this post was submitted on 12 Jun 2023
147 points (98.7% liked)

Selfhosted

40324 readers
379 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
147
[Question] Does anyone run their own email server? (lemmy.one)
submitted 1 year ago* (last edited 1 year ago) by DidacticDumbass@lemmy.one to c/selfhosted@lemmy.world
276 comments fedilink hide all child comments
 

All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology.

I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own.

I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don't know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite.

Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?

you are viewing a single comment's thread
view the rest of the comments
[–] Album@lemmy.ca 8 points 1 year ago* (last edited 1 year ago) (5 children)

Your own email server requires near 100% uptime or you risk not receiving critical emails. If a remote email server is trying to contact your email server and it can't it's only going to retry a few times and then give up. Hosting this yourself sounds great until you realize high uptime is not cheap and requires constant attention.

Setting it up securely can be difficult depending on your understanding of server infrastructure as well as protocols like DNS. You need to set up SPF, DKIM, DMARC, etc in order to prevent someone from faking an email from your server.

Of course, federated email does not use SPF/DKIM/DMARC because the whole point is that someone from another server could use your server to send an email (hence the federation). Open email servers were common 20 years ago but very rare today. That makes setup easier, but the main caveat is that most known non-federated email servers will reject email from servers that don't have SPF/DKIM/DMARC because they generally end up being havens for bots and spam since there is no verification or authenticity of the sender.

As someone who self hosts a lot of things, I would never self host my email. If i did I would be paying for two boxes in different parts of the world on different ISPs to provide that uptime. I would definitely set it up securely and not as a federated server otherwise it would be practically unusable for day to day emails.

[–] albemmy@lemmy.world 1 points 1 year ago

This is disingenuous on many counts.

A mail server does not require 100% uptime. The only messages you would miss from a brief downtime would be from a bad behaving mail sender. Even if your server was down for a day you likely wouldn't miss any mail, if it was longer than 24 hours you might start missing some.

SPF is all that's really needed to prevent someone from faking mail from your domain, if it's set to strict most mail providers will reject fake/spoofed mail at this point. This let's the receiving mail server know which servers/IP Addresses are allowed to send mail for the domain.

DKIM - before sending an email your server will create a signature and add it as a header. The DKIM DNS record stores the public key so the receiving mail server can verify the email's authenticity.

DMARC - Largely I only ever get reports from Google. MS and others rarely send them. Anyway, this is basically a tool that alerts you that unauthorized emails are being sent from your domain. If this happens, likely your SPF record is incorrect.

There are tools to help make sure your setup is correct, such as this https://mxtoolbox.com/SPFRecordGenerator.aspx

The rest of your comment contains outdated information. This post is about running a mail server in 2023. Some anecdotal statements about what it might have been like to run a mail server 20+ years ago serve no purpose here other than to scare people off from trying to host their own mail. If you succeed in that at least we could continue to sit around whining that Google and Microsoft have email all locked up and us little guys can't do anything about it but to continue to regurgitate how hard it is and you just shouldn't even try.

load more comments (4 replies)