Piggybacking off the selfhosting email post earlier, does anyone have experience self hosting anon addy?

MonkCanatella@sh.itjust.works to Selfhosted@lemmy.world – 17 points –

I'd really like to use the service and in fact I wish I'd been using it forever. But I want to do it right and self host it. It's just, maybe the most complicated thing I've ever seen.

Does it require self hosting your own email server as well? If you already own a domain, does that make the process easier?

is Anon Addy the only service like this? Also I'd love to integrate with bitwarden, so when I create a new account for some website, I can automatically create a new email address. (idk if there's any reason to do this, just think it could be cool)

To piggyback further, I've been wondering if having my own domain would help me get around my double nat issue not allowing me to make reverse proxies.

Thanks in advance to the community!

Edit:

I think I have a solution! Bitwarden actually has these integrations already and it's relatively new. duckduck go just doesn't work. I tried forwardemail and that site is filled with dark patterns so you think the free account is worth a damn until you're already invested time into setting it up. At the last minute it tells you you can't use it with bitwarden on the free account. The others are at least up front about their pricing. forwardemail.net doesn't even have a pricing page. Sending emails from the masked addresses is also paywalled. pretty much all functionality on forwardemail.net is paywalled, but they hide it from you the best they can, so fuck that company.

I spoke too soon. There's no option that isn't paid. So I guess back to self hosting anonaddy

Edit: I finally got duckduckgo email working with bitwarden integration. It now generates a random email for me automatically!

Edit edit: Found a good solution:

There are two solid solutions I think for this problem: Bitwarden + SimpleLogin integration. Ends up being about $40/year. The SimpleLogin integration is more limited as it just generates a generic hash. Pass gives you more flexibility - it adds the domain followed by a hash. It's cheaper by a few bucks if you pay per year.

or

Proton Pass ($48/year, or $36/year if paying for 2 years, or if you have proton unlimited ($8/mo), it's included What' nice is that the email address alias generator is built in and has a lot more options. It's cheaper if you pay for 2 years or already have proton unlimited. Both have stellar track records.

23

Isnt anon addy the kind of thing that works best for not self-hosting? You'd need a domain, which is registered directly to you, so not anonymous, and youd end up getting all the spam emails sent to your mx server, so you would have to deal with that?

Have you tried self hosting it or know what goes into it? Do you know of any alternatives? The functionality I'm after is being able to use a different email address per service I sign up for and tracking that with bitwarden, then forwarding all emails to my main email.

You can use a “+” symbol to make simple sub-aliases that all get sent to your normal email. If my email is me@domain.com any email sent to me+anything.example@domain.com will be sent to the inbox of me@domain.com but the email address is was sent to will be listed at me+anything.example@domain.com. Bitwarden can do this automatically when you generate a login.

If your email alias is ever leaked or gets used for spam you can just block all emails going to that alias.

I'm pretty sure most spammers know to strip the + sign away at this point. I wouldn't trust that to truly work

Most of the spam mails I receive simply greet me by the exact part in front of the @. I think you are too confident in regards of „most“ spammer‘s capabilities.

I used to host anonaddy, I don't have the docker compose or configs anymore but I don't remember it being that bad. I stopped a couple years ago because simplelogin became included with my vpn subscription (and then I found fastmail, which has a similar feature built in so I ended up canceling simplelogin and that vpn and going to fastmail and mullvad). I basically just edite their example compose/env files and ran it behind my existing nginxproxymanager setup (that is gone now too, ended up moving to traefik but that's a story for another time). compose example here: https://github.com/anonaddy/docker/tree/master/examples/compose

Thanks! Do you have a static IP or anything? I'm behind a double NAT and my ISP is really restrictive. They don't even let me use port forwarding on the suplied ont/router

yah, you need an ideally clean static ip because that is what is used for repution stuff like spf/dmarc/dkim I hosted this on a tiny vps

I didn't think so. I discovered SimpleLogin and Fastmail though and these are more than sufficient for what I want. They cost money but I think it's worthwhile

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
CGNAT Carrier-Grade NAT
DNS Domain Name Service/System
IP Internet Protocol
NAS Network-Attached Storage
NAT Network Address Translation
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)

[Thread #172 for this sub, first seen 28th Sep 2023, 14:45] [FAQ] [Full list] [Contact] [Source code]

I have a catchall inbox so I can just make up any email I want and everything gets forwarded to the catchall inbox. It’s pretty easy to set up if you do host your own mail server (which is relatively easy for receiving mail). Obviously this doesn’t integrate with bitwarden or anything, though. If you want to forward emails to your main email account on a big provider you’re going to have to make sure your server can send emails you can potentially use a relay service for this, or just set it up yourself (you’ll mostly just need some DNS records for SPF / DMARC / DKIM).

You need to pay for an email service or? I do have my own domain. Bitwarden has catchall functionality builtin! https://i.imgur.com/JEXOrnI.png

Relays do cost money, though I think some have a free tier for small volumes of mail. You might also see if your registrar or host provides anything for email.

The easiest way to do this is to start with just receiving email and not worrying about forwarding, though. You can host your own imap server and just have a catchall account that’s separate from your main email to start, and if you really want to forward you can worry about send later. Receiving email is easy, the thing that people struggle with for email is sending because there are a few requirements like dkim / spf / DMARC and reverse dns that you might not know about and may configure incorrectly and feedback is hard. Also if you have a residential ip I’ve heard it can be harder to send too. If you’re just forwarding to yourself, though, that’s probably a little easier because you can test more easily / mark yourself not spam. If this is your use case I wouldn’t worry about setting up a paid relay service. You don’t need it unless you really want to forward and have troubles making send work in your own.

With all that said maybe anon addy is easy to set up on your own and gives you what you want. I wouldn’t know! I’ve never used it before.

I'm behind a double nat and my ip situation is liable to change. I finally got duckduckemail working. So far it's free but you never know when the enshittification will begin. It seems unlimited but who knows, maybe it's a hidden limit. I may have to look into awsses or something like that and see if I can set up catchall as well. That would probably be better because with ddg email it's a random string for the email address, so I'd have to cross reference with my bitward setup if I started getting spammed. With a catchall I should be able to just set the email to @myemail.com. I just think with my ISP situation, self hosting email server would probably not work too well. It could also really screw me over if my NAS loses power or something

Do you have any knowledge on services that will let me use my domain as a catchall but use their servers for emails? I've done some very light research but am not familiar whether this setup would be even possible in the first place.

Oh god, yeah. I personally would not try to self host e-mail or any service that you need other people to be able to reliably connect to without a static IP. As to losing power... In theory mail servers are supposed to queue mail and resend later, and you can also set up a backup MX that will queue mail for you (senders will automatically switch to the backup mail server if they cannot connect to your primary one). There are even free services for backup MX http://www.junkemailfilter.com/spam/free_mx_backup_service.html (though they use this to train spam filters, so if you have privacy concerns you may want to avoid it). In the past I have had some prolonged downtime on my mail server and I have noticed that some senders will give up entirely and never send to that address anymore (which I think is poor form on their part, especially since somebody could register that email account later). I've since setup my own backup MX to avoid these issues, and it's worked great when my primary has had network issues (needed a spare box for backup nameserver and stuff anyway, haha).

You absolutely can use an external mail service as a catchall with your own domain. For instance protonmail has support for this:

https://proton.me/support/catch-all

You'd have to look into the pricing and read the fine print, though. A lot of mail providers charge per inbox and I'm not sure if they'd charge extra for catchall services or not.

Appreciate your input :)

Proton mail allows catchall with a paid plan, the least expensive of which is about $4/mo. They have an excellent reputation. But then there's fastmail which is like, all of this batteries included, including bitwarden integration for auto creating the email aliases. And it's cheaper. Well, guess I've got some research to do. Thanks for the guidance, you're really helpful :)

Glad it was helpful! I was worried I'd be a little off-topic talking about self-hosting e-mail instead of this Anon Addy thing. Hope you find a solution that works for you soon :).

And yeah... Unfortunately if you you're behind CGNAT and don't have a static IP I think doing this for free on your existing internet connection might be challenging. One thing that people in a similar position might be interested in is Hurricane Electric's free Tunnelbroker service, but I think you might still be out of luck behind CGNAT.

You'll be able to get public IPv6 addresses for free and can allocate them to your home network. You can set it up to dynamically update the IPv4 address on your end... But I think if you're behind CGNAT you can't do that, unfortunately. Another problem with this approach for something like a mail server is that not everything speaks IPv6... If a sender only supports IPv4 they won't be able to send mail to you.

I think behind CGNAT pretty much your only option is to pay somebody for a real IP somewhere. Either a VPS somewhere where you set up wireguard (there are cheap options for this, and then you can run other things on the machine), or a VPN with a dedicated IP.

I was considering a VPS! That said, if I'm say, accessing my jellyfin library externally through a VPS, wouldn't that just end up costing ludicrous amounts of money?

I don't use Arch btw ;)

I was considering a VPS! That said, if I’m say, accessing my jellyfin library externally through a VPS, wouldn’t that just end up costing ludicrous amounts of money?

Depends on your usage, but probably not? If you can transcode on your jellyfin server you'll be able to serve lower quality versions remotely if you want to save bandwidth... But most VPS's provide around a terabyte of bandwidth per month by default. If you use more it will cost more. I think it's usually fairly cheap to get more, but if you're the only one accessing it you're probably not going to use that much. Like if you rip a blu-ray you might end up streaming a 50gb or so file for a movie, but that's only a twentieth of the bandwidth allotted to you (roughly)... Plus if you reencode it to something smaller before putting it on your jellyfin server, or if your jellyfin server can transcode fast enough you can send a smaller video stream to your mobile devices or whatever.

I don’t use Arch btw ;)

I don't either, that article was just what I found that mentioned setting up Tunnelbroker with a dynamic IP.

Wow, that's incredible! I figured it would be much more expensive so I never really looked into it.

Well off the top do you have any reliable VPS recommendations? I think that would solve all the issues I have in regards to my double NAT. I have a synology 1621+ with a pretty weak CPU. And my whole library is in 4k, lots of remuxes as well. It may not be able to handle it lol. Poor thing. Even so, 1tb would be more than sufficient in 99% of circumstances.

May depend what you want and where (location can matter a little bit for latency critical stuff, but streaming video won't care), and what operating system you would run on it. The Hetzner ARM servers are pretty cheap for what you get (and it looks like they include 20TB of bandwidth). I've been pretty happy with Lunanode. I think people often look here for deals: https://lowendbox.com/ they often recommend Racknerd boxes... I think there's some affiliation with Racknerd and lowendbox.com, but I threw something on a Racknerd machine recently and have had a good experience so far. You may want to do some research if you want to send mail directly from these machines. Not everybody allows it (sometimes you just have to ask), and I hear tell that sometimes you can end up with an IP somebody spammed with before with a bad reputation.

I actually settled my email thing. I really just wanted an email masking/email aliasing service and proton pass has a really robust one built in. I believe it's SimpleLogin backed since Proton bought them recently. It's a great integration, now when I sign up for any website it genereates .@passmail.net or something like that. Turns out lots of the premier pw managers have integration with email masking now.

Thanks a million for all your advice! I think I have a solid way forward for my double nat issue. I have a solid basis for research on this now. You rock :)