I don’t buy into the myth that running your own mail server is “hard”.
For a server with only a few users, the hard part is outgoing mail, ensuring your mails get delivered. I did what I can here, and simply use a paid service on another domain for important things where delivery must be “guaranteed”.
It’s an interesting post, but saying it’s “not hard” and then “welllllll it’s not hard if you don’t bother with a spam filter & pay a professional company for ‘important’ email” is pretty misleading.
It’s also not true. I ran an own mail server for a few years. If you’re strict with the protocols it actually isn’t a hard thing. Even setting up spam filtering isn’t really complicated. Everything has to be done once. Maintenance really isn’t problematic. Just keep an eye on the monitoring if something crazy is happening and regularly do updates and check your certificates.
Author here. Let me clarify.
For a server with only a few users, the hard part is outgoing mail, ensuring your mails get delivered.
It is not particularly difficult from a technical point of view.
But if you get blocked by big tech even when doing everything right (reverse DNS, SPF, DMARC, DKIM, RFC compliant MTA), you have to beg them to unblock you. This part is time consuming.
I’ve read horror stories where it went well for years until suddenly Gmail started flagging well-behaved servers as spam without any clear reason. Sometimes mail got through, sometimes it didn’t, without any clear pattern or explanation.
I simply don’t have that kind of time and nerves to deal with this. “hard” may be the wrong word, but it is nerve-wrecking.
I have been running my own mail server with similar requirements for 20 years now.
I empathize that getting flagged by major providers is the most worrisome part.
Yet, it’s not as bad as it was in the years 2012-2015 when SPF, dkim and dmarc strated becoming mandatory.
I maintain my outbound server against all odds, mostly because I think it’s very important that independent providers can still exist.
I finally ended up going to a larger mail service (paid, but free) that just provides an outgoing smtp relay for me. Even on a busy month I send far below the 1k emails they require before they start charging, and their servers IP ranges aren’t blanket blocked by the Google’s of the world.
Doing it is not hard.
Doing it well is hard.
Dealing with arbitrary black lists is annoying as fuck, contacting the admin or the automated tools to get your ip removed is hard as fuck, you will get put on there for no discernable reason and burden of proof of innocence is on you.
I aplaud the write up and recognise that the OP has developed a solution that suits their use case.
Personally I started running my own mail around the same time, but host for several family members at the same time.
I went a slightly different route and pay for a mail filtering service for inbound filtering and outbound relay. All up costs me $90USD per year for inbound and $4 a month for outbound
This has solved most blacklist and outbound mail server reputation issues.
I used to run zarafa till they went commercial. I’ve since migrated to Mailinabox as a platform. Its pretty resilient. (I’ve just disabled greylisying and spam detection as I’ve got upstream MX filtering already) I’ve also recently been through a MiaB major upgrade - it was pretty simple once I actually read the instructions properly!
Caught a typo, it’s “honeypot” not “honeypod”
I respect the writeup, although personally think the use-case described is too specific for general mail hosting. I have had a different experience for a similar amount of time running a couple of mail servers for home and work myself. I didn’t have the luxury of avoiding spam/virus filtration on the work server due to the domain’s history and the nature of 3rd party users with varying degrees of tech literacy. Most issues I have faced with maintaining these servers have been down to the filtration elements the author was able to avoid, specifically the virus scanner growing in memory footprint as hot new virus definitions are included. The overall virtual footprint of my postfix/dovecot/sql/nginx/roundcube/spamass/clamav stack has grown significantly over the years on clam alone, depsite no real change in usage patterns. Ongoing maintenance outside of ClamAV has been minor, but something will pop up now and again when a large 3rd party makes a decision that forces others to follow suit, or a new mail client is picky about protocols, etc.
At the time I needed to deploy these servers, the task was more difficult and required a lot more scrutiny than most other admin work I had done at that point (from a history of web server and backup system maintenance). The mail servers tended to require more active maintenance than most other small/self-hosting roles like web/file/game servers, or deploying a NAS or network gateway with a taylor-made distro/OS. Familiarity was the main roadblock; there was a lot of mail-specific terminology and best practices that differ from other server software. There is also a lot of ‘legacy friction’ related to bolting on separate daemon interaction that SMTP was never meant for while still maintaining backward compatibility with SMTP servers and mail clients. I have seen a lot of parallels with deploying and troubleshooting fediverse and ActivityPub driven software, likely due to the similarly decentralized behavior and reliance on 3rd party uniformity. I think it’s probably fair to call mail hosting ‘hard’, at least comparatively.
No shade on the writer though, and there are plenty of other ways to make mail hosting easy on yourself in 2023 (containerism and automation, or all-in-one solutions like Mail-in-a-box come to mind). Despite the difficulties, I’d rather the option to self-host mail not be yanked from the average user just because Google or Microsoft has the user-share to disengage with the rest of the network without much consequence, as they have done in the past for other things.
Article is not great, but I share the general sentiment that running your own email is not difficult. Setup takes some time, but once done - it’s just a regular linux server, nothing fancy about it. Letsencrypt takes care of the certs, cron takes care of rebooting when necessary.
Reboot? Since when does Linux need a reboot? I’ve been thinking about migrating from FreeBSD to Linux, but now I am confused.
It has always needed a reboot when it comes to kernel or init. Same applies to BSDs.
You mean when you update the kernel? No one updates init on BSDs. This is mostly a entire world upgrade. But I’d never reboot from cron. My servers run 100 days without a reboot on average. In most cases there is no reason to update world, only the packages.
Keeping your kernel updated is definitely recommend
Of course, but I can see and understand what is patched and can see if I’m affected or not. In the previous version I haven’t been affected for 500 days.
Thank you for sharing. Self hosted email server does not sound so bad after all.
