this post was submitted on 25 May 2025
23 points (74.5% liked)

Selfhosted

46671 readers
655 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
23
My two cent about emails servers field. Over a two decades... (lemmy.sdf.org)
submitted 2 weeks ago by Jerry_Steiner@lemmy.sdf.org to c/selfhosted@lemmy.world
27 comments fedilink hide all child comments
 

Hi,

It had been twenty year that I stopped my couples of self-hosted email servers.. ( That did run on a 10 years span )

Now, I'm digging to relaunch one.. OMG the GAFAM etc... did well screw us !!

Selected quote (I'm open for more) 

13 June 2023 10:06
You’re right. It’s a mess nowadays with email hosting because Google for example just rejects everything except the other big services even if you comply with DKIM etc. Fuck them honestly

25 November 2024, 16H57
I guess what I mean is that even a single user email system is a pain.

Want to send an email from one person to another? Stupid easy, I can do that with a single command.

Want to be able to send messages over long periods (years) to friends/family AND clients AND prospective employers (who are probably running their own email system) AND various businesses that you are trying to get support or services from? Well, okay, but the more messages you send, the more chances for some douche (or automated system) to report as spam because they think that anything other than @yahoo or @gmail is a hack-spam (I've had this happen, and had someone call me frantically telling me that my identity was stolen, and I had to tell them it was actually me; People are fucking stupid). And if you navigate all that, you still have to worry about your IP going wayward because you needed to change your infrastructure for some reason (switching regions, system types, whatever), and if that happens you basically start from scratch with an IP that might have had a shitty reputation (even if only due to range association).

And it's not just needing to maintain your IP/domain/account reputation with dumb people/systems/lists. You also need to set up SPF and DKIM or you'll be summarily rejected (even though SPF has fallen out of favor, some services still use it, or use both). One time config, sure, but not intuitive unless you work with systems all the time, and it's just a matter of time before they introduce yet another secure email verification system that you need to jam into your DNS (or server, or header, or...).

So now you're sending mail (probably), but you still have to receive it. More DNS configuration, and you have to make sure your email server never goes down, or you permanently miss any messages you might have gotten (yes, email systems are supposed to retry, but I've seen a LOT of admins at very recognizable names in email basically just retry for 15 minutes then dump the mail, rather than keeping their outbound queue backed up for multiple days).

And god help you if you set up multiple incoming servers, because now you have to deal with some kind of centralized storage, which itself also needs multiple nodes to avoid yet another SPOF. Again, not super hard by itself, but now you're basically designing multi-tiered infrastructure, which you have to maintain and pay for. We're definitely in for more than you'd end up paying for an email service, and that's not counting your personal time at all (which even a single hour of is probably double the monthly cost of an email provider's top tier offering, if you know how to manage all this crap).

TL;DR, you're still not wrong that centralization is very, very bad, but if you actually care about people receiving your messages, and not missing any important incoming messages, it's not easy to deal with. Not saying people shouldn't try it, but they need to be ready for a mountain of headaches.

I think those two post summarize well what happened...

On the technical level email are OLD ! ~1982(SMTP), and since then few revisions were released, but they only build ~~extra thing~~ complexity on top of it !! and the last revision date was in 2008 ! ( 17 year ago... )

And they are complex because of this build-up,
For the example, the list of the daemons running in docker-mailserver give a clue...

  • Postfix
  • Dovecot
  • Rspamd
  • Amavis
  • SpamAssassin
  • ClamAV
  • OpenDKIM
  • OpenDMARC
  • Fail2ban
  • Fetchmail
  • Getmail6
  • Postscreen
  • Postgrey
  • Support for LetsEncrypt, manual and self-signed certificates
  • SASLauthd with LDAP authentication
  • OAuth2 authentication

On the mass level, the GAFAM managed to convince the mass that email server (and more broadly any self-hosted (aka computing) ) is complicated, so "let's us do" that could be understand as "Let's us own your technology"

For a time I was thinking "maybe I should get away from email, that only belong the GAFAM now... and maybe found an alternative... ?" But If I found an alternative, I must convince the others to do the same... slower... way slower...

No ! , the first step is to have more and more people re-owing their technology ! So having more and more self-hosted email server again..

To reverse the tendency, instead of feeling like a black sheep (and be censored) to not have a GAFAM email. It will be people that use a GAFAM email that will pointed out ! to have deleted ( or move email to SPAM without reason etc..) your email from YourEmail@MyLittleHosting.MyPlace

If you use a none GAFAM email ( like me ), and someone tell you:
"hoo sorry I didn't get it"
"Sorry, I didn't see it, it felt in my SPAM folder" (with a tone that's your fault because you use something else than everyone else (aka GAFAM))

Please note, that legally, is their responsibility ! Whenever it was automated or not !
If your MTA[^MTA] did send your email the the recipient MTA it's their sole responsibility...\

and if the attempt has been blocked before reaching the destination MTA, by a firewall or something else on their side (even on ISP level), no matter if they own it or not, it's also their responsibility :) )

[^MTA]: Mail Transfer Agent Handles the transfer of emails between servers using SMTP

top 27 comments
sorted by: hot top controversial new old
[–] catloaf@lemm.ee 43 points 2 weeks ago (2 children)

GAFAM: Google, Apple, Facebook, Amazon, Microsoft.

[–] cecilkorik@lemmy.ca 8 points 2 weeks ago

I was reading it as "Google Apple Facebook Associated Mafia" which also works.

[–] bladewdr@infosec.pub 18 points 2 weeks ago (1 children)

The issues with IP reputation, and mail providers like Microsoft and Google choosing to make massive, sweeping email blackholes with no recourse are the real problem.

Hosting your own email is not really all that hard.

It does require some understanding of how SMTP works, and how to avoid things like backscatter - but its all very tractable.

I run my own mailserver on Linode. Granted it is a single user instance, and I don't send that much email, but I have had very few issues.

The few times I have had an issue is usually places just flat out not accepting email addresses with custom domains. (Looking at you, AutoZone... Looking at you.)

[–] catloaf@lemm.ee 7 points 2 weeks ago (1 children)

Yeah. Hosting your email is easy! Resolving being labeled as spam is not. (Filtering incoming spam is also hit or miss, but more just an annoyance than a problem.)

[–] 30p87@feddit.org 2 points 2 weeks ago

The only time I've been marked as spam (apart from being on a blocklist by default due to a residential IP, which can be resolved in minutes and a simple form) was as I sent a mail to my work account

Which was to be expected with no text content and only an attachment at a rather larger and sensitive company.

[–] cmnybo@discuss.tchncs.de 13 points 2 weeks ago (1 children)

Almost every scam email I get comes from a gmail address. If a business is not sending emails from their own domain, I automatically assume it's a scam.

[–] irmadlad@lemmy.world 8 points 2 weeks ago

This right here. If you are promoting your biz with a generic email address, it goes in the junk folder. It's 2025 people. Legit businesses use legit email addresses. I as hardnosed about my texts or phone calls. If you are not on my extensive list of friends, family, business associets or aquaintances, and you don't leave a message, you get banned as spam.

[–] anotherandrew@mbin.mixdown.ca 13 points 2 weeks ago (3 children)

There was a recent thread on reddit about this, where I wrote this comment (copied here):

I've been hosting my own email for a long time (almost 25 years).

Today it's better than it was, but there are some hurdles:

  • Microsoft has their own system, but it's reasonably easy to get listed
  • Google does their own thing, and it's IMPOSSIBLE to get anywhere
  • UCEPROTECTL3 is just a fucking extortion scam

When I switched providers, I found out I was in a "bad IP neighbourhood". Microsoft wanted a letter from my VPS provider saying that I am in control of the IP I wanted listed, and that was not too hard to get. Also, Microsoft's blacklist management is sane - you can log in, see the status, raise issues and get a hold of people. A little frustrating, but workable.

Google, on the other hand... You can't participate in their spam system unless you have a minimum volume of email, which means little guys like me who send maybe 50-100 emails a day end up in gmail's junk folders by default and there's abso-fucking-lutely nothing you can do about it. There's no one to report it to, there's no way to fight it... they simply don't care. And whether an email gets flagged as junk or not seems completely random. It has nothing to do with the content as far as I can tell. All you can do is contact people from your personal gmail and ask them to check spam/whitelist. It's been years and I'm still waiting for the "eventually your domain will get whitelisted globally" bullshit to happen.

That leaves UCEPROTECTL3. Fuck these guys sideways. They block entire ASes and no, you can't get an exception made. You can pay them to get whitelisted which is why I call them an extortion scam. They're the only blacklist I'm on and I'll be fucked if I'll pay them to get off it. Bunch of fucking pretentious scammers.

Everything else is pretty easy: DNS, DMARC, DKIM, SPF... it's hoops to jump through but not overly difficult. Ensuring you've got SMTPS set up and constraining the encryption protocols to get it tight takes some iterative work, but nothing too difficult.

I totally understand why people give up. This is a huge problem with these gigantic monolithic companies -- they hold way too much power over the internet and there's no way to hold them accountable.

[–] RaccoonBall@lemm.ee 7 points 2 weeks ago

In a moment of weakness and angry clients I once paid uce.

Shortly thereafter my credit card got stolen. That is the one time in my life that has ever happened. It was my business card which rarely get used.

Coincidence? Up to the reader.

[–] cmeerw@programming.dev 1 points 2 weeks ago (1 children)

That leaves UCEPROTECTL3

Is anyone still using them?

[–] anotherandrew@mbin.mixdown.ca 1 points 2 weeks ago

That's an excellent question. I only know of them because mxtoolbox and other checkers list them.

[–] TCB13@lemmy.world 1 points 2 weeks ago

Yeah Microsoft for what's worth does play ball, you can open complaints and they'll actually read those and act fast. Google is a total pain to deal with, even if you're on some type of google partnership they'll not do much.

[–] Onomatopoeia@lemmy.cafe 7 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I've been using email since it was text-based.

I think email for the average person is kind of dead. I rarely use it for personal comms, and it's more of a repository of receipts and the occasional password reset.

I reluctantly use it for person-to-business.

Work? That's not my concern. I use the tools that they manage.

Email is practically dead to me - it's not encrypted, and plenty of encrypted systems exist that provide equivalent, and in some ways, better functionality for personal use.

I wish companies would start embracing them.

[–] hexagonwin@lemmy.sdf.org 22 points 2 weeks ago (2 children)

email does still seem like the least bad way of receiving stuff from corpos though. I'd rather get emails than whatsapp messages or nonfree apps' push notification.

[–] hendrik@palaver.p3x.de 2 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Yes, this. And with WhatsApp or an dedicated app they're either directly on your phone. Or have your (personal) phone number. Which isn't great. With eMail you can just have another spam address. And that's more complicated with phone numbers and most people don't have a second one dedicated to spam and advertisements...

[–] Onomatopoeia@lemmy.cafe 2 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Encrypted messaging is unrelated to phone numbers. That's an issue of using apps like WhatsApp (which I refuse to use), and a beef I have with Signal (part of why I really don't trust them).

Simplex doesn't use your phone number, why would it? It's not technically difficult to solve this, it's a business/social/political issue.

Apps have no need of your telephone number, not that it isn't hard to find anyway.

[–] hendrik@palaver.p3x.de 1 points 2 weeks ago* (last edited 2 weeks ago)

Of course. These all are different issues. Encrypted messaging has nothing to do with handing out my phone number to everyone.

I can't remember why I skipped SimpleX. I tried it some time ago, maybe it sucked too much battery on my old phone... Should I have another look at it? Respectively, is it any good for someone like me who already uses a Matrix messenger? I mean not theoretically, but for every-day use.

[–] Onomatopoeia@lemmy.cafe 1 points 2 weeks ago

It's a tough call, I don't disagree at all with the concerns you pose.

However... Email is every bit as another data point for tracking you, and worse it's in the clear. Every email address I've ever used over the years is in databases with IP addresses, timestamps, locatiin/region data, last used, associated device ID's, etc... Plus any analysis from content that was ever done. Yahoo/Google, etc certainly know lots about the user of those addresses, even ones that aren't their addresses.

I'd happily use an encrypted system(s). I'd simply create multiple accounts, and isolate them in different ways.

For example, my healthcare org sends nothing through email except a notification that you have some kind of update. You then log in to their system to view the info. I do wish they'd develop an app for iOS/Android, it's a bit of a nuisance otherwise. In their defense, App dev with sensitive info isn't their forte, so at least they aren't opening that Pandora's box.

[–] Shimitar@downonthestreet.eu 6 points 2 weeks ago

Don't agree. Being hosting my email server for 20+ years without issues.

Yes you need to study, no its not difficult at all.

Check https://wiki.gardiol.org/doku.php?id=email%3Astart it's really that, and guess what? It works!

So, yes its getting more complicated but its still well at the grasp of a home hoster.

Do you want it as simple as docker compose up? Grab mailcow.

[–] smiletolerantly@awful.systems 5 points 2 weeks ago (1 children)

FWIW, I have no issues sending mails/having them be received from my self-hosted to Google mail

[–] Ghoelian@lemmy.dbzer0.com 1 points 2 weeks ago (1 children)

I also self hosted for years (using tuta mail with my own domain now), and have never had issues with my deliverability either.

[–] Ghoelian@lemmy.dbzer0.com 2 points 2 weeks ago (1 children)

Though now that I think about it, I did have to register my domain with Google in some way to stop being flagged as spam iirc.

[–] anotherandrew@mbin.mixdown.ca 2 points 2 weeks ago (1 children)

How did you do this? I have only seen the google postmaster tools and they're absolutely useless unless you are sending significant email volume. If you're a little guy they won't even give you basic reporting on deliverability.

[–] Ghoelian@lemmy.dbzer0.com 2 points 2 weeks ago

That's the one. I dong get any insights either, but iirc it did stop my emails from automatically going to spam. It's been a while though, and I remember trying a whole bunch of different things, but I believe that's what eventually fixed it.

[–] 7fb2adfb45bafcc01c80@lemmy.world 3 points 2 weeks ago

I've been running mail servers for about thirty years; my personal ones and production for 100K+ users.

The personal one is a pain for the reasons you mentioned. I use sendmail instead of postfix, but I was able to use some rules to push certain messages through other relays.

I signed up for Amazon SES and have so far stayed in their free tier. Mail coming from one of my addresses always goes through SES, and mail from any address to certain domains (aol.com, gmail.com, etc.) go through SES as well.

It allows me to ensure delivery for my important mails, but leave things up to chance for less important ones.

It's the best solution I've been able to come up with for a really annoying situation. Big Tech ruined it all.

[–] Cyberflunk@lemmy.world 2 points 2 weeks ago

https://changelog.complete.org/archives/10783-nncpnet-can-optionally-exchange-internet-email

Be the change