I don’t buy into the myth that running your own mail server is “hard”.
For a server with only a few users, the hard part is outgoing mail, ensuring your mails get delivered. I did what I can here, and simply use a paid service on another domain for important things where delivery must be “guaranteed”.
It’s an interesting post, but saying it’s “not hard” and then “welllllll it’s not hard if you don’t bother with a spam filter & pay a professional company for ‘important’ email” is pretty misleading.
Doing it is not hard.
Doing it well is hard.
It’s also not true. I ran an own mail server for a few years. If you’re strict with the protocols it actually isn’t a hard thing. Even setting up spam filtering isn’t really complicated. Everything has to be done once. Maintenance really isn’t problematic. Just keep an eye on the monitoring if something crazy is happening and regularly do updates and check your certificates.
Author here. Let me clarify.
For a server with only a few users, the hard part is outgoing mail, ensuring your mails get delivered.
It is not particularly difficult from a technical point of view.
But if you get blocked by big tech even when doing everything right (reverse DNS, SPF, DMARC, DKIM, RFC compliant MTA), you have to beg them to unblock you. This part is time consuming.
I’ve read horror stories where it went well for years until suddenly Gmail started flagging well-behaved servers as spam without any clear reason. Sometimes mail got through, sometimes it didn’t, without any clear pattern or explanation.
I simply don’t have that kind of time and nerves to deal with this. “hard” may be the wrong word, but it is nerve-wrecking.
I finally ended up going to a larger mail service (paid, but free) that just provides an outgoing smtp relay for me. Even on a busy month I send far below the 1k emails they require before they start charging, and their servers IP ranges aren’t blanket blocked by the Google’s of the world.
That’s why I finally gave up after nearly 3 decades of running my own email server. It’s just stamping out fire after fire and my time became way more valuable as I got older.
There’s so many services where I’m like, wow what am I even paying for? Email is one where I know exactly what I’m paying for.
I have been running my own mail server with similar requirements for 20 years now.
I empathize that getting flagged by major providers is the most worrisome part.
Yet, it’s not as bad as it was in the years 2012-2015 when SPF, dkim and dmarc strated becoming mandatory.
I maintain my outbound server against all odds, mostly because I think it’s very important that independent providers can still exist.
Article is not great, but I share the general sentiment that running your own email is not difficult. Setup takes some time, but once done - it’s just a regular linux server, nothing fancy about it. Letsencrypt takes care of the certs, cron takes care of rebooting when necessary.
Reboot? Since when does Linux need a reboot? I’ve been thinking about migrating from FreeBSD to Linux, but now I am confused.
It has always needed a reboot when it comes to kernel or init. Same applies to BSDs.
You mean when you update the kernel? No one updates init on BSDs. This is mostly a entire world upgrade. But I’d never reboot from cron. My servers run 100 days without a reboot on average. In most cases there is no reason to update world, only the packages.
Keeping your kernel updated is definitely recommend
Of course, but I can see and understand what is patched and can see if I’m affected or not. In the previous version I haven’t been affected for 500 days.
Caught a typo, it’s “honeypot” not “honeypod”
mail is the one thing I refuse to self host for the simple reason that despite not being particularly hard to get up and running initially, when it doesn’t work for whatever reason it can be and often is a gigantic pain in the ass to deal with, especially when it’s something out of your control. For personal there’s very good free options, for enterprise those same free options have paid options.
Whether it be gmail having a bad day and blocking you or whatever cloud provider or on prem infrastructure crapping out for long periods of time causing you to be cut off from email for a while and potentially missing incoming mail permanently if the retries time out. Or anything in between. It’s one of those things where I’m glad it isn’t my problem to deal with.
My only involvement with email is ensuring I have a local copy of my inbox synced up every week so if my provider were to ever die I still have all my content.
On the other hand you can lose your email address at any time if you don’t own the domain. So if Google decides they don’t like something you wrote your @gmail.com address could be gone tomorrow. And with it all your accounts you set up (as you need email usually to login or do changes).
The whole e-mail ecosystem sucks :-/
My self-hosted mail server works fine for now, but that could change at any moment.
I thought that was the sensible solution, though – you have your own domain names, but then use some reputable e-mail provider for the actual server.
E.g., I use mxroute, and wouldn’t imagine setting up the e-mail servers myself, even though I still wind up having to muck about in the DNS records when getting things set up.
On the note of corporate addresses, I remember that I had a bigfoot.com e-mail address, that was supposed to be “permanent”, and work as a forwarding thing, as I switched between various ISPs for my e-mail address.
It was significantly less permanent than having my own domains. And, with Google, we never quite know when they’re get bored or run into money issues. But some of my domains? I’ll probably have them as long as I’m alive, and that’s probably long enough.
Dealing with arbitrary black lists is annoying as fuck, contacting the admin or the automated tools to get your ip removed is hard as fuck, you will get put on there for no discernable reason and burden of proof of innocence is on you.
I aplaud the write up and recognise that the OP has developed a solution that suits their use case.
Personally I started running my own mail around the same time, but host for several family members at the same time.
I went a slightly different route and pay for a mail filtering service for inbound filtering and outbound relay. All up costs me $90USD per year for inbound and $4 a month for outbound
This has solved most blacklist and outbound mail server reputation issues.
I used to run zarafa till they went commercial. I’ve since migrated to Mailinabox as a platform. Its pretty resilient. (I’ve just disabled greylisying and spam detection as I’ve got upstream MX filtering already) I’ve also recently been through a MiaB major upgrade - it was pretty simple once I actually read the instructions properly!
Would you mind sharing what outbound relay you use? Also been running MiaB for a while and have lately been getting fed up with reliability issues.
DuoCircle but I’ve just checked and the service I pay $90/year for is now $50/month, which is bananas for my low email volumes.
Have anyone tried to self host the email receiving part while using some enterprise service (aws ses, sendgrid or something) to send emails without worrying about being flagged as spam? What’s your thoughts about this setup?
The compromise I’ve landed on is that I host my own DNS mx records, and point them to a paid enterprise mail provider.
This gets me the advantages of a paid provider while keeping my actual email address fully mine, to take wherever I want.
I did still have to learn a bunch of DNS rules in order to send all the correct “I’m not an evil spammer” headers and DNS records. But following a one page tutorial worked for me.
Edit: A disadvantage of my approach is that I’m still at the mercy of my email provider if I want to export my message history, and for the privacy of my message history.
That’s what I do nowadays with Protonmail
I respect the writeup, although personally think the use-case described is too specific for general mail hosting. I have had a different experience for a similar amount of time running a couple of mail servers for home and work myself. I didn’t have the luxury of avoiding spam/virus filtration on the work server due to the domain’s history and the nature of 3rd party users with varying degrees of tech literacy. Most issues I have faced with maintaining these servers have been down to the filtration elements the author was able to avoid, specifically the virus scanner growing in memory footprint as hot new virus definitions are included. The overall virtual footprint of my postfix/dovecot/sql/nginx/roundcube/spamass/clamav stack has grown significantly over the years on clam alone, depsite no real change in usage patterns. Ongoing maintenance outside of ClamAV has been minor, but something will pop up now and again when a large 3rd party makes a decision that forces others to follow suit, or a new mail client is picky about protocols, etc.
At the time I needed to deploy these servers, the task was more difficult and required a lot more scrutiny than most other admin work I had done at that point (from a history of web server and backup system maintenance). The mail servers tended to require more active maintenance than most other small/self-hosting roles like web/file/game servers, or deploying a NAS or network gateway with a taylor-made distro/OS. Familiarity was the main roadblock; there was a lot of mail-specific terminology and best practices that differ from other server software. There is also a lot of ‘legacy friction’ related to bolting on separate daemon interaction that SMTP was never meant for while still maintaining backward compatibility with SMTP servers and mail clients. I have seen a lot of parallels with deploying and troubleshooting fediverse and ActivityPub driven software, likely due to the similarly decentralized behavior and reliance on 3rd party uniformity. I think it’s probably fair to call mail hosting ‘hard’, at least comparatively.
No shade on the writer though, and there are plenty of other ways to make mail hosting easy on yourself in 2023 (containerism and automation, or all-in-one solutions like Mail-in-a-box come to mind). Despite the difficulties, I’d rather the option to self-host mail not be yanked from the average user just because Google or Microsoft has the user-share to disengage with the rest of the network without much consequence, as they have done in the past for other things.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol NAS Network-Attached Storage SMTP Simple Mail Transfer Protocol nginx Popular HTTP server
5 acronyms in this thread; the most compressed thread commented on today has 13 acronyms.
[Thread #24 for this sub, first seen 11th Aug 2023, 09:25] [FAQ] [Full list] [Contact] [Source code]
Good bot!
Thank you for sharing. Self hosted email server does not sound so bad after all.