching many mail servers. Besides port blocking, that’s one of the many reason it’s a non-starter on consumer ISP.
I actually started on a static ISDN line when rDNS wasn’t an issue for running a mail server. Moved to business class dsl, and Ameritech actually delegated rDNS to me for my /29. When I moved to Comcast business, they wouldn’t delegate the rDNS for the IPv4. They did create rDNS entries for me, and they did delegate the rDNS for the IPv6 block. Though the way they deal with the /56 IPv6 block means only the first /64 is useable for rDNS.
But, everything you list has been things I’ve needed to deal with over the years.
Yeah, I totally forgot about reverse DNS. Good catch. I probably left out a few other things what with the repressed trauma of it all. lol.
I had to deal with Suddenlink business, and they were (somehow) surprisingly worse than what you described for Comcast (I didn’t know that was possible, TBH). Suddenlink wouldn’t even unblock the SMTP ports at all let alone delegate rDNS to our static.
Your own email server requires near 100% uptime or you risk not receiving critical emails. If a remote email server is trying to contact your email server and it can’t it’s only going to retry a few times and then give up. Hosting this yourself sounds great until you realize high uptime is not cheap and requires constant attention.
Setting it up securely can be difficult depending on your understanding of server infrastructure as well as protocols like DNS. You need to set up SPF, DKIM, DMARC, etc in order to prevent someone from faking an email from your server.
Of course, federated email does not use SPF/DKIM/DMARC because the whole point is that someone from another server could use your server to send an email (hence the federation). Open email servers were common 20 years ago but very rare today. That makes setup easier, but the main caveat is that most known non-federated email servers will reject email from servers that don’t have SPF/DKIM/DMARC because they generally end up being havens for bots and spam since there is no verification or authenticity of the sender.
As someone who self hosts a lot of things, I would never self host my email. If i did I would be paying for two boxes in different parts of the world on different ISPs to provide that uptime. I would definitely set it up securely and not as a federated server otherwise it would be practically unusable for day to day emails.
I disagree. You can take some amount of downtime without issue.
https://wpmailsmtp.com/docs/how-to-automatically-resend-a-failed-email/ as an example for some services.
Many services (including postfix by default) will attempt a number of resend operations before it gives up.
What? All email is federated. What are you talking about here? SPF/DKIM/DMARC are on top of email… and have nothing to do with the federated property of email. Federation does not mean that you login or use another server. But that you have your instance, and the servers hash out the cross communication amongst themselves. That’s EXACTLY what email servers do using SMTP.
If your email wasn’t federated then you would get emails from anyone outside of your own instance. That would make email useless for 99% of the world.
I take “federated email” to refer to a juxtaposition with normal email implementation which harkens back to how it was in the 90s or early 00s where you didn’t need to be registered on many SMTP servers in order to use it and it’s stripped of server-side validation. There’s some discussion on this topic in the fediverse.
You’re right that the default current implementation is already federated.
Just take a look at https://docs.mailcow.email/
This runs from a small box with everything included. It gives you all the tools and config needed for running a secure and feature rich email service. Webmail, some sort of exchange emulation, webcalender on top of a solid postfix/dovecot install with rspamd as spam filter. Everything is configurable via a nice web UI.
After 15y running my own mail service and editing a lot of config files, I use this piece of free and open software and find it very good. All you need is a box somewhere in the internet. Running from a homelab will instantly fail, expect you have a static ip.
Neato! There seems to be a lot of solutions for running a mail server.
Yeah, I think it is time, I need to get familiar with Docker.
Yeah, I was clueless thinking I could run it from my home. Hah. I just wanted to avoid paying for a VPS. Which is silly because I buy too much crap all the the time and have multiple subscriptions.
This is actually valauable.
mailcow lists a small german vps hoster with a fair price and the right sizing. It’s not a big hoster, gmail and microsoft are not blocking the ip-range and the ASN is not listed on any blacklist.
The support is quick and helpful, rDNS was a matter of minutes to set up. You don’t need any deeper knowlegde of docker, since it is a one-time job to set the things up und get the stack running. The documentation of mailcow is very good.
You can run it from home, but you will need a forward host like sendgrid and maybe a backup mx. You can set a primary ip and a backup ip wich will get all the mails when the primary host is down. I guess, there a comercial or free backup-mx services out there. No problem. If you have a static ip for your homelab or at least a dynamic dns-name, it will work. Recieving is easy. But you will need a good forward-service for sending.
It’s bad out there when it comes to hosting your own email server. This blog post shows somebody’s experience in detail, and it’s worth reading. https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html
It’s all so sad.
That was a sobering read. We all feel victorious when we see big tech fail after they wronged their users, but fundamental technologies that actually run the world have already been lost, and may never be recoverable for egalitarian use.
I’m using openbsd with dovcot, opensmtpd on a pi. I used mailhardener to get it scoring well. I’ve had no issues with it getting flagged.
Not worth the hassle - best compromise is to get your own domain but use a provider like fastmail to host it.
If they turn sour you can move your domain to another mail host.
I think this is the solution I was thinking about in the first place. I was just musing about it being part of a home lab. I have to consider whether this solution is is better than just paying for secure email.
There are advantages to having your own domain - you can use something like vendor8832@yourdomain.com so each site you sign up to gets their own unique “to” address, that way you can easily send their mail to trash when you dont’ need to deal with them anymore, and will also let you know what company had a data breach if that unique email address starts to get spam.
This is what I want! I want that granular control of having an email address compartmentalized for specific kinds of communication. I mean, I know it is something provided by basically all email providers, but I don’t know, for sure there are limitations. A unique address for each website seems like such a smart thing to do, on top of being stingy with giving out my email address.
Protonmail at certain levels gives you simple login with unlimited aliases. Something to look into. I love it and have been with them for years.
Only people who hate themselves
I used to run my own mail server about 2 years ago but unfortunately the spam got so bad I didn’t have the time to manage all the filters. I moved over to ProtonMail since I can still use my own domain there. So I guess I would say it’s not really worth it also it really sucks if your power is out and not having access to sent your power company a strongly worded email.
Despite my willingness to self-host almost everything, e-mail remains the last frontier for me. Keeping abreast of standards, keeping up today, avoiding implications in abuse and many, many smaller issues abound … and that’s despite my fixed IP and ISP willing to set up a reverse-DNS for me.
Instead I’ve gone with a paid email provider that I’m REALLY happy with.
I stopped running my own a while ago. Its no longer really decentralized and the big players (google/microsoft) will often just blacklist you for little reason.
That said I DO maintain my own domain and backups. So i can take my email to whatever hosting provider I want.
I also noticed, during the migration, that if you simply register your domain with one of the big players (ie: Google Workspace or M365) you will often get whitelisted and email will flow easier. This was easier when they had a free tier though.
Got the same issue. Everything was setup properly. SPF, dkim, dmarc was all good. Server IP wasn’t in any blocklists. But my messages would still fall in spam with Gmail.
Ended up setting sendgrid as a relay and all is good now.