this post was submitted on 14 Dec 2023
26 points (88.2% liked)

Selfhosted

40132 readers
563 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm going to start off but saying I know that self-hosting email can be a bad idea. That being said, I'm trying to de-googlfy my life and would like to experiment.

I have a VPS and a domain that doesn't get used for much at the moment. I'd like to try configuring a full mail suite on that domain and see if I can make it work. I've been looking into the various options on this list and was hoping for some feed back on options that people have used. If this works out it would be fairly low volume.

Ideally I'd like a full solution that includes web administration if at all possible. I think I'm leaning towards mailcow but it might be overkill.

I'd appreciate any input on what has or hasn't worked for people. Thanks.

top 31 comments
sorted by: hot top controversial new old
[–] johntash@eviltoast.org 19 points 11 months ago (5 children)

Consider still using sendgrid, AWS ses, or some other service for outbound mail. Incoming email isn't bad, but outgoing email is where your more likely to run into issues with your IP being blacklisted/etc

[–] jemikwa@lemmy.blahaj.zone 9 points 11 months ago* (last edited 11 months ago) (1 children)

Definitely listen to this. IP Warming is a very real problem and you have to send thousands of messages at a very gradual rate for most email gateways to 1) mark you as a proper email sender, and 2) classify you as a reputable one that isn't sending spam. Using a public/private cloud IP isn't enough, it should be a service already used for mail sending.

If you self host sending email and ignore using a service for outbound, make sure it isn't at home. ISPs often block SMTP traffic to keep people from spamming others from their home. A lot of IP blocklists also auto block home IPs so you may not ever get your messages delivered.

Make sure to set up SPF/DKIM/DMARC. At the very least SPF, DKIM if the platform supports it, and ideally all three or SPF+DMARC. It's not that hard to configure if you do it as you go instead of years down the line after you have a dozen services sending mail as your domain.

[–] lily33@lemm.ee 2 points 11 months ago* (last edited 11 months ago) (1 children)

What do you mean thousands at a very gradual rate? I don't think I've sent 1000 emails offer the last year. And even if some people send more, I can't imagine it would be at a pace where that becomes a problem (at least if it's for personal use)...

[–] jemikwa@lemmy.blahaj.zone 1 points 11 months ago* (last edited 11 months ago)

It's about sample size. Mail gateways won't designate an IP as a reputable sending IP until it assesses a large volume of mail sent over a long period of time. You can't send the quantity it wants all at once or even in a short window because then you'll be designated as a spammer. So you start small with a few a day and gradually ramp up sending over multiple weeks or months to eventually send several thousands of messages in that period.

Spammers and malicious actors too often spin up new IPs for sending mail, so gateway patterns already implicitly mandate that email should come from IPs it's already judged reputable.

You as an individual can't reasonably warm your own IP. This is why services like Amazon SES or Sendgrid exist because they have huge IP pools that are ready to go. Plus, those services are very concerned with reputation and have bounce/complaint metrics defined to warn customers that abuse or poorly configure their sending habits.

This next example is what I'm most familiar with, but I'm sure there are other services like this. If you're a big enterprise and want your own dedicated sending IP because you're concerned about using a shared pool, you could use something like Amazon Pinpoint which allocate IPs for your org to use in SES, but they have to be warmed before you switch your production workloads over to it full-time. It automates some of the gradual-ness of warming so you use a mix of SES plus your Pinpoint IPs to keep mail flowing for your product.

It looks like Sendgrid also does dedicated IP warming guard rails too. This article is pretty decent for understanding how it works - https://docs.sendgrid.com/ui/sending-email/warming-up-an-ip-address The per-day warming limits give you an idea of what scale this kind of process is used for.

[–] SeeJayEmm@lemmy.procrastinati.org 3 points 11 months ago

100% agree. I probably should have said this in the OP but I already outbound relay to SES for messages that get generated within my home network (alerts and whatnot).

[–] SciPiTie@iusearchlinux.fyi 2 points 11 months ago

Just curious is there any recent quantitative source to this? That statement was "common wisdom" already 20 years ago - 10 years ago I decided to just give it a try - and had issues three times in ten years, all three with missconfigured exchange servers.

And I'm not with a high profile provider either.

Just to make sure: I'm not claiming that you're wrong, I'm simply curious on how lucky exactly I got!

[–] brygphilomena@lemmy.world 2 points 11 months ago* (last edited 11 months ago)

My more recent experience has been this comes from using residential ISP IPs or cloud provider IPs. These are almost always just permanently in a grey list because AWS, Google Cloud, Azure, and digital ocean instances are so quick, cheap, and easy to setup and cycle through IPs on.

My colo provided IP block hasn't had any issues sending emails.

[–] lily33@lemm.ee 1 points 11 months ago* (last edited 11 months ago) (1 children)

If you have a VPS with dedicated IP they you (and only you) have used for a while, would it still be blacklisted?

[–] jemikwa@lemmy.blahaj.zone 1 points 11 months ago* (last edited 11 months ago)

Short answer, likely yes. It's not definitive, you could still slip by after sending enough mail, but you are also very likely to get whacked because that VPS IP doesn't have an email sending reputation.

Longer answer, email gateways like Google, Microsoft, and Proofpoint don't really care who owns what IP. Well, they might, but they're more concerned about the sending habits of an IP. While you might send good mail from that IP, there's no reputation for it, so you could be whacked for having a neutral reputation (the ol' credit score dilemma but for email).
In order to have a good reputation, you have to send a large volume of messages very gradually over several weeks to "warm" your IP as a reputable sender. I went over this slightly more in detail in another reply, but this article is pretty concise on how an enterprise accomplishes this with a dedicated IP at a provider like SendGrid: https://docs.sendgrid.com/ui/sending-email/warming-up-an-ip-address

[–] ikidd@lemmy.world 14 points 11 months ago (1 children)

I've run mail servers professionally since the 90s, I run my own mail via Mailcow. Be sure you know what you're doing on things like SPF and DKIM or you're going to have a bad time.

[–] ijhoo@lemmy.ml 2 points 11 months ago (1 children)

Can you elaborate on this?

I am looking into doing the same as op and I have no idea what I'm doing.

If you have been running servers since the 90s, can you provide the list of do and donts?

[–] redcalcium@lemmy.institute 8 points 11 months ago (1 children)

After setting up mailcow, configure the mailbox to use an external relay (mailgun, Amazon SES, etc). This will cut down your potential headache since the actual mail delivery is handled by someone else. Now you only need to focus on making sure you can receive mails.

[–] Oisteink@feddit.nl 1 points 11 months ago

And do use their guide for spf, dkim and dmarc

[–] tvcvt@lemmy.ml 10 points 11 months ago

I second mailcow. It’s what I’ve been using for years and it’s pretty great.

One thing I’ll add is before you take the plunge, make sure your VPS address isn’t on a block list somewhere. Pay a visit to mxtoolbox.com and you should find some resources there.

[–] bigkahuna1986@lemmy.ml 7 points 11 months ago (1 children)

As everyone has mentioned SPF/DKIM/DMARC is the absolute minimum. If you're going to be sending your own mail then a PTR record is absolutely required. Also get registered dnswl.org and other whitelist sites. Be prepared to spend some time tracking down why the occasional email goes to spam. Then there's the onslaught of bots and hackers constantly trying to break in.

I've used Mailu to host my own mail server, and at my work we have a standard Postfix/Dovecot setup.

My recommendation is to use Fastmail, Proton, or some other service to save you the headache.

[–] SeeJayEmm@lemmy.procrastinati.org 4 points 11 months ago

I understand all the pitfalls and caveats, I've maintained corporate mail services (i.e. exchange/o365) but I've not self-hosted before. I know the safe and sane solution would be a paid service, but like I said I'd like to experiment. I'll look at Mailu. Thanks.

[–] rettet_die_bilche@feddit.de 5 points 11 months ago

https://github.com/docker-mailserver/docker-mailserver No web adminiatration you have to use cli but its small an feature rich

[–] narc0tic_bird@lemm.ee 4 points 11 months ago

Not self-hosting email anymore, but back when I did all the hype was https://mailcow.email.

[–] outcide@lemmy.world 4 points 11 months ago (1 children)

I'm really liking the look of stalwart, but it's quite new. Mailu seems to be pretty nice, good features and not too resource heavy. Mailcow does everything, but it's a 🐷.

[–] SeeJayEmm@lemmy.procrastinati.org 3 points 11 months ago

Mailcow does everything, but it’s a 🐷.

That's my biggest concern with mailcow, is it's resource requirements. 8 GB of RAM is a big ask for a hobbyist VPS.

[–] fraksken@infosec.pub 3 points 11 months ago

i'm using virtuamin myself, gives you a pretty decent interface to work with.

[–] emhl@feddit.de 3 points 11 months ago (1 children)

I use docker-mailserver which is just one docker container running the basic services without the complexity of a webui an managing groupware

[–] themachine@lemmy.world 3 points 11 months ago

I do exactly this as well.

[–] minnix@lemux.minnix.dev 3 points 11 months ago (2 children)

I use iredmail, but I also made sure I had access to port 25 and my IP wasn't on any blacklist. This is the very first thing you should do or all your efforts could be in vain.

[–] SeeJayEmm@lemmy.procrastinati.org 1 points 11 months ago

I'll certainly double check. I do not believe my VPS blocks port 25 but I'll double check. I'm not going to even attempt to run this on my home ISP. I'm not that much of a masochist.

[–] remotelove@lemmy.ca 1 points 11 months ago

Ditto. I was in an unlucky block of dynamic IPs from my ISP once. Not only was sending or receiving email out of the question, my IP addresses were somehow part of firewall blacklists as well. I couldn't get to banks at all and tons of random places were just dropping my traffic. It was a serious pain.

[–] AnonymousLemming@feddit.de 2 points 11 months ago

OpenSMTPD. I run a private mail server for family, and it works flawlessly. No maintenance aside from backups and occasional OS upgrades. https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/

[–] korthrun@lemmy.sdf.org 2 points 11 months ago

I also have a small domain that is relatively low traffic. A lot of the "all in one" software on the list you linked looks pretty cool, I can't deny.

What I found is that I make very few changes. I used to add mailbox aliases fairly often, but the fact is there are only two users and enabling the "+" syntax in addresses put a stop to me needing to make new aliases when I wanted a new address.

I just don't feel like I need a management interface. Because of this I've just sort of frankensteined my own setup together and I love it. It operates how I expect it to, and enforces the standards I care about to the extent that I desire (e.g. which SPF result codes am I ok accepting?).

  • Postfix as SMTP/Submission server. I chose to go w/PAM based for outbound SMTP auth.
  • Courier for IMAPS
  • Dovecot for LDA (sieve is delightful)
  • Snappymail for webmail (served by apache httpd)
[–] Decronym@lemmy.decronym.xyz 1 points 11 months ago* (last edited 11 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
IP Internet Protocol
SMTP Simple Mail Transfer Protocol
VPS Virtual Private Server (opposed to shared hosting)

3 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.

[Thread #350 for this sub, first seen 14th Dec 2023, 02:55] [FAQ] [Full list] [Contact] [Source code]

[–] BCsven@lemmy.ca -1 points 11 months ago

If you are recently degoogled, then protonmail is a good option ( not self hosted) you get proton vpn, password manager, calendar , and 500GB drive storage.

[–] tagginator@utter.online -1 points 11 months ago

New Lemmy Post: Self-Hosting Email - Software Recommendations? (https://lemmy.world/post/9541814)
Tagging: #SelfHosted

(Replying in the OP of this thread (NOT THIS BOT!) will appear as a comment in the lemmy discussion.)

I am a FOSS bot. Check my README: https://github.com/db0/lemmy-tagginator/blob/main/README.md