22
votes
Building my own email system and/or other privacy-first email solutions?
Back in the day I remember setting up squirrelmail + qmail to host my own email as well as for others. And then I got that coveted gmail invite and never really looked back.
I've started to get into the mindset of erasing my digital trail, at least for my personal activities, and email seems to be the main one that I need to figure out.
The idea of setting up my own email solution came up again because I wonder how transparent / private services like protonmail and mailbox.org really are.
Any suggestions or insight would be appreciated. Squirrelmail seems to be now defunct, and I am pretty sure the world has changed enough that residential ISPs don't allow running of servers at home anymore. I guess I could setup something on AWS if I had to.
Interesting. We need to start taking things back... otherwise the big providers will just dictate everything.
I mean... That's already what the big players are doing, and that's their end game. If you're not part of the group/club, you're out.
The big thing is making sure you have working SPF / DKIM / DMARC. It's not a guarantee that your mail will get through, but it's a start.
These might be relevant to you:
https://poolp.org/posts/2019-08-30/you-should-not-run-your-mail-server-because-mail-is-hard/
https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/
I'm happy with OpenSMTPD, but you might prefer the more common mail-in-a-box setups and stuff that will do more work for you. I believe most of these solutions use Postfix, which is a little more common.
You can do it, and I really encourage you to! If everybody is afraid to host their own mail servers, that only really benefits the large providers... And the best defense for self hosting e-mail is if people actually do it.
There's a lot of ways you can tailor hosting your own e-mails for your own needs. You could start just by having your own domain so you can control your actual e-mail address and switch between providers more easily, you could use other e-mail services like those provided by your registrar / hosting provider, you could host your own incoming mail server, but use services like mailgun to worry less about outgoing mail being received... Or you can host it all. Pick whatever you're comfortable with, but if you have your own domain for e-mail you have options and can change whenever you want.
Just seconding MXRoute.com. I've been with them for three years, and recently switched to the Lifetime subscription on the current promo. Had to set it up again from scratch and the documentation they provide to set up the domain configuration is second to none.
Reading interviews with Jarland Donnell (the owner), I find it endearing how much one man can love email.
The two preconfigured/prepackaged choices I'm aware of are Mailcow and iRedMail.
I've seen different reports about success, with the main issue being outbound deliverability - which probably depends on the use case. I've used Amazon SES and Mailgun as outbound SMTP providers rather than doing my own outbound SMTP (but with DMARC/DKIM setup) and haven't run into trouble delivering mail, but it's mostly sent to myself (for logging/alerts/etc) with a little bit of one-off transactional/personal stuff - not large-scale delivery in a commercial context. I get the impression that's still better outsourced to third party providers until you're at a scale where it makes sense to have your own servers and your own staff administering them (and maybe not even then).
I have a server running BIND, Dovecot, Postfix, and Postfixadmin, and it kinda Just Works. I followed some Linuxbabe guide for it years ago.
I've been using purelymail for a couple of years now with a custom domain of my own. I find it's a nice balance of:
I especially like that they provide two payment options: pay-as-you-go and $10/year. They show you your pay-as-you-go price regardless, but if you just want a stable, capped $10/year price the option exists. I feel like that's such a reasonable price that I'm happy for the dev to earn a few extra bucks off of me per year.
And FWIW I have had no issues with mail delivery, despite quite a lot of chats for job interviews, warranties, returns, etc. YMMV ofc.
I have no experience in the matter, but read a lot of discussions on r/privacy about it, back when I was a mod there. From what I've gathered, it's pretty hard to do in a way that also ensures your e-mail ends up in the inbox of someone with a Gmail/Outlook account instead of being blacklisted. Security is also hard.
That said, this is probably useful to you: https://www.privacyguides.org/en/email/?h=#self-hosting-email
I would imagine at least from an spam perspective it would just be a matter of setting up DKIM/DMARC/SPF and not being an open relay, like any other corporate email server.
Mailcow looks great. Thank you for the link!
My pleasure. Good luck!
I have a cheap shared web host that provides email with my domain name. That has the benefit of someone else handling the service and security, but also not being one of the big data collection services. I can access my mail via IMAP client or the webmail interface. It has worked well for over 20 years.