

Security when running your own email server? - msh

Sometimes I read privacy advice to run your own server for email, but I wonder that for most people (even IT people) it would be a security nightmare.<p>While I do run a webserver with public accessible stuff I think that the security of that box is far below even the worst gmail server. Google are experts at this stuff and spend resources I could never dream of on proactive security and monitoring.<p>So, would you not agree that your email is more secure at google (or a similar provider) than on your own server (a few experts not included)?
======
nadams
> it would be a security nightmare.

It's not so much a security nightmare as it is a maintenance nightmare. The
whole reason you pay for services is because you don't have time (or
resources) to deal with it.

> security of that box is far below even the worst gmail server

If you use one time passwords and/or SSH key only access - it's probably
pretty safe. Also changing SSH to some other port and blocking shodan.io bots
- and you have filtered out a majority of the script kiddies. I also have an
automated script that also downloads a list of known bad guys and adds them to
my hosts.deny.

> Google are experts at this stuff

I wouldn't consider them experts persay - it's just that they have a seemingly
infinite number of resources. I'm not saying they don't know what they are
doing - but when your only job is to maintain the mail backend servers you
could probably do a better job than me.

> would you not agree that your email is more secure at google (or a similar
> provider) than on your own server (a few experts not included)

Depends. Are you running Exchange or Dovecot? How savvy are you? Is this in
the cloud or in your home? Are the drives encrypted? etc

I've purchased a lifetime license for iredadmin and it's worked pretty well.
I'm currently hosting it on gandi and thought about offering email hosting.

