- 0 Posts
- 48 Comments
I want all data to be encrypted before it even reaches the server. Yes, I don’t want to trust even my own server for my image backups :), particularly since I would want to use something like Immich to provide photo backups for friends and family and I don’t even want to technically have access to their unencrypted photos unless they explicitly share them. I kind of want the attack surface for my photos to be as small as practical too. It’s almost certainly worse to have them available on my device unencrypted than a dedicated server, but it’s worse to have them unencrypted on both (and I want photos available on device so, thems the breaks).
I get that a lot of people won’t care about this and that they’d rather be able to run the image recognition features of Immich on the server and stuff, but I don’t think it’s entirely unreasonable to want encryption for this. If nothing else I’d love to be able to back up photos for friends and family and legitimately be able to tell them that it’s encrypted and I can’t see any of it. It’d be even sweeter if they could do image recognition on device and sync that metadata (encrypted) to the server as well.
On the flip side, this is one of the reasons open source projects can be really great. When a community of people can contribute to something to make it better over time and when people can fix their own problems with an app you can get something really great that can get updates sustainably without a subscription model… Everybody just kind of contributes what they can to get what they want. Of course, maintaining an open source project is work and has its own problems and volunteer contributions aren’t necessarily sustainable either and aren’t great for large chunks of work… But there is something nice about the model of “everybody contributes to this thing a little to make something better than we’d be able to make on our own,” even if that’s a bit idealistic in practice, haha.
I’ve had good luck on a couple of cheap providers. I think a lot of them block port 25 by default, unless you ask, which maybe gives you a better chance. Plus DKIM and stuff are starting to help. There’s probably always some stupid mail server that will block huge swaths of IPv4 if somebody farts in the neighborhood, but I think the situation is improving.
In my experience self hosting email it has pretty much been “set it and forget it”. I feel like there’s a lot of fud from people with misconfigured email servers (because there is a lot that can go wrong on setup). In every case I’ve seen where people are complaining about email deliverability I’ve found that they haven’t configured DKIM or rDNS properly. That doesn’t mean there can’t be issues, and I am sure it is technically possible to get sent to oblivion, but I feel like this issue might be somewhat overblown.
Smart TVs are god awful, and I hate the OS on our LG TV. That said there is finally a Jellyfin app on WebOS so it has that going for it now… I’m too cheap to buy a separate box for Jellyfin and stuff for the TV, so I guess it’s good enough… but in general I wish the TV OS got out of the way a little more.
C++ is technically a completely different programming language to C, but they share a lot of similarities because C++ is sort of derived from C (and now they’ve both evolved somewhat separately). The main addition at the start was OOP being baked in to C++. A typical C program is often a valid C++ program as well, but there are some subtle differences in a few areas that can cause problems. C++ has a lot of features compared to C, a more complex type system, a big templating system for compile-time computation, and focuses a lot on adding low/no cost abstractions to make writing programs easier without incurring a high cost at run-time… That said many people do still prefer C, often for its simplicity in comparison.
Hell yeah :). I’ve heard people have had problems with Linode’s IP blocks with MS… I’m glad to hear that Linode was actually able to help you resolve the problem. The biggest problem seems to be that you just might not realize if your e-mails are being dropped. Not sure if MS will notify you via DMARC if your IP block has been blacklisted, from the sounds of things they probably don’t and just silently drop things, so I guess you have to monitor the blacklists yourself?
I’ve never heard of anybody relaying just the Microsoft e-mails, but that’s a really funny spiteful solution.
Lately I’ve been able to send to outlook just fine (maybe it’s just dumb luck, who knows). I think I had troubles initially because they’re really picky about rDNS matching the MX exactly. I also signed up for SNDS just in case, but I don’t know if they factor that in…
May depend what you want and where (location can matter a little bit for latency critical stuff, but streaming video won’t care), and what operating system you would run on it. The Hetzner ARM servers are pretty cheap for what you get (and it looks like they include 20TB of bandwidth). I’ve been pretty happy with Lunanode. I think people often look here for deals: https://lowendbox.com/ they often recommend Racknerd boxes… I think there’s some affiliation with Racknerd and lowendbox.com, but I threw something on a Racknerd machine recently and have had a good experience so far. You may want to do some research if you want to send mail directly from these machines. Not everybody allows it (sometimes you just have to ask), and I hear tell that sometimes you can end up with an IP somebody spammed with before with a bad reputation.
I was considering a VPS! That said, if I’m say, accessing my jellyfin library externally through a VPS, wouldn’t that just end up costing ludicrous amounts of money?
Depends on your usage, but probably not? If you can transcode on your jellyfin server you’ll be able to serve lower quality versions remotely if you want to save bandwidth… But most VPS’s provide around a terabyte of bandwidth per month by default. If you use more it will cost more. I think it’s usually fairly cheap to get more, but if you’re the only one accessing it you’re probably not going to use that much. Like if you rip a blu-ray you might end up streaming a 50gb or so file for a movie, but that’s only a twentieth of the bandwidth allotted to you (roughly)… Plus if you reencode it to something smaller before putting it on your jellyfin server, or if your jellyfin server can transcode fast enough you can send a smaller video stream to your mobile devices or whatever.
I don’t use Arch btw ;)
I don’t either, that article was just what I found that mentioned setting up Tunnelbroker with a dynamic IP.
Glad it was helpful! I was worried I’d be a little off-topic talking about self-hosting e-mail instead of this Anon Addy thing. Hope you find a solution that works for you soon :).
And yeah… Unfortunately if you you’re behind CGNAT and don’t have a static IP I think doing this for free on your existing internet connection might be challenging. One thing that people in a similar position might be interested in is Hurricane Electric’s free Tunnelbroker service, but I think you might still be out of luck behind CGNAT.
You’ll be able to get public IPv6 addresses for free and can allocate them to your home network. You can set it up to dynamically update the IPv4 address on your end… But I think if you’re behind CGNAT you can’t do that, unfortunately. Another problem with this approach for something like a mail server is that not everything speaks IPv6… If a sender only supports IPv4 they won’t be able to send mail to you.
I think behind CGNAT pretty much your only option is to pay somebody for a real IP somewhere. Either a VPS somewhere where you set up wireguard (there are cheap options for this, and then you can run other things on the machine), or a VPN with a dedicated IP.
Oh god, yeah. I personally would not try to self host e-mail or any service that you need other people to be able to reliably connect to without a static IP. As to losing power… In theory mail servers are supposed to queue mail and resend later, and you can also set up a backup MX that will queue mail for you (senders will automatically switch to the backup mail server if they cannot connect to your primary one). There are even free services for backup MX http://www.junkemailfilter.com/spam/free_mx_backup_service.html (though they use this to train spam filters, so if you have privacy concerns you may want to avoid it). In the past I have had some prolonged downtime on my mail server and I have noticed that some senders will give up entirely and never send to that address anymore (which I think is poor form on their part, especially since somebody could register that email account later). I’ve since setup my own backup MX to avoid these issues, and it’s worked great when my primary has had network issues (needed a spare box for backup nameserver and stuff anyway, haha).
You absolutely can use an external mail service as a catchall with your own domain. For instance protonmail has support for this:
https://proton.me/support/catch-all
You’d have to look into the pricing and read the fine print, though. A lot of mail providers charge per inbox and I’m not sure if they’d charge extra for catchall services or not.
Relays do cost money, though I think some have a free tier for small volumes of mail. You might also see if your registrar or host provides anything for email.
The easiest way to do this is to start with just receiving email and not worrying about forwarding, though. You can host your own imap server and just have a catchall account that’s separate from your main email to start, and if you really want to forward you can worry about send later. Receiving email is easy, the thing that people struggle with for email is sending because there are a few requirements like dkim / spf / DMARC and reverse dns that you might not know about and may configure incorrectly and feedback is hard. Also if you have a residential ip I’ve heard it can be harder to send too. If you’re just forwarding to yourself, though, that’s probably a little easier because you can test more easily / mark yourself not spam. If this is your use case I wouldn’t worry about setting up a paid relay service. You don’t need it unless you really want to forward and have troubles making send work in your own.
With all that said maybe anon addy is easy to set up on your own and gives you what you want. I wouldn’t know! I’ve never used it before.
I have a catchall inbox so I can just make up any email I want and everything gets forwarded to the catchall inbox. It’s pretty easy to set up if you do host your own mail server (which is relatively easy for receiving mail). Obviously this doesn’t integrate with bitwarden or anything, though. If you want to forward emails to your main email account on a big provider you’re going to have to make sure your server can send emails you can potentially use a relay service for this, or just set it up yourself (you’ll mostly just need some DNS records for SPF / DMARC / DKIM).
Oh no! I’m sad to see that you’ve run into troubles :(.
There are other “fully put together” solutions like mailinabox and mailcow, that could be worth looking into for you. I haven’t used them personally, but you might find them worth looking into. I’d never heard of mailu before, actually.
Totally understand the desire to just move to a hosted solution after running into these problems, but even if you do that I think you should keep running a mail server in the back of your mind for the future — you’ve already learned a lot about it I’m sure, and maybe with a bit more experience you’ll be ready to tackle it again :).
I don’t actually use any of the fully assembled solutions like mailinabox, and I wonder if in the future it might be a good idea to try configuring everything manually. You already have some familiarity with how mail works at this point, and having more control over the setup and how everything fits together might actually work out for you. Personally I’m running an OpenSMTPD + Dovecot mailserver and having a great time. I’d recommend it.
https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/
Either way, I think you should keep using a custom domain for e-mail because then you have options in the future :).
They usually get it sorted out pretty well, but their response times can be a little slow. It’s potentially not a huge deal for you, and overall they’ve been okay… this is sort of understandable because they’re in New Zealand and seem to want to make sure their support staff are paid well (though they were bought by a larger company recently, so I’m not sure if this still holds, seems like it did as of 2019, though):
- https://iwantmyname.com/blog/making-customer-support-sustainable-with-a-small-team-based-on-a-tiny-island
- https://iwantmyname.com/blog/the-one-salary-experiment-ten-years-in
This makes them seem like a cool company, and I’d like to support them… But despite that I do feel a little disappointed paying more for a worse service, and I think they really need to invest in providing interfaces for some of the more advanced DNS settings, particularly if their customer support is going to be limited by their own admission.
They also have some blog posts about customer service that give me some weird vibes…
Definitely in support of their customer service team in this example, and don’t want them to be treated poorly or sworn at or anything… But it’s a little weird to put this on blast like this and I think it’d be a better look to just leave it at “these are the things that would help us help you, we need to make sure accounts are secure so we can’t just ignore passwords, etc etc”
And it’s also a little weird that they have this post complaining about some web-hosts poor interface and customer service too:
Neither of these are particularly bad, but I guess it makes me a bit disappointed that I’ve run into similar problems with them, and I’m not sure they’re doing enough to address things on their end.
I don’t think I’d tell anybody not to use them because they have been good for the most part, but they’re not as fully featured as other registrars in my experience, and they’re more expensive.
It’s pretty common to be able to use your own nameservers. The only registrar that doesn’t allow this afaik is cloudflare. I’m sure there’s probably others that don’t allow this, but most that I have seen seem to allow you to use your own nameservers.
Why do you say you can only have 2 nameservers? I’m sure not all registrars / TLDs will support it, but you can certainly have more than that. I’ve personally had 5 before, but I’m pretty sure you can have even more.
I believe Hurricane Electric allows you to do zone transfers to their nameservers, so I think in theory you can use their nameservers as additional backups. The SOA records will match too because of this, but even if you did something crazy like manage RRs on different nameserver providers without zone transfers I don’t think this would be a problem (well, aside from it getting out of sync unless you’re really careful). The SOA records are mostly used for zone transfers afaik and resolvers won’t really care about them, so even if they don’t match everything should work, no?
I use them right now, but I’ve been disappointed lately and I’m considering moving away. They’re more expensive than other options and you have to contact customer service for some things, but their response times are pretty slow. E.g., they don’t have an interface to add glue records, so you have to ask them to do it… when I did this it took them a couple days to get back to me, and they forgot to add the IPv6 records too. My other domains are registered elsewhere (for cheaper) and they just had an interface to do this and it happened instantly. I keep running into problems like this with iwantmyname and it’s been kind of frustrating. I had problems with their name servers dying for a bit recently too… I was happy with them for years, but they’ve caused enough problems for me lately that I’m wondering why I’m paying extra for them.
Yes, that’s very fair :). You could do this very easily on a cheap VPS or a raspberry pi or similar, but if you haven’t done any self hosting before there would be a bit of a learning curve / investment. Might not be worth it for you, but it seems like you’d get a much cleaner and more elegant solution out of it.
To be honest, antivirus software is just not really a security tool. If you’re at the point where malicious software is running on your server you’ve already lost and it’s hard to know what extent the damage will be. Having proper isolation is much more important (something which, tbh, Linux isn’t quite as great at as we’d like to think, at least not with additional effort… mobile operating systems seem to take the isolation of applications a lot more seriously). You could maybe argue that the anti virus software is useful for monitoring, but I’d rather have some stronger guarantees that my application isn’t going to take my lunch money and private keys than a notice a day later that something sketchy is on my machine… I won’t flat out say a virus scanner is completely useless, because of course you can contrive of scenarios where one could be helpful, but they’re kind of dubious.
Also yeah, ClamAV afaik isn’t really used like a typical windows antivirus. It’s mostly used on mail servers to scan email attachments. It’s not necessarily even looking for “Linux viruses”.
AFAIK this is not what happens on NixOS. Every package gets installed into a directory that’s a hash of its dependencies in the nix store, but there’s no special isolation or anything on NixOS (well, when the packages are built there’s some isolation, but that’s mostly to keep the builds honest). That said, NixOS is a little better than most distros about creating separate daemon users for services with different permissions, but I don’t think it’s done universally. I love NixOS and it has many benefits, but I don’t think this is one.
Yeah. I think Forth is kind of just interesting for what it is and it fits it’s niche well. If you’re looking into Forth you probably appreciate it for what it is, and it’s a super flexible language so it can kind of be what you want it to be. It’s obviously not perfect, and it’s not the ideal fit for what most people want to do… but I guess people just don’t really expect it to be more than it is and it’s a smaller community so nobody is too vocal or angry about it. People will complain about other niche languages like lisp, ocaml, prolog, or Haskell all the time, but people don’t say much about Forth, and when somebody does talk about it it’s pretty much all praise. The Forth people are just content I guess!
It’s harder than a beginner would expect, but also not as bad as everybody says. It’s doable and we shouldn’t discourage everybody from trying it (but don’t use it for anything important until you’re sure it works). Just make sure you set up SPF / DKIM / DMARC and rDNS properly and you’ll most likely be fine. If you’re scared or frustrated you can use a relay for send. Receiving is easy.
I guess it would contribute to the confusion too. Works on my computer.