
Ask HN: Why is it still so hard to host your own email/calendar that just works? - thalev
It seems to me that email and calendar data are so personal that you shouldn&#x27;t have to trust someone else to store and handle it for you. Yet when I try to find a way to host it for myself I get scared of the trickiness of the setup or the amount of maintenance required. Am I just looking for all the wrong things or is it in this day and age not possible, even for a reasonably tech savvy person, to host your own email and calendar securely? With securely I mean secure from all adversaries except for maybe nation-state adversaries.
[edit]
Like many people have pointed out in the comments an even bigger problem is being blacklisted by other ISPs. Any ideas how to deal with this while still maintaining control of where your emails are stored?
======
kardos
This post [1,2] from last October discusses a major problem with hosting your
own email, which is that the big email providers pretty much reject your
messages until your "reputation" is good. The reputation concept is
purportedly a spam fighting effort, but a more cynical view is to see it as an
effort by the big providers to sabotage self-hosted email. More discussion
here [3] and here [4].

[1] Original post, now defunct: [http://liminality.xyz/the-hostile-email-
landscape/](http://liminality.xyz/the-hostile-email-landscape/)

[2] Thank you archive.org:
[https://web.archive.org/web/20151121132739/http://liminality...](https://web.archive.org/web/20151121132739/http://liminality.xyz/the-
hostile-email-landscape/)?

[3]
[https://news.ycombinator.com/item?id=10405681](https://news.ycombinator.com/item?id=10405681)

[4]
[https://lobste.rs/s/ckfyqd/the_hostile_email_landscape](https://lobste.rs/s/ckfyqd/the_hostile_email_landscape)

~~~
thalev
Well this seems to be a dealbreaker, I can't have an email server that is
likely to get blacklisted.

~~~
jasode
I happened to post comments in GP's cited thread and also another email server
thread. You can read both of them to get a deeper understanding that personal
email servers are hampered by "trust" issues more so than technical
challenges.

[https://news.ycombinator.com/item?id=10405945](https://news.ycombinator.com/item?id=10405945)

[https://news.ycombinator.com/item?id=10498988](https://news.ycombinator.com/item?id=10498988)

Basically, you could conceivably get past all the technical set up. There may
even be Docker containers or virtual images to jumpstart most of the set up.
Or you can follow some step-by-step instructions.[1]

However, the problem is that SMTP servers originating from residential IP
addresses _by default_ are treated as home computers that have been hijacked
by a malware spam bot. Using Bayesian reasoning, this is a rational filter
because the number of zombie home computers sending unwanted spam vastly
outnumbers any tiny amount of "good" people setting up legitimate SMTP
servers.

Given today's realities of distrust-by-default (unknown SMTP server is guilty
until proven innocent), it looks like the best strategy for a "personal" SMTP
server is to pay for a virtual machine at a hosting provider (Rackspace, etc)
whose IP address ranges are not blacklisted. You could then run encrypted
email storage there so Rackspace has no visibility into private emails.

[1][http://arstechnica.com/information-technology/2014/02/how-
to...](http://arstechnica.com/information-technology/2014/02/how-to-run-your-
own-e-mail-server-with-your-own-domain-part-1/)

------
simon_acca
I run my mail server using docker, specifically the following images:

    
    
      * mailserver: https://github.com/tomav/docker-mailserver
      * webmail: https://github.com/jprjr/docker-rainloop
    

Combined in docker-compose:

    
    
      version: '2'
      
      services:
        mail:
          image: tvial/docker-mailserver:latest
          hostname: your_hostname
          domainname: your_domain
          environment:
            SSL_TYPE: letsencrypt
          ports:
          - "25:25"
          - "587:587"
          - "993:993"
          volumes:
          - ./data/mail:/var/mail
          - ./data/config/:/tmp/docker-mailserver/
          - /etc/letsencrypt/:/etc/letsencrypt
        rainloop:
          image: jprjr/rainloop
          environment:
            NGINX: 1
          ports:
            - 80:80
          volumes:
            - "./data/rainloop:/var/lib/rainloop/data"
    

The docker-compose.yml and postfix-accounts.cf files are the only configs you
need for a basic setup.

See the projects on github, especially docker-mailserver for further info on
complete features of this setup.

~~~
nathanb
That seems pretty cool. How long have you been doing this? For your primary
email? How has it been working for you?

~~~
simon_acca
I've had this setup for about a month on my primary email, and it is working
flawlessly. Even when I had to reboot the server, I was able to bring
everything back online quickly.

I am keeping a lower priority MX dns entry pointed to an independent provider
as a failover, but this is standard practice, I believe.

What I really like about the docker-mailserver image is that it has no
database and that it is designed for simple updates (that is, docker pull &&
docker-compose restart).

Rainloop is also new to me (I previously used roundcube) and again I am very
positively surprised: it works over imaps, so multiple accounts can be
combined under a single login, it supports 2FA, manages both plaintext and
html, manages your contacts, it supports openPGP (still in beta, I've not
tried it yet).

------
Normal_gaussian
It is especially difficult to stop others from just blackholing your email.

This serverfault question helps to illustrate the problem

[http://serverfault.com/questions/434703/why-does-hotmail-
sti...](http://serverfault.com/questions/434703/why-does-hotmail-still-reject-
my-emails)

The problem? Not enough traffic causing a low sender score. Hotmail isn't the
only one; large and small ISPs across the world do it.

~~~
danieltillett
Hotmail is the worst though. I hate the engineers at Microsoft who designed
their email filter.

------
corv
I can recommend iredmail. It's been around for a long time and supports
several major OS. There is also paid support should you need it.

[http://iredmail.com/](http://iredmail.com/)

~~~
glasz
thank you so much for mentioning. didn't know this.

anybody has xp with one of these?

[http://mailinabox.email](http://mailinabox.email)

[https://poste.io](https://poste.io)

edit: "awesome list" of things: [https://github.com/Kickball/awesome-
selfhosted#complete-solu...](https://github.com/Kickball/awesome-
selfhosted#complete-solutions)

~~~
fridsun
Wow qmail! Instant confidence.

------
explorigin
Go download Zimbra (I'm not affliated with Zimbra, just have used it in the
past), it's easy to setup and full featured.

The real trouble is keeping your domain off blacklists and managing security
updates.

~~~
danieltillett
The real trouble is getting your emails delivered. The big companies have
basically outsourced the spam filtering problem to the email service companies
- an email from outside the club has a x% chance of being randomly marked as
spam (x is some number between 1 and 5%).

After 15 years of hosting my own email server without issue I had to make the
business decision a bit over a year ago that I can't afford to have 5% of my
emails go missing and so now use an external service.

------
bartbes
I see a lot of replies on the mail side of things, but I don't really see
anything detailing solutions for calendars.

Any recommendations on "the rest": calendar, notes, contacts?

I've looked at owncloud before, but that's a fairly large-footprint php
project, are there any decent self-hosted alternatives, either as a suite or
as separate programs?

~~~
Muges
As far as self hosting calendars and contacts are concerned, I'd recommend
using a caldav/carddav server, I personally like Baikal [1], and Radicale [2]
seems to be another good lightweight option. Contrary to Owncloud these two
servers do not provide a web interface to check your calendar/contacts, but
there are clients available for most platforms, including web clients if you
need one.

[1] [http://sabre.io/baikal/](http://sabre.io/baikal/) [2]
[http://radicale.org/](http://radicale.org/)

~~~
girzel
I've been using radicale, and it's been a huge pain in the ass. It took me
days just to get the permissions right (behind Apache), and its interaction
with DavDroid and the iOS calendars/addressbooks has been totally baffling. It
doesn't help that the radicale mailing list seems to be no more.

Probably I'm blaming radicale for some of webdav's weirdness, but the whole
process has been one of the most frustrating computing things I've done in
years.

------
MrDresden
Just since no one has pointed it out, have you considered ProtonMail? Swiss
based, fully encrypted, hosted email service. Should give it a look.

------
anewhnaccount
Sandstorm is quite a simple (at least relatively) and secure way to get set up
with this.

~~~
educar
afaict, there is no mail server in sandstorm. Where did you read this
information?

------
fridsun
Even if you host your own email server, your emails are still handled by
routers and the destination server unencrypted. You are not trusting others
much less than not hosting your own email.

If you have your own domain and you don't trust others with your conversations
with others, I think you are better off hosting a chat server over an
encrypted protocol, such as XMPP or IRC or
[https://blog.okturtles.com/2015/11/five-open-source-slack-
al...](https://blog.okturtles.com/2015/11/five-open-source-slack-
alternatives/) . Persuading your contacts to use it is a problem though.

Calendar is a different thing though. As long as you have a CalDAV server and
a CalDAV client you should be good to go.

Also related to selfhosting stuff:
[https://sandstorm.io/](https://sandstorm.io/) is a project I've discovered
some time ago and haven't been paying attention to, but it seems to have
thrived pretty well.

------
gtlondon
I've run my own email for about 4 years now -- I'm fairly tech savvy, but
don't know much about email -- so was pleased that my "quick" solution has
worked well.

I use Apple Server to host the email via SSL on a dedicated server, really
easy to configure.

The key thing is deliverability - initially I had some problems with my email
going into junk folders.

To get around this I send all email via a service called PostMarkApp
([http://www.postmarkapp.com](http://www.postmarkapp.com)) which allows you to
setup SPF and DKIM records on your domain and therefore ensure emails are
authenticated.

I get pretty close to 100% deliverability.

PostMarkApp also shows you open / browser stats, so it's quite useful when I
wonder if someone has read a particular email.

Not sure if this would be secure enough, but has worked well for me with
almost zero maintenance after setup.

------
girzel
Six months ago I followed the Arstechnica guide[1] to setting up your own
email server. The guide is old, and some adjustments were needed, but the
essential advice was good. I did SPF, DKIM, TLS certificates, basically
everything I could possibly do to keep on everyone's good side. In the first
month or so, I only opened up to a few users, and told them to be careful
about how they used the service right in the beginning.

Never had a single issue with blacklisting or non-delivery.

[1]: [http://arstechnica.com/information-technology/2014/02/how-
to...](http://arstechnica.com/information-technology/2014/02/how-to-run-your-
own-e-mail-server-with-your-own-domain-part-1/)

------
brabram
It's not perfect, but YunoHost is a very big step forward in that direction
and it's making progress [https://yunohost.org](https://yunohost.org)

And to fix the "ISP sucks" we have started to package an "just work out of the
box" solution in the FFDN, a federation of local associative ISPs
[https://internetcu.be/](https://internetcu.be/)

The trick is to use a "internet cleaning" VPN that gave you a static ip
address and that this VPN is handled by an association in which you are a
member and that you can trust.

------
NKCSS
I'm sure it's not a popular view here, but why would you want to? I moved
mail, etc. to Google; gmail is by far the nicest mail client I've ever used. I
use it for my business and private e-mails, I move other businesses to Google
because it's just so convenient. Why would you want to do all that yourself
for €4 a month? I really don't think anyone at Google would want to read my
e-mails but even if someone would, do I really care? I'm all for a bit of
privacy, but I've seen no evidence of data abuse at these large mail
providers.

~~~
thalev
It's not for the money, I can think of more effective ways I can spend my time
to save money. My reason is that I don't like the feeling of having these very
personal conversations being stored on the harddisks of google. I might trust
google right now with my email but when I no longer do they will still have
those files and there will be nothing I can do to completely make sure they
delete them.

~~~
yrro
The odds are that the other correspondent in your personal conversations is
storing all their messages on Google's hard disks.

~~~
nathanb
This is an excellent point. Your communication is only as secure as the
weakest endpoint (in the same vein, perhaps your correspondents might be of
the opposing viewpoint and might feel weird about their personal mails being
stored by someone who's rolling his own IT and security).

------
avmich
A problem seems to be losing common media for message exchange. After
experience with a bunch of instant messaging tools, invariably having to
abandon them after focus shifts elsewhere, it's tempting to rely on something
more of "common denominator". Email was that... and if it stops, then - what?
phone?

This is an interesting problem of lack of standard. Hope
[http://seif.place](http://seif.place) will help with that :) .

------
charlieegan3
Would it be possible to set something of a webmail client up with
Mailchimp/sendgrid APIs? Get the flexibility and control of how your email
works without the flagged as spam issue?

------
girishso
Any one using Mail-in-a-Box
([https://mailinabox.email/](https://mailinabox.email/))? Seems good to me.

~~~
mrmondo
I would support this if it wasn't based on Ubuntu, especially 14.04. That is
the last disto I'd trust as a secure mail server.

~~~
blfr
Why do you think Ubuntu is dead last among Linux distros in security? From my
experience, they patch things quickly and inform about security issues
promptly.

[http://www.ubuntu.com/usn/](http://www.ubuntu.com/usn/)

~~~
mrmondo
1\. They often run out of date package versions.

2\. Their packaging team screws up packages regularly.

3\. They have insane defaults of many package configurations.

4\. They tend to do things their way rather than the standard way and come up
with their own tools rather than using standard, well tested tooling /
packages.

I could go on and on, but it's not a distro I'd ever let run on one of our
servers, we used to run 100% Debian until CentOS 7 came out and in our eyes
left it for dead when paired with the correct yum repos.

------
toomanythings2
The first time I hosted my own email, on sendmail, it just worked. So I don't
understand the question about setting it up. Configuring it for security took
some study but it wasn't difficult. No more difficult than any other serious
program I use.

Calendars are similar to forms on the web. Again, no more issues than normal
so I don't get it.

~~~
ajoy39
Setting up an email server isn't hard.

Setting up an email server that won't get blacklisted by the major providers
within a week of you setting up is difficult, time consuming, and often
expensive.

~~~
toomanythings2
You are saying that what I am doing will get me blacklisted, etc., but I am
here to tell you it is not any of the things you say.

------
askee
Self-hosted owncloud works for me except for the gruesome woes every single
time I try to update it.

~~~
giancarlostoro
Does OwnCloud support email too? I wasn't aware of this.

~~~
askee
No it doesn't, unfortunately. I misunderstood OP's questions at first. You can
connect owncloud to a mail server (a la Roundcube) but nothing more.

~~~
giancarlostoro
Maybe one day they'll make a plugin that does the same that Roundcube and
other PHP email clients are capable of doing, that would at least make it a
little smoother to have as an all in one email client.

------
padde
postfix (SMTP), dovecot (IMAP), davical (CardDAV for addresses, CalDAV for
calendars) have been working well for me for more than five years.

I experienced blacklisting when I switched to a newer dedicated server
hardware recently, which meant new IP addresses. The only mail server that
didn't accept mails from my new addresses was Hotmail / Outlook.com though. It
was fixed after filling in their form and waiting a day. Never had trouble
with Gmail.

------
darkhorn
If you store your emails in a hosting provider then the hosting provider can
read your emails. If you store your emails at your server at home then police
can break your door plug in to your server and read your emails. Even if the
disk is encripted they can read the encription key from the memory. Now I
trust more Google than Microsoft, if you are non USA citizen of course. And I
trust a foregn authority more than a local. This can change in for your case.

~~~
Canada
At least you know if the police have come for your mail.

In practice hosting your own mail provides some control over how to respond to
a subpoena. If someone sues you the bar for getting the data by physical force
is much higher than it is for having a third party turn it over.

On the other hand the bar for compromising your server is usually much lower
than it is for gmail.

------
VOYD
Because there is no money in that model.

