this post was submitted on 22 Apr 2024
35 points (92.7% liked)

Selfhosted

40190 readers
551 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I have a raspberry pi running postfix. I Realised unless I open port 25 I absolutely cannot receive emails (I have 587 open and can send but not receive them). However I heard there are scaries online which someone could potentially send emails from your server without consent. I believe as well my ISP doesn't block port 25. Is there anything I should do right now before opening port 25, or should everything be safe enough?

top 37 comments
sorted by: hot top controversial new old
[–] [email protected] 38 points 6 months ago (2 children)

Ideally, don't. Self-hosting email is complicated, easy to get wrong (and dangerously wrong, where people could use your server as an open relay and send spam).

That said, if you really want to, make sure you're not accepting email except for what's destined for you. There are a bunch of postfix best-practice guides out there that can be easily found with a Google search. I don't host my own email, so I can't vouch for any.

[–] markstos 11 points 6 months ago (1 children)

Agreed. I used to host email professionally and would not recommend managing your own mail server. It will constantly be under attack by spammers and if the inbox email address is exposed at all, soon 90% of incoming mail will be spam and you’ll need antispam software to filter it.

[–] [email protected] 8 points 6 months ago* (last edited 6 months ago) (1 children)

Not sure about you latter point tbh. I run an email server, with nothing but grey listing and spamassassin and the amount of spam is absolutely minimal.

Proper config and fail2ban easily takes care of direct attacks.

Nevertheless, I wouldn't recommend it to anyone but the most determined.

[–] [email protected] 11 points 6 months ago

To be fair, they said that you would need anti spam software and you do use anti spam software.

[–] [email protected] 5 points 6 months ago

And even if you do everything 100% right, your emails will mostly get flagged as spam if not outright blocked anyway. Esp. if you're using a residential IP.

[–] [email protected] 16 points 6 months ago (2 children)

friends dont let friends host email. its just become too top heavy (complexity-wise) if you want it to be fully functional and secure.

[–] [email protected] 2 points 6 months ago (2 children)

How can I have reliable email that I can control, then?

[–] [email protected] 14 points 6 months ago (1 children)

Buy your own domain name and put it in front of someone else's service. This is going to be a ton of work to do correctly and you're unlikely to be able to host it out of your house.

Also, something you're running off a Raspberry Pi in your house is not going to meet most definitions of 'reliable'.

[–] [email protected] 1 points 6 months ago (3 children)

What "someone else's service" would you recommend?

[–] [email protected] 2 points 6 months ago (1 children)

Personally I'd probably go with MS hosted exchange or a Google business account. If you don't trust those entities I've heard good things about ProtonMail - I imagine they have some kind of business solution.

[–] [email protected] 0 points 6 months ago

Google and MS are the entities you'd definitely want to keep your data away from, no thanks. And Proton doesn't work with normal mail clients, which is kind of a dealbreaker. I remember seeing a comparison chart somewhere with an assortment of other services.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

Mango mail, porkbun, proton mail

Each does a slightly different niche.

Mango is cheap, but limits outbound mail. Porkbun has a good all-around mail service, bit is a little more costly. Proton is very secure, but can be inconvenient for export (though it can be done, it requires purchase of a month of business service to export away from them).

[–] wurstgulasch3000 1 points 6 months ago

There's mailbox.org for example

[–] [email protected] 10 points 6 months ago

If you own your domain name, then you can use any email service and still have control over it and move around if needed.

[–] [email protected] -1 points 6 months ago* (last edited 6 months ago)

100% agreed. It's well worth outsourcing to someone else for $10/mo versus the amount of work it takes to do it well unless you're a large business.

I'd make this argument for DNS too - a lot of work for how easy it is to pay someone else to handle it.

[–] [email protected] 14 points 6 months ago (2 children)

You should be aware that a large number of mail hosters will block all mail from your server merely because it is sent from a dynamic IP address.

[–] [email protected] 1 points 6 months ago

Meh that sucks i even have a perfectly working ddns, I mean I know I don't get something like a PTR record but i wish that mail hosters would allow for more self hosting options

[–] [email protected] -3 points 6 months ago (3 children)
[–] [email protected] 17 points 6 months ago

The domain won't change that. Even with a static IP if it's coming from an ISP owned up block you're likely going to get banned. Even with reputable VPS' it's hard. Make sure you have DMARC, DKIM, and SPF setup, but even then almost certainly going to get banned. The big player are creating and inherent monopoly instead of improving their spam filters.

[–] NeoNachtwaechter 13 points 6 months ago

It's time to learn the difference between a domain and a dynamic IP.

[–] [email protected] 3 points 6 months ago

If you manage to get a good SMTP relay host or authenticated SMTP account for your outgoing email then playing around with small scale self hosting email (Granted that it is not your important daily driver email accounts) can be an interesting and fun experience. But you will have to invest some time reading and tweaking and figuring things out. Slightly comparable with installing Arch Linux. Lots of people will warn you to not do it but you might learn a few valuable things on the way there.

[–] [email protected] 10 points 6 months ago

Avoid being an open relay indeed. Some background information : https://www.postfix.org/SMTPD_ACCESS_README.html#relay But with the defaults in postfix you should be fine unless you made a lot of changes and made a mistake in it.

[–] NeoNachtwaechter 9 points 6 months ago* (last edited 6 months ago) (1 children)

IMHO a RasPi is just not reliable enough. Your internet connection is just not reliable enough. You are going to lose some of your incoming mail and NOT notice it, unless you have somebody who hosts a secondary MX for your domain.

Chances are also that it's not powerful enough when some of these automated attacks come knocking.

[–] [email protected] -4 points 6 months ago

If you know how to set it up, RPI can be reliable enough

Even, IMAP is TCP already, any coming mail should be cached by the router until delivered, and your router usually doesn't loose connection as often as the connected devices

[–] TCB13 7 points 6 months ago* (last edited 6 months ago) (1 children)

If you follow the ISPMail guide at https://workaround.org/ you'll be safe.

I heard there are scaries online which someone could potentially send emails from your server without consent

That's called an open relay and websites like https://mxtoolbox.com/diagnostic.aspx can test for it.

Either way your biggest issue won't be that, if you're running on a residential internet connection the IP is already flagged as such and will have a very low reputation with other e-mail providers causing Microsoft, Google and any other large provider will simply refuse your email. You'll also need reverse DNS for your IP pointing at the domain you're using that your ISP is most likely not going to provide.

[–] [email protected] 1 points 6 months ago (1 children)

What do you mean reserve DNS?

[–] [email protected] 6 points 6 months ago (1 children)

Pretty sure they meant reverse dns :)

[–] TCB13 5 points 6 months ago

Yes, reverse DNS. Typo there.

[–] [email protected] 7 points 6 months ago (1 children)

You can check for being an open relay with tools like this one: https://mxtoolbox.com/diagnostic.aspx

[–] [email protected] 4 points 6 months ago

Thank you so much! It just tested it for me

[–] CriticalMiss 5 points 6 months ago (1 children)

Hi, I recommend you read the book “Run Your Own Mail Server”. The fact that a book exists for this topic is all the proof you need to not do this decision. But if you absolutely must, this is the way.

[–] [email protected] 1 points 6 months ago
[–] [email protected] 4 points 6 months ago* (last edited 6 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
IMAP Internet Message Access Protocol for email
IP Internet Protocol
RPi Raspberry Pi brand of SBC
SBC Single-Board Computer
SMTP Simple Mail Transfer Protocol
TCP Transmission Control Protocol, most often over IP
VPS Virtual Private Server (opposed to shared hosting)

7 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.

[Thread #705 for this sub, first seen 22nd Apr 2024, 19:05] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 3 points 6 months ago* (last edited 6 months ago)

Many ISPs will also block inbound SMTP unless you have business account (and sometimes even then) because it's a common malware/spam vector.

If you insist on going through with this the key thing is to make sure that you're not an open relay.

[–] [email protected] 2 points 6 months ago

Have you ensured that your setup will pass email authentication processes?

It has been a long time since email from random hosts is accepted for forwarding or delivery. This Wikipedia may help https://en.wikipedia.org/wiki/Email_authentication

[–] [email protected] 1 points 6 months ago (1 children)
[–] [email protected] 2 points 6 months ago