
Ask HN: cheap ways to host your own email server? - sdegutis
What are some relatively-cheap ways of hosting your own secure email server that&#x27;s easy to bring back up in case of power outages or other common reasons for downtime?<p>This was initially inspired by and posted on the &quot;Gmail is down&quot; thread, but it got drowned out quickly by our collective lack of organization. (Why didn&#x27;t we just start with a &quot;me too&quot; thread that people could respond to?)
======
treffer
Buy a domain on a service that allows API-based DNS updates.

Put up a RPI at home. postfix + dovecot + roundcube should do the trick.

Add FW forwardings for 80/443/25 (or allow IPv6 to pass through)

Update DNS records every N minutes. (cron, nsupdate, dyndns clients, amazon
command line tools....). You will need SPF/DKIM.

The RFC for SMTP says Mail Servers have to retry for 7 days before giving up
on mail delivery. This should be _plenty_ for your home server. There are also
commercial Mail relay and backup MX services (sometimes even as a free offer
for buying domains on website X).

You can backup the SD-Card whenever you want. Your Mail stays at locations you
control.

I currently have a root server, but I'm heavily considering "in-housing" those
services because of the NSA activities.

 _EDIT: it 's 7 days_ PS: Some old firewalls block dynamic IPs for mail
delivery. I'm not sure how common this is today, especially as SPAM and
botnets have evolved a lot.

~~~
eps
Do NOT host at home.

For one, this violates every second provider's ToS, if not every single one.

For two, lots of providers block incoming SMTP connections on TCP/25\. More
importantly, they may _start_ blocking it without notice and you'll have no
clue that they did.

For three, you will most likely end up on a RBL (blacklist) in no time solely
because you come from a "consumer" IP range.

I mean, hosting at home is technically simple, but in the end it created more
problems that it solves. Get a hosted server and use it instead.

~~~
treffer
1\. My ISP send me a router that has a feature to host a internet accessible
fileserver. Out-of-the-box. ISPs in germany do not promote home-hosting but
they give you devices that do it.

2\. Incoming / Outgoing TCP/25 blocking: Not a problem with ISPs in Germany.

3\. Blacklisting: At most a problem if you send mails. Plus GMAIL requires
SPF/DKIM for just about _evey_ IP, so yes, you are on a blacklist unless you
do some DNS magic. BUT once you do the magic it will override IP block -
unless the other side has a shitty setup....

~~~
eps
Re #3 - it is safe to assume that a shitty setup is a norm rather than an
exception. Gmail is _the_ exception. Everyone else just run postfix +
rbl_filter and would have none of these modern SPF nonsense.

------
jeremyw
You might try Sovereign:
[https://github.com/al3x/sovereign](https://github.com/al3x/sovereign)

A large dollop of group experience wrapped up in Ansible recipes for your
cheap VPS.

~~~
FiloSottile
Nice, but using a VPS kind of defeats most of the point of self-hosting.

There is still a third party that can give away your data, block your service
and delete your emails pushing a virtual button.

~~~
ivan_ah
IMHO, it's a good first step. First cloud hardware, next own hardware +
dynDNS[1].

[1] [http://minireference.com/blog/a-scriptable-future-for-the-
we...](http://minireference.com/blog/a-scriptable-future-for-the-web-and-home-
servers/)

------
mjs
For future reference (it's not ready yet):

[https://www.mailpile.is/](https://www.mailpile.is/)

(Features--privacy, encryption--are supposed to satisfy the most discerning HN
reader.)

------
jlgaddis
Go to work for an ISP. My mail server doesn't cost me anything. =)

On a serious note, I've considered publishing the kickstart + deploy scripts I
use for setting up mail servers. I'd have to do a bit of clean-up but I think
it would be useful for a lot of people. I'll try to get to that in the very
near future.

~~~
ivan_ah
Yes plz do that when you have a chance. There are some good HOWTOs out there,
but it is always good to see more examples.

------
shiftpgdn
I use a managed cPanel host and setup "catch-all" email addresses on my
domains to forward to my gmail account. In the event of an outage or Google
deciding to delete my gmail account I could change the forwarder or simply
begin to use cPanel's built in mail clients. Having your email hosted at your
own domain is one of the easiest things to do to gain control over something
you normally let somebody else manage.

As to running your own email server? Don't bother. Unless you plan to stay on
top of exploits, DKIM keys and SPF records you'll wind up with serious mail
delivery problems.

~~~
asdasf
Where do people get these misguided notions about email? You don't need dkim
or spf at all, few people check either, and they are just to prevent
backscatter. Running your own mail server is trivially easy.

~~~
escapologybb
Can you point to a trivially easy set of instructions please? ;-)

~~~
sdegutis
And to some document giving confidence that it wouldn't be dangerously
insecure or vulnerable to common threats?

------
bwood
I found the guide "A Hacker's Replacement for Gmail" [1] extremely helpful in
setting up my own email server. I run mine on a VPS which still makes me
liable to 3rd party screw-ups or snooping, but it's a nice compromise between
a massive service like Gmail and running a home server behind Dynamic DNS.

[1] [http://dbpmail.net/essays/2013-06-29-hackers-replacement-
for...](http://dbpmail.net/essays/2013-06-29-hackers-replacement-for-
gmail.html)

------
alienfluid
I wrote up a post [1] about running my own mail server a few months ago. I ran
into issues with my emails being rejected by certain ISPs (AOL for instance)
even though I (supposedly) had set up SPF and DKIM. Ended up moving to
Outlook.com using my domain. Hope you have better luck!

[1] [http://farhan.org/running-my-own-mail-
server.html](http://farhan.org/running-my-own-mail-server.html)

~~~
slashrsm
What is the point of self-hosting if you send all your email through a 3rd
party?

~~~
scintill76
They only have your outbound mail (which admittedly may include quotes from
inbound mail), and are (ostensibly) not storing it long-term.

I've been running a split setup like this for a year or two. I found that my
free-with-apartment internet connection, amazingly, gave a fairly static IP
(it was DHCP but usually the same) and unfirewalled inbound ports, so I set up
a mailserver for inbound mail and IMAP storage. I figured the IP might be on
anti-spam blacklists, firewalled on port 25, or shut down if the ISP saw me
mailing out, so I sent outbound mail through Dreamhost. It was nice to have
the full copy of my mail in my house, with backups and spam filtering under my
control. Sending outbound through a 3rd party wasn't ideal, but I thought a
decent compromise to avoid having to talk to the ISP and risk the free public
IP being taken away (I wouldn't have even known who to contact anyway.)

As a bonus, I set the Dreamhost mail server as a backup MX with the same email
address I host myself, so they catch mail for me if my server or connection
goes down.

I now have official "small business" ISP service that includes several public
IPs, so I am transitioning to sending my own mail, now that it's definitely
kosher and I'll have support.

------
ams6110
Doubtful that anything you do yourself, especially "relatively-cheap" is going
to have better uptime and less hassle than gmail (or other major provider),
despite today's brief outage.

------
JimmaDaRustla
I would love to see some instructions to deploy something on a custom server
or VPS.

I'm currently using NameCheap's e-mail service because setting up the software
was too complicated.

~~~
cmsimike
I loved this [0] guide. You may not need the encrypted partition part of it so
you can leave it out but I've followed it multiple times, all successfully.

[0] [http://sealedabstract.com/code/nsa-proof-your-e-mail-
in-2-ho...](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/)

~~~
aaronem
I mentioned the other day that I'd been thinking of writing a HOWTO for
setting up a VPS as a mail server. Now I don't have to; your link is quite
close to what I'd have written -- same VPS host, same SMTP and IMAP servers,
very similar configurations -- except much better written, and also useful for
people who care about at-rest encryption the way I don't. (I also do TLS via
stunnel instead of natively in postfix and dovecot, for reasons I no longer
remember, but it works quite well so I haven't bothered changing it.)

Thanks for linking this! I'm planning on rebuilding my mail host pretty soon,
since most of it's been untouched for almost a decade and I'm a much better
sysadmin now than I used to be; that's not least evident in how I didn't
bother to document anything the first time around, so having this HOWTO handy
will save me a lot of time.

(Edit on further reading: I tried Z-push, but the version I tried didn't
support message flags, which I require; push also annoyed me and sucked more
battery life than it was worth, so I disabled it and got rid of Z-push. And I
don't see the need for Solr; Dovecot, I'm not sure what version but I set it
up something like five years ago, gives me full-text message search for free.)

------
epaulson
It would be great if there was some PaaS-type mail service provider. I'd like
to get away from hosting it with a single VPS, and running multiple VPSes for
redundancy seems frustratingly expensive for such low-intensity load like a
personal email server.

Ideally, I'd sign up with one or two services and have each listed as an MX
for my domain so there's always some service online to take the email. I can
write my own app to hit both services and unify the two streams.

~~~
stevekemp
That sounds pretty cool actually. Assuming two servers had equal weight in MX
records, such that mail had a 50/50 chance of going to either, you could unify
it via fetchmail, or similar, if you polled both backends directly.

Usually it is a pain if you have mail going to more than one host - ie. no
shared storage amongst all the hosts that receive mails, but if you were
looking for redundancy and didn't mind the "manual fixup" this would be almost
trivial to setup with 2+ VPS from different providers.

------
squigs25
Mailgun's api allows you to send and receive email using your own domain - I
really like it, and it's free while your volumes are down.

------
rubiquity
It's a funny coincidence that this happened today as just yesterday I created
a personal email for my custom domain with Zoho[0]. While not quite the same
as having your own mail server it is nice to have at least one email _not_ on
Gmail.

0 - [https://personal.zoho.com](https://personal.zoho.com)

------
adders
use Virtualmin ([http://www.virtualmin.com/](http://www.virtualmin.com/)), it
will configure postfix/smtp, dovecot/imap, dns & web hosting.

Its abit like cPanel & Plesk, but you don't need to use the control panel if
you know what you are doing.

------
lowglow
Would anyone be interested if we did offer an alternative to Gmail? I've been
noticing more and more of my friends wanting to move to something new, but not
having better alternatives to move to.

------
yownie
My cheap solution a few years ago was:

1 year micro EC2 instance. This runs bind and dovecot/postfix. This could
probably be done even cheaper with a home hosted RPI, but depends on your
ISP's smtp relay rules.

free gTLD from dot.tk

done!

------
walesmd
My Synology NAS comes with a relatively easy to setup mail server. I wouldn't
call it cheap, as a mail server alone; but all of the other functionality has
made it well worth the price.

------
stevenmays
Just get a digital ocean VPS for 5 bucks and configure it.

~~~
philosophus
Yeah, that or you can get an EC2 micro instance free for a year on AWS.

------
krthkv
dovecot+postfix is all that is to it, but to ensure it doesn't land in spam
you'll have to do a bunch of things (like contacting your ISP)
[http://www.codinghorror.com/blog/2010/04/so-youd-like-to-
sen...](http://www.codinghorror.com/blog/2010/04/so-youd-like-to-send-some-
email-through-code.html)

