[kwlug-disc] Re-re-re-re hashing the idea of running your own email server.
Cedric Puddy
cedric at ccj.host
Thu Dec 15 10:03:32 EST 2016
tl;dr: I recommend using a outside SaaS inbound/outbound email filter to
keep the jerks from causing you hassle -- I think that cuts out 90% of the
hassle of running your own server.
------------
Setting up a straight-forward SMTP/POP/IMAP mail server is pretty
straightforward, most have decent implementation how-tos written; though I
might be remembering my own learning process through rose-tinted glasses --
perhaps it was harder to learn to than I remember.
I used to use Sendmail extensively, and now I use EXIM (under cPanel,
which, granted, automates several of the key points of setting up a mail
server, but costs enough that it's not practical for revenue-free
projects), but the tuning, understanding delivery rules, being able to
understand the and correct the behaviour of the system remains.
We've got tonnes of accounts in there, multiple servers, etc... but the
biggest simplifying factor that keeps the wily internet jerks at bay is
choosing to use an outsourced SaaS email filter on both inbound and
outbound email; if your goal is guaranteed privacy*, or absolute minimal
cost, then this might not be an option; for people running like me trying
to run a service, and don't want to be fighting with RBL blacklist
operators, wondering what to do when someone tries to DDOS your SMTP port,
etc, then it's very viable indeed, especially if you have a small number of
users.
The key point is that when outbound mail goes out, it goes out via the
filtering providers outbound relay nodes (and if they want to keep getting
paid, they've got to make sure those nodes stay off blacklists, etc), and
when mail comes in, the only thing they can talk to is the relay provider
(who has security and network people to deal with all the inbound crazy,
DDOS crap, etc).
Something to consider anyway; I expect to be always running mail servers
for myself and clients, and I have no plans to ever do so without a managed
filter in front of those machines.
-Cedric
*(if you believe that email can be secured, without encrypting content, and
even then that the meta-data is nothing to worry about, and the fact the
servers you communicate with can be huge info leaks you can control or
monitor ... all I'm saying is that the SaaS filter has to be considered in
context. If you already encrypt 100% of your email body text, use smtp
mixers via Tor from a VPN exit node in Sweden, and etc, etc to accomplish
perfect info-sec, then yeah, you probably don't want or need a SaaS filter)
On 15 December 2016 at 00:06, Chamunks <chamunks at gmail.com> wrote:
> I figured since I accidentally threadjacked that last conversation about
> NextCloud that I would start a new one.
>
> B.S. <bs27975.2 at gmail.com>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Running one's own e-mail server is always a popular topic.Any amount of
> poking into the idea quickly reveals an unexpected amountof complexity and
> gotchas, which can be daunting - perhaps not so muche-mail / the server
> itself, but the necessary ecosystem that surroundsit in today's world. Let
> alone if you expand the topic to'communications' (instant messaging,
> 'skype', IRC, and the like). Iexpect many skitter away from the idea rather
> quickly.Yet many do it, presumably happily and successfully.[Mind you, I
> thought the same thing about voip / voip.ms <http://voip.ms/>,
> buteventually, especially after posts from John, Oksana, and Raul,
> haven'tlooked back since.]Any favourite 'how to' links out there?(Such seem
> to be a moving target, it can be hard to discern what's'current'.)*
>
> https://mailinabox.email/ if you trust the concept of curl'ing directly
> to bash. I've been tempted to try and get all of the dependencies pulled
> into one gigantic docker image and see if I can't get it running there.
> Just seems kinda crazy complex it includes everything like even a damn DNS
> provider so that it can just update its own DNS records which will open you
> up to DDOS problems.
>
> There are a few dockerized megalithic containers now that exist that can
> theoretically ship all of the stuff you need too but I think that
> MailInABox recommended via https://privacytools.io sounds like just about
> the most promising.
>
> I personally would prefer using something more like Rain Loop
> <https://www.rainloop.net/> which might actually help me encourage myself
> to use PGP. I don't trust options that offer to host my PGP keys on
> someone else's proprietary service but I also need to have sync. Also, my
> biggest problem is Protonmail may boast a great concept but I don't need
> yet another damn app on my phone that's going to burn my battery. It also
> needs to be something that I'll actually check too so I realize modern
> convenience has made this somewhat of a tall order but I don't want my
> stuff in the cloud anymore.
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
--
| CCj/ClearLine - Hosting and TCP/IP Network Services since 1997
| 118 Louisa Street, Kitchener, Ontario, N2H 5M3, 519-489-0478x102
\________________________________________________________
Cedric Puddy, IS Director cedric at ccj.host
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20161215/bf3bbb12/attachment.htm>
More information about the kwlug-disc
mailing list