
Self Hosting Email Server - g-garron
https://www.garron.blog/posts/host-your-email-server.html
======
jonquest
I was a mail administrator for around 10 years in a fairly small business and
I can’t imagine why anyone would want to host their own email. My old employer
contacted me because a system I had built finally died and they wanted to
build a new one. Once I got over the shock that they had still been using it I
suggested going with a hosted solution. I mean they’re relatively cheap for
good service and avoids a world of hurt for the inexperienced mail admin. At
first they insisted they wanted to keep it in house so I went over what all
they needed to build a new system. About a week and several “how do I” emails
later I get one more: “we decided to go with a hosted solution.” I was happy.
They are happy even if they don’t know they are. It’s more of a commitment
than I think some folks often realize.

~~~
dmm
> I can’t imagine why anyone would want to host their own email

resisting mass surveillance

Also, whatever value Clinton saw in self-hosting.

~~~
treeman79
There was a LOT of surveillance of her emails.

~~~
dmm
No doubt but targeted surveillance is very different from mass surveillance.

------
thomasedwards
Surprised this wasn’t mentioned as it’s awesome:
[https://mailinabox.email/](https://mailinabox.email/)

~~~
billyruffian
Also [https://mailcow.email](https://mailcow.email) \-- it's stupidly simple
to get a full email stack working

------
o-__-o
I’m a huge fan of Zimbra, dedicated all-in-one mail solution using your
favorite software under the hood that doesn’t take much knowledge to
administer. Plus you have support you can fall back on.

Downsides: ui starting to show its age. No container support.

------
marmot777
Not to nitpick but I think that the part about the spf record isn’t that
great.

The typical spf record has ip addresses, blocks of ip addresses, or hosts but
I don’t think just v=spf1 mx ~all.

~~~
wahern
Not for simple setups. If the same servers are used for both ingoing and
outgoing, "mx" is all you want or really need.

If you use a third-party hosting service for webmail, IMAP, etc, where they
might also handle outgoing for particular clients, or for hosted outbound
services (EasyDNS offers this), then you would usually "include:" their SPF
records rather than copy their rules and addresses.

Theoretically, hardcoding some addresses might be useful as a performance
optimization or failsafe, but I'm not sure the value is that great, and it
adds to the workload and disruption risk if and when you have to move
networks. But maybe the value is greater than I'm aware.

~~~
marmot777
I don’t think that an SPF record with just mx -all gives you that. You need to
put IP addresses, IP address blocks, or hosts for the spf to be valid.

Maybe the author left out the host in the assumption that the reader would
understand that part but essentially mx -all tells mail servers and inbox
providers to soft fail all mail from the domain.

~~~
wahern
Most of the mechanisms (a, ip4, ip6, mx, and ptr) effectively resolve to one
or more IP addresses which are then matched against the sender IP address. The
"mx" mechanism will query the MX records for the envelope (MAIL FROM) sender
domain, query the A records for every MX record, and then try to match all
those resolved IP addresses to the sender IP address. If one of the IP
addresses matches, then the mechanism's action qualifier is applied, short-
circuiting further resolution. As the default qualifier is "+" (pass), a match
on "mx" (i.e. "+mx") means to accept the message.

If your MX hosts are the only permissible outbound hosts, and the inbound and
outbound IP addresses are the same, then the "mx" mechanism is all you need.
The very purpose of the "mx" mechanism and most others is to avoid having to
hardcode IP addresses in your policy.

~~~
marmot777
Yes, but as a matter of syntax, don’t you have to specify the IP address? What
is the mx refereeing to in your example?

V=spf1 ip4:198.51.100.123 ~all

I think the ptr mechanism’s deprecated.

Anyway, if you’re correct that a valid and complete spf record can be
published without an IP address, IP address block, or included hosts, then
I’ve learned something new today.

So you are saying that v=spf1 mx -all is a valid and complete spf record?

------
hda111
OpenSMTPd is simple enough to setup on your own. No need for gigantic
‘dockerized’ email packages where it is virtually impossible to understand
what is going on.

~~~
nix23
But i want imap too, and a web-mail, oh and a Calendar and contact (with team-
functionality) too, synchronize them to my phone, and i want sieve
functionality, anti-spam, and because it's written a pseudo antivirus-
solution. And a self-service solution so users can reset the password with
2FA...still easy?

~~~
tridentlead
Yes, generally if you over-complicate something it becomes over-complicated.

~~~
nix23
So you give your users the root password so they can change the password them-
self....oversimplification often solves just a small portion of a bigger
problem.

------
a012
Why did whoever think #FFFFFF text on the #000000 background is a good idea?

~~~
Sohcahtoa82
I don't have a problem with it.

Maybe you should turn your brightness down or add some more lighting in your
room? Pure white shouldn't be blinding you.

~~~
a012
I'm using BenQ SW2700PT which was calibrated, and my room is also not bright
at all. The pure white text on pure black background give me headache, but I
don't have any issues on [https://nim-lang.org/docs/manual.html](https://nim-
lang.org/docs/manual.html) dark mode which isn't pure black and white.

