this post was submitted on 13 Aug 2023
93 points (93.5% liked)

Selfhosted

39893 readers
366 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I have run my own mail server now for 20+ years. its is runnig postfix , with spamassain. the users have imaps, and roundcube www gui.

It had been running fine, and have been updated HW / OS a lot of time over the years, now its runnig on rocky O/S

top 42 comments
sorted by: hot top controversial new old
[–] namelivia@lemmy.world 52 points 1 year ago (3 children)

I've been told running an email server is the final boss of self-hosting

[–] Im_old@lemmy.world 26 points 1 year ago (2 children)

The ultimate boss fight is hosting your email server AND making your family use it

[–] cooopsspace@infosec.pub 20 points 1 year ago (2 children)

Actually to be fair, mine works fine and always has. The final boss is making Hotmail/live/Microsoft actually accept your email despite you jumping through all the hoops to have perfect spam score.

[–] Lichtblitz@discuss.tchncs.de 7 points 1 year ago

Everyone keeps saying that but I just can't see it. The only time my mails were rejected was because I didn't know what I was doing at the beginning of my journey. Now, whenever I changed my stack or did some major updates the past 20 years or so, I just go to 2-3 sites that analyze my mail server from the outside and tell me if there is anything wrong. The free tier is always more than enough. Just make sure there is at least one service in the list where you send an email to a generated mailbox and have it analyzed. Just looking at the mail server is not enough to find all potential configuration issues.

I aim at a100% score. It's time consuming the first time around but later it's just a breeze.

[–] volle@feddit.de 2 points 1 year ago (1 children)

This! Never managed to get this achievement 😃

[–] cooopsspace@infosec.pub 2 points 1 year ago

Mine also works fine though. That being said I do only apply for jobs using this email so if you have a problem with hosted email providers I probably don't want to work for the company anyway.

[–] Appoxo@lemmy.dbzer0.com 11 points 1 year ago

Would never want to do it. I don't wanna be responsible for the outage and them needing an important email.

[–] ninjan@lemmy.mildgrim.com 20 points 1 year ago (1 children)

IMHO, as someone running his own mail server, the real final boss is LDAP and implementing SSO on all your selfhosted goodies. Bonus points if you then use it to login to other services that support OAuth 2.0.

[–] Slotos@feddit.nl 11 points 1 year ago (1 children)
[–] ninjan@lemmy.mildgrim.com 6 points 1 year ago

Oright, yes, I haven't studied it properly yet, thanks for the correction.

[–] Konlanx@feddit.de 7 points 1 year ago* (last edited 1 year ago)

I have my own mailserver just for me and it wasn't that complicated to be honest. I set it up with Mailcow in Docker in under a day. So far it has been stable with regular backups and updates through Lighthouse.

Maintenance comes down to 5 minutes every three months because somehow Let's Encrypt and Mailcow don't like each other and I have to renew the certificate manually.

[–] bluesydney@lemmy.world 9 points 1 year ago (1 children)

If you are looking to do this then go check out Mail in A Box

Great collection and super helpful forums

https://mailinabox.email/

[–] wgs@lemmy.sdf.org -1 points 1 year ago (1 children)

Lol you could have read the post, he's been doing that for 20+ years

[–] bluesydney@lemmy.world 3 points 1 year ago

I had read his post. There were plenty of other comments asking how/where and this makes it an easy option.

[–] jesterraiin@lemmy.world 9 points 1 year ago

Buy yourself a cookie!

[–] merthyr1831@lemmy.world 7 points 1 year ago (2 children)

I watched a talk, "fun with email" by Dylan Beattie, and his personal advice was "dont bother self hosting unless you're using it for contacting other self hosted users".

Without the dedicated IT support and clout of a large company he said you're gonna spend more time asking other servers to whitelist you than you're gonna actually spend using your email.

Is that something you can corroborate?

[–] thomsbe@red.cyberhase.de 4 points 1 year ago

That's not true. I run my own email server for 15+ years now. There are only 5 of 6 mailboxes. I never had a problem with any other host. Not Microsoft, not Google. Maybe, the reason was, the IP was also 15+ years assigned to the same domain. I have only known senders, family and friends.

The last days, the hole subnet was blacklisted on some blacklists. So that was not my fault, the growing business of the provider lead to this situation. Eventually I moved to a very small provider and run a mail cow on a vps. On a fresh IP without any reputation. Same 'customers', the only issue was with T-Online in Germany, but a mail solved this. To keep this kind of issues away, I use sendgrid as a SMTP forward. With only a few mails per day, this is free. Mailcow provides a lot of features, rspam filtering, a lot better and faster than spamassin. Active sync, imap, webmail, everything. Solid backup, runs without any problem.

[–] Fizz@lemmy.nz 1 points 1 year ago

Fun with email was a great talk.

[–] Feidhlim@lemmy.world 7 points 1 year ago (1 children)

As someone who has zero experience hosting anything, what are the benefits of doing this?

Thank you!

[–] Trondk@lemmy.world 10 points 1 year ago (2 children)

Well I didn't want google to read my mails, and use the content to generate ads, or profiles on me or my family. Besides that it's keep me up to date on mailserver and mailman . Besides I do it professionally so it was easy

[–] Anafroj@sh.itjust.works 5 points 1 year ago* (last edited 1 year ago) (1 children)

Well I didn’t want google to read my mails

Sadly, it only works if no one in the recipients of the mail is on gmail (or if everyone use pgp, which I would tend to think is even more rare).

I host my own mailserver as well, and I would add as benefits:

  • creating as many email address as you want easily, possibly regexp based address (awesome to give every site a different address and know where the spam comes from, without using the well known schema username+something@host). That also makes routing/filtering mails way more easy, you just have to match the recipient address.
  • delivering mails to software, to put email at the center of interapps messaging (basically, that means that postfix pass a matching email to the executable of your choice on your system instead of storing it in your mailbox)
  • advanced rules for handling emails. When I want to block a spammer that managed to get my real email, I use regexps to match their mails and reject it with a "REJECT 5.1.1 Recipient address rejected: User unknown in local recipient table" error, imitating the error for unknown users, which often triggers a mail system to remove your address from their database
  • easily configure apps to send me email. When I write an application that will send emails to me and only me, I configure it to use my smtp on port 25 without authentication instead of the usual smtps configuration they expect. It connects to it and asks to send a mail to me, which is accepted since I'm a local user. It makes everything way easier (try to do that with gmail and get your IP banned)
  • easy backups. Both of the mail system (I backup the whole sdcard of the pi) and of the emails. Never lose an email again.
[–] Cevedale@feddit.de 2 points 1 year ago (1 children)

Are there any good recources on how to host you e-mail-server?

I guess slapping it on my local raspberry pi wouldn't be enough no? So you probably need a quite sophisticated setup so that there are no downtimes?

[–] Anafroj@sh.itjust.works 4 points 1 year ago (1 children)

I guess slapping it on my local raspberry pi wouldn’t be enough no?

Oh no, that would be way not enough. :) Managing a mailserver is a sysadmin task by itself. While you don't need to do much once it works (which often is a perk of sysadmin work, compensating for the fact that when it does not work, they may have to wake in the middle of the night to fix it), it's notoriously difficult to get right : you have the configuration of the mailserver to get right first, so that you can send emails, but nobody else can and you don't become a spam relay without knowing it. Then you have a lot of configuration to do to be able to retrieve your emails from your server, which uses other protocols that you must learn about. Then you have "optional" things that you must setup (SPF, DKIM and DMARC), which you won't be able to send mails to gmail or outlook if you don't set them up properly. And when you will have got all of that right, you will have enough experience to be hired as a sysadmin. :)

I can't provide a good resource for learning it, I learned it 15 years ago when it was way more simple (before SPF and DKIM), and picked every addition as they appeared, but any course on how to manage a mail system will do. There is no difference in doing it for your self-hosted server and for a company (except maybe that for a company, they'll make you handle users in a database, which you can forego for your own needs). I would recommend to learn how to use postfix first, then any imap server (courier-imap is a top runner), and when you're comfortable with that, you can learn about SPF, then DKIM, then DMARC. But be aware before going through it that this is basically learning a new skill (sysadmin). You can find docker images that setup everything automatically for you, but I would recommend against that, because at some point, things will break and you will have no idea how to fix them. And if you try to fix them while not knowing well what you're doing, that's a good way to end up being a spam relay. Plus, those docker images are difficult to customize, which quite defeats the point of managing your own mail system to begin with.

[–] Cevedale@feddit.de 1 points 1 year ago (1 children)

Thanks for the long answer!

I haven't heard of most of your abbreviations/term till now so I guess this will be one of the bigger journeys through the world of IT :)

I do have to say for the purpose of tinkering I love these bigger projects because you learn so much on the way. Now having read your answer I am even more exited to try it out :D

[–] Anafroj@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago)

I do have to say for the purpose of tinkering I love these bigger projects because you learn so much on the way. Now having read your answer I am even more exited to try it out :D

That's awesome to hear! Welcome, and have fun! :)

I haven’t heard of most of your abbreviations/term till now

Oh, my apologies. Here is a definition list :

  • SMTP : Simple Mail Transfer Protocol : the base of any mail system, it's the server you contact to send emails, which relays your mail to an other SMTP server (where your contact is hosted), which stores the mail for user to retrieve
  • IMAP : Internet Message Access Protocol : one of the protocols that can be used to retrieve emails from your mailserver (the other one being POP3)
  • SPF : Sender Policy Framework, a configuration on your domain name specifying which machines are allowed to send mails in its name
  • DKIM : DomainKeys Identified Mail : a signing process (signing each mail) to validate the "From" email address is indeed authorized from the domain it pretends to
  • DMARC : a warning system to let you know when someone pretended to be you (also giving instructions about what to do with emails when SPF and/or DKIM are missing or wrong)
[–] Feidhlim@lemmy.world 1 points 1 year ago
[–] zaggynl@lemmy.world 5 points 1 year ago (1 children)

Now for the Final Challenge, write an eli5 tutorial on how to host and maintain a mail server!

I can't take credit for writing it, but here you go!

https://workaround.org/

[–] cow@lemmy.world 3 points 1 year ago

I am currently working on this. I got a static IP and port 25 unblocked from my isp. I am trying to do opensmtpd and dovecot with dkim signing.

[–] x00@kbin.social 3 points 1 year ago

I've been running a mail server for so long I used to understand Sendmail's M4 configuration language!

[–] ninjan@lemmy.mildgrim.com 2 points 1 year ago

Awesome, I'm only on year 3 or so. Have you implemented DANE? I haven't gotten to a point where I can properly make it work but I'm slowly getting there.

[–] Savaran@lemmy.world 2 points 1 year ago

I’m in a similar boat. The only major issue I’ve found people are likely to run into is mass IP blocks from MS/Google. Where do you host it? Cloud provider these days or colo type place?

[–] jcal@lemmy.dbzer0.com 2 points 1 year ago (4 children)

Do you know if this setup could run on 512mb of RAM? I tried to set up mailman 3 but it gets OOM-killed immediately

[–] RegalPotoo@lemmy.world 5 points 1 year ago

You can, as long as you aren't trying to do virus scanning - ClamAV needs a couple of GB on its own

[–] haydng@lemmy.nz 4 points 1 year ago

Mines running postfix, spamassassin and dovecot and runs pretty happily in 1GB, but when I was running in 512MB Spamassassin would get killed fairly regularly when it ran out of RAM

[–] cooopsspace@infosec.pub 3 points 1 year ago (1 children)

Doubt it, but it's the spamassasin part that I think won't work.

[–] MrMcGasion@lemmy.world 2 points 1 year ago (1 children)

Yeah, I'd recommend using rspamd for lower-end hardware over spamassassin. Might be a bit more work to set up, mostly because it's not as popular, and there are fewer tutorials, but it doesn't have the overhead from running on perl like spamassassin. That said, while there are people using rspamd on systems with 512MB of ram, they are usually smaller, personal setups that aren't dealing with hundreds of emails a day.

[–] cooopsspace@infosec.pub 3 points 1 year ago

Look a basic VM from OVH or Vultr runs you like $5 USD. I'm talking 1 core 1gb ram. If anyone is offering 512mb for any less than like $2.5 is a scammer. But seriously, $5 is immensely worth it.

[–] Trondk@lemmy.world -1 points 1 year ago

Nope sorry, that is to little ram. I don't know how much ram my mailserver uses but will look

[–] Decronym@lemmy.decronym.xyz 1 points 1 year ago* (last edited 1 year ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
IMAP Internet Message Access Protocol for email
IP Internet Protocol
POP3 Post Office Protocol v3, for email; contrast IMAP
SMTP Simple Mail Transfer Protocol
SSO Single Sign-On

5 acronyms in this thread; the most compressed thread commented on today has 20 acronyms.

[Thread #38 for this sub, first seen 13th Aug 2023, 16:35] [FAQ] [Full list] [Contact] [Source code]

[–] clavismil@lemmy.world 1 points 1 year ago (1 children)

Those that are hosting their own mail server, did you stop using regular mail (gmail, outlook etc). Is possible to migrate to self hosted mail? I don't think I can't stop using gmail and other google services that's stopping me from trying to do this.

[–] Trondk@lemmy.world 3 points 1 year ago

I'm am stopping using Google services, mail moved ( newer was there to begin with ) Contact moved Missing calendar, but it will be moved.

I'm de-googling my setup 😁