22
votes
Building my own email system and/or other privacy-first email solutions?
Back in the day I remember setting up squirrelmail + qmail to host my own email as well as for others. And then I got that coveted gmail invite and never really looked back.
I've started to get into the mindset of erasing my digital trail, at least for my personal activities, and email seems to be the main one that I need to figure out.
The idea of setting up my own email solution came up again because I wonder how transparent / private services like protonmail and mailbox.org really are.
Any suggestions or insight would be appreciated. Squirrelmail seems to be now defunct, and I am pretty sure the world has changed enough that residential ISPs don't allow running of servers at home anymore. I guess I could setup something on AWS if I had to.
I've run email servers in the past, and most if it is not too difficult if you are at all a seasoned linux admin. However, the biggest issue you will face is getting your outgoing mail delivered.
The problem is this is largely out of your control. Big email providers like Google and Microsoft are notoriously secretive and opaque about why they reject mail from small and medium-sized mail servers. In Microsoft's case, they often just "black-hole" your email so you don't even get a clue that your mail isn't getting accepted.
To get your mail accepted, you have to get a clean, dedicated IP, and one that is not even on a similar subnet as someone who is spamming. So that generally rejects almost all VPS's out there. And when (not IF) you run into trouble, you have to contact the destination email admins and basically beg to let your mail through and convince them you're not a bad actor. That's the tough part - there's no established protocol for doing this, and with the big players you're often talking to a wall.
If you really still want to do this, your best bet is to purchase a service that will deliver your mail for you; basically buy an SMTP gateway that will deal with that part. MXroute.com for example is very good at getting their email delivered. But for that same price, they will also host your mail if you don't feel like running your own IMAP/postfix/webmail services yourself.
Good luck - I do wish more people would host their own mail, but it's becoming much harder to go solo these days.
Interesting. We need to start taking things back... otherwise the big providers will just dictate everything.
I mean... That's already what the big players are doing, and that's their end game. If you're not part of the group/club, you're out.
The big thing is making sure you have working SPF / DKIM / DMARC. It's not a guarantee that your mail will get through, but it's a start.
These might be relevant to you:
https://poolp.org/posts/2019-08-30/you-should-not-run-your-mail-server-because-mail-is-hard/
https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/
I'm happy with OpenSMTPD, but you might prefer the more common mail-in-a-box setups and stuff that will do more work for you. I believe most of these solutions use Postfix, which is a little more common.
You can do it, and I really encourage you to! If everybody is afraid to host their own mail servers, that only really benefits the large providers... And the best defense for self hosting e-mail is if people actually do it.
There's a lot of ways you can tailor hosting your own e-mails for your own needs. You could start just by having your own domain so you can control your actual e-mail address and switch between providers more easily, you could use other e-mail services like those provided by your registrar / hosting provider, you could host your own incoming mail server, but use services like mailgun to worry less about outgoing mail being received... Or you can host it all. Pick whatever you're comfortable with, but if you have your own domain for e-mail you have options and can change whenever you want.
Just seconding MXRoute.com. I've been with them for three years, and recently switched to the Lifetime subscription on the current promo. Had to set it up again from scratch and the documentation they provide to set up the domain configuration is second to none.
Reading interviews with Jarland Donnell (the owner), I find it endearing how much one man can love email.
I also got the notice about GandiMail being shut down at the end of November.
So far I've found 2 pretty good services if you don't feel like rolling it on your own.
There is MXroute.com - they have specials but you can get pretty much the same service as GandiMail for as little as $49 per year.
Even cheaper is Purelymail.com - it's only $10/year, and if you do the pay-as-you-go option, it's even cheaper.
Both services will let you have unlimited maiboxes, unlimited domains and aliases.
I'm testing out Purelymail.com and I like it a lot.
Only one downside with Purelymail - it's a one man operation, has been in "beta" for years, but I understand he's got his brother helping him now.
The two preconfigured/prepackaged choices I'm aware of are Mailcow and iRedMail.
I've seen different reports about success, with the main issue being outbound deliverability - which probably depends on the use case. I've used Amazon SES and Mailgun as outbound SMTP providers rather than doing my own outbound SMTP (but with DMARC/DKIM setup) and haven't run into trouble delivering mail, but it's mostly sent to myself (for logging/alerts/etc) with a little bit of one-off transactional/personal stuff - not large-scale delivery in a commercial context. I get the impression that's still better outsourced to third party providers until you're at a scale where it makes sense to have your own servers and your own staff administering them (and maybe not even then).
two other all-in-one options I've heard of (but never used) are Mail-in-a-Box and NixOS Mailserver
I have a server running BIND, Dovecot, Postfix, and Postfixadmin, and it kinda Just Works. I followed some Linuxbabe guide for it years ago.
I've been using purelymail for a couple of years now with a custom domain of my own. I find it's a nice balance of:
I especially like that they provide two payment options: pay-as-you-go and $10/year. They show you your pay-as-you-go price regardless, but if you just want a stable, capped $10/year price the option exists. I feel like that's such a reasonable price that I'm happy for the dev to earn a few extra bucks off of me per year.
And FWIW I have had no issues with mail delivery, despite quite a lot of chats for job interviews, warranties, returns, etc. YMMV ofc.
I have no experience in the matter, but read a lot of discussions on r/privacy about it, back when I was a mod there. From what I've gathered, it's pretty hard to do in a way that also ensures your e-mail ends up in the inbox of someone with a Gmail/Outlook account instead of being blacklisted. Security is also hard.
That said, this is probably useful to you: https://www.privacyguides.org/en/email/?h=#self-hosting-email
I would imagine at least from an spam perspective it would just be a matter of setting up DKIM/DMARC/SPF and not being an open relay, like any other corporate email server.
Mailcow looks great. Thank you for the link!
My pleasure. Good luck!
I hate to say this, but if you're in a subnet block range that is known for self-hosted or VMS, you'll get penalised. This also goes back to the headers of the email too and what they contain. Example, MS Exchange throws in a load of headers which MS automatically seem to go "yeah, this must be an okayish mail server since it's one of ours!" along with Google. You'll still need to have absolutely perfect SPF, DKIM and DMARC.
The company I work for use Virgin Media with public IPs, and we're okay with no delivery issues anywhere. However, I have previously had a public IP on BT and one via a company called Daisy (ISP reseller, not sure what ISP block I really got) and had a number of issues to the point where I just opted to use a SmartHost for relay.
I have a cheap shared web host that provides email with my domain name. That has the benefit of someone else handling the service and security, but also not being one of the big data collection services. I can access my mail via IMAP client or the webmail interface. It has worked well for over 20 years.