[Question] Does anyone run their own email server?
[Question] Does anyone run their own email server?
All this new excitement with Lemmy and federation has got me thinking that maybe I should learn to run my own instance. What always comes up though is how email is the orginal federated technology.
I am looking at proxmox and see that is has a built in email server, so now I am wondering if it is time to role my own.
I stopped using gmail a long time ago, and right now I use ProtonMail, but I am super frustrated with the dumb limitation of only having a single account for the app. I get why they do it, and I am willing to pay, but it is pricey and I don't know if that is my best option. I guess it is worth it since ProtonVPN is included. It looks like they are expanding their suite.
Is it worth it? Can I make it secure? Is it stupid to run it off a local computer on my home network?
Yes, I still run my own email server. It is not for the faint of heart, but once it's configured and your IP reputation is clean, it's mostly smooth sailing. I have not had any deliverability problems to date, initial setup/learning period notwithstanding.
If you're not scared away yet, here are some specific challenges you'll face:
- SMTP ports are typically blocked by many providers as a spam prevention measure. Hosting on a residential connection is often a complete non-starter and is becoming more difficult on business class connections as well (at least in the US, anyway).
- If you plan to host in a VPS, good luck getting a clean IPv4 address. Most are on one or more public blacklists and likely several company-specific ones (cough Microsoft cough). I spent about 2 weeks getting my new VPS's IP reputation cleaned up before I migrated from the old VPS.
- Uptime: You need to have a reliable hosting solution with minimal power/server/network downtime.
- Learning Curve: Email is not just one technology; it's several that work together. So in a very basic email server, you will have Postfix as your MTA, Dovecot as your MDA, some kind of spam detection and filtering (e.g. SpamAssassin), some kind of antivirus to scan messages/attachments (e.g. Clamd), message signing (DKIM), user administration/management, webmail, etc. You'll need to get all of these configured and operating in harmony.
- Spam prevention standards: You'll need to know how to work with DNS and create/manage all of the appropriate records on your domain (MX, SPF, DMARC, DKIM records, etc). All of these are pretty much required in 2023 in order for messages from your server to reach your recipient.
- Keeping your IP reputation clean: This is an ongoing challenge if you host for a lot of people. It can only take one or two compromised accounts to send a LOT of spam and land your IP/IP block on a blacklist.
- Keeping up with new standards: When I set my mail server up, DMARC and DKIM weren't required by most recipient servers. Around 2016, I had to bolt on OpenDKIM to my email stack otherwise my messages ended up in the recipient's spam folder. -Contingency Plan: One day you may just wake up and decide it's too much to keep managing your own email server. I'm not there yet, but I've already got a plan in place to let a bigger player take over when the time comes.
It's bad out there when it comes to hosting your own email server. This blog post shows somebody's experience in detail, and it's worth reading. https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html
It's all so sad.
I've been self-hosting e-mail for over 15 years and hope to continue doing so. Although it's being made increasingly difficult by big tech players. I wrote about it here: https://proycon.anaproy.nl/posts/rant-against-centralising-e-mail/
Obligatory PSA: ProtonMail isn't any more secure than Gmail and is likely a honeypot scheme crafted by government agencies: https://encryp.ch/blog/disturbing-facts-about-protonmail/
I know the title of that sounds clickbaity, but they cite their sources. It's worth the read for those curious about ProtonMail's history and their CEOs.
Just take a look at https://docs.mailcow.email/
This runs from a small box with everything included. It gives you all the tools and config needed for running a secure and feature rich email service. Webmail, some sort of exchange emulation, webcalender on top of a solid postfix/dovecot install with rspamd as spam filter. Everything is configurable via a nice web UI.
After 15y running my own mail service and editing a lot of config files, I use this piece of free and open software and find it very good. All you need is a box somewhere in the internet. Running from a homelab will instantly fail, expect you have a static ip.
Your own email server requires near 100% uptime or you risk not receiving critical emails. If a remote email server is trying to contact your email server and it can't it's only going to retry a few times and then give up. Hosting this yourself sounds great until you realize high uptime is not cheap and requires constant attention.
Setting it up securely can be difficult depending on your understanding of server infrastructure as well as protocols like DNS. You need to set up SPF, DKIM, DMARC, etc in order to prevent someone from faking an email from your server.
Of course, federated email does not use SPF/DKIM/DMARC because the whole point is that someone from another server could use your server to send an email (hence the federation). Open email servers were common 20 years ago but very rare today. That makes setup easier, but the main caveat is that most known non-federated email servers will reject email from servers that don't have SPF/DKIM/DMARC because they generally end up being havens for bots and spam since there is no verification or authenticity of the sender.
As someone who self hosts a lot of things, I would never self host my email. If i did I would be paying for two boxes in different parts of the world on different ISPs to provide that uptime. I would definitely set it up securely and not as a federated server otherwise it would be practically unusable for day to day emails.
Not likely worth it. Primary reason is that the large federated email services are skeptic also of email from services such as your proposed self hosting solution and may simply not deliver the mail you send. This is to mitigate against spammers setting up a bespoke servers.
There are a bunch of other things that could go wrong if you don’t set everything up perfectly, but even if you do, this would be a big problem.
Better off using a custom domain with a big provider. Fewer headaches. I like Fastmail, but many others are great too.
I stopped running my own a while ago. Its no longer really decentralized and the big players (google/microsoft) will often just blacklist you for little reason.
That said I DO maintain my own domain and backups. So i can take my email to whatever hosting provider I want.
I also noticed, during the migration, that if you simply register your domain with one of the big players (ie: Google Workspace or M365) you will often get whitelisted and email will flow easier. This was easier when they had a free tier though.
@DidacticDumbass
Yes I run my own mailserver. I have done it for the last 15 years or so.
@selfhostedRunning a mail server these days is not that difficult. While using pre-assembled stacks like mailcow only the DNS entries needs to be done. If you want to run it at home you should do some research on routing all the traffic through a wireguard tunnel to preserve a public IP other mail instances will accept
Despite my willingness to self-host almost everything, e-mail remains the last frontier for me. Keeping abreast of standards, keeping up today, avoiding implications in abuse and many, many smaller issues abound ... and that's despite my fixed IP and ISP willing to set up a reverse-DNS for me.
Instead I've gone with a paid email provider that I'm REALLY happy with.
Can't recommend this enough: https://github.com/docker-mailserver/docker-mailserver
Yes, with mailcow.email and a catchall and random email system with Anonaddy.
I did for a couple years, but moved to mailbox.org a while ago. The effort was much to high to save a few bucks and there is no real upside to it. E-Mail is a troublesome mixture of different protocols from the internet stone age held together by chewing gum (SMTP, POP3, IMAP, DNS, database or file storage, maybe ActiveSync, Web-Mailer, ...)
Even when everything is up and running there is always maintenance to keep your SSL certificates up to date, update your incoming spam filter technique, keep other mail providers assured that you are not spamming (DKIM, etc.), keep all the different system services (see above) up to date and interoperable, etc. and every few years when you want to move to a new server, provider or Linux distro you start it all over again.
I used to run an OpenBSD mailserver for my personal email address for a few years. It wasn't that difficult to setup, more tedious and annoying than anything. I stopped doing it when I started searching for a job as I was too paranoid about my emails getting rejected without me knowing about it. I don't send many emails, but when I do send them I want to know they are getting to where they need to go. I know I was never blocked by gmail, but I couldn't be sure about other providers.
Now I just use my domain name as a catchall on mailbox.org and access it using offlineimap. All my emails are saved and backed up, so switching providers is no problem at all.
I originally did but the maintenance burden was killing me. Then last year Proton unified their subscription with VPN and Mail (also upgrading my Proton VPN only subscription to Proton plus) and from there I decided to just go all in on Proton mail. I integrated my domain to Proton mail and never looked back.
I used to, I don't any more. All the other comments are right, spam is a huge issue, and you can get blacklisted for no reason without recourse. I'm personally using migadu.com, which gives me some of the flexibility of running my own server without the hassle.
I used to run my own mail server about 2 years ago but unfortunately the spam got so bad I didn't have the time to manage all the filters. I moved over to ProtonMail since I can still use my own domain there. So I guess I would say it's not really worth it also it really sucks if your power is out and not having access to sent your power company a strongly worded email.
No. But I did consider it. Multiple times.
Why not? I'm too scared! Email is the one service that let's an attacker nuke each and everything. It's still the most central/crucial service that almost any service relies on. If I lose access to my mail account, I lose access to pretty much every service.
As much as I would like to host this myself, I simply do not feel comfortable to do it.
I do host my own mailserver for multiple years now without any issues.
I'm using https://docker-mailserver.github.io/docker-mailserver/latest/ on a rented server, not at home. I recently added DKIM and I check my setup via https://mxtoolbox.com and the like in irregular intervals to see if I can improve something.
The only downside I see is spam filtering, which obviously works better with GMail if the whole world population does the filtering for you. But the included SpamAssassin setup does work and catches most of the spam. I do check for false positives/negatives very regularly and have training folders set up so I can easily move messages into the SA training.
I've been hosting my own mail server, ever since I got into Linux. Most companies where I worked before, used self hosted email.
I've since migrated to using mailcow, which takes a lot of the headache out of it.
When you first start, it's a bit daunting. But easily manageble, once you've gained some experience.
I setup my own instance and went with the free mail tier on brevo.com. They allow 300 relays per 24 hour period on the free tier. Their email stats and tracking looks decent too.
Prior to that I had setup my own postfix server, and while it worked fine, emails to gmail accounts were not getting through.
I use Cloudflares email routing.
Point my domains name servers to Cloudflares and enable email routing. I can then create any email address in that domain and have it forward to any of my email addresses. Works great when signing up for accounts. The only thing you can't do is fire off email FROM said email address
Edit: can to can't
I setup my own email server, it was an absolute pain to setup, especially since I had no idea about all the little details of sending and receiving email. It was kind of fun to see everything come together
In the beginning I had a ton of email go into spam boxes, especially with gmail. Later I found out that if you don't add the proper email headers like
to: "Name Of Recipient" <email@example.com>it goes straight to the spam folder. (So you always need to provide a name)I am afraid to touch anything now though, as it is currently very really stable (on a vpn btw)
I run my own Mailserver on a vps with mailcow dockerized. Was a real pain to set up, even through it mostly works right now.
DNS stuff isn't just some A or AAAA records, also txt stuff reverse DNS and much more. As the others said, that's completely impossible with a regular ISP.
I'm on some dumb blacklist because my IP is obviously in the IP range of my hosting provider, and some lists generally block all vps ranges.
Now imagine the following: your bank wants to contact you and your primary mail is selfhosted, for some reason they block your IP (yes outgoing blocks, those idiots) and you don't get some real important mail. Or your server is down for maintenance, certificate issues, so on.
The best solution is most probably letting a professional email holster take care of your domain, for email at least. Protonmail offers that but the problem I have with them is that they don't allow a regular login through thunderbird, restricted to their own software.
I used to but all the tweaking with DKIM etc rules took a bit too much of my time. Now I'm using Zoho Mail to host email on my own domain.
It’s a great learning exercise but challenging to get right and ensure your deliverability and basically impossible from a residential-grade IP address (if you have a business class static IP at home you could pull it off).
I ran an email server for decades but gave in and pay to host my email now.
If google decides you’re a bad guy it’s such a pain to crawl back from that and I prefer my email to just work.
I've been running the families mail server for over 6 years now. I'm using mailinabox.email scripts to setup and manage the server.
I've not had any problems (touch wood) with email delivery. You may have issues if your domain is new, it can take a few days for the big guys to accept email from you.
I say go for it, I think too many are worried about deliverbility and that just causes more centralisation.
@DidacticDumbass I use hosted email from Polaris Email, $25/yr, and my domain from Porkbun at $5 for the first year, and access the mail through Thunderbird on phone and computer.
Well i kinda did that when i started selfhosting way too much a number of years ago... it can be quite annoying trying to get your server out of blocklists (if you need to change servers, because of ip reusing from hosters) and unless you use something like Servercow, it is easy to break things and it kinda hard to find proper tooling for selfservice and stuff.. nowadays i mostly keep it like it is because i don't want to deal with trying to migrate people to a different setup. It's okey and most of the time it just does it job, but it doesn't give too much joy :P
I have run my own email server, and have worked in the commercial web hosting sector.
Honestly, I wouldn't run your own email except as a side project.
It's certainly possible and all the tools are available and easy enough to use, but email in general is a rough combo of super old, and a "big target".
The super old part means that a lot of things that we might consider standard for a modern federated system just aren't there for email. Security is profoundly lacking, and if something gets dropped because of an update, or your computer crashed, there's no guarantee that the system will find a way to get it to you, and the sender might not even know it didn't get to you.
Security wise, you basically have to set everything up correctly all at once, or some system somewhere between you and the recipient will just throw the messages away, and they may or may not tell you.
They do this because all the tools are old, crufty and there's a lot of good exploits that misconfiguration leaves open that automated tools can use to send spam.Be sure to keep your computer fully patched, and install a malware scanner, even on Linux.
Ultimately, I wouldn't bother running one because the ratio of reward to work is just off for me. I would recommend setting something up for an afternoon though, just so you can see how the pieces work, and get to send yourself an email and know what steps it took.
a bit late to the party here, but I didnt see iRedmail mentioned. been using this to host my own email on a VPS for a little over a year now and its great. for me its worth, you can absolutely make it secure, and its not stupid to run it off a local computer. unfortunately most ISPs make it insanely difficult to host on your home network.
Very interesting. Thanks for the follow up.
Yes please visit me at http://retarded.dev
I just decommissioned the mail server I was running, because I didn't have the capacity with the rest of life to keep on top of it. Mailu was my choice of suite, and it was really great once I figured out how to get it behaving nicely behind my reverse proxy. For the most part it was low maintenance, but I would occasionally have issues with cert renewal and subsequently my email clients would stop connecting. I didn't have issues with non-delivery once I set up the various DNS records and did a lot of test emails that I could mark as not junk to various providers. I ended up switching to using icloud+, which includes email with a custom domain. Would I host my own email again? Possibly if I really need more than 6 addresses. But icloud+ costs less per month than the power consumption of the tiny server I was running mailu on over 3 days. Which is... Not insignificant in the current financial climate.
I used to. I had a docker-mailserver. It was good. But I moved house and changed ISP. I couldn't set up the reverse DNS on my address, and Gmail was blocking me, so I had to switch to a hosted mail server (namecheap private email).
It's a shame, syncing is noticably slower, and I only get one mailbox, but oh well. Just keep on using GPG.
@DidacticDumbass@lemmy.one I do, it is a pain and I understand why it is not worth for some people.
I host my own mailserver, and to be honest it's pretty painless. Usually I just let it run without giving it any thought. It's on rare occasions that I need to put a bit of work into improving the inbound spam scanning.
Selfhosting does need quite some knowledge of the software stack and several additional protocols to set them up correctly to get your outgoing email delivered. Also, like already mentioned in another comment, you absolutely need an IP address from a non-blacklisted subnet (I think most VPS providers will be okay, residential definitely not).
My software stack: Arch Linux (soon NixOS), Postfix, Dovecot, rspamd, opendkim, opendmarc.
Additional techniques configured: SPF, DKIM, DMARC, DNSSEC.
As you can see it's quite a lot, and I've been doing for more than 20 years now, so my opinion can be a bit skewed. I'd say go for it if selfhosting is a hobby.
I run my own email server using Mailcow. It works well.
However, I do not even attempt to directly send outbound email. It's very difficult to get your server trusted by the major providers, especially Microsoft (who are very picky about email servers). I have an account with MXRoute (which is an email provider) but only use it for outbound relaying. Inbound emails go directly to my server.
For what it's worth, MXRoute is a great provider to consider if you want to move away from the large ones (Google, Microsoft, etc) but don't want to self-host.
Yes, and I love it.
I use mailjet as a proxy on outgoing emails so that I get fewer of my sent messages rejected, which works.
It was a pain to setup but it's treating me very well.
I feel like I'll eventually have to... mailbox.org upped their prices from 1 EUR/mo to... whatever they are right now, and on top of that I'll still need a VPN to access heinous sites such as pastebin (welcome to Turkey), which is another 5 EUR/mo.
For that money I could get an alright enough VPS from Hetzner and spend some time getting everything configured properly, and have bonus flexibility in terms of hosting anything else I might want to host.
The problem with this ofc is that no "turnkey" mail bundle seems to give a shit about resource usage as far as I'm aware, and I'm worried they'll end up hogging all the server resources for themselves.
E-mail was the first "thing" that got me off of Google (to Proton & then currently Tutanota) but is really the last remaining service I not have self hosted.
I have always read about how difficult and time consuimg it was to run your own mail server, but I felt like I needed to experience it myself. So I purchased another domain and followed the instructions on https://mailinabox.email/.
I am using a small VPS on Hetzner and I have to say the experience has been almost flawless so far. I did need to have my new domain taken off the Domain Block List, but Hetzner gave me a clean IP and defaults to blocking port 25 outbound to prevent spam (simple ticket to open, once account is 30 days old and paid).
I know I'm still early into this journey so far, but it has been really simple and I plan to test this secondary domain for a few months before moving onto it full time.
As an avid self hosted of literally everything else, I can say it has been a lot of fun learning so far!
“No. No, man. Hell no. No, i imagine someone would get their ass kicker if they said something like that”
I use https://github.com/docker-mailserver/docker-mailserver with sendgrid.com as an SMTP relay (recieving emails is easy, sending them successfully is a pain)
I run my own on digitalocean. I used https://github.com/lukesmithxyz/emailwiz to set it up. I do not use it as my main email account. Relating to hosting it with your own hardware, your isp probably blocks forwarding port 25 which would make that impossible.
Gotta say, I’m really happy to see so many people here actually talking about doing it! Usually I see a lot of fear-mongering about self hosting email. You can do it, though, and I think we should encourage more people to do so! It can be a little tricky to set up at first because there’s a lot of different things you need to configure and make talk to each other — I haven’t used them but there’s things like mail-in-a-box that are supposed to make this easier. But the most important thing is to make sure you set up SPF, DMARC, and DKIM DNS records (and set up DKIM signing for your outgoing messages). I’d recommend setting the ruf and rua tags in the DMARC record so you get mailed reports from other mail servers (can help you debug if your mail is getting rejected). I’d also use these tools:
https://www.mail-tester.com/ https://www.learndmarc.com/
Happy mailing :)
I run a complete ISP style setup with multiple domains. I run it from a rented server at Hetzner, so i don't have problems with being black listed for sending from a consumer IP.
I've thought about rolling my own email service, but I'm hesitant given the risk of it inadvertently nuking the rest of my network. There's a lot of work needed to keep the thing secure, and even if you do everything right there's a good chance you get SMTP traffic blocked because other services are worried about unknown accidentally hosting spammer networks.
Plus given my prior track record, there is a $1000% chance I screw up the DNS entries for any mail servers I set up.
I ran email server with Mailcow Docker. Easiest way I have found. It is perfect to host your own mailbox but as other have said, the sending from your IP might just get blocked by other big mail servers. Luckily Mailcow allows you to use it as a SMTP relay and you can route outbound mail through the well known SMTP services.
I do. Run about a half dozen email servers for various organizations. Been doing it for almost a decade for some. Other than initial setup pain, I've had zero problems others describe. I have used (and still run) docker-mailserver, mailcow, mail-in-a-box and mailu. All are lovely in their own way and fit various use cases better than others.
there are many replies saying similar things, but don't be discouraged from try it out. i host my own with mailinabox on a vm from a cloud provider. no spam issues. the only wildcard was spending a few months getting my ip address off google's spam filters. it is so worth it, i own my own email/calendar/contacts/notes/todo list/ AND website solution. all with mailinabox. completely disconnected from google etc.
Interestingly enough, I read a thread about this yesterday - https://beehaw.org/post/214684