

Ask HN: How would you set up your own home email server? - malchow

What equipment would you buy? Would you buy 1U rack servers and put them in a rack case? Perhaps place a case itself in a large safe to protect from fire and intruders?<p>What distro would you use?<p>What sort of disks would you select?<p>And how about the in&#x2F;out email stack itself? What&#x27;s the most performant&#x2F;consistent&#x2F;private way to run your own SMTP and IMAP servers?
======
mike-cardwell
My mail server is a 4 inch square box sat next to the TV in my living room (1)

It runs Postfix, Dovecot, Amavis/SpamAssassin and OpenDKIM on top of Debian
Jessie.

The mail is stored on a single internal M.2 SATA SSD. It is encrypted using
LUKS. (I have backups of course). Also, all of my incoming mail is encrypted
with GnuPG on the way in (2)

My backup MX is a Digital Ocean box in a different country. Because my primary
MX is on the end of a residential ISP IP address, it does not have good
reputation (even though it is static). So for outgoing mail, I route over a
VPN and out via my backup MX. _Unless_ it is over IPv6, in which case it is
routed via my free Hurricane Electric IPv6 tunnel (3)

(1)
[http://www.intel.nl/content/dam/www/public/us/en/documents/p...](http://www.intel.nl/content/dam/www/public/us/en/documents/product-
briefs/nuc-kit-nuc5i5ryk-brief.pdf)

(2)
[https://grepular.com/Automatically_Encrypting_all_Incoming_E...](https://grepular.com/Automatically_Encrypting_all_Incoming_Email)

(3) [https://tunnelbroker.net/](https://tunnelbroker.net/)

~~~
27182818284
Where do you actually buy an intel NUC? I always just see people linking to
the PDF.

~~~
spdustin
Amazon.com is the quick solution.

~~~
jason_slack
very nice. $275 seems to be a decent price. I already have an hd and ram
sitting around...

------
benburwell
I know this really isn't answering the question, but most consumer-grade
Internet connections aren't ideal for running a server of the email variety.
Assuming you have a static IP, your ISP will likely block the standard
SMTP/IMAP ports, requiring you to do additional configuration that may or may
not work with different clients. Aside from the technical workarounds, your
ISP may actually forbid you from doing this in their TOS. I agree with a3n
that a VPS is the way to go.

------
luxpir
Another VPS user here. Linode and Digital Ocean offer great guides to get
started. I've basically moved two domains off of the formerly free Google Apps
accounts onto my own servers. Overall things have gone well. I like being able
to set my own file attachment size limits.

As others have said, a 'clean' IP seems quite important. I've had emails
disappear into Google's spam filters despite working previously, as reported
by many here[0].

Was tempted by Virtualmin but went with the manual config in the end. Am
receiving multiple domains on one server, so it has been a learning curve. Not
convinced I've 'learned' a great deal particularly. At least a slightly
clearer understanding of the moving parts involved. That's Postfix, Dovecot
and Spamassassin, btw. All served over SSL/TLS _only_ , i.e. only IMAPS is
enabled in Dovecot.

Tempted to start encrypting all mail as it arrives on the server with GPG, as
per Mike Cardwell's advice[1], although I'd have to use mailgate[2,3] with
Postfix instead of Mike's Perl script for Exim. I'm also not sure how that
would work with search, spam and such. Perhaps it's better to delete mail
regularly, saving any files and details needed locally.

Had a slight edge-case issue arise recently - my phone battery died and I
didn't have my machine so my mail was inaccessible until home. I've refrained
from enabling webmail and think I'll keep it that way for now. Just make sure
I have 'a device' with the credentials saved on it on my person when required.

\--

[0]
[https://news.ycombinator.com/item?id=9150927](https://news.ycombinator.com/item?id=9150927)

[1]
[https://grepular.com/Automatically_Encrypting_all_Incoming_E...](https://grepular.com/Automatically_Encrypting_all_Incoming_Email)

[2] [http://andsk.se/tag/gpg-mailgate/](http://andsk.se/tag/gpg-mailgate/)

[3] [https://github.com/uakfdotb/gpg-
mailgate](https://github.com/uakfdotb/gpg-mailgate)

~~~
mike-cardwell
FWIW, I am currently using gpgit.pl with Postfix+Dovecot rather than with
Exim.

I turned on "sieve_extprograms" inside Dovecot, dropped gpgit.pl into the
correct directory, and now I just add stuff like this to my .sieve file:

filter "gpgit" ["\--encrypt-mode", "prefer-inline",
"mike.cardwell@example.com"];

------
blueskin_
1U server or HP microserver. Good connection (not typical US cable) with a
static IP.

I'd probably use CentOS 6 (avoiding systemd) with full disk encryption, and
either a RAID10 of some good-performing normal disks, or RAID1 of SSDs.

I'd put a backup MX on a VPS somewhere, preferably in a different location to
act as a store-and-forward to my main MX. This one will need to have a copy of
the user map to avoid the "accept any" backscatter problem backup MXes have.

Postfix as the mail server; Dovecot for IMAP. Make sure it uses Maildir for
storage (unless you're going SQL) as mbox is a horrible format that needs to
die. Use SpamAssassin, and reject any mail from IPs listed on Spamhaus.

Truthfully though, I use a server in a datacentre for a reason - because home
connections just aren't reliable enough and the ISPs can't be trusted (I can
make sure I only _send_ mail over TLS, but not that other people will only
send their inbound mail into my server over TLS), and I wouldn't trust a
consumer ISP not to suddenly try some kind of fuckery like blocking SMTP
ports. Linode would get my recommendation, they are great value, have good
performance for a cheapish VPS, and great uptime.

------
neiltholland
Check out iRedmail [http://www.iredmail.org/](http://www.iredmail.org/)

I don't have the necessary background to set up a mail server and all the
attendant pieces all by myself but I've set up a perfectly acceptable mail
server (with spam filter, AV etc) numerous times using iRedmail.

Did it on Ubuntu 12.4 (which was the stable release at the time) in a Xen
server VM, because why tie up a whole physical server just for email? But now
I'm a big fan of ZFS for RAID implementation so if I was doing it again I'd go
that way instead (because I never could get ZFS to work under Zen)

It was a just to see if I could do it thing. I don't handle nearly enough
email to justify the effort to maintain a mail server. Besides, gmail is
amazing at filtering spam.

------
sharvil
For the software side, I would most likely use mailinabox [1] or sovereign
[2]. They both setup mail servers for you with reasonable defaults using
Ubuntu and Debian respectively.

Ars Technica has a great 4-part guide [3] on setting up a mailserver yourself.

[1] [https://mailinabox.email/](https://mailinabox.email/)

[2] [https://github.com/al3x/sovereign](https://github.com/al3x/sovereign)

[3] [http://arstechnica.com/information-technology/2014/02/how-
to...](http://arstechnica.com/information-technology/2014/02/how-to-run-your-
own-e-mail-server-with-your-own-domain-part-1/)

------
paulhauggis
I run my own mail server on Linode. Dovecot+Postfix+Spamassassin. It works
really well and you can enable TLS/SSL encryption on all protocols.

~~~
a3n
I use Dovecot for local IMAP storage on my laptop. I have minimal needs, so
there was minimal setup. I never notice it.

I like to decouple email storage from my email client, so I can switch clients
at will as long as they support IMAP.

------
a3n
I wouldn't want to depend on Comcast for my email to be delivered to its final
server. So if you _have_ to roll your own, I'd do it out on a VPS.

Linode, for example, has upgraded me in memory, space and bandwidth at least
twice, and recently did a hardware upgrade. Not that you have to go with
Linode specifically, just, when will you ever give yourself a free upgrade on
your home hardware?

------
rayz90
I wouldn't recommend setting up your own mail server, it is really a pain in
the *ss to set up and maintain. But if you really want to, this is a great in-
depth guide to get you started:
[https://workaround.org/ispmail/wheezy](https://workaround.org/ispmail/wheezy)

------
lazylizard
if its "home", and you really must run your own, axigen has a free version for
up to 100 users. hmail would work if you're on windows but it doesnt come with
webmail. or just install virtualmin and use virtualmin to add whatever domain
you need...and setup roundcube/squirrel from virtualmin too... all easier than
rolling your own postfix+dovecot..despite linode writing excellent guides for
that..

finally, rack mounted stuff would be too noisy to be let into a home.. since
its a 'home' mail server, there'd be barely any load.. you can probably add it
to your existing htpc or something without issue...

------
justintocci
i have a fixed ip and business internet to my house. $120/mo run my own email
on an old mac mini. its great because i was able to set up spam folders in all
accounts. they drop in the spam and it goes to a folder in my account. the
subject gets the source ip and domain added to it. any server i don't
recognize gets dragged to another folder and bam! that ip is blocked. love it!

