[Question] Does anyone run their own email server?

DidacticDumbass@lemmy.one to Selfhosted@lemmy.world – 100 points –

All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology.

I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own.

I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don't know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite.

Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?

229

Obligatory PSA: ProtonMail isn't any more secure than Gmail and is likely a honeypot scheme crafted by government agencies: https://encryp.ch/blog/disturbing-facts-about-protonmail/

I know the title of that sounds clickbaity, but they cite their sources. It's worth the read for those curious about ProtonMail's history and their CEOs.

Tbh, that document reads like a discovery channel 2am aliens documentary, but it's not completely without merit.

There are a couple line items about software services they're using that are shitty that sound pretty legit. The fact that they're operating in locations where they might have to hand over data sounds pretty legit. Their warrant compliance and logging/handing over a person's IP address is legit.

The CIA honeypot stuff is all really circumstantial. If the CIA was in as deep as is claimed, a lot of the real evidence people are turning up that they're not a secure as they could be would be unnecessary.

My best guess is they decided to make an email company based in Switzerland with the schtick that they're secure (banks amirite?) They're doing what they can to appear secure without spending too much money. They're not going to have legal battles to keep your data private, and they are going to comply with agencies request for data. Even if they support end-to-end encryption if they are required by an agency to turn that encryption off for you, they're going to do it.

They're probably less likely than Google or Microsoft to sell all of your data to the highest bidder, but realistically there's no such thing as secure email.

The basic assumption every privacy-concerned person should have about email is that it's never secure. Unless you use an offline cryptography program to encrypt your email text and then paste it into the email body before you send it, your emails are insecure.

Email was never designed with that in mind. If you want to communicate securely with somebody, use a medium/method that has been designed from the start for that purpose.

I use ProtonMail because it's not a massive corpo and it's open source, but I don't believe that my emails are significantly more secure than on a service like Exchange or Gmail.

This has been my thinking about ProtonMail, even after reading the article on here, and even after reading https://digdeeper.club/articles/email.xhtml (which I have to reread because it keeps getting bigger).

There is no perfect solution, just different levels of trust. That is right, if I want to be "secure" I got to act like a journalist and use a temporary solution or something that has end-to-end encryption.

Besides, email is meant for public communication. No reason to elevate it into some something it will never be.

Yeah. In my experience, you have to be careful in the world of tech privacy/FOSS to not fall off a cliff to the extremes.

You can always find reasons to not trust some piece of tech hardware or software. It's all too complex and multifaceted to fully vett, and even when you can do that, there isn't anything that isn't touched in some way by mega-corps or glowie agencies.

Tor was developed by the US gov, same with the ancestor of the internet. Your network traffic runs on mega-corp wires, through mega-corp servers. Your hardware is developed, built, and distributed by mega-corps, as is most the firmware and microcode in them.

Even Richard Stallman, one of the most hardcore Free Software advocates has concessions he makes for firmware, microcode, and so forth.

The only way to be truly and completely secure tech-wise is to pull a Ted K. And go run into the woods and live in a little cabin, disown any tech built after the turn of the century lol.

It's "all or something" not, "all or nothing." Determine your threat model, your ethical bounds, and let those principles guide you. I think fundamentally what all FOSS folks have in common is the idea that the tech you use should serve your needs and desires, not the needs/desires of billion dollar mega-corps farming you as a product.

This is the most sane perspective I have read. For sure it is important to have solid principles and do the right things whenever possible, but no one gets to demand changes for something they never contributed to, especially not those things that took a massive amount of money and human power to build. We are all standing on the soldiers of giants, and it is insane to think we can be Ratatouille, controlling them for out benefit.

The only way to change governments and mega-corps is to make it unprofitable when they do the things we don't like, or make it so doing the right thing makes them lots of money.

Thanks for this, it is the reality check I need to make good decisions. Even if I do become the Unidumbass, the people I love who would never follow me into that lifestyle.

I actually have a formal methodology for how I engage with software/hardware from a FOSS perspective:

Embrace, Subvert, Accept.

For any task I do currently or want to do, I apply this process:

I first try to find and use any FOSS software/hardware that does that thing well enough to use entirely. (Embrace)

If there isn't a FOSS solution that exists or does essential things I need, then I use a proprietary technology in a subversive way to do it. So cracked copies, jail broken or otherwise hacked hardware, or using the proprietary service through an unofficial/unapproved 3rd party app. (Subvert)

If I can't do that either, but the task/need is absolutely critical, only then do I accept using proprietary and unmodified software/hardware. (Accept)

This method has worked pretty great for me. Now about 3 years after starting my FOSS journey, I have almost no software/hardware I use that is in that third category. Basically everything I use is FOSS, hacked, cracked, modded, or runs on platforms that are, and I enjoy tech and computing more than I ever have :)

This is a good method. It is our duty to do everything we can to live by our principles, and be careful about the compromises we make. The more I go deep into FOSS, the more I discover. So much exists, it just takes some work on our part to fit it to our needs. Programming competency does not have to be high, just enough to fix any compile errors.

What's the saying? If you can't tell if it's ignorance or malice, it's probably the former?

however, with all of these points, even if it is ignorance, the lying about encryption (even though I don't really use it) is upsetting. That plus the other lies I've seen them pull is enough to make me consider switching to something else.

Got any recs? Lol

Fascinating read. I have a lot to research. It is not like ProtonMail is the only alternative provider... there are so many, I just like all the extras that they are attaching to it.

Yes, I still run my own email server. It is not for the faint of heart, but once it's configured and your IP reputation is clean, it's mostly smooth sailing. I have not had any deliverability problems to date, initial setup/learning period notwithstanding.

If you're not scared away yet, here are some specific challenges you'll face:

  • SMTP ports are typically blocked by many providers as a spam prevention measure. Hosting on a residential connection is often a complete non-starter and is becoming more difficult on business class connections as well (at least in the US, anyway).
  • If you plan to host in a VPS, good luck getting a clean IPv4 address. Most are on one or more public blacklists and likely several company-specific ones (cough Microsoft cough). I spent about 2 weeks getting my new VPS's IP reputation cleaned up before I migrated from the old VPS.
  • Uptime: You need to have a reliable hosting solution with minimal power/server/network downtime.
  • Learning Curve: Email is not just one technology; it's several that work together. So in a very basic email server, you will have Postfix as your MTA, Dovecot as your MDA, some kind of spam detection and filtering (e.g. SpamAssassin), some kind of antivirus to scan messages/attachments (e.g. Clamd), message signing (DKIM), user administration/management, webmail, etc. You'll need to get all of these configured and operating in harmony.
  • Spam prevention standards: You'll need to know how to work with DNS and create/manage all of the appropriate records on your domain (MX, SPF, DMARC, DKIM records, etc). All of these are pretty much required in 2023 in order for messages from your server to reach your recipient.
  • Keeping your IP reputation clean: This is an ongoing challenge if you host for a lot of people. It can only take one or two compromised accounts to send a LOT of spam and land your IP/IP block on a blacklist.
  • Keeping up with new standards: When I set my mail server up, DMARC and DKIM weren't required by most recipient servers. Around 2016, I had to bolt on OpenDKIM to my email stack otherwise my messages ended up in the recipient's spam folder. -Contingency Plan: One day you may just wake up and decide it's too much to keep managing your own email server. I'm not there yet, but I've already got a plan in place to let a bigger player take over when the time comes.

Yep. I’ve hosted my own mail server since the early oughts. One additional hurdle I’d add to you list is rDNS. If you can’t get that set up, you’ll have a hard time reaching many mail servers. Besides port blocking, that’s one of the many reason it’s a non-starter on consumer ISP.

I actually started on a static ISDN line when rDNS wasn’t an issue for running a mail server. Moved to business class dsl, and Ameritech actually delegated rDNS to me for my /29. When I moved to Comcast business, they wouldn’t delegate the rDNS for the IPv4. They did create rDNS entries for me, and they did delegate the rDNS for the IPv6 block. Though the way they deal with the /56 IPv6 block means only the first /64 is useable for rDNS.

But, everything you list has been things I’ve needed to deal with over the years.

Yeah, I totally forgot about reverse DNS. Good catch. I probably left out a few other things what with the repressed trauma of it all. lol.

I had to deal with Suddenlink business, and they were (somehow) surprisingly worse than what you described for Comcast (I didn't know that was possible, TBH). Suddenlink wouldn't even unblock the SMTP ports at all let alone delegate rDNS to our static.

Wow. I am emotionally ready for the challenge, but not intellectually, and maybe not even financially.

IP reputation is such a new concept to me, but I have already come across it when the IP from the VPN I am using is blacklisted. Super annoying. I really have to reconsider my threat level because I am starting to get the feeling that I do not need it. I am a good boy and don't pirate much, mostly books. And for the naughty stuff... well I didn't feel unsafe before I started a VPN.

Well, you have given me a lot to think about. Thanks!

Well, running your own email server is definitely inexpensive. You’re probably fine financially :)

Looking at the pricing for all the recommendations I got, it really is cheap. Like, a tiny fraction compared to what I spend on a single yearly subscription to anything.

Despite my willingness to self-host almost everything, e-mail remains the last frontier for me. Keeping abreast of standards, keeping up today, avoiding implications in abuse and many, many smaller issues abound ... and that's despite my fixed IP and ISP willing to set up a reverse-DNS for me.

Instead I've gone with a paid email provider that I'm REALLY happy with.

For sure, if I am asking this question, there must already exist a reasonble solution.

I originally did but the maintenance burden was killing me. Then last year Proton unified their subscription with VPN and Mail (also upgrading my Proton VPN only subscription to Proton plus) and from there I decided to just go all in on Proton mail. I integrated my domain to Proton mail and never looked back.

Same. One day I realized that emails where toi important for beeing host by an amateur me. 😉

It seems like the most sane solution. It is not that expensive for the basic tier given my needs and how important email is for daily functioning. Plus, the perks are pretty damn awesome. I have been paying for mullvad, who are solid, but the more I learn about VPNs, the more it feels like warm blanket than real armor, at least for how I use it.

ProtonMail does have some sketchy history that someone pointed out, but I also think that it is really hard to set up a service that offers every feature and not make a concession somewhere.

Well the use case for VPN for me is more into traffic routing than staying secure. Sometimes I experience slow downloads but when I connect to the right VPN endpoint, it speeds up / regain back the download speed. The only reason why I picked ProtonVPN of all places is because it was (and still is) one of the VPN services that was isn't bought over by a tech conglomerate that buy and stacks up VPN services (https://embed.kumu.io/9ced55e897e74fd807be51990b26b415#vpn-company-relationships/protonvpn)

As for ProtonMail being sketchy and honeypot is as old fear mongering as time itself. If you are sketchy about how ProtonMail works, just remember that ProtonMail requires a bridge client for external clients like Outlook and Thunderbird because of its e2ee nature (therefore not compatible with traditional email clients). The bridge client code is open for you to see as well (https://github.com/ProtonMail/proton-bridge) and you can even compile it yourself if you want to.

Interesting. I had read some of those accusations before, but all the time I was thinking they ain't google or microsoft, they can't just give away user data and get paid for it. They need to be clean (enough) to have the growth they did without pissing off most of their users.

The explanation for only being able to use their own client makes sense. I don't see how they can make attempts at privacy while using established tech that does not care about privacy.

I've been hosting my own mail server, ever since I got into Linux. Most companies where I worked before, used self hosted email.

I've since migrated to using mailcow, which takes a lot of the headache out of it.

When you first start, it's a bit daunting. But easily manageble, once you've gained some experience.

I think that is it, I am just so unfamiliar with email and networking in general, it seems way harder than it probably is.

I thought I would be getting a lot of different solutions, but there are only a few everyone seems to employ, mailcow being at or near the top.

Mailcow definitely makes it very easy. Their official docs pretty much walk you through every step and tell you which DNS entries you need.

Bonus with mailcow is, that you basically get a self-hosted equivalent of an Exchange server. So, contacts+calender and so on. Plus some really good antispam features.

It does seem to a lot. I tried setting up DNS for my tailscale account, but I got confused. I am glad when the documentation is good, means I will actually use the thing successfully.

I've been self-hosting e-mail for over 15 years and hope to continue doing so. Although it's being made increasingly difficult by big tech players. I wrote about it here: https://proycon.anaproy.nl/posts/rant-against-centralising-e-mail/

Great post!

I'm a rather dismayed to see those universities and institutes nowadays no longer as pioneers and innovators in this area, but instead as mere consumers of ready-made corporate solutions, following corporate interests and centralising solutions. I have two employers, both academic, and both have resorted to big-tech corporations that offer solutions like e-mail as a service.

Same here, my university recently switched from their Horde webmail to Exchange. The new outlook webmail is absolutely awful and I couldn't set up all the filters that I had before. Luckily I could enable IMAP login, thankfully without OAuth because imo that's another awful practice, so I can connect to it with non braindead mail clients. Still a massive downgrade and I bet they now have to run it on a 10x as powerful server because I hear Exchange is an absolute monster in terms of resource usage.

(Also, I've been self-hosting mail for probably 4 years at this point. Here's to many more!)

Aren't you afraid about some important email getting discarded without you knowing about it? Or about unnoticed downtime which results in missed mails?

When I am sending? Well, once things are set up properly I'm pretty confident that things arrive (though nobody can ever be 100% sure of course). I also tend to mail to the same recipient domains a lot, like for work and hobby projects, so once those are tested you get pretty confident.

Unnoticed downtime is usually quickly noticed, I depend on my server for a lot of things. Senders are often resilient enough to keep things in their queue and try a few times. There's also a fallback MX registry at my (3rd party) DNS host which will queue stuff in case the primary MX goes down.

I like what you write, I am going to look deeper into it. It really sucks that the nearly utopian promises of the future and newfound freedoms have been progressively squashed. Every 'disruption' that looked like a return to that utopia has ultimately been evil and firmly entrenched in the capitalist mindset.

I am glad it is still possible. I think it would be healthy for me and everyone else to practice digital homesteading, to become self-sufficient while still being able to lean on the greater community of like minded people.

No. But I did consider it. Multiple times.

Why not? I'm too scared! Email is the one service that let's an attacker nuke each and everything. It's still the most central/crucial service that almost any service relies on. If I lose access to my mail account, I lose access to pretty much every service.

As much as I would like to host this myself, I simply do not feel comfortable to do it.

I do host my own mailserver for multiple years now without any issues.

I'm using https://docker-mailserver.github.io/docker-mailserver/latest/ on a rented server, not at home. I recently added DKIM and I check my setup via https://mxtoolbox.com and the like in irregular intervals to see if I can improve something.

The only downside I see is spam filtering, which obviously works better with GMail if the whole world population does the filtering for you. But the included SpamAssassin setup does work and catches most of the spam. I do check for false positives/negatives very regularly and have training folders set up so I can easily move messages into the SA training.

Spam is something I am super worried about. Like, I know I can't even be careful and audit every person or company I give my email to. It will inevitably end up on a list and make life hell.

On the whole I have learned to be careful, and I would be very selfish, just set up email for myself. My mother is way to happy to sign up for every goddamn thing. She can keep her Gmail, not like it would benefit her or friends if she migrates.

I used to run my own mail server many, many years ago (early 2000s), but today it's a lot more difficult. I personally don't think it's worth it, but I do have my own domain that I can host anywhere I choose. At the moment, I'm using Fastmail. Lots of nice features, and no complaints.

Yeah, I think getting my own domain is the first step I have never taken. Closest thing to web development I have done is a Neocities I have not messed with since getting an account.

You definitely don’t need to worry about a web site if you want to just use the domain for email.

Feel free to hit me up if you have any questions about it. Some providers make it pretty easy I think to setup and manage all of that together, while others require some manual work on your part.

Thank you for the offer! There seems to be a lot of packages that automate all the hard stuff, so I think the hardest part is actually getting my own domain and paying for a remote server.

Any suggestions on that?

Replying to you from my new instance here.

I know that Fastmail can sort that out for you, and get the domain you want setup for email. I believe they can register the domain, too, but I know they can at least host the DNS. That would be my personal suggestion.

As much as I want to control every aspect, I am clearly not ready for the responsibility, at least not yet.

Fastmail is attractive because it streamlines so much. It looks really clean too. ProtonMail seems like a better deal because of the VPN, but it just feels like I am getting sucked into this growing company that may not even be all that great.

Yeah, this is on my shortlist. $36 for the basic is good to me. I will be trialing it!

Cool!

Some features I really like include the following.

  • They've got a totally decent email client.
  • You can have more than one domain, if you want.
  • You can use masked email, which is really nice for privacy reasons.

Good luck!

I am basically sold. I still want to learn how to set up my own server. I think it would be valuable to have an intranet accessed by VPN for REAL PRIVATE STUFF.

Any suggestions for uses cases with masked email? I think I get the concept and have ideas of how to make use of it, but maybe I am missing some scenarios. Like, can I have a prepared list of address to give out to strangers? Some times it is necessary, but I don't want some rando to take advantage of my trust.

The main thing with Masked Email is that you can use it to sign-up for different services. Like your phone number, it's another way that your identity can be connected between accounts. It's also something you can use to give out to people, without having to give out your read address. I know with your own domain, you can use email addresses at that domain or you can use fastmail.com. I prefer to make masked emails using fastmail.com, so no one even knows my domain.

This is absolutely a feature I wish I had started using a long time ago, or I even had available to me. There have been plenty of times were I sign up for something that is not an automated mailing list, just a mass send out, and there is no way to unsubscribe.

Aliases are not something I was thinking about when I first posted, but it is definitely the most necessary feature now that I think about it.

I setup my own email server, it was an absolute pain to setup, especially since I had no idea about all the little details of sending and receiving email. It was kind of fun to see everything come together

In the beginning I had a ton of email go into spam boxes, especially with gmail. Later I found out that if you don't add the proper email headers like to: "Name Of Recipient" <email@example.com> it goes straight to the spam folder. (So you always need to provide a name)

I am afraid to touch anything now though, as it is currently very really stable (on a vpn btw)

That seems to be the common theme, you get it working now DON'T TOUCH IT!

I guess I need to be in the habit of formatting my emails correctly.

I use Cloudflares email routing.

Point my domains name servers to Cloudflares and enable email routing. I can then create any email address in that domain and have it forward to any of my email addresses. Works great when signing up for accounts. The only thing you can't do is fire off email FROM said email address

Edit: can to can't

Wow, didn't know this. I already have my ns pointed to cloudflare, i didn't get it though - we can only send emails?

It only routes / forwards emails to your inbox from that domain. You can put a catch all rule or direct certain emails to different inboxes. You can't send emails from the domain in Cloudflare

They might be confused because your original comment said sending emails is the only thing you can do, I'm assuming it's a typo and you meant it's the only thing you can't do

Cloudflare is another company I only hear complaints about... but everyone uses. Must be solid.

It's bad out there when it comes to hosting your own email server. This blog post shows somebody's experience in detail, and it's worth reading. https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html

It's all so sad.

That was a sobering read. We all feel victorious when we see big tech fail after they wronged their users, but fundamental technologies that actually run the world have already been lost, and may never be recoverable for egalitarian use.

I've been running the families mail server for over 6 years now. I'm using mailinabox.email scripts to setup and manage the server.

I've not had any problems (touch wood) with email delivery. You may have issues if your domain is new, it can take a few days for the big guys to accept email from you.

I say go for it, I think too many are worried about deliverbility and that just causes more centralisation.

Good point. I am really getting pulled down to taking the easy route due to all the complexity and discouragement which is draining my initial motivation, as well as my own laziness settling in on one more thing I can just pay for.

You are right, the fight is not over. I can do my part to decentralize.

I used to, I don't any more. All the other comments are right, spam is a huge issue, and you can get blacklisted for no reason without recourse. I'm personally using migadu.com, which gives me some of the flexibility of running my own server without the hassle.

Okay, this looks like a cool solution. I think I have been convinced, given my on level of expertise, I could not pull it off without a huge time sync just to get the scaffolding to understand the tech.

Yeah, you're not going to miss digging through postfix logs to work out why you didn't get an email because you enabled greylisting while the remote MTA keeps trying to resend an important email with a different IP address.

Email is a rabbit hole that keeps getting deeper and more complex every year, and unless you get paid to do it, you don't want it in your life.

I don't even read the logs on my linux system when something goes bad... I should change that, but email seems to be a full time job.

Yes, and I love it.

I use mailjet as a proxy on outgoing emails so that I get fewer of my sent messages rejected, which works.

It was a pain to setup but it's treating me very well.

Neato! I was so concerned about the logistics of sending and receiving emails, it never occurred to me that I could get fancy and make nice looking emails. All I use is text, yet I can do so much better.

No, I only write plain text emails, mailjet only has ip addresses that are generally not blocked by the big providers and they do all the DCIM stuff.

I get that, I will definitely need to choose a service that helps to not get sending blocked. Still, I was amused that templates were such a big selling point.

Not worth the hassle - best compromise is to get your own domain but use a provider like fastmail to host it.

If they turn sour you can move your domain to another mail host.

I think this is the solution I was thinking about in the first place. I was just musing about it being part of a home lab. I have to consider whether this solution is is better than just paying for secure email.

There are advantages to having your own domain - you can use something like vendor8832@yourdomain.com so each site you sign up to gets their own unique "to" address, that way you can easily send their mail to trash when you dont' need to deal with them anymore, and will also let you know what company had a data breach if that unique email address starts to get spam.

This is what I want! I want that granular control of having an email address compartmentalized for specific kinds of communication. I mean, I know it is something provided by basically all email providers, but I don't know, for sure there are limitations. A unique address for each website seems like such a smart thing to do, on top of being stingy with giving out my email address.

Protonmail at certain levels gives you simple login with unlimited aliases. Something to look into. I love it and have been with them for years.

Firefox Relay is by far the easiest (and imo best) solution for that

You can try it for free and if you use it enough it only costs $24 a year

Neato. Yeah, just today I spent more than that on a haircut. Will deeply consider it.

Your first 5 email masks are free and if you install the extension a little icon will appear in most email fields. Let's you create a new mask right there.

If you buy the premium version you can get your own custom subdomain: @XXXX.mozmail.com where you pick XXXX

This way you don't even need the extension. You can just do something like "Lemmy@XXXX.mozmail.com" and Relay will "create" that email for you. Cannot recommend it enough, especially since it's free to start

That actually seems really awesome, like it defeats the reason I would ever want to create multiple email accounts, which is to manage different contexts like professional, personal for family and friends, commercial email for online stores, and email lists.

I run my own email server using Mailcow. It works well.

However, I do not even attempt to directly send outbound email. It's very difficult to get your server trusted by the major providers, especially Microsoft (who are very picky about email servers). I have an account with MXRoute (which is an email provider) but only use it for outbound relaying. Inbound emails go directly to my server.

For what it's worth, MXRoute is a great provider to consider if you want to move away from the large ones (Google, Microsoft, etc) but don't want to self-host.

Outbound mail seems to be what defeats this entire project. Still, I do enjoy that there are many options to make everything work.

There's various outbound mail providers, and some have free plans. For example, SMTP2Go is free for 1000 emails per month, and Mailgun is free for 5000 emails per month. What you'd do is set up your own email server, and configure it to relay via SMTP2Go or Mailgun. Your client systems don't need to know this - they just send their emails to your server, which then relays them to the relevant service.

I use Mailcow and all of this is configurable in its web UI. No need to edit config files.

Nice. That is way more emails than I ever deal with in a month. Maybe in a year. I am really conservative with my online stuff, mostly because I hated the idea of managing so much crap even if it is something I want.

So, I am going to play with Mailcow, Mailinabox, and iRedMail.

Good choices! I also tried those three. Mailcow was my favourite but maybe you'll like one of the other ones better. Mailcow uses Docker (which I prefer compared to installing software directly on the system) and has a nice admin panel. They're all good choices though.

I keep saying it but I need to get familiar with docker, especially to run all other kinds of services.

I guess I will try mailcow first.

You don't need to know too much about Docker to use Mailcow. It comes with a preconfigured docker-compose.yml so you just need to install Docker and follow Mailcow's installation instructions (which are pretty straightforward)

If you have any spare domains that you aren't using (or domains you're not currently using email with), you could test it out with that domain before moving any domains you care about :) That's what I did.

Right on. The first domain I will buy will be a personal fun one, just to experiment and mess around. I don't quite know what professional name I want for my domain, since I don't have a brand or anything, and having just my name seems odd.

Hello, I'm selfhosting mailserver with mailcow in docker container. Its easy to setup. I have static IPv4 and domain. Thats all.

It seems so simple. I started playing around with Docker, which seems so solid. But I was also turned off by Docker desktop, so it seems like it is becoming something that is slowly monetizing every feature that used to be free. It makes sense I guess, more users more costs. Actually, I think they are only monetizing docker hub, so... I don't know.

I have also seen podman brought up as the thing everyone is migrating to, so I think I will try it.

Proxmox -> VM -> Docker -> Mailserver seems to be the way to go. Not like email needs baremetal performance or whatever.

Thank you for sharing your setup!

a bit late to the party here, but I didnt see iRedmail mentioned. been using this to host my own email on a VPS for a little over a year now and its great. for me its worth, you can absolutely make it secure, and its not stupid to run it off a local computer. unfortunately most ISPs make it insanely difficult to host on your home network.

How do you send mail with it? I've played around with using Postfix and never had luck with the outbound mail side, largely because my ISP blocks port 25 and I couldn't ever figure out how to authenticate with public SMTP relays (like Gmail's, for instance) such that they will actually let me send emails from my domain.

the documentation for iRedmail covers your question. I abandoned trying to host locally because my ISP blocks all email related ports.

Can you point me to where it describes sending email? I can't seem to find that mentioned. When you say you abandoned trying to host locally, did you move to a more "traditional" public email service like Outlook or Gmail or did you continue selfhosting, just on a VPS or similar? If the latter, are there any services you recommend?

Okay, what a program. THIS does everything. I mean, just on paper it does it all. Thanks for the suggestion.

It’s a great learning exercise but challenging to get right and ensure your deliverability and basically impossible from a residential-grade IP address (if you have a business class static IP at home you could pull it off).

I ran an email server for decades but gave in and pay to host my email now.

If google decides you’re a bad guy it’s such a pain to crawl back from that and I prefer my email to just work.

E-mail was the first "thing" that got me off of Google (to Proton & then currently Tutanota) but is really the last remaining service I not have self hosted.

I have always read about how difficult and time consuimg it was to run your own mail server, but I felt like I needed to experience it myself. So I purchased another domain and followed the instructions on https://mailinabox.email/.

I am using a small VPS on Hetzner and I have to say the experience has been almost flawless so far. I did need to have my new domain taken off the Domain Block List, but Hetzner gave me a clean IP and defaults to blocking port 25 outbound to prevent spam (simple ticket to open, once account is 30 days old and paid).

I know I'm still early into this journey so far, but it has been really simple and I plan to test this secondary domain for a few months before moving onto it full time.

As an avid self hosted of literally everything else, I can say it has been a lot of fun learning so far!

Hell yes, I love the enthusiasm! I just got a domain, which is giving me 3 months of email, so that is great. I feel like Tutanota is the most honest email service when it comes to advertising privacy, and they do some stuff that Proton definitely does not, like make recovery impossible without a key, and use no other method.

My next step is to get a VPS, and Hetzner is the name I have seen pop up the most. I will use that.

Thank you!

Yes I haven't had any real issues with Tutanota, but it seems like the common trend is that they, and everyone else, is raising prices for things I dont really need. But at the same time, the things I do need, I.e. accounts with enough storage for my family, will start costing more than the price of renting a VPS alone. So for me, its partially privacy, but also ownership of my data and cost benefit analysis where I am now trying to make CERTAIN that my self hosted email is worth the cost savings.

That is the thing, I am willing to pay for email, because then the incentives are real to the provider to follow best practices for privacy and quality of life, but the pricing blows up too quickly due to to features I will never use. I need something more granular.

I am also looking at Disroot and Posteo, which I like because the have hardened ethical principles driving their services, and that is worth supporting.

Also to add on, I didn't like that tutanota requires their app.

Also to add on, I didn't like that tutanota requires their app and that was another reason I wanted to switch. Their app is also really slow for me, where I know I received emails but they take way too long to "load" and "appear" once I open the app.

Only people who hate themselves

Yeah, after I got my lemmy and matrix servers up and running I started looking at doing mail myself... The rabbit hole just kept getting deeper and darker, and MTAs seems to have stopped evolving in the 90s so I gave up. Email for my lemmy instance is now handled by Google. I've always used on of the big players (currently Outlook because I got a good username when they opened up the outlook.com domain) for my personal email.

good call. the time spent getting postfix, dovecot and spamassassin set up so they actually work is nontrivial, and then once you congratulate yourself that it's all working perfectly, none of your email will be delivered, so you can then start learning about how overzealous blacklisting works.

I've been apparently hating myself for a few years now. It's going alright though. Google still accepts my emails. Hotmail appears to have blocked me but I'm working on it. I haven't noticed any other problems so far

Nope. It can’t really be self hosted anymore, as having a residential IP is a straight track to the spam folder. It can be done if you also pay for a mail relay service, but then what’s the point of self hosting when you need to rely on a cloud service anyways.

@DidacticDumbass@lemmy.one I do, it is a pain and I understand why it is not worth for some people.

This is way out of my comfort zone and I am firmly in the research phase, almost ready to make some decisions, but I need to carve out time to set it all up.

@DidacticDumbass@lemmy.one If it helps you, I started with https://mailinabox.email, which is incredibly easy to set up.

Right now I'm using https://github.com/docker-mailserver/docker-mailserver which I feel it is a bit trickier, but more escapable in the long term

This looks really solid. It looks like I have a couple options for Docker that seems to make life easier. Thank you for the suggestion.

I do. Run about a half dozen email servers for various organizations. Been doing it for almost a decade for some. Other than initial setup pain, I've had zero problems others describe. I have used (and still run) docker-mailserver, mailcow, mail-in-a-box and mailu. All are lovely in their own way and fit various use cases better than others.

This is so encouraging! For sure it takes a level of technical proficiency and experience, but any technology that has been around for decades has been simplified and automated in one way or another. In retrospect, it is ridiculous to think that all these email providers could exist if they could not overcome the stranglehold of Google and Microsoft, so it must be possible for individuals to do it too,

I used to. I had a docker-mailserver. It was good. But I moved house and changed ISP. I couldn't set up the reverse DNS on my address, and Gmail was blocking me, so I had to switch to a hosted mail server (namecheap private email).

It's a shame, syncing is noticably slower, and I only get one mailbox, but oh well. Just keep on using GPG.

The most tech savvy I have ever gotten with a friend is using Signal. I guess if I truly care about privacy is should use GPG on whatever can use it, but I don't do a lot through the internet that does not obligate my identity, like banking or university stuff. I tried to be random with using aliases when ordering stuff online, but more often then not it was a hassle with family members getting confused. Plus, there has been times when I need to sign or pick up from the delivery center due to some error, and I am glad I used my name since they look at ID.

Social media is like the only reason to stay anonymous.

I host my own mailserver, and to be honest it's pretty painless. Usually I just let it run without giving it any thought. It's on rare occasions that I need to put a bit of work into improving the inbound spam scanning.

Selfhosting does need quite some knowledge of the software stack and several additional protocols to set them up correctly to get your outgoing email delivered. Also, like already mentioned in another comment, you absolutely need an IP address from a non-blacklisted subnet (I think most VPS providers will be okay, residential definitely not).

My software stack: Arch Linux (soon NixOS), Postfix, Dovecot, rspamd, opendkim, opendmarc.

Additional techniques configured: SPF, DKIM, DMARC, DNSSEC.

As you can see it's quite a lot, and I've been doing for more than 20 years now, so my opinion can be a bit skewed. I'd say go for it if selfhosting is a hobby.

I have been learning about it, and what really has motivated was seeing my current provider ProtonMail have an anniversary sale, and just having the least affordable pricing just to get a couple features I need. I have never been a fan of cloud storage, I have never needed an online service to handle my calendars or whatever else.

I need to do do this out of principle.

You are right, that is a lot of software in use. However, I have been given a lot of recommendations. I got my own domain name. I am almost ready. I just need to setup a few more things. I am taking a long time to do this, I got distracted with other self-hosted applications, but I do want to try running a mailserver.

@DidacticDumbass
Yes I run my own mailserver. I have done it for the last 15 years or so.

I'm also running my own Friendica instance.

Could you share you solution? You don't have to! I am just curious how you do it since a lot of people seem to hate it, compared to self-hosting everything else.

@DidacticDumbass But yeah you're right. It's a mess nowadays with email hosting because Google for example just rejects everything except the other big services even if you comply with DKIM etc. Fuck them honestly

Fuck them. Even after completely degoogling they still manage to fuck everyone over.

I did but I stopped. My server had everything set up (DKIM, DMARC, SPF, Spam filtering) but I gave up after some providers wanted me to jump through hoops to get my mail delivered. Also I never had enough outgoing mail to build some reputation.

That sucks. I don't even know what to think anymore. It is crazy that anyone with our email address essentially has access to when they use giant corporate services like google of microsoft, but every independent server is a bad actor until proven reputable.

I can't be asking everyone I want to email to put me on a whitelist. They'll just tell me to lose their address.

If you think about it from a security perspective, it makes sense. If a random person you don't know sends you an email, the chances are non-zero that it contains something malicious. The provider has an obligation to filter emails that could be dangerous. They know that if a large email service sends an email, they have that same obligation and are therefore doing some filtering on their side to prevent malicious content. Trust is pretty important.

This is true. Email is so cheap it is practically free, which is why spam and scams became so successful.

I used to run an OpenBSD mailserver for my personal email address for a few years. It wasn't that difficult to setup, more tedious and annoying than anything. I stopped doing it when I started searching for a job as I was too paranoid about my emails getting rejected without me knowing about it. I don't send many emails, but when I do send them I want to know they are getting to where they need to go. I know I was never blocked by gmail, but I couldn't be sure about other providers.

Now I just use my domain name as a catchall on mailbox.org and access it using offlineimap. All my emails are saved and backed up, so switching providers is no problem at all.

That seems like the route I need to take, get a domain name and just use a mail service.

It might be time I start working on a personal website.

I don't. But I do have my domain and use a hosted solution, so I'm kind of independent and own my data.

That sounds like the right middle ground for me. I know for sure my home network is not as secure as it could be, especially since I live with people who need everything online to work without obstacles. I can't even install PiHole.

But, hosting is probably more affordable in a year than the amount I might spend on coffee in a week. And I typically make my own coffee.

Running a mail server these days is not that difficult. While using pre-assembled stacks like mailcow only the DNS entries needs to be done. If you want to run it at home you should do some research on routing all the traffic through a wireguard tunnel to preserve a public IP other mail instances will accept

Just take a look at https://docs.mailcow.email/

This runs from a small box with everything included. It gives you all the tools and config needed for running a secure and feature rich email service. Webmail, some sort of exchange emulation, webcalender on top of a solid postfix/dovecot install with rspamd as spam filter. Everything is configurable via a nice web UI.

After 15y running my own mail service and editing a lot of config files, I use this piece of free and open software and find it very good. All you need is a box somewhere in the internet. Running from a homelab will instantly fail, expect you have a static ip.

Neato! There seems to be a lot of solutions for running a mail server.

Yeah, I think it is time, I need to get familiar with Docker.

Yeah, I was clueless thinking I could run it from my home. Hah. I just wanted to avoid paying for a VPS. Which is silly because I buy too much crap all the the time and have multiple subscriptions.

This is actually valauable.

mailcow lists a small german vps hoster with a fair price and the right sizing. It's not a big hoster, gmail and microsoft are not blocking the ip-range and the ASN is not listed on any blacklist.

The support is quick and helpful, rDNS was a matter of minutes to set up. You don't need any deeper knowlegde of docker, since it is a one-time job to set the things up und get the stack running. The documentation of mailcow is very good.

You can run it from home, but you will need a forward host like sendgrid and maybe a backup mx. You can set a primary ip and a backup ip wich will get all the mails when the primary host is down. I guess, there a comercial or free backup-mx services out there. No problem. If you have a static ip for your homelab or at least a dynamic dns-name, it will work. Recieving is easy. But you will need a good forward-service for sending.

Needing an extra service to forward emails seems to defeat the purpose of having everything local. Everything I read about email, being clear-text and whatever, makes it so it is impossible to improve. Email is a dead end, so I probably don't actually want to get too involved with it the more I learn.

I mean, growing up I really thought the internet would become a way to connect directly to people, computer to computer interaction. Everything requires an intermediate service, making everything insecure and expensive. What a stupid future.

That's right. Also important, email is not a playground for experiments. Once it runs, you should not touch it anymore, except for updates. Otherwise, you will do harm to your own way of communicating. One error, and you will lose all your reputation and someone spams half of the internet with your domain as sender.

An when it runs, the only thing to improve is tuning the spam-filter for your instance. Implementing all the rules that you fight the other day, because otherwise your inbox explodes. So you have to do all the shady things and block ips, filter with blacklists and check every dns for all those extra entries, needed for delivering mail... You must become a part of the problem, spammers all behind every cracked wordpress and insecure vps out there.

Damn, email seems to fragile. I am getting so many perspective, but the main thing that seems like such a gotcha is managing spam, which seems like such a headache.

No, I do not want to become part of the problem.

I did for a couple years, but moved to mailbox.org a while ago. The effort was much to high to save a few bucks and there is no real upside to it. E-Mail is a troublesome mixture of different protocols from the internet stone age held together by chewing gum (SMTP, POP3, IMAP, DNS, database or file storage, maybe ActiveSync, Web-Mailer, ...)

Even when everything is up and running there is always maintenance to keep your SSL certificates up to date, update your incoming spam filter technique, keep other mail providers assured that you are not spamming (DKIM, etc.), keep all the different system services (see above) up to date and interoperable, etc. and every few years when you want to move to a new server, provider or Linux distro you start it all over again.

Damn, it is so bizarre that email of all things would be the least operable by tech savvy individuals. Someone linked an article that explains it, and it truly is depressing. Like, it makes me not want to even have email... which is not really possible if I want to be employed. Eh, it's not like I DON'T already have free email accounts, I just don't always like the decision my provider makes.

Well, there are plenty of providers out there there should be one that suits you. Having a domain of your own with DNS access and letting the provider doing the hosting is not (so) hard and gives you the flexibility to switch any time.

That is cool. Everytime I have created a new email account, it has been an island. Never learned to preserve emails... Well, except the one time I use Thunderbird. I should set that up again. Maybe it would solve my issue of multiple accounts??

In any case I like consolidation and I don't like logging into a website everytime if I can avoid it.

I used to run my own mail server about 2 years ago but unfortunately the spam got so bad I didn't have the time to manage all the filters. I moved over to ProtonMail since I can still use my own domain there. So I guess I would say it's not really worth it also it really sucks if your power is out and not having access to sent your power company a strongly worded email.

I run a complete ISP style setup with multiple domains. I run it from a rented server at Hetzner, so i don't have problems with being black listed for sending from a consumer IP.

Nice! I appreciate the guide! Even if I end up using a premade solution, knowing how everything works will help me be smarter about the choices I make.

Thank you.

Yes, with mailcow.email and a catchall and random email system with Anonaddy.

Thank you for the leads! I have a lot of research to do.

I am also using mailcow to host my own email server, and it's pretty fantastic. One thing that I wanted to note, because as many people have mentioned, the actual sending of emails is a real pain, and hard for anyone that isn't a major player to not be blacklisted. I am utilizing PostmarkApp as my SMTP provider. They are a leader in transactional sending of emails from applications. For a relatively small subscription fee, you can configure mailcow to use Postmark (or a similar service) to send your emails with higher success rates.

You can do some research on providers that have good track records for sending out transactional emails from applications (geared towards programmers) and test it out. I believe that AWS also has a service that's usable.

The really nice thing about this setup is that it's inexpensive and easy to have multiple domains with multiple mailboxes on each, compartmentalized, and not have to worry about your outgoing mail being rejected.

This is probably the most solid advice I have gotten concerning the sending problem. I really hope I can setup something stable and reliable that works in the long term. I do like that once I have my own domain, it is easy to port to other services or providers.

I think I will take it slow. Learn to use docker. Learn to use proxmox and launch VMs. I have slept on these technologies because I am not a developer, so I it never seemed better than just installing stuff from my package manager. Now I want to learn.

Proxmox is a fantastic option. Let me know if you ever need any help with the setup. Learning new tech options, trying out new things is always something I enjoy doing. Even failing through things is invaluable. Best of luck with your setup.

Proxmox is wild. It does so damn much and is open source. The subscriptions look reasonable too. I don't plan to make money with my server, but I LOVE the range of options they have. Very granular, makes it affordable for everyone.

Enterprise software is no joke, using it makes me feel powerful, like I can do anything without needing to be a wizard.

AWS has Simple Email Service (SES) which works, although it's annoying to have to resort to a corporate service for outgoing mail just to make sure it's delivered. Reliable delivery to every recipient when sending directly from a small mail server seems practically impossible nowadays.

Ditto with Mailcow - easy enough to set up, and has worked well enough for setting up multiple domains etc.

Out of curiosity, what is anonaddy used for? I looked briefly on their site and it appears to setup email aliases. You can do that in mailcow though.

Is there anything else that it allows you to do?

Well it is a different type of mail system. I use it for catch all. I have like 200 domain names for various projects or registered to sell and I want to catch all emails sent to those domains without setting them up in mailcow. With Anonaddy I verify their DNS records and that's it. I can capture all emails sent to them and forward to a specific address. Also, I can use whatever email address I want with whatever domain I want to subscribe to services and keep track of who sells my email for instance. They also have a Chrome extension that you can use to generate emails, but imho that is overkill. Then if you see that one email gets too much spam you can simply delete that forwarder and it gets rejected in the future.

Another happy mailcow user here. I used to have everything set up manually until a few months ago when I decided to migrate into a bigger hardware instance.

My only complaint is that I can't find a self-hosted way to protect the actual mailbox with 2FA. IMAP/SMTP have plain username/password authentication.

That would be next to impossible to fix because the issue lies with the protocols not with the framework using the protocols.

I used to run my own using Modoboa. I've since switched to mxroute for my email.

I will add it to the list of solutions.

Hah, I wonder how badly I will dissapoint everyone if I just pay for the basic tier of my email provider.

Hosting a mail server is really easy. Making sure Hotmail, Gmail and others accept your emails is a nightmare.

I don't host my own email, I just delegate my email management to a small provider.

I am learning this is the case. I think I may be better off running a Nextcloud instance, or similar suite using better applications for stuff like file sharing, which is more important.

I am learning this is the case. I think I may be better off running a Nextcloud instance, or similar suite using better applications for stuff like file sharing, which is more important.

I am learning this is the case. I think I may be better off running a Nextcloud instance, or similar suite using better applications for stuff like file sharing, which is more important.

Gotta say, I’m really happy to see so many people here actually talking about doing it! Usually I see a lot of fear-mongering about self hosting email. You can do it, though, and I think we should encourage more people to do so! It can be a little tricky to set up at first because there’s a lot of different things you need to configure and make talk to each other — I haven’t used them but there’s things like mail-in-a-box that are supposed to make this easier. But the most important thing is to make sure you set up SPF, DMARC, and DKIM DNS records (and set up DKIM signing for your outgoing messages). I’d recommend setting the ruf and rua tags in the DMARC record so you get mailed reports from other mail servers (can help you debug if your mail is getting rejected). I’d also use these tools:

https://www.mail-tester.com/ https://www.learndmarc.com/

Happy mailing :)

Thank you for the encouragement! I am inching my way towards building a server, and I am thankful for all the tips and suggestions I got.

I am starting to think that if email is the hardest to self-host, then perhaps more people should try it. It is worthy to take regain indepedence and autonomy of technology, even if it seen as a lost cause.

Yeah, I hope to get something running soon, just so I can say I did it.

I wish you luck! Some people claim to have troubles sending emails with Outlook blocking whole IP blocks, but it’s a little unclear how much of a problem this actually is to me… it’s a little hard to know if outlook is actually doing this or if people have misconfigured mail servers… In my experience people complaining about this often have a broken dkim key or something. Maybe it’s worth signing up for https://www.dnswl.org/ too, but I’m not sure how big of a difference it makes.

there are many replies saying similar things, but don't be discouraged from try it out. i host my own with mailinabox on a vm from a cloud provider. no spam issues. the only wildcard was spending a few months getting my ip address off google's spam filters. it is so worth it, i own my own email/calendar/contacts/notes/todo list/ AND website solution. all with mailinabox. completely disconnected from google etc.

Did you ever manage to get off hotmail/outlook spam filters? I ran my own server for years and had no issues with gmail, but was never able to reliably send to hotmail. That was the nail in the coffin in the end as so many businesses I communicate with were on outlook and my mail would always goto spam causing endless issues.

yes i did. through mxtoolbox(iirc) i learned what blacklists my ip was on. and it wasnt my IP, but my ip block. it was just a matter of filing online requests to have my Ip removed from these lists. With google, i had to have a google account and login and pinky-swear that i would not send spam, and it got me off that list. google was really the most difficult to find info for. beware though, there are some places that say if you pay them, they will get you off the list. don't believe it. it is free or its a scam

Thanks for the info. I'll have another go with a spare domain to see if I can get it to working across the board.

The more I learn about FOSS the more I understand it is just not about using open auditable software, but about having complete ownership of the technology a person uses. I need to learn these things.

I feel like I'll eventually have to... mailbox.org upped their prices from 1 EUR/mo to... whatever they are right now, and on top of that I'll still need a VPN to access heinous sites such as pastebin (welcome to Turkey), which is another 5 EUR/mo.

For that money I could get an alright enough VPS from Hetzner and spend some time getting everything configured properly, and have bonus flexibility in terms of hosting anything else I might want to host.

The problem with this ofc is that no "turnkey" mail bundle seems to give a shit about resource usage as far as I'm aware, and I'm worried they'll end up hogging all the server resources for themselves.

Interesting, I would think that email requires the least amount of resources, which is probably why so little effort is put to optimizing it.

I run my own Mailserver on a vps with mailcow dockerized. Was a real pain to set up, even through it mostly works right now.

DNS stuff isn't just some A or AAAA records, also txt stuff reverse DNS and much more. As the others said, that's completely impossible with a regular ISP.

I'm on some dumb blacklist because my IP is obviously in the IP range of my hosting provider, and some lists generally block all vps ranges.

Now imagine the following: your bank wants to contact you and your primary mail is selfhosted, for some reason they block your IP (yes outgoing blocks, those idiots) and you don't get some real important mail. Or your server is down for maintenance, certificate issues, so on.

The best solution is most probably letting a professional email holster take care of your domain, for email at least. Protonmail offers that but the problem I have with them is that they don't allow a regular login through thunderbird, restricted to their own software.

Yeah, ProtonMail does that so it can force them to pay to be logged in to multiple accounts at once, which is really frustrating. I mean, the business model makes sense, but damn, I only got 2 email addresses, I don't know what I would do with 10.

Infomaniak has pretty nice free email server options that you can link your domain to. They are a Switzerland based company which is known for having the best privacy laws around.

Wow, this looks pretty awesome. It has become obvious that I need to buy my own domain name, and Infomaniak makes it kind exciting, since it basically lets me jump into exactly what I am trying to do. Seriously, when I think I have seen all of my options, something new pops up that trumps it all.

Should I buy my domain from Infomaniak, or is it better somewhere else? What name would I even choose? Will I get my first pick? What extension is the coolest while still maintaining an air of professionalism? Maybe I should buy too, one that is just my full ass name, and the other a fun one to be the central hub of all my online things that I will probably start doing now that I am excited by this.

I guess it defeats the point of self hosting. But a common theme is that email self hosting is extremely difficult. Many things to take into account. I'd say go for it and maybe you'll learn a lot in the process. But if you give up on self hosting it, but still want yiue own mail server on your own domain, then I'd say use infomaniak.

Yeah, I don't necessarily want to give up because I think it is cool. Plus, there are use case where receiving is all that matters, like weekly mailing list with fun articles and recommendations, and I hate blowing up an email address just for that. Confirmation is still a problem, but I am willing to experiment with that.

Okay, I will just by the domain name. I have been wanting one for awhile but never took the plunge, and I can't think of anything special... well, I just came up with something better. This is good.

I want to do a setup where i use mailcow at home for receiving emails but Amazon ses SMTP for sending, it's possible? Looks like it is, but i didn't investigate it

Yes, it's possible, that's similar to my current setup. Mailcow in my homelab, but sending through a service called Postmark. It was better when Postmark had a credit based system, $1 for 1000 credits (sent emails). They've recently switched to a subscription model that is like $10-15 / mo. I find it works really well.

I'm using openbsd with dovcot, opensmtpd on a pi. I used mailhardener to get it scoring well. I've had no issues with it getting flagged.

That is cool. This is the solution I was hoping existed, but someone brought to my attention the need for 100% uptime, an by inference the lack of redundancy on a home solution, so I need to reconsider what I am will to do.

I have a friend in a neighboring state that I visit regularly - we're setting up disparate SANs, one at his location, the other at mine. We each get half the storage space; we back up to the half onsite and overnight the onsite SAN data gets backed up to the offsite. This has nothing to do with mail, but if you can host a mail server on something as inexpensive as a pi then you could have one at multiple locations for redundancy purposes.

I setup my own instance and went with the free mail tier on brevo.com. They allow 300 relays per 24 hour period on the free tier. Their email stats and tracking looks decent too.

Prior to that I had setup my own postfix server, and while it worked fine, emails to gmail accounts were not getting through.

As much as I enjoy self hosting my own services, email just seems like more trouble than it's worth. I let Protonmail take care of that for me.

Yeah. I am getting great suggestions, but also a lot of hard truths. I think a basic paid email is probably less than I would ever pay to get the setup right.

Jep. running a linux mailserver for now 20+ years

its now running postfix :-), in a vm on proxmox...

I ran email server with Mailcow Docker. Easiest way I have found. It is perfect to host your own mailbox but as other have said, the sending from your IP might just get blocked by other big mail servers. Luckily Mailcow allows you to use it as a SMTP relay and you can route outbound mail through the well known SMTP services.

I've thought about rolling my own email service, but I'm hesitant given the risk of it inadvertently nuking the rest of my network. There's a lot of work needed to keep the thing secure, and even if you do everything right there's a good chance you get SMTP traffic blocked because other services are worried about unknown accidentally hosting spammer networks.

Plus given my prior track record, there is a $1000% chance I screw up the DNS entries for any mail servers I set up.

A lot of people on here are way more technically minded than I will ever be, so if they are having trouble, I AM IN TROUBLE! AAAAAAAAAHHHHHHH!!!

I think I will be fine. I am keeping the emails I already set up. If I get fluent and comfortable running my own email server, I may migrate, but I am not shooting myself in the foot anytime soon.

“No. No, man. Hell no. No, i imagine someone would get their ass kicker if they said something like that”

I stopped running my own a while ago. Its no longer really decentralized and the big players (google/microsoft) will often just blacklist you for little reason.

That said I DO maintain my own domain and backups. So i can take my email to whatever hosting provider I want.

I also noticed, during the migration, that if you simply register your domain with one of the big players (ie: Google Workspace or M365) you will often get whitelisted and email will flow easier. This was easier when they had a free tier though.

Got the same issue. Everything was setup properly. SPF, dkim, dmarc was all good. Server IP wasn't in any blocklists. But my messages would still fall in spam with Gmail.

Ended up setting sendgrid as a relay and all is good now.

I guess you got to play the game if you want to win. I Google and Microsoft have the same level of trust from me, so it goes to whoever makes it easier.

Pretty much. Its kinda nuts. I just host with Google at this point. Its easier though privacy is a disaster. I consider email to be public at this point though after the Snowden stuff. Have considered moving to something like Photon but their lack of support for contact syncing makes it tough, specifically for my wife. She uses Apple Mail as well, which i THINK photon can now support via IMAP or something, but not having contacts synced is hard.

That said I back up all of my Google workspace stuff, email included, to a local synology using their app. So i have copies of everything should I need it (ie: google decides to suspend me for no reason.)

Damn. Privacy is something I was hoping would be a benefit from self-hosting.

I mean, I haven't taken the bite yet but it is way more than I can chew. I am not keen on basic stuff like encryption.

Hell, I just want to have both my email accounts on my phone without paying for it. I think privacy is worth paying for, but I need to be smart about what I trust.

Here’s the catch with email via privacy. Unless you are gpg encrypting the email even photon doesn’t matter, as whoever you are sending to likely has it unencrypted at rest on their server.

And while tls in transit is better than it used to be with their smpts or starttls, plenty of mail servers don’t do it. So even transport is an iffy game sometimes.

At the end of the day, it’s better to

A. GPG encrypt the email. Which requires both ends to be technically competent. B. Consider it to be quasi public, like talking quietly in a coffee shop. Most won’t hear it but if someone does shrug

Right. One of the articles someone linked basically explained this limitation. So, privacy is kind of an illusion, or a half-true marketing gimmick.

Not likely worth it. Primary reason is that the large federated email services are skeptic also of email from services such as your proposed self hosting solution and may simply not deliver the mail you send. This is to mitigate against spammers setting up a bespoke servers.

There are a bunch of other things that could go wrong if you don’t set everything up perfectly, but even if you do, this would be a big problem.

Better off using a custom domain with a big provider. Fewer headaches. I like Fastmail, but many others are great too.

Your own email server requires near 100% uptime or you risk not receiving critical emails. If a remote email server is trying to contact your email server and it can't it's only going to retry a few times and then give up. Hosting this yourself sounds great until you realize high uptime is not cheap and requires constant attention.

Setting it up securely can be difficult depending on your understanding of server infrastructure as well as protocols like DNS. You need to set up SPF, DKIM, DMARC, etc in order to prevent someone from faking an email from your server.

Of course, federated email does not use SPF/DKIM/DMARC because the whole point is that someone from another server could use your server to send an email (hence the federation). Open email servers were common 20 years ago but very rare today. That makes setup easier, but the main caveat is that most known non-federated email servers will reject email from servers that don't have SPF/DKIM/DMARC because they generally end up being havens for bots and spam since there is no verification or authenticity of the sender.

As someone who self hosts a lot of things, I would never self host my email. If i did I would be paying for two boxes in different parts of the world on different ISPs to provide that uptime. I would definitely set it up securely and not as a federated server otherwise it would be practically unusable for day to day emails.

Your own email server requires near 100% uptime or you risk not receiving critical emails.

I disagree. You can take some amount of downtime without issue.

https://wpmailsmtp.com/docs/how-to-automatically-resend-a-failed-email/ as an example for some services.

Many services (including postfix by default) will attempt a number of resend operations before it gives up.

Of course, federated email does not use SPF/DKIM/DMARC because the whole point is that someone from another server could use your server to send an email (hence the federation).

What? All email is federated. What are you talking about here? SPF/DKIM/DMARC are on top of email... and have nothing to do with the federated property of email. Federation does not mean that you login or use another server. But that you have your instance, and the servers hash out the cross communication amongst themselves. That's EXACTLY what email servers do using SMTP.

I would definitely set it up securely and not as a federated server otherwise it would be practically unusable for day to day emails.

If your email wasn't federated then you would get emails from anyone outside of your own instance. That would make email useless for 99% of the world.

I take "federated email" to refer to a juxtaposition with normal email implementation which harkens back to how it was in the 90s or early 00s where you didn't need to be registered on many SMTP servers in order to use it and it's stripped of server-side validation. There's some discussion on this topic in the fediverse.

You're right that the default current implementation is already federated.

Yep, I have no idea what those acronyms mean. Thank you for the reality check!

This is disingenuous on many counts.

A mail server does not require 100% uptime. The only messages you would miss from a brief downtime would be from a bad behaving mail sender. Even if your server was down for a day you likely wouldn't miss any mail, if it was longer than 24 hours you might start missing some.

SPF is all that's really needed to prevent someone from faking mail from your domain, if it's set to strict most mail providers will reject fake/spoofed mail at this point. This let's the receiving mail server know which servers/IP Addresses are allowed to send mail for the domain.

DKIM - before sending an email your server will create a signature and add it as a header. The DKIM DNS record stores the public key so the receiving mail server can verify the email's authenticity.

DMARC - Largely I only ever get reports from Google. MS and others rarely send them. Anyway, this is basically a tool that alerts you that unauthorized emails are being sent from your domain. If this happens, likely your SPF record is incorrect.

There are tools to help make sure your setup is correct, such as this https://mxtoolbox.com/SPFRecordGenerator.aspx

The rest of your comment contains outdated information. This post is about running a mail server in 2023. Some anecdotal statements about what it might have been like to run a mail server 20+ years ago serve no purpose here other than to scare people off from trying to host their own mail. If you succeed in that at least we could continue to sit around whining that Google and Microsoft have email all locked up and us little guys can't do anything about it but to continue to regurgitate how hard it is and you just shouldn't even try.