Selfhosted

38707 readers

677 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

[email protected]

Giving up on selfhosted email / Any sane email setups? (szmer.info)

submitted 11 months ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

So I've been running self-hosted email using Mailu for a couple of months (after migrating out of Google Workspace). Today it turned that although my server seems to be capable of sending and receiving emails, it also seems to be used by spammers. I've stumbled upon this accidentally by looking through logs. This seems to have been going on for all this time (first "unknown" access happened just a couple of hours after I've set everything up).

While browsing the logs there were just so many crazy things happening - the incoming connections were coming through some kind of proxy built-in to Mailu, so I couldn't even figure out what was their source IP. I have no idea why they could send emails without authorization - the server was not a relay. Every spammy email also got maximum spam score - which is great - but not very useful since SMTP agent ignored it and proceeded to send it out. Debugging was difficult because every service was running in a different container and they were all hooked up in a way that involved (in addition to the already mentioned proxy) bridges, virtual ethernet interfaces and a jungle of iptables-based NAT that was actually nft under the hood. Nothing in this architecture was actually documented anywhere, no network diagrams or anything - everything has to be inferred from netfilter rulesets. For some reason "docker compose" left some configuration mess during the "down" step and I couldn't "docker compose up" afterwards. This means that every change in configuration required a full OS reboot to be applied. Finally, the server kept retrying to send the spammy emails for hours so even after (hypothetically) fixing all the configuration issues, it would still be impossible to tell whether they really were fixed because the spammy emails that were submitted before the fix already got into the retry loop.

I have worked on obfuscation technologies and I'm honestly impressed by the state of email servers. I have temporarily moved back to Google Workspace but I'm still on the lookout for alternatives.

Do you know of any email server that could be described as simple? Ideally a single binary with sane defaults, similarly to what dnsmasq is for DNS+DHCP?

top 5 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 11 months ago

unless you realllllly enjoy self hosting your email, IMO it’s just not worth it anymore with the state of things. I use Fastmail and could not be happier.

[–] [email protected] 0 points 11 months ago (1 children)

After spending a considerable amount of time on it, I have come to the conclusion that there is no completely reliable way to send email without relying on a third party that is considered to have a “good reputation”.

Your set up might work right now, but tomorrow everyone on the internet could stop accepting your mail without explanation and without recourse.

If you own your own IP range, things look a bit brighter, but if you’re dependent on residential and housing provider addresses, you’re boned.

[–] [email protected] 0 points 11 months ago (1 children)

I agree that a static IP address is an absolute requirement for a mail server to send messages these days. You also need a host of checks in place like SPF, DKIM, and DMARC, along with a strong set of blocklists and spam filters. My own setup includes dual ISP connections from two different providers, and even with all that in place, Microsoft has always been a thorn. They will block me for no apparent reason, their own tools don't even show any detected spam activity, and sometimes they don't even block the same IP address (or provider) that my emails were sent from. Every other spam service on the planet behaves in a rational way, but of course Microsoft has made a point of locking in so many businesses to their own spam-ridden service that you simply can't run a mail server any more without being able to talk to them.

Overall, yeah it can be a pain to run your own mail server. I can't imagine trying to use a pre-built mail server and expect it to run, there's so much that you have to configure to each specific setup. It's not like a web server where you load up a docker container and it just works.

[–] [email protected] 0 points 11 months ago (1 children)

I agree that a static IP address is an absolute requirement for a mail server to send messages these days.

No no, I don't mean a static IP address. I mean an IP block allocation. I mean an Autonomous System (AS). I mean actually owning your IP ranges.

Static addresses are subject to the whims of the provider, and even when they are actually static, much of the "reputation accounting" is influenced by the other users of your block. The only way you can guarantee the kind of continuity needed is by owning the entire IP allocation block.

It's not a game for the little guys.

[–] [email protected] -1 points 11 months ago

Well... ok? I've only been running mine since around 2001, I guess I should give up?