
Ask HN: As a lazy but concerned user, how do you run your own email server? - Cilvic
What the easiest to have secure email server (open source  &amp; auto-updated, not necessarily free) running on a VPS. I&#x27;ve been looking into:<p>* https:&#x2F;&#x2F;yunohost.org&#x2F; (has email server, open source and free, GNU AGPL v.3)<p>* sandstorm.io which hinted at email server, but seems to be stalling<p>* http:&#x2F;&#x2F;cloudron.com&#x2F; which seems interesting but couldn&#x27;t find much reviews<p>Yunohost covers the bill, but I&#x27;m surprised it has no tracktion on HN, no comments&#x2F;reviews.<p>Are there alternatives I&#x27;m missing? What are your recommendations?<p>Background: Given how important email has become as authorization and how sometimes account access is hacked or revoked + how the email data usually stays with the provider I&#x27;d like to run my own server.
======
danieltillett
The problem is not setting up your own email server (this is relatively easy),
it is getting all your mail into other people's inboxes. Basically the big
players these days (I am looking at you Microsoft) just treat any mail coming
from a private server as spam. Even more frustratingly they don't do it
consistently, just frequently enough that you can't rely on anyone getting
your email.

After running my own email server for 15 years I gave up a couple of years ago
and paid for someone else to solve the nightmare of dealing with the big email
gatekeepers.

~~~
exratione
Run it in AWS. They keep their IP ranges comparatively clean.

Other hosting services, yes, you may as well not bother. I haven't found
another one yet that is reliable enough at keeping deliverability from their
IP ranges in good enough order.

Also make sure you set up SPF and DKIM right from the outset.

~~~
danieltillett
I ran into problems with an IP address I had owned for 15 years. Clean IP's
will help, but they don't solve the problem completely. The real nightmare are
the emails that just go missing - they don't even end up in the spam folder.
If you are running some sort of mailing list it doesn't really matter, but if
you are sending important transactional emails the it really does.

Apart from SPF and DKIM also make sure you also set your reverse DNS name and
also set up DMARC.

------
type0
You should fix the link for cloudron, it's
[https://cloudron.io](https://cloudron.io)

The problem there is as they moved from beta - you need to pay them 8$/mo to
get catch-all email and updates..

~~~
the_common_man
Curious. Why is it a problem?

------
DamonHD
I run my own email server and have done for ~25 years, but what do you mean by
'secure'?

SMTP isn't a secure transport.

Having your email stored on someone else's computers (ie the cloud) is not
necessarily 'secure'.

Having a well-constructed and well-managed host somewhere you physically
control seems to me the most 'secure' arrangement, which is what I have always
had. Currently for the cost of a Raspberry Pi and occasional 'apt-get update'
etc.

~~~
Cilvic
Thanks! I meant "more secure" = safer from (i) data mining/advertising and
(ii) being locked out, than compared to gmail.

But also quite secure from discovered security vulnerabilities. For example
wordpress auto-updates and doesn't rely on me doing 'apt-get update'.

I didn't mean secure as in "I want to keep out the NSA or anybody who's going
after me in particular".

------
the_common_man
Fwiw, I can vouch for cloudron. been using it as my primary email server for
over a year now. Works really well

------
thiagooffm
I pay for protonmail. Works like a charm, got even an app. 50 bucks a year,
totally worth it.

------
Lan
You could try an all-in-one solution like iRedMail[0] or Mail-in-a-Box[1].
Those supposedly do most of the leg work for you and set up a commonly used
stack (Postfix, Dovecot, SpamAssassin, Roundcube, etc). I've never used either
of them since I just install everything piecemeal, but I imagine there is an
ease of use tradeoff compared to setting the same stack up yourself. In other
words, it'll be easier to set up initially, but the downside is that you wont
learn the ins and outs of the individual components. So if something breaks or
you need to make an adjustment you're going to have a more difficult time at
that point.

That said, there are some things you should be aware of when running a mail
server:

1\. You need to make sure that the IP address and domain name that SMTP is
bound to is not on a blacklist[2]. You also need to consider the
trustworthiness of your host because you could very well get caught in the
cross-fire if one of their other customers gets them range banned. Certain
cloud providers that make it very easy to change IP will more than likely have
all of their addresses on some blacklist or another.

2\. You also need to make sure you have matching forward (A record) and
reverse (PTR record) DNS records for that IP address. This is called Forward-
confirmed reverse DNS, aka FCrDNS. Many mail servers will reject email from
servers that do not have or have mismatching records for FCrDNS.

3\. You must set up SPF and DKIM. Many mail servers will either reject mail
from servers without these, or at least weight heavily against it.

4\. You probably want to make sure TLS is set up properly, otherwise your mail
is going to travel the internet in plaintext.

5\. The IP address you're sending from is going to start off with no
reputation. The volume, type of mail, and how many people mark your mail as
spam is going to decide whether other mail servers start filtering you or not.
You may have no problems here. If you're unlucky, you will need to try to
reach out to whichever major mail provider is filtering your mail. Many of
them have a ticketing system for this, but you'll be at the mercy of whomever
is working that ticket. There are also various whitelists that might be worth
trying your server on. They're usually very selective and will probably reject
your request.

6\. You really, really need to make sure you've got your policies set up
correctly because you do not want to accidentally set up an open relay[3] that
will be used to spam other people.

7\. Greylisting is a very, very effective means of spam filtering. The
downside is that mail from new servers wont be delivered instantaneously and
will instead be delivered whenever their mail server tries to deliver it
again. Other than that, most spam is malformed in some way so some basic DNS
checks will filter a ton of it. There are also free RBL and DNSBL lists that
will pick up the slack.

[0] [http://www.iredmail.org/](http://www.iredmail.org/) [1]
[https://mailinabox.email/](https://mailinabox.email/) [2]
[https://mxtoolbox.com/blacklists.aspx](https://mxtoolbox.com/blacklists.aspx)
[3]
[https://en.wikipedia.org/wiki/Open_mail_relay](https://en.wikipedia.org/wiki/Open_mail_relay)

------
feborges
you don't.

