Is it recommended to set up an own mail server? - eviltoast

Is it useful to have your own mail server as a non-business? Just a private person. Configure SMTP and IMAP for it, sync with outlook I think.

Yay or nay, waste of time? What are your thoughts?

  • wosmo@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’ve run my own mailserver for about 20 years. I don’t know if I’d recommend others do the same, but I wouldn’t recommend against it either.

    Once it’s up and running, it’s surprisingly low-friction. I have a VPS with a provider I trust, and it’s running nothing else. Other than keeping everything updated, it requires very little ongoing maintenance. Mostly making sure you keep up with dmarc, TLS, etc best practices before the big providers call them requirements, instead of after.

    I think the real difficulty is starting fresh, greenfield. Not only can one misconfiguration ruin your day, but if it’s an issue that other providers notice, the smell hangs around for a long time. Most the big providers (gmail, microsoft, yahoo) will do absolutely nothing to work with you, so if they take a dislike to you - well you’re screwed. There’s no way to get in touch with them, no way to ask them to look again, etc. The juggernauts will usually give the impression they don’t actually have anyone working for them at all.

    You’ll also learn a lot more about DNS. Whether you like it or not :)

    Things that aren’t so fun … OS updates are always the terrifying one. My provider is really good about letting you spin up a new instance while keeping the old one around for a month so you can switchover when you’re ready. I use that for most things - but for my mailserver, I don’t want to because I don’t want a new IP. I like that it’s my ball and I can pick it up and go play somewhere else if I want, but the amount of reputation that the big providers pin to IP, makes this a lot more difficult than it sounds.

    The other fun sticking point is monitoring. I get emails if my mailserver (or DNS) go down … but because my mailserver is down, I don’t receive them until it’s back. That’s not ideal, but I never seem to get around to doing anything about it. (because when it’s working, I want to leave it alone. When it’s not working, it’s too late.)

    I think the main thing to keep in mind is that it’s difficult to “lab” outbound mail. There’s very little “just trying something”, very little experimentation, etc. Getting things wrong has too many long-term effects. You wanted to try a new MTA and now Google think you’re a spammer? Putting the old one back does not fix your reputation. Putting the old config back does not fix your reputation. Doesn’t matter how much you clean, that smell is going to take a long time to go away.

      • wosmo@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        That’s a lot more difficult to put into words than I thought it’d be.

        I think the big thing is that they’re not in the race to the bottom. Their customers choose them for their level of services, not because they were the cheapest host in a list. So spammers don’t want to use them because they’re not the cheapest, and they don’t want to host spammers because that ruins their value proposition to their regular customers.

        What else … small enough that they’re not faceless. and I’m not nobody to them either. They’ve been at this at least as long as I have, so it doesn’t feel like they’re going to disappear tomorrow. And they’re fairly active with their community through a good old-fashioned mailing list. Which also helps to get to know them and what level they’re working on. It’s nice knowing that when I mail them, I don’t get through to an AI, or an L1 on a script, I’m gonna get Andy.

        It’s a tough one though, because trust is earnt, not researched. But I do prioritise putting a mailserver on a provider that keeps a clean house - because you don’t want to find yourself getting blocked because your neighbours misbehave.

        tl;dr; everything AWS ain’t.

        • KervyN@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          That’s a nice writeup. Especially the mailing list part struck with me.

          So which provider is it.

          I’ve gone through a lot of providers in the last decade. Currently everything sits in the DC of my current employee, but I feel like a freeloader, which I am clearly am.

      • gihutgishuiruv@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        A provider that isn’t on the ball about managing outbound spam will quickly find their IPs (if not the whole prefix) blocked. If someone runs a spambot from a VPS, and then you get the recycled IPv4 address when the instance is removed, what’s to tell Microsoft you’re not also a spammer?

        • 90Carat@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I’ve been an admin for a couple of different companies that sent statements to customers. Keeping our legit email systems off spam lists was a daily challenge.

        • KervyN@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I work for a cloud provider, and even if I wanted to, I could not check for outgoing spam, other than reacting to the NOC mails.

          Most mail server use transport encryption, which I can absolutly not inspect.

          • gihutgishuiruv@alien.topB
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I never said anything about monitoring outbound SMTP traffic.

            The more realistic mitigations are e.g. periodic scanning for open relays, actually handling abuse email reports, RBL checking

    • edthesmokebeard@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      +1 to this.

      I find in the IT field that people who run their own mailservers are significantly better engineers than those who do not.