No.
Homelab
Rules
- Be Civil.
- Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
- No memes or potato images.
- We love detailed homelab builds, especially network diagrams!
- Report any posts that you feel should be brought to our attention.
- Please no shitposting or blogspam.
- No Referral Linking.
- Keep piracy discussion off of this community
I would say absolutely not.
As a fun project, yes.
As an actual day2day email, no.
Unless u have actual redundancy with 24/7 uptime and static IP, it may caused missed emails. Even if u do, the price is a factor u may need to consider.
setting up email is easy, configuring it so you don't get caught in spam filters, and you don't get a ton is a full time job. I did it for awhile and just didn't find it worthwhile any longer.
My first IT job was as mail admin.
I wouldn't wish that shit on anybody.
I remember that job and also building the server myself from scratch. Qmail, Squirrelmail, Dovecot and all that. It lasted about a year until we bought something as it was hell. Now days with IP reputation and spam filters - even if the server ran, you’d never get anything delivered outbound.
OP, the most I would do is an SMTP server that relays through Gmail for delivering alerts from monitoring systems. Anything else is pain.
I finally built my own mail server because if something broke my alerts would sometimes hit the maximum limit for a non-business gmail account and not get delivered.
I learned a lot, but it is a pain in this day and age. I had to set up SPF and DMARC records to get it to deliver to gmail. I guess the next adventure is DKIM.
Same, became quite skilled on exchange server, bad career path...
Everyone should at least give it a try, if only so your decision not to is well informed instead of following cargo cult advice.
100% on this suggestion.
i use to setup qmail to host a few domains, works really well, even mail blast is like really efficient. picked up a lot of fundamental about email, dns, ssl along the way.
just make sure you put a good filtering system before the email reaches your server. like mimecast, proofpoint, etc.
nowadays, you can further secure your access to pop3,imap on email server using service like cloudflare tunnel.
I've been hosting my own email server for 20 years. Not at home though, fuck trying to do it on a dynamic IP. Also fuck 123-reg for mangling my DKIM and making me think I was going mad.
Email and DNS. I have self-hosted both and I have no regrets. What I ALSO have is zero desire to do so again in the future.
Honestly, not everything needs to be a firsthand experience to know it’s not something I want to do. Hosting my own email is definitely something I’m good with living through others vicariously.
Nope. Spam mail
I have the Proxmox mail filter in front of my Exchange. It works wonderfully well. No spam gets through.
I have an Exchange vm setup the last 3-4 years now. I use smtp2go for outgoing email. Works really well. I primarily use the system for alerts emails and mailing lists I use. If it breaks its an annoyance but nothing critical. I have a mail filter in front that all incoming mail goes through.
Depends. I have my private mail system working and for the most part it works fine. However, its indeed a bitch to deal with blacklists and ISP policies. Took me two years to convince the ISP to give me a business line with two IP addresses and no port filtering. The mail system has to be configured correctly.
Knowing I have full control over everything is great, but its not for everybody.
I've run my own mailserver for about 20 years. I don't know if I'd recommend others do the same, but I wouldn't recommend against it either.
Once it's up and running, it's surprisingly low-friction. I have a VPS with a provider I trust, and it's running nothing else. Other than keeping everything updated, it requires very little ongoing maintenance. Mostly making sure you keep up with dmarc, TLS, etc best practices before the big providers call them requirements, instead of after.
I think the real difficulty is starting fresh, greenfield. Not only can one misconfiguration ruin your day, but if it's an issue that other providers notice, the smell hangs around for a long time. Most the big providers (gmail, microsoft, yahoo) will do absolutely nothing to work with you, so if they take a dislike to you - well you're screwed. There's no way to get in touch with them, no way to ask them to look again, etc. The juggernauts will usually give the impression they don't actually have anyone working for them at all.
You'll also learn a lot more about DNS. Whether you like it or not :)
Things that aren't so fun .. OS updates are always the terrifying one. My provider is really good about letting you spin up a new instance while keeping the old one around for a month so you can switchover when you're ready. I use that for most things - but for my mailserver, I don't want to because I don't want a new IP. I like that it's my ball and I can pick it up and go play somewhere else if I want, but the amount of reputation that the big providers pin to IP, makes this a lot more difficult than it sounds.
The other fun sticking point is monitoring. I get emails if my mailserver (or DNS) go down .. but because my mailserver is down, I don't receive them until it's back. That's not ideal, but I never seem to get around to doing anything about it. (because when it's working, I want to leave it alone. When it's not working, it's too late.)
I think the main thing to keep in mind is that it's difficult to "lab" outbound mail. There's very little "just trying something", very little experimentation, etc. Getting things wrong has too many long-term effects. You wanted to try a new MTA and now Google think you're a spammer? Putting the old one back does not fix your reputation. Putting the old config back does not fix your reputation. Doesn't matter how much you clean, that smell is going to take a long time to go away.
+1 to this.
I find in the IT field that people who run their own mailservers are significantly better engineers than those who do not.
As other said. If you want to see if you can. Yes fun go for it.
Don’t use it for anything important. And know that your ISP will very likely have that port blocked already. And if you call them to ask them to unblock it they are unlikely to be willing to.
This is to prevent scammers and spammers.
Also. Know that even if you were able to. Getting other mail servers to not instantly junk your mail is actually quite difficult or impossible. So your emails would always land in spam, be outright blocked, or be in junk.
Been hosting my own email for over 20yrs. Get a vps at some reputable hoster, and make this a dedicated mailserver. Be sure to setup all dns records that are required, and rollout antispam measures.
You can easily host for receiving mail, but don't bother for sending. Most email services will simply mark your email as spam.
I do. But the domain I use it for is occasional sending. If it was for my job/business probably not.
I do not notice any delivery problems though. What you will need aside from DKIM/SPF, is a static IP and the ability to create reverse dns records.
I have Comcast business and I was surprised they did the reverse dns for me, but it has been working great. I get 10/10 on mail-tester.com.
For yourself as an experiment sure, but don't fuck around with your family's email.
See docker-mailserver which is a full fledged email solution including spam assassin and anti virus. I use it for my business emails. Works perfectly
If you have a home lab you've probably got devices that sent e-mail alerts so you could try running something internally to see how you get on.
I think some older devices don't have authentication and can only work internally.
I used a guide to setup an email server on couple of vps, and I have been running this for 7-8 years now. Adding additional features and security implementations. My servers are scoring max scores on all test I could find. Allowing me to have freedom to do with emails and domains as I wish to. And it just works. I would not change my setup for anything right now as I would see it as a downgrade.
You need to understand a lot of things but it is doable and once all is setup it just works, as long as you follow up on things like domain and certificate renewals.
I am even considering moving my mail server to my homelab… just for fun, as I still would have a backup smtp on vps.
I have been an email administrator and I run my own, personal email server for about the last 4 years. I've administrated Microsoft Exchange, on-premise and online and GNU/Linux Postfix/Dovecot/SoGo. I prefer the open source email offerings to the M$ stuff.
As others have mentioned, email is something that you would probably want hosted in a cloud somewhere and definitely NOT running locally at home (most ISPs block port 25 anyways so, running a email server at home is a crazy challenge). A free-tier cloud somewhere should be enough to get you started with an open source email server. The two cloud services that I use block port 25. I had to open a ticket with their support to open port 25. But, once that port is open, you can have a full fledged email server.
Check out https://www.iredmail.org/. It's open source, easy to get started, rock-solid, secure, and they have tech support via their web forum. ( I say 'they', but it's literally like one dude). This is what I use for my personal email server. I have custom IPS and Geo-IP filters for security. It's been running issue free for the past 3 1/2 years. I've never missed an email lol.
Use https://mxtoolbox.com/SuperTool.aspx for troubleshooting delivery issues. And, to learn all about the different DNS records a healthy email server needs.
Running an email server is challenging, but it's not something to be afraid of. It is labor intensive, requires active administration and not something that you would want to simply "set and forget". But, with the right administration, running your own email server can be very rewarding.
After trials and errors, I find it good to work on as a hobby project / just for fun, but not for your day to day emails. In my case, my SMTP server literally only runs for my printer that has a scan-to-email feature on it, wouldn’t trust it for anymore than that
Is there a docker container mail gateway I just need to send mail from monitoring app
Doing it for the experience and lab of it? Sure.
Doing it to actually use, fuck no. Email is the most vulnerable part of any org. You need to have a proper spam filter, dmz, web domain, several DNS records, certificates etc in order for mail to even flow in and out. It'll just be a headache and there are so many free options.
If you want your own special email domain, get suite for 1 person at 12 bucks a month and have it all just work.
There are a lot of things that are fun to lab. Email is not one of them, seriously— leave this to a cloud provider.
The day Exchange stopped being one of the things I had to manage was a good day indeed 😅
I keep seeing these posts and have a question, is it possible to host an internal only email so I can get notifications from pfsense or truenas scale?
Yes, but there remote logging solutions are a better choice.
https://youtu.be/eHxVvqzEtmc?si=BU6TYxt3cxl9yxdW
It's like this
Everything looks good, and wonderful but there's always a surprise waiting for your.
Coming from an exchange engineer with over 11+years experience
Honestly it's fun and all but I wouldn't recommend for anything work related. If I were to run a mail server at home I'd make sure I get a mail gateway you can proxy your mail through that manages blacklists and reputation.
Unless there's a strong academic reason, it's probably more work than it's worth for the average person. It becomes a vector for attack, and there's external infrastructure that has to be maintained as well (DNS, SPF, DKIM, etc)
Nay, emphatically. Out of the box, a new SMTP server is treated by peers as yet another spam delivery vehicle. You have to prove to the world you're not a fly-by-night spammer. There are certain things you have to do with your domain's MX record, as well as in terms of SMTP server configuration. Oh, and if you're ever caught with an open relay on port 25, that will get you blacklisted instantaneously...
I have my own mail server for using some of the service that requires mailing to my own domain.
It needs a static ip for best, which I have. But I’m currently lacking Ptr( if I named right, just a dns thing to do reverse checking) due to I’m not using business line and my isp doesn’t provide the service for home users.
Having one is great, but don’t use it as your main email service.
I'm running my own mailserver on a VPS for about 4 years. I'm using https://mailinabox.email/ It's a one command installer that installs everything you need for a mailserver to run, including roundcube webmail, nextcloud, DNS server, static html page hosting, and it runs on low resources, I'm using a very cheap VPS server with 1 core and 1GB RAM, I pay 3.79 euros monthly for VPS and it's been running great.
The only issue hosting your own non-bisiness mail server is that a lot of internet providers block incoming port 25, so you may not be able to recieve incoming mail. Getting a reverse DNS setup may be an issue as well which will bring your mail score down.... But you can increase the score with SPF and DKIM implementation.
Just make sure that you secure your server from unauthorized relay or you'll be blacklisted in no time.
It’s an interesting exercise to learn about how everything interacts and works. Beyond that I would absolutely not bother. It’s high effort, it’s shit to maintain and secure. It’s shit to debug when mails don’t arrive.
Isn't this question asked on this forum every few months? It's easily searchable.
In 2023 the threats to mail servers are so plentiful and ever changing, it’s the thing every business should give up — let the army of security pros at Microsoft and Google worry about those, honestly. Use the economies of scale of what they do protects millions of mailboxes, instead of you having to do all that same effort of work to protect 5 mailboxes.
Waste of time, massive headache, constant security threat. Set a relay up for outbound so you can get consolidated root mails and system alerts. But skip the inbound and let Apple/Google/someone else manage the threat surface.
I have an O365 instance hosting my own domain for mail
"is it recommended" implies that the wisdom of crowds (a) exists, b) applies, c) is correct.
What do YOU want to do? That's all that matters.
I've run my own mail server for over 20 years. I enjoy it, and its nice having my mail sit in my basement.
I run three of them now, one since about 2005 and haven't had any blocking issues on it. I have also always set up DNS records as well as had a static IP.
I'm running my own over 20 years now. For my own domains and catch all and temporary email address. For very long time temp email was not available commercialy. Now we have simple login, I think Firefox has something similar and few others. I would say it pretty self sufficient, no need to tinker when all is set up. I have always been exim user and I only know exim. The only pain I have now is that let's encrypt certificate gets renewed every 3 months and exim is unable to read it, so I need to fix permissions. The bonus point and weired flex is the ability to read email via telnet to port 110 and sending email chatting to the server on port 25 lol