30 comments

[ 3.1 ms ] story [ 87.3 ms ] thread
Note they are paying 6 euro/month per VPS with 40 GB disk, which probably leaves 20-30 GB for messages themselves.

A commercial email provider like Fastmail charges $5/month (less if paying annually) for mailbox with 30 GB limit, with free unlimited email aliases and free custom domains. If you are happy with a single mail storage location, this is much easier and cheaper too.

Like all these projects, making it hard for yourself is part of the plan. Any sensible person would use GMail and call it a day, or another provider, but certainly not something like that.

But using GMail doesn't give you any experience in system administration, is not satisfying, and no one will hire you because you know how to create a GMail account.

Also, if you pay for a server, you have a server, you don't have to limit yourself to email. You can host a few web pages, make a personal VPN, maybe even a small Minecraft server, or whatever fun project you can think of.

Fastmail has another plus (which no other provider has) its mail client lets you send mail from your random unique email addrso on your domain on the fly.

So while catch-all solves the problem of receiving emails on random email addresses on your domain it gets tricky when you have send emails from those addresses. (Apple mail client allows you to do this in a convoluted way - you have to add the email in advance and if you forgot it’ll be sent from another email)

Or 365 Personal with 1TB Onedrive, 50GB mailbox. If you want to add a custom domain you need to buy one at GoDaddy (yuck!)
I know at least one person who doesn't use GoDaddy with their 365 family account but still has the custom domain working.

The values to configure in DNS are available as parameters in the link on the M365 side.

YMMV, of course, but DNS is DNS.

Will they support it? Unlikely. Will it work forever? No way to be sure, but isn't everything temporary anyway?

If you're looking to replicate this, I'd recommend Contabo's plans over LiteServer. The network uplink is slower, but you don't need gigabit internet for just email. €6 (inc. VAT) there nets you 4 cores, 8GiB of RAM and 50GB of NVMe storage (or 200GB of SSD storage). Hosted in Germany, and can be paid for monthly if you want to try it out.

It's the best VPS provider I've seen, and their cheap servers are big enough that you can throw Mailcow (or Mail-in-a-box, or mailu, for a smaller mail solution with fewer fancy features) onto it without performance tweaks. Same advantages, but better bang-for-the-buck.

I'm not sure if I'd go with Amazon for DNS hosting, though, I don't trust their DNS servers ever since their DNSSEC implementation took down Slack for a while.

> €6 (inc. VAT) there nets you 4 cores, 8GiB of RAM and 50GB of NVMe storage

Sounds great.

I pay $3.5 for 1gb + ssd + maybe 1 or 2 cores? But it's in the US and I do need it to be in the US.

It does have gigabit though.

Contabo used to charge extra for their USA stuff, but it looks like they're having a discount right now where they get rid of the fee. You only pay extra for their Singapore hosts.

I think they've got their formula down well. There are a lot of applications that need more than the 200mbps connection these cheap servers have, but there are also many services that would run fine with even less than that. You don't need a lot of network capacity if you're just hosting stuff for your own personal use, after all.

An important part, adding DNS SPF records, is missing. And I would like to see mention of deliverability stats, since lots of times e-mail send from a new IP is marked as spam in some providers, even if DKIM, DMARC and SPF is all right.
Yeah, the deliverability aspect is deterring me from going self-hosting route. Wonder if split setup is possible - e-mail intake into self-hosted setup, deliver through someone like migadu or mailbox or tutanota.

I currently use migadu and it's almost perfect, except for the API access. I don't care about storing e-mails, just give me a programmatic way to create aliases. Wish they just had API access available as an addon. /rant

Go to lowendbox.com search for racknerd.com and find their annual plan for like $20-25. Use mailinabox. You will be ready in less than an hour all included and won't have to me try for a year.
Be very careful when recommending Racknerd. Owner of that hosting company was involved in Alpharacks exit scam. Google properly before signup, don't be blinded by the price of service.
You're the first person I've heard with those sorts of accusations, so not sure what to make of them.

But more broadly, any prepaid service is potentially an 'exit scam' and the point is to minimise your risk.

So in the end the price of the service (along with quality/value) is really the main consideration. Losing $20 at some point in a year is not much of a risk. I've used many providers, maybe using a bit of judgement, and I've only once come anywhere close to this, but even that seemed to just be a business failure and my account was sold but the replacement service was not as good.

The way I'm planning to solve this is to refactor my HTTP server to also receive SMTP over HTTP and the same for DNS.

That way you can write your own storage/homepage for handling all your internet needs running in one process.

The biggest problem with selfhosting is spam, and for that I'm going for IP + geolocation so that you can filter things by from where your spam is coming from.

If that fails I'm going to have an authorized from address list system and some kind of RAM only this spam might be something... but that will be memory constrained and lost on reboot!

Eventally we are going to need hashes provided with each new (unauthorized) mail, it's sad but that is the way humans work.

Seems a bit overcomplicated. I am using self-configured Postfix, PostfixAdmin, Dovecot (with xaps daemon for apple push), SpamAssassin, Rainloop (webmail). Everything works on a tiny DigitalOcean VM serving tens of domains, hundereds of mailboxes and millions of emails on daily basis for already more than 10 years.

Using any "package" with require unnecessary management, updates, etc. Surely there are fancy bells and whistles, but do we really need it?

so it is download source tar balls and build your own for ultimate stability?

what do you do when a vulnerability has been posted and impacts you?

> so it is download source tar balls and build your own for ultimate stability?

Not to this extend, installing things from packages are okay.

> what do you do when a vulnerability has been posted and impacts you?

There were no substantial vulnerabilities for those packages in years, if my memory doesn't fail me. But even is something comes up, there are additional measures like fail2ban on open ports.

Mailcow dockerized is great if you would like to host yourself, but dont want to spend too much time building or upgrading.
I love (and donate to) mailcow, it's an amazing piece of work which makes it simple to get up and running and to maintain a email stack.

The problems you end up with is dealing with the big fish in this space. For instance, Microsoft are currently blocking all/most/a lot-of mail from Linode IPs and have been since 21 Dec regardless of individual server reputation[0].

[0] https://www.linode.com/community/questions/22287/550-57511-a...

I've self-hosted email since around 2000, it used to be relatively simple.. Your ISP would assign you a public static IP, and they'd apologize for blocking outgoing port 25 right there in their documentation, and also tell you, the address of their relay server, which you could configure as a "smarthost". Done. Email right there, on my harddisk, in my server, in my home.

Time has a tendency to make some things worse, self-hosting your email was not spared. Some great stuff has been added over the years, DKIM, DMARC and SPF are all quite easy to manage, but the quality of internet providers has nosedived. Today the generally biggest problem of hosting anything online is that your ISP may not want to provide you with a public routable static IP. The second problem is even worse, and relates to email in specific, your ISP probably still blocks outgoing port 25, meaning that while your self-hosted server can RECEIVE emails well enough, it won't be able to send anything out. You need the aforementioned "smart host" for this, and your ISP might not provide one anymore, leaving their customer with an "Internet" connection that cannot do Internet related things, such as sending email! This is obviously an outrage, but apparantly there are not legislation defining minimum requirements for internet connections.. Imagine if electricity and water providers were allowed the same freedom.. "What? you want around 50 hz at around 230volt? Sorry sir, that's our premium package, what we deliver is between 23 and 120 hz at whatever the volt we want!" and your water company being "Oh, this definitely _IS_ water, guaranteed 25% of it!"

I have been self-hosting my email for few years on Digital Ocean VPS. The biggest downside is that your messages are very often classified as spam by big players such as GMail or Microsoft, despite implementing DKIM, DMARC and SPF etc properly on my side. If it's important for me to get my message through, I have to use my "backup" GMail account, which pretty much defeants the point of self-hosting your email.
That is clearly a problem with the big players rather than with self hosting. It should be pretty clear by now that rejection of legitimate mails is intentional. While your argument is justified (I face the same issue), the reality is that we are giving up our freedom under pressure by rent-seekers. I wish the users would resist it more vocally.
I've found that Microsoft is the worst of the big players. They heavily rely on reputation of your IP block. I've found the GMail was pretty quick to accept my domain reputation and I no longer have delivery problems. (Although I don't know what rate you need to send email for them to remember your domain reputation).

For personal email a good option here is to use a relay for sending mail (or for sending important mail). Of course the downside is that the relay can see your mail in plaintext.

After 10 years of hosting my own email-server, I stopped last year. Getting DKIM, DMARC, and SPF right were a nuisance, but worked in the end. My biggest problem was that my mailserver had been blacklisted multiple times due to IP's in the same subnet misbehaving.

In 2022 I am going to host it somewhere more reliant, but for now i use the mailserver of my ISP.

Bit offtopic: I used AnonAdddy (https://github.com/anonaddy/docker) for my email-aliases.

As a productivity tool, i don't see the need to self host email.

I used to self host email about a decade ago, but considering how complicated it can get with blocklists, residential IP blocks and just functional spam filtering, it seems to be much better to just leave it to dedicated people. I'm aware that people self host email for privacy, but email is not a private communication form, at least not in 2022. Any email will have at least 2 parties, and if you don't control the remote end, your privacy is non existing.

Up to 30% of all emails will go to Gmail alone (https://emailanalytics.com/gmail-statistics/), and then you can add all the Google Workspace users, Outlook (personal or business users), and you'll easily end up with 60-70% of all emails at some point ending up with one of the cloud email providers.

> In this case of GMail, all your inbound and outbound emails are “read” and that information is used to augment your digital footprint and (advertising) profile.

As I will continue saying until I am blue in the face, _this is not true_ . Ads that are displayed in consumer gmail are powered by your web activity same as any other ad, but not your email. If you are a paid user, even more stringent rules apply and you don’t see ads in gmail.

If OP wants to run their own mail server because they don’t want to support Google, totally fine, and it’s great to have articles about doing that. But that’s a lot of work, and people who don’t want to do that shouldn’t have to worry that their emails will be read.

(Disclosure: I work at Google, used to work on Workspace, which Gmail is a part of)

(comment deleted)
It would be more honest to say that "this is no longer true." For the majority of Gmail's existence, Gmail did use your actual email content for advertising.

And Google still processes the content of your emails, no? Are all of those smart features like identifying flight bookings done completely client-side (hint: they're not)?

> Although Google stopped scanning email content to tailor ads in 2017, last year the company started showing shopping ads in Gmail. And it still scans emails to facilitate so-called smart features such as the ability to add holiday bookings or deliveries straight to your calendar, or to autocomplete suggestions.

> Every way you interact with your Gmail account can be monitored, such as the dates and times you email at, who you are talking to, and topics you choose to email about, says Rowenna Fielding, founder of privacy consultancy Miss IG Geek.

[Source](https://www.theguardian.com/technology/2021/may/09/how-priva...)

Sorry, sure, yes - for ~5 years, this has been true. 2017 was before my time, and I have no idea what was happening then.

> And Google still processes the content of your emails, no? Are all of those smart features like identifying flight bookings done completely client-side

Of course, no, but the same is true of things like spam detection. What is the difference between scanning emails to see if they are spam and scanning emails to see if they are flight details? Or to scan emails to see if they have malware? In all these cases they’re not used for anything outside of Workspace, and they all provide some value to users.

> Every way you interact with your Gmail account can be monitored, such as the dates and times you email at, who you are talking to, and topics you choose to email about

Sure, yes, this could be monitored. This is the equivalent of saying, “when you use a saas product, the provider can see what you do”. It’s both obvious and uncontroversial- even the e2e encrypted messaging apps can see who you are communicating with and when.

The important consideration is that Google doesn’t use this for anything that is personally identifiable. You can choose to believe this or not, that’s up to you, but the same is true of literally every saas service everywhere.

Doesn't being the only user of an email domain also fingerprint you?

I'm not convinced this is better than a paid for alternative to Gmail.