All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology.

I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own.

I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don’t know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite.

Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?

  • Admiral Patrick@dubvee.org
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    1 year ago

    Yes, I still run my own email server. It is not for the faint of heart, but once it’s configured and your IP reputation is clean, it’s mostly smooth sailing. I have not had any deliverability problems to date, initial setup/learning period notwithstanding.

    If you’re not scared away yet, here are some specific challenges you’ll face:

    • SMTP ports are typically blocked by many providers as a spam prevention measure. Hosting on a residential connection is often a complete non-starter and is becoming more difficult on business class connections as well (at least in the US, anyway).
    • If you plan to host in a VPS, good luck getting a clean IPv4 address. Most are on one or more public blacklists and likely several company-specific ones (cough Microsoft cough). I spent about 2 weeks getting my new VPS’s IP reputation cleaned up before I migrated from the old VPS.
    • Uptime: You need to have a reliable hosting solution with minimal power/server/network downtime.
    • Learning Curve: Email is not just one technology; it’s several that work together. So in a very basic email server, you will have Postfix as your MTA, Dovecot as your MDA, some kind of spam detection and filtering (e.g. SpamAssassin), some kind of antivirus to scan messages/attachments (e.g. Clamd), message signing (DKIM), user administration/management, webmail, etc. You’ll need to get all of these configured and operating in harmony.
    • Spam prevention standards: You’ll need to know how to work with DNS and create/manage all of the appropriate records on your domain (MX, SPF, DMARC, DKIM records, etc). All of these are pretty much required in 2023 in order for messages from your server to reach your recipient.
    • Keeping your IP reputation clean: This is an ongoing challenge if you host for a lot of people. It can only take one or two compromised accounts to send a LOT of spam and land your IP/IP block on a blacklist.
    • Keeping up with new standards: When I set my mail server up, DMARC and DKIM weren’t required by most recipient servers. Around 2016, I had to bolt on OpenDKIM to my email stack otherwise my messages ended up in the recipient’s spam folder. -Contingency Plan: One day you may just wake up and decide it’s too much to keep managing your own email server. I’m not there yet, but I’ve already got a plan in place to let a bigger player take over when the time comes.
    • phase_change@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yep. I’ve hosted my own mail server since the early oughts. One additional hurdle I’d add to you list is rDNS. If you can’t get that set up, you’ll have a hard time reaching many mail servers. Besides port blocking, that’s one of the many reason it’s a non-starter on consumer ISP.

      I actually started on a static ISDN line when rDNS wasn’t an issue for running a mail server. Moved to business class dsl, and Ameritech actually delegated rDNS to me for my /29. When I moved to Comcast business, they wouldn’t delegate the rDNS for the IPv4. They did create rDNS entries for me, and they did delegate the rDNS for the IPv6 block. Though the way they deal with the /56 IPv6 block means only the first /64 is useable for rDNS.

      But, everything you list has been things I’ve needed to deal with over the years.

      • Admiral Patrick@dubvee.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Yeah, I totally forgot about reverse DNS. Good catch. I probably left out a few other things what with the repressed trauma of it all. lol.

        I had to deal with Suddenlink business, and they were (somehow) surprisingly worse than what you described for Comcast (I didn’t know that was possible, TBH). Suddenlink wouldn’t even unblock the SMTP ports at all let alone delegate rDNS to our static.

    • styraco@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Aren’t you afraid about some important email getting discarded without you knowing about it? Or about unnoticed downtime which results in missed mails?

      • proycon@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        When I am sending? Well, once things are set up properly I’m pretty confident that things arrive (though nobody can ever be 100% sure of course). I also tend to mail to the same recipient domains a lot, like for work and hobby projects, so once those are tested you get pretty confident.

        Unnoticed downtime is usually quickly noticed, I depend on my server for a lot of things. Senders are often resilient enough to keep things in their queue and try a few times. There’s also a fallback MX registry at my (3rd party) DNS host which will queue stuff in case the primary MX goes down.

  • amd@lem.amd.im
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    It’s a great learning exercise but challenging to get right and ensure your deliverability and basically impossible from a residential-grade IP address (if you have a business class static IP at home you could pull it off).

    I ran an email server for decades but gave in and pay to host my email now.

    If google decides you’re a bad guy it’s such a pain to crawl back from that and I prefer my email to just work.

    • linearchaos@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Tbh, that document reads like a discovery channel 2am aliens documentary, but it’s not completely without merit.

      There are a couple line items about software services they’re using that are shitty that sound pretty legit. The fact that they’re operating in locations where they might have to hand over data sounds pretty legit. Their warrant compliance and logging/handing over a person’s IP address is legit.

      The CIA honeypot stuff is all really circumstantial. If the CIA was in as deep as is claimed, a lot of the real evidence people are turning up that they’re not a secure as they could be would be unnecessary.

      My best guess is they decided to make an email company based in Switzerland with the schtick that they’re secure (banks amirite?) They’re doing what they can to appear secure without spending too much money. They’re not going to have legal battles to keep your data private, and they are going to comply with agencies request for data. Even if they support end-to-end encryption if they are required by an agency to turn that encryption off for you, they’re going to do it.

      They’re probably less likely than Google or Microsoft to sell all of your data to the highest bidder, but realistically there’s no such thing as secure email.

      • Sploosh the Water@vlemmy.net
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        The basic assumption every privacy-concerned person should have about email is that it’s never secure. Unless you use an offline cryptography program to encrypt your email text and then paste it into the email body before you send it, your emails are insecure.

        Email was never designed with that in mind. If you want to communicate securely with somebody, use a medium/method that has been designed from the start for that purpose.

        I use ProtonMail because it’s not a massive corpo and it’s open source, but I don’t believe that my emails are significantly more secure than on a service like Exchange or Gmail.

        • DidacticDumbass@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          This has been my thinking about ProtonMail, even after reading the article on here, and even after reading https://digdeeper.club/articles/email.xhtml (which I have to reread because it keeps getting bigger).

          There is no perfect solution, just different levels of trust. That is right, if I want to be “secure” I got to act like a journalist and use a temporary solution or something that has end-to-end encryption.

          Besides, email is meant for public communication. No reason to elevate it into some something it will never be.

          • Sploosh the Water@vlemmy.net
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Yeah. In my experience, you have to be careful in the world of tech privacy/FOSS to not fall off a cliff to the extremes.

            You can always find reasons to not trust some piece of tech hardware or software. It’s all too complex and multifaceted to fully vett, and even when you can do that, there isn’t anything that isn’t touched in some way by mega-corps or glowie agencies.

            Tor was developed by the US gov, same with the ancestor of the internet. Your network traffic runs on mega-corp wires, through mega-corp servers. Your hardware is developed, built, and distributed by mega-corps, as is most the firmware and microcode in them.

            Even Richard Stallman, one of the most hardcore Free Software advocates has concessions he makes for firmware, microcode, and so forth.

            The only way to be truly and completely secure tech-wise is to pull a Ted K. And go run into the woods and live in a little cabin, disown any tech built after the turn of the century lol.

            It’s “all or something” not, “all or nothing.” Determine your threat model, your ethical bounds, and let those principles guide you. I think fundamentally what all FOSS folks have in common is the idea that the tech you use should serve your needs and desires, not the needs/desires of billion dollar mega-corps farming you as a product.

            • DidacticDumbass@lemmy.oneOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              This is the most sane perspective I have read. For sure it is important to have solid principles and do the right things whenever possible, but no one gets to demand changes for something they never contributed to, especially not those things that took a massive amount of money and human power to build. We are all standing on the soldiers of giants, and it is insane to think we can be Ratatouille, controlling them for out benefit.

              The only way to change governments and mega-corps is to make it unprofitable when they do the things we don’t like, or make it so doing the right thing makes them lots of money.

              Thanks for this, it is the reality check I need to make good decisions. Even if I do become the Unidumbass, the people I love who would never follow me into that lifestyle.

              • Sploosh the Water@vlemmy.net
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                1 year ago

                I actually have a formal methodology for how I engage with software/hardware from a FOSS perspective:

                Embrace, Subvert, Accept.

                For any task I do currently or want to do, I apply this process:

                I first try to find and use any FOSS software/hardware that does that thing well enough to use entirely. (Embrace)

                If there isn’t a FOSS solution that exists or does essential things I need, then I use a proprietary technology in a subversive way to do it. So cracked copies, jail broken or otherwise hacked hardware, or using the proprietary service through an unofficial/unapproved 3rd party app. (Subvert)

                If I can’t do that either, but the task/need is absolutely critical, only then do I accept using proprietary and unmodified software/hardware. (Accept)

                This method has worked pretty great for me. Now about 3 years after starting my FOSS journey, I have almost no software/hardware I use that is in that third category. Basically everything I use is FOSS, hacked, cracked, modded, or runs on platforms that are, and I enjoy tech and computing more than I ever have :)

                • DidacticDumbass@lemmy.oneOP
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  1 year ago

                  This is a good method. It is our duty to do everything we can to live by our principles, and be careful about the compromises we make. The more I go deep into FOSS, the more I discover. So much exists, it just takes some work on our part to fit it to our needs. Programming competency does not have to be high, just enough to fix any compile errors.

    • DidacticDumbass@lemmy.oneOP
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      That was a sobering read. We all feel victorious when we see big tech fail after they wronged their users, but fundamental technologies that actually run the world have already been lost, and may never be recoverable for egalitarian use.

  • Robbie@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    E-mail was the first “thing” that got me off of Google (to Proton & then currently Tutanota) but is really the last remaining service I not have self hosted.

    I have always read about how difficult and time consuimg it was to run your own mail server, but I felt like I needed to experience it myself. So I purchased another domain and followed the instructions on https://mailinabox.email/.

    I am using a small VPS on Hetzner and I have to say the experience has been almost flawless so far. I did need to have my new domain taken off the Domain Block List, but Hetzner gave me a clean IP and defaults to blocking port 25 outbound to prevent spam (simple ticket to open, once account is 30 days old and paid).

    I know I’m still early into this journey so far, but it has been really simple and I plan to test this secondary domain for a few months before moving onto it full time.

    As an avid self hosted of literally everything else, I can say it has been a lot of fun learning so far!

    • DidacticDumbass@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Hell yes, I love the enthusiasm! I just got a domain, which is giving me 3 months of email, so that is great. I feel like Tutanota is the most honest email service when it comes to advertising privacy, and they do some stuff that Proton definitely does not, like make recovery impossible without a key, and use no other method.

      My next step is to get a VPS, and Hetzner is the name I have seen pop up the most. I will use that.

      Thank you!

      • Robbie@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yes I haven’t had any real issues with Tutanota, but it seems like the common trend is that they, and everyone else, is raising prices for things I dont really need. But at the same time, the things I do need, I.e. accounts with enough storage for my family, will start costing more than the price of renting a VPS alone. So for me, its partially privacy, but also ownership of my data and cost benefit analysis where I am now trying to make CERTAIN that my self hosted email is worth the cost savings.

        • DidacticDumbass@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          That is the thing, I am willing to pay for email, because then the incentives are real to the provider to follow best practices for privacy and quality of life, but the pricing blows up too quickly due to to features I will never use. I need something more granular.

          I am also looking at Disroot and Posteo, which I like because the have hardened ethical principles driving their services, and that is worth supporting.

        • Robbie@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Also to add on, I didn’t like that tutanota requires their app and that was another reason I wanted to switch. Their app is also really slow for me, where I know I received emails but they take way too long to “load” and “appear” once I open the app.

  • thekernel@lemmy.ml
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Not worth the hassle - best compromise is to get your own domain but use a provider like fastmail to host it.

    If they turn sour you can move your domain to another mail host.

    • DidacticDumbass@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I think this is the solution I was thinking about in the first place. I was just musing about it being part of a home lab. I have to consider whether this solution is is better than just paying for secure email.

      • thekernel@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        There are advantages to having your own domain - you can use something like vendor8832@yourdomain.com so each site you sign up to gets their own unique “to” address, that way you can easily send their mail to trash when you dont’ need to deal with them anymore, and will also let you know what company had a data breach if that unique email address starts to get spam.

        • DidacticDumbass@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          This is what I want! I want that granular control of having an email address compartmentalized for specific kinds of communication. I mean, I know it is something provided by basically all email providers, but I don’t know, for sure there are limitations. A unique address for each website seems like such a smart thing to do, on top of being stingy with giving out my email address.

          • timbuck2themoon@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Protonmail at certain levels gives you simple login with unlimited aliases. Something to look into. I love it and have been with them for years.

  • Chobbes@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Gotta say, I’m really happy to see so many people here actually talking about doing it! Usually I see a lot of fear-mongering about self hosting email. You can do it, though, and I think we should encourage more people to do so! It can be a little tricky to set up at first because there’s a lot of different things you need to configure and make talk to each other — I haven’t used them but there’s things like mail-in-a-box that are supposed to make this easier. But the most important thing is to make sure you set up SPF, DMARC, and DKIM DNS records (and set up DKIM signing for your outgoing messages). I’d recommend setting the ruf and rua tags in the DMARC record so you get mailed reports from other mail servers (can help you debug if your mail is getting rejected). I’d also use these tools:

    https://www.mail-tester.com/ https://www.learndmarc.com/

    Happy mailing :)

    • DidacticDumbass@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Thank you for the encouragement! I am inching my way towards building a server, and I am thankful for all the tips and suggestions I got.

      I am starting to think that if email is the hardest to self-host, then perhaps more people should try it. It is worthy to take regain indepedence and autonomy of technology, even if it seen as a lost cause.

      Yeah, I hope to get something running soon, just so I can say I did it.

      • Chobbes@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I wish you luck! Some people claim to have troubles sending emails with Outlook blocking whole IP blocks, but it’s a little unclear how much of a problem this actually is to me… it’s a little hard to know if outlook is actually doing this or if people have misconfigured mail servers… In my experience people complaining about this often have a broken dkim key or something. Maybe it’s worth signing up for https://www.dnswl.org/ too, but I’m not sure how big of a difference it makes.

  • enbee@dataterm.digital
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    a bit late to the party here, but I didnt see iRedmail mentioned. been using this to host my own email on a VPS for a little over a year now and its great. for me its worth, you can absolutely make it secure, and its not stupid to run it off a local computer. unfortunately most ISPs make it insanely difficult to host on your home network.

    • Aaronjamt@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      How do you send mail with it? I’ve played around with using Postfix and never had luck with the outbound mail side, largely because my ISP blocks port 25 and I couldn’t ever figure out how to authenticate with public SMTP relays (like Gmail’s, for instance) such that they will actually let me send emails from my domain.

      • enbee@dataterm.digital
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        the documentation for iRedmail covers your question. I abandoned trying to host locally because my ISP blocks all email related ports.

        • Aaronjamt@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Can you point me to where it describes sending email? I can’t seem to find that mentioned. When you say you abandoned trying to host locally, did you move to a more “traditional” public email service like Outlook or Gmail or did you continue selfhosting, just on a VPS or similar? If the latter, are there any services you recommend?

  • FluffyPotato@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I used to run my own mail server about 2 years ago but unfortunately the spam got so bad I didn’t have the time to manage all the filters. I moved over to ProtonMail since I can still use my own domain there. So I guess I would say it’s not really worth it also it really sucks if your power is out and not having access to sent your power company a strongly worded email.

  • neutron@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I did for a couple years, but moved to mailbox.org a while ago. The effort was much to high to save a few bucks and there is no real upside to it. E-Mail is a troublesome mixture of different protocols from the internet stone age held together by chewing gum (SMTP, POP3, IMAP, DNS, database or file storage, maybe ActiveSync, Web-Mailer, …)

    Even when everything is up and running there is always maintenance to keep your SSL certificates up to date, update your incoming spam filter technique, keep other mail providers assured that you are not spamming (DKIM, etc.), keep all the different system services (see above) up to date and interoperable, etc. and every few years when you want to move to a new server, provider or Linux distro you start it all over again.

    • DidacticDumbass@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Damn, it is so bizarre that email of all things would be the least operable by tech savvy individuals. Someone linked an article that explains it, and it truly is depressing. Like, it makes me not want to even have email… which is not really possible if I want to be employed. Eh, it’s not like I DON’T already have free email accounts, I just don’t always like the decision my provider makes.

      • neutron@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Well, there are plenty of providers out there there should be one that suits you. Having a domain of your own with DNS access and letting the provider doing the hosting is not (so) hard and gives you the flexibility to switch any time.

        • DidacticDumbass@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          That is cool. Everytime I have created a new email account, it has been an island. Never learned to preserve emails… Well, except the one time I use Thunderbird. I should set that up again. Maybe it would solve my issue of multiple accounts??

          In any case I like consolidation and I don’t like logging into a website everytime if I can avoid it.

  • Dumledyr2005@feddit.dk
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I run a complete ISP style setup with multiple domains. I run it from a rented server at Hetzner, so i don’t have problems with being black listed for sending from a consumer IP.

    • DidacticDumbass@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Nice! I appreciate the guide! Even if I end up using a premade solution, knowing how everything works will help me be smarter about the choices I make.

      Thank you.

  • sunbeam60@lemmy.one
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Despite my willingness to self-host almost everything, e-mail remains the last frontier for me. Keeping abreast of standards, keeping up today, avoiding implications in abuse and many, many smaller issues abound … and that’s despite my fixed IP and ISP willing to set up a reverse-DNS for me.

    Instead I’ve gone with a paid email provider that I’m REALLY happy with.

  • frantic6423@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I do. Run about a half dozen email servers for various organizations. Been doing it for almost a decade for some. Other than initial setup pain, I’ve had zero problems others describe. I have used (and still run) docker-mailserver, mailcow, mail-in-a-box and mailu. All are lovely in their own way and fit various use cases better than others.

    • konekt@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Your comment is amazing and your experience with that too. Could you explain a little more about what pros and cons of these services? I saw right here the link to IsPGuide - workaround.org where he recommends Debian and metal service. Would you have any opinion on that too?

    • DidacticDumbass@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This is so encouraging! For sure it takes a level of technical proficiency and experience, but any technology that has been around for decades has been simplified and automated in one way or another. In retrospect, it is ridiculous to think that all these email providers could exist if they could not overcome the stranglehold of Google and Microsoft, so it must be possible for individuals to do it too,