
Break free from traditional email - Host your own server - kuczmama
http://blog.mkucz.com/2017/10/how-to-host-your-own-email-server.html
======
jasode
Tutorials for setting up a personal email server are fine for educational
purposes -- or -- if you're primarily using it to _receive_ emails.

On the other hand, if you absolutely depend on the ability to _send_ emails
such that your recipients reliably get them, hosting your own email server is
extremely tricky. One could carefully go through the checklist of SPF, DKIM,
ip blacklists, etc and emails will still be rejected by MS Hotmail, GMail,
Yahoo, etc. Those giants are "black boxes" when it comes to their heuristics
for rejecting incoming mail as spam. E.g. your hosted email server does
nothing wrong _but some other bad actor on your ip block_ sends spam which
then makes MS/Google block _you_ because of "guilty by association". Trying to
debug your "sender reputation" is not easy.

In the 1990s, I hosted my own home email server over ISDN lines. These days, I
have a million other things I'd rather do than babysit a personal email server
with software updates, SpamAssassin lists, etc. I get the whole decentralized
ethos but it's just not worth the effort for email servers.

~~~
tjoff
What kind of colossal idiot would block an email because it comes from a
certain IP-block _IF_ SPF and DKIM has been properly setup?

Is this an urban legend that just keeps getting repeated?

~~~
interfixus
No, it's real. I gave it up a year ago, after hosting my own mail since
forever. Exactly as stated: Hotmail (or whatever MS mail is called these
days), GMail etc. are the main culprits. So yes, 'colossal' is the word.

~~~
danieltillett
Yep I did the same. I ran my own email server off the same IP address for 15
years with zero problems, but I had to give up recently because email is not
something that you can do on you own anymore. You now have to pay some
somebody to vouch for you or else MS will send your emails to spam or even
worse just randomly delete them.

~~~
EGreg
Something should eventually come along and replace email. Like bitcoin and
other technologies, what was originally designed to be decentralized became
centralized in practice.

~~~
mbrock
Bitcoin's history involves a plan for combating spam—that's why proof of work
was invented.

Hashcash, Bitcoin's PoW game, was intended for use as an email attachment to
create a real cost to spam without any micropayments.

"If you want to mail me, prove that you burned five seconds of CPU time."

~~~
kuczmama
That is really interesting. Do you know of any articles that go into more
details?

------
cjsuk
Hell no.

The moment Yahoo, Microsoft or google decide that they don’t like you, you’re
SOL.

Yahoo are the worst. If you try and deliver to them you get a deferral with an
error message in your log with a URL. Then you have to open the link in the
URL and fill in a form. They don’t have to accept the form and they ignore you
for 3 months if it goes wrong.

This happens even if you’re not on an RBL and have set up DKIM and SPF
properly.

Edit: you want to see the trouble we had to go to so we could run an SMTP
server in AWS for outbound/abuse address inbound only and get that talking to
Office 365 for internal use only. Two days of hell.

~~~
jankins
I've been self-hosting for the past 4 years and this hasn't been my
experience. Things like fixing DKIM/SPF eat an hour or two occasionally, but
I've never encountered an issue where the time investment overtook the
learning + other benefits - it's been hands-off 364 days of the year.

I've only seen one blocked send happen -- blocked by my grandma's @att.net
account. Since it happens so infrequently and nobody uses @att.net, I just re-
sent from a Hotmail account instead. No issues with the other major players.
But for my use-case it's easy to mitigate and if the problem persists I can
invest more time in it, but one recipient blocking me in 4 years isn't bad.

It's the only way to have ownership, which is is one of the benefits I really
like - Google, Yahoo, etc. still get pieces of my personal email history
because nobody else self-hosts or uses PGP, which is disappointing, but I
prefer it over handing one player ownership the full history.

BTW, I'm running it on the same 512MB DigitalOcean droplet that I use to host
my static sites (personal website, small product sites, etc), so it's
basically free since I'd need to host those things anyway, which is nice.
Needs some swap though.

Edit: Not saying these points are invalid. They're certainly valid, a service
like Gmail _will_ be more reliable and easier. If you're blocked for some
reason or have any other email probs, there's nobody else to fix it besides
you.

~~~
extra88
How do you know you haven't had numerous emails marked as spam and never seen
by the recipient? Do you receive a reply to every one you send?

BTW, AT&T's customer email is now hosted by Yahoo.

~~~
jankins
Certainty is difficult. I use the approach mentioned - I maintain email
accounts at 3-4 different popular providers anyway. If I do ever notice
something fishy I'll send to a couple of them.

Since I'm only using this for personal email, and that's at a lower volume vs.
work email with different communication patterns, I think it's a little easier
to detect failed sends (in other words, usually some response is expected,
even if it's just "ha"/"cool"). But you're right, some might have been lost in
the spam folder and never seen.

~~~
jankins
To clarify further:

Uncertainty is the cost of gaining more ownership, and I don't want to
downplay that. If I'm sending messages where I want to maintain as much
personal ownership as possible, I use my personal mailserver and accept the
risks. If I'm sending mail where I need higher certainty and don't care about
ownership, I use other providers.

Another commenter said: "if you absolutely depend on the ability to send
emails such that your recipients reliably get them, hosting your own email
server is extremely tricky." I agree with that -- different communication has
different needs/requirements, and a self-hosted mailserver gives some benefits
that I really like and that you can't get any other way. I'm just saying for
me and for my common uses, it doesn't feel like a constant headache + battle.

------
kuczmama
I wrote this article because I couldn't really find a good email tutorial that
included DNS setup. I hope this helps you out. It's 2017 and it's surprisingly
difficult to set up an email server, but hopefully this will make it a little
bit easier. Please let me know if you need any help or you think I missed
something major :D

~~~
interfixus
Alas, you haven't extended the self-hosting idea to your blogging. You publish
on Blogger, which throws out some garbled js, and otherwise refuses to show up
on my screen.

~~~
kuczmama
Yeah that's true. I set up blogger a few years ago and I just haven't gotten
around to self hosting it yet. I have a todo list of things I want to switch
over to.

------
fiatpandas
I wrote my own receive-only Haraka-based server. The web UI is pretty simple:
x-y matrix of small blocks representing received emails with basic info
(subject and from address). A column is the account. Clicking an email block
brings up full text or html mime content (not rendered).

It’s setup to receive everything that’s sent to it, which means I occasionally
have to delete rando spam. TLS is setup too. But it’s an interesting system
because you can keep tabs on what exactly you are receiving per service (e.g.
using instagram@mydomain.com), and maybe one day will tip me off to services
giving away email addresses.

Otherwise I’m using gmail for personal sending.

~~~
extra88
I've been signing up on sites using unique addresses for each one for about 10
years. I've had two addresses that eventually started receiving spam, one for
a small local business and one for Adobe. I'm sure both were due to hacks of
those sites, not the customer addresses being sold.

------
ryan-c
I have been running my own mail server for a number of years. I recently was
forced to move to a new IP. I had to get my server listed on DNSWL, then send
in manual requests to Microsoft, AOL, and Yahoo to not block my email because
they all seem to deny by default.

I also ran through a couple of IPs with my provider before I found one that
wasn't on any meaningful RBLs (my IP's on SpamGrouper, but that list is
clearly run by an insane person and nobody seems to use it).

As other people point out, some mail providers are just complete assholes and
will blackhole your mail with no indication to the sender or recipient that it
happened.

------
prashnts
Echoing to other's thoughts that hosting a server on your own would probably
flag you in spam and just be a very tiresome process.

A reasonably good and cheap service I could not recommend enough is
[https://www.migadu.com](https://www.migadu.com) . They allow you to use
unlimited email domains, storage, addresses with the only limit being on total
daily outgoing emails. The mini plan allows 100 outgoing emails a day which is
more than sufficient for most of my purposes.

------
fredsted
Cool article. I personally use Virtualmin for this, it's very easy to set up,
you can manage hosting and mail accounts for a bunch of different domains,
easily do backups via S3, easy to set up SPF and DKIM, has a good web admin
interface, easy to set up automatic updates, etc.

By the way, here's the obligatory HN-style critic of the format, not the
content: the blog template in this is a little annoying, it fiddles with
scrolling by making it really slow on Safari on Mac, and Reader mode doesn't
work.

~~~
kuczmama
Virtualmin looks pretty cool, that looks like a great option.

Yeah thanks for the feedback, I need to get around to self-hosting my blog as
well. I set up blogger a few years ago and I never got around to changing it.

------
jstimpfle
Just another data point: I've been running my own mail for more than 6 years
and I've never had a problem with receivers.

Hosted on a cheap Strato VServer in Germany, I've never cared for the
technical details, could not explain right now what DKIM and SPF are (and
they're not configured), and only recently installed a self-signed SSL
certificate in my Exim configuration to be able to use it with a Desktop
client for submission (pretty sure outbound traffic still runs unencrypted).

------
MrPatan
This is very interesting. Recently I realized that if tomorrow the big G
decides to take over or close my email address I lose access to all my online
accounts.

Step one to freedom was to use my own domain, redirected to my old account,
but I'm seriously thinking about doing it all myself.

But keeping a whole server up to date, secure, etc.... that's a full time job.
Is there a good solution?

~~~
qznc
I switched to mailbox.org where I'm a paying customer. That feels better than
being a ad target at Gmail.

~~~
chrisper
>That feels better than being a ad target at Gmail.

I believe they stopped this recently.

But you could have always become a paying customer of Google.

~~~
duckMuppet
They stopped scanning for purposes of targeted advertising.

However, they still scan and read email. People can't be inconvenienced. I
tend to think this is worse than scanning for ads.

I also tend to think anyone concerned about privacy moved from Google long
ago. After all, its terrifying when you allow a company to determine if
perhaps your received/sent links are fake, or malware, maybe they should
report that you like certain sites, or have a flight.. People lived the idea
of the President maxing out his power with executive orders, until they
didn't.. Life is ask about tradeoffs i suppose..

[http://variety.com/2017/digital/news/google-gmail-ads-
emails...](http://variety.com/2017/digital/news/google-gmail-ads-
emails-1202477321/)

------
throwaway2016a
You couldn't pay me enough to host my own mail...

To me it falls under the same category as assembling my own computer. I can do
it but to me it's not worth the trouble.

Between DKIM, DMARC, and SPF, security, backup strategy, the fact if you are
an open relay for even a day a bot net will find you and get your IP
blacklisted for life... or an ISP could just blacklist you because they saw
other spam from your same subnet on a shared hosting provider...

Granted this article covers a lot of that (it talks about DKIM, DMARC, and
SPF) I'm still counting this as one of the things I outsource.

------
oliwarner
Friends don't let friends host their own email. It's just not worth the hassle
these days unless you're managing _hundreds_ of accounts and it's a full time
endeavour.

Even at the _hundreds_ level, I'm sure there are people who'd rather
outsource. It's not just email that these guys (Gmail, Outlook, Fastmail, etc)
provide.

------
cedivad
I've been hosting my own email server for 10 years until a couple of weeks
ago, when I switched everything to gsuite. During the sign up process there is
a step claiming "email just got awesome". That's as close of a description of
my experience so far as you can possibly get. Email just got awesome.

------
cygned
[https://workaround.org/ispmail](https://workaround.org/ispmail)

We used this to setup a multi-domain email server. Works reliably and fast at
both sending and receiving mail.

------
tramtrist
I moved from gmail to [https://mailinabox.email/](https://mailinabox.email/) a
few years ago and never looked back...

------
clemenspw
[https://github.com/mailcow/mailcow-
dockerized](https://github.com/mailcow/mailcow-dockerized)

------
azr79
Pro tip: don’t do this, use a custom domain name if you want, but never host
your own email server.

------
luord
I wasn't aware of mail-tester. Yet another tool for checking my domains.
Thanks.

------
apple4ever
Ugh a virtual server running Docker? Dumb. Just install it on the base OS
without the overhead.

