“self-hosting email is hard” no it isn’t and you should do it
@georgia lmk if you have any questions about it; i basically set it up from scratch so i’m familiar with how all the pieces fit together
@mia I would, but my family is very against port forwarding. Any of the servers I wanna do, I can't. Furthermore, I think the electricity would be high. I made the mistake of giving my RPi5 to a friend in exchange for a Dell Optiplex, which uses a fuck ton of power.
@doraii that’s okay, the attitude still counts. btw did you try forwarding ports via upnp yet, or has your family disabled that as well?
fwiw i believe self-hosting email from a home ISP with dynamic address pools might be a bit of an uphill battle where you can’t expect your outgoing mail to be delivered to users of some of the big providers (as in, not even the spam folder). idk how bad it is nowadays.
@mia Yeah, UPnP is out of the question too. In fact, I believe my router doesn't have it at all, or it's disabled by default.
I've heard the things about big providers not accepting self-hosted email. For now, I'm using Proton, but I might switch to Tuta. Luckily, I don't really use e-mail for anything other than site 2FA.
@mia receive-only is honestly very simple
sending can be more annoying, but is also manageable
I just think it sucks there are no good clients / webmail
@aetios the nice thing about email is that your stuff can go down for weeks and other servers will keep trying to deliver mail. you still receive stuff oncet it’s back up
@privateger kmail is very good actually. idk about webmail though, haven’t used that in 20 years
@aetios asking questions is okay even if you feel like you should be able to figure it out yourself
@mia SO TRUE
ive been selfhosting my email for ages now without issue, despite everyone screaming at me not to
@mia “but keeping up your ip reputation is a fulltime job” what no it isnt wtf are you talking about
IIRC it's not quite "weeks" (more like 2–6 days depending on sending-server configuration) but it's still nice to know that servers will retry. Also, annoyingly some mail-hosts (particularly the big-name ones) will re-send from a different IP address which makes gray-trapping more challenging ☹
(but yes, still totally worth running your own mail-server)
Annoying though when the big senders re-send from different addresses.
10.0.0.1: Hi, I've got some mail for you
My gray-trapping server: um, try again in a few minutes (notes 10.0.0.1 as the sender)
10.0.0.2: Hey, here's that message I tried to deliver to you earlier
MGTS: Um, I have no record of you trying to send so try again in a few minutes (notes 10.0.0.2 as the sender)
10.0.0.3: Hey, here's that message I've tried twice to deliver to you
MGTS: Um, I have no record of you trying to send so try again in a few minutes (notes 10.0.0.3 as the sender)
⋮
[sigh, glaring particularly at Outlook.com, I recall @pitrh blogged about this annoyance a while back but I can't disinter his post to link to]
@mia I'm told changing my oil isn't heard either, but I have other things to do with my day. :)
@teajaygrey @aetios @lanodan @gumnos skill issue on part of the greylister; half-assed in typical openbsd fashion. this isn’t new or uniqe to large senders; there never was any guarantee that MX records won’t change from one attempt to the next either. there’s a reason SPF, DMARC and DKIM were introduced.
@aetios @lanodan @teajaygrey @gumnos rspamd does it right (and also ensures proper form for outgoing mail), btw. you can use that on openbsd as well.
@mia @doraii Hosting an email server on residential internet is pretty much a non-starter these days. Most of the big providers will just drop stuff coming from those ranges.
But in the fuzzy definitions of self-hosting, having a VM on Linode/Hertzner/Digital Ocean/1&1/et al for mail services works nicely. Your own domains, all the accounts you want for a fixed price
https://mailinabox.email is a great place to start if you don't already have a background in setting up mail servers
@gumnos @erik @doraii setting up the stack from scratch is also easier than it used to be. postfix no longer defaults to open relay mode, dovecot can also be its auth backend instead of having to use some awkward cyrus-sasl setup, and rspamd just works and also takes care of signing outgoing mail.
still more complicated than it needs to be for a small self-hoster, but some progress has actually been made
@teajaygrey yeah, alright, should’ve watched my tone there. sorry.
still though, it’s how it goes in an open network: you can never assume the rules won’t be broken by both good and bad actors, which is especially true when you’re building systems for dealing with abuse in the first place. every assumption and every part of every interpretation of every spec will be violated, and it takes some degree of street smarts to figure out how to defend against that and maintain network integrity—which is something you won’t find too often in post-hacker techie circles.
@Slash909uk @phlash recommend giving rspamd a try, it needs almost no config beyond plugging it into your MTA. i switched to it from SA a few years ago, it’s a lot better and also takes care of some other things like greylisting and DKIM/ARC signatures for outgoing mail.