Is it useful to have your own mail server as a non-business? Just a private person. Configure SMTP and IMAP for it, sync with outlook I think.
Yay or nay, waste of time? What are your thoughts?
You must log in or register to comment.
No.
I would say absolutely not.
Waste of time, massive headache, constant security threat. Set a relay up for outbound so you can get consolidated root mails and system alerts. But skip the inbound and let Apple/Google/someone else manage the threat surface.
I run three of them now, one since about 2005 and haven’t had any blocking issues on it. I have also always set up DNS records as well as had a static IP.
“is it recommended” implies that the wisdom of crowds (a) exists, b) applies, c) is correct.
What do YOU want to do? That’s all that matters.
I’ve run my own mail server for over 20 years. I enjoy it, and its nice having my mail sit in my basement.
Everyone should at least give it a try, if only so your decision not to is well informed instead of following cargo cult advice.
Honestly, not everything needs to be a firsthand experience to know it’s not something I want to do. Hosting my own email is definitely something I’m good with living through others vicariously.
Email and DNS. I have self-hosted both and I have no regrets. What I ALSO have is zero desire to do so again in the future.
100% on this suggestion.
i use to setup qmail to host a few domains, works really well, even mail blast is like really efficient. picked up a lot of fundamental about email, dns, ssl along the way.
just make sure you put a good filtering system before the email reaches your server. like mimecast, proofpoint, etc.
nowadays, you can further secure your access to pop3,imap on email server using service like cloudflare tunnel.
I’ve been hosting my own email server for 20 years. Not at home though, fuck trying to do it on a dynamic IP. Also fuck 123-reg for mangling my DKIM and making me think I was going mad.
My first IT job was as mail admin.
I wouldn’t wish that shit on anybody.
I remember that job and also building the server myself from scratch. Qmail, Squirrelmail, Dovecot and all that. It lasted about a year until we bought something as it was hell. Now days with IP reputation and spam filters - even if the server ran, you’d never get anything delivered outbound.
OP, the most I would do is an SMTP server that relays through Gmail for delivering alerts from monitoring systems. Anything else is pain.
That’s all we do for clients that need on-prem equipment to scan that don’t support integration with Gmail/outlook online. Spin up an SMTP relay for things like scanners, alerts, Databases, etc. and just run that straight into Google/Microsoft Mail servers.
Our latest migration was with MailEnable and going to Exchange online, which was a collosal mess.
I finally built my own mail server because if something broke my alerts would sometimes hit the maximum limit for a non-business gmail account and not get delivered.
I learned a lot, but it is a pain in this day and age. I had to set up SPF and DMARC records to get it to deliver to gmail. I guess the next adventure is DKIM.
Assuming you’re using postfix as an MTA, it’s not too hard to get OpenDKIM up and running.
My mail admin experience is pretty dated these days, but I followed this guide back in the day and had it working.
Unfortunately I’m using Citadel, which doesn’t have a lot of awesome documentation.
Guess I get to learn some more.
I 2nd the 2nd paragraph
Mailcow.email
Mailinabox
Same, became quite skilled on exchange server, bad career path…
same, hire a service, to deal with spam and spam list is hard.
i use proxmox mail gateway, i host both the gateway and mail server as vms on the same machine
Nope. Spam mail
I have the Proxmox mail filter in front of my Exchange. It works wonderfully well. No spam gets through.
Depends. I have my private mail system working and for the most part it works fine. However, its indeed a bitch to deal with blacklists and ISP policies. Took me two years to convince the ISP to give me a business line with two IP addresses and no port filtering. The mail system has to be configured correctly.
Knowing I have full control over everything is great, but its not for everybody.
I’ve run my own mailserver for about 20 years. I don’t know if I’d recommend others do the same, but I wouldn’t recommend against it either.
Once it’s up and running, it’s surprisingly low-friction. I have a VPS with a provider I trust, and it’s running nothing else. Other than keeping everything updated, it requires very little ongoing maintenance. Mostly making sure you keep up with dmarc, TLS, etc best practices before the big providers call them requirements, instead of after.
I think the real difficulty is starting fresh, greenfield. Not only can one misconfiguration ruin your day, but if it’s an issue that other providers notice, the smell hangs around for a long time. Most the big providers (gmail, microsoft, yahoo) will do absolutely nothing to work with you, so if they take a dislike to you - well you’re screwed. There’s no way to get in touch with them, no way to ask them to look again, etc. The juggernauts will usually give the impression they don’t actually have anyone working for them at all.
You’ll also learn a lot more about DNS. Whether you like it or not :)
Things that aren’t so fun … OS updates are always the terrifying one. My provider is really good about letting you spin up a new instance while keeping the old one around for a month so you can switchover when you’re ready. I use that for most things - but for my mailserver, I don’t want to because I don’t want a new IP. I like that it’s my ball and I can pick it up and go play somewhere else if I want, but the amount of reputation that the big providers pin to IP, makes this a lot more difficult than it sounds.
The other fun sticking point is monitoring. I get emails if my mailserver (or DNS) go down … but because my mailserver is down, I don’t receive them until it’s back. That’s not ideal, but I never seem to get around to doing anything about it. (because when it’s working, I want to leave it alone. When it’s not working, it’s too late.)
I think the main thing to keep in mind is that it’s difficult to “lab” outbound mail. There’s very little “just trying something”, very little experimentation, etc. Getting things wrong has too many long-term effects. You wanted to try a new MTA and now Google think you’re a spammer? Putting the old one back does not fix your reputation. Putting the old config back does not fix your reputation. Doesn’t matter how much you clean, that smell is going to take a long time to go away.
What does a provider make trustworthy for you?
A provider that isn’t on the ball about managing outbound spam will quickly find their IPs (if not the whole prefix) blocked. If someone runs a spambot from a VPS, and then you get the recycled IPv4 address when the instance is removed, what’s to tell Microsoft you’re not also a spammer?
I’ve been an admin for a couple of different companies that sent statements to customers. Keeping our legit email systems off spam lists was a daily challenge.
I work for a cloud provider, and even if I wanted to, I could not check for outgoing spam, other than reacting to the NOC mails.
Most mail server use transport encryption, which I can absolutly not inspect.
I never said anything about monitoring outbound SMTP traffic.
The more realistic mitigations are e.g. periodic scanning for open relays, actually handling abuse email reports, RBL checking
That’s a lot more difficult to put into words than I thought it’d be.
I think the big thing is that they’re not in the race to the bottom. Their customers choose them for their level of services, not because they were the cheapest host in a list. So spammers don’t want to use them because they’re not the cheapest, and they don’t want to host spammers because that ruins their value proposition to their regular customers.
What else … small enough that they’re not faceless. and I’m not nobody to them either. They’ve been at this at least as long as I have, so it doesn’t feel like they’re going to disappear tomorrow. And they’re fairly active with their community through a good old-fashioned mailing list. Which also helps to get to know them and what level they’re working on. It’s nice knowing that when I mail them, I don’t get through to an AI, or an L1 on a script, I’m gonna get Andy.
It’s a tough one though, because trust is earnt, not researched. But I do prioritise putting a mailserver on a provider that keeps a clean house - because you don’t want to find yourself getting blocked because your neighbours misbehave.
tl;dr; everything AWS ain’t.
That’s a nice writeup. Especially the mailing list part struck with me.
So which provider is it.
I’ve gone through a lot of providers in the last decade. Currently everything sits in the DC of my current employee, but I feel like a freeloader, which I am clearly am.
+1 to this.
I find in the IT field that people who run their own mailservers are significantly better engineers than those who do not.
As other said. If you want to see if you can. Yes fun go for it.
Don’t use it for anything important. And know that your ISP will very likely have that port blocked already. And if you call them to ask them to unblock it they are unlikely to be willing to.
This is to prevent scammers and spammers.
Also. Know that even if you were able to. Getting other mail servers to not instantly junk your mail is actually quite difficult or impossible. So your emails would always land in spam, be outright blocked, or be in junk.
For yourself as an experiment sure, but don’t fuck around with your family’s email.
If you have a home lab you’ve probably got devices that sent e-mail alerts so you could try running something internally to see how you get on.
I think some older devices don’t have authentication and can only work internally.
I do. But the domain I use it for is occasional sending. If it was for my job/business probably not.
I do not notice any delivery problems though. What you will need aside from DKIM/SPF, is a static IP and the ability to create reverse dns records.
I have Comcast business and I was surprised they did the reverse dns for me, but it has been working great. I get 10/10 on mail-tester.com.
See docker-mailserver which is a full fledged email solution including spam assassin and anti virus. I use it for my business emails. Works perfectly