Tutorials for setting up a personal email server are fine for educational purposes -- or -- if you're primarily using it to receive emails.
On the other hand, if you absolutely depend on the ability to send emails such that your recipients reliably get them, hosting your own email server is extremely tricky. One could carefully go through the checklist of SPF, DKIM, ip blacklists, etc and emails will still be rejected by MS Hotmail, GMail, Yahoo, etc. Those giants are "black boxes" when it comes to their heuristics for rejecting incoming mail as spam. E.g. your hosted email server does nothing wrong but some other bad actor on your ip block sends spam which then makes MS/Google block you because of "guilty by association". Trying to debug your "sender reputation" is not easy.
In the 1990s, I hosted my own home email server over ISDN lines. These days, I have a million other things I'd rather do than babysit a personal email server with software updates, SpamAssassin lists, etc. I get the whole decentralized ethos but it's just not worth the effort for email servers.
I've been hosting my own personal mail server for about a year. Had to go through some arcane process to be "allowed" to send mails to Hotmail and my mails have been marked as spam once or twice by Gmail, but I don't usually have problems with delivery.
Running your own mail server does require investing some time in learning the software, the protocols and all the ways spam filters will sabotage your attempts to send legitimate, non-bulk e-mail, as well as a little time for maintenance, but it's really not as bad as people say, at least in my experience. It's not something you "just" do, but it is doable.
I don't have time to reply at length on a touchscreen but this topic comes up every time someone links "how to self-host email". Saying it's extremely tricky is exaggerating. Everyone agrees it takes more work than it does to create a gmail account, but it's not that hard either.
I don't think we should dissuade people from doing it, especially if the fact that more people doing it means that it'll be easier next time because it'll be slightly more common. Many of us are in tech and the field is a small subset of the population. Even if it's a small amount of servers setup by us, that could make a noticeable on those working at bigcorps who write the hostile receivers.
MS actually have a service where you can register IP’s you own and it gives you a digest of what people have marked as spam that originated from said IP’s.
Their headers also tell you a lot, excepting the content filter one which is a bit of a black box and I don’t believe actually is purely a content filter based on messing with it.
(Responding to black box comment)
Or you do nothing wrong on your server, but another user using your mail server ends up with a compromised password, or reuses the same username/password from elsewhere as their mail login. You wake up and see thousands of outgoing emails in your mail queue, all from the spammer, followed by other users who can't send outgoing emails.
You could attempt to limit the outgoing emails per account per hour, however if that's set too low then you end up with other users who can't send out emails to their "mailing lists" consisting of hundreds of contacts, instead of using a real mailing list to manage it.
I used to (in the early 00's) manage email servers for a small company that among other things did web and email hosting for other small companies. It was annoying as hell and I will never do it again, I no longer have the patience for it.
The moment Yahoo, Microsoft or google decide that they don’t like you, you’re SOL.
Yahoo are the worst. If you try and deliver to them you get a deferral with an error message in your log with a URL. Then you have to open the link in the URL and fill in a form. They don’t have to accept the form and they ignore you for 3 months if it goes wrong.
This happens even if you’re not on an RBL and have set up DKIM and SPF properly.
Edit: you want to see the trouble we had to go to so we could run an SMTP server in AWS for outbound/abuse address inbound only and get that talking to Office 365 for internal use only. Two days of hell.
I've been self-hosting for the past 4 years and this hasn't been my experience. Things like fixing DKIM/SPF eat an hour or two occasionally, but I've never encountered an issue where the time investment overtook the learning + other benefits - it's been hands-off 364 days of the year.
I've only seen one blocked send happen -- blocked by my grandma's @att.net account. Since it happens so infrequently and nobody uses @att.net, I just re-sent from a Hotmail account instead. No issues with the other major players. But for my use-case it's easy to mitigate and if the problem persists I can invest more time in it, but one recipient blocking me in 4 years isn't bad.
It's the only way to have ownership, which is is one of the benefits I really like - Google, Yahoo, etc. still get pieces of my personal email history because nobody else self-hosts or uses PGP, which is disappointing, but I prefer it over handing one player ownership the full history.
BTW, I'm running it on the same 512MB DigitalOcean droplet that I use to host my static sites (personal website, small product sites, etc), so it's basically free since I'd need to host those things anyway, which is nice. Needs some swap though.
Edit: Not saying these points are invalid. They're certainly valid, a service like Gmail _will_ be more reliable and easier. If you're blocked for some reason or have any other email probs, there's nobody else to fix it besides you.
I've worked for a real estate webhost and a major cloud provider/isp. Both had nightmarish problems simply ensuring email delivery. It did not help that the real estate "bulk mail newsletters" were legitimate spam. At the ISP, we offered an open internal relay to customers for some reason, and thus were again legitimate spammers.
MS has 2 layers of spam blocking - one for Outlook.com, and a much stricter invisible layer for O365 with no support team.
I wrote this article because I couldn't really find a good email tutorial that included DNS setup. I hope this helps you out. It's 2017 and it's surprisingly difficult to set up an email server, but hopefully this will make it a little bit easier. Please let me know if you need any help or you think I missed something major :D
Alas, you haven't extended the self-hosting idea to your blogging. You publish on Blogger, which throws out some garbled js, and otherwise refuses to show up on my screen.
Thanks for writing it. Do you intend to include a reverse DNS record for IPv6? I remember doing it once and the syntax was mind-bending. Here is a generator: http://rdns6.com/hostRecord
I wrote my own receive-only Haraka-based server. The web UI is pretty simple: x-y matrix of small blocks representing received emails with basic info (subject and from address). A column is the account. Clicking an email block brings up full text or html mime content (not rendered).
It’s setup to receive everything that’s sent to it, which means I occasionally have to delete rando spam. TLS is setup too. But it’s an interesting system because you can keep tabs on what exactly you are receiving per service (e.g. using [email protected]), and maybe one day will tip me off to services giving away email addresses.
I've been signing up on sites using unique addresses for each one for about 10 years. I've had two addresses that eventually started receiving spam, one for a small local business and one for Adobe. I'm sure both were due to hacks of those sites, not the customer addresses being sold.
I have been running my own mail server for a number of years. I recently was forced to move to a new IP. I had to get my server listed on DNSWL, then send in manual requests to Microsoft, AOL, and Yahoo to not block my email because they all seem to deny by default.
I also ran through a couple of IPs with my provider before I found one that wasn't on any meaningful RBLs (my IP's on SpamGrouper, but that list is clearly run by an insane person and nobody seems to use it).
As other people point out, some mail providers are just complete assholes and will blackhole your mail with no indication to the sender or recipient that it happened.
Echoing to other's thoughts that hosting a server on your own would probably flag you in spam and just be a very tiresome process.
A reasonably good and cheap service I could not recommend enough is https://www.migadu.com . They allow you to use unlimited email domains, storage, addresses with the only limit being on total daily outgoing emails. The mini plan allows 100 outgoing emails a day which is more than sufficient for most of my purposes.
Cool article. I personally use Virtualmin for this, it's very easy to set up, you can manage hosting and mail accounts for a bunch of different domains, easily do backups via S3, easy to set up SPF and DKIM, has a good web admin interface, easy to set up automatic updates, etc.
By the way, here's the obligatory HN-style critic of the format, not the content: the blog template in this is a little annoying, it fiddles with scrolling by making it really slow on Safari on Mac, and Reader mode doesn't work.
Virtualmin looks pretty cool, that looks like a great option.
Yeah thanks for the feedback, I need to get around to self-hosting my blog as well. I set up blogger a few years ago and I never got around to changing it.
Just another data point: I've been running my own mail for more than 6 years and I've never had a problem with receivers.
Hosted on a cheap Strato VServer in Germany, I've never cared for the technical details, could not explain right now what DKIM and SPF are (and they're not configured), and only recently installed a self-signed SSL certificate in my Exim configuration to be able to use it with a Desktop client for submission (pretty sure outbound traffic still runs unencrypted).
This is very interesting. Recently I realized that if tomorrow the big G decides to take over or close my email address I lose access to all my online accounts.
Step one to freedom was to use my own domain, redirected to my old account, but I'm seriously thinking about doing it all myself.
But keeping a whole server up to date, secure, etc.... that's a full time job. Is there a good solution?
I have been down that route before. My realization come when I was blocked out of my main GMail account for ~24 hours. I have consider setting up my own email server, but in the end I just use FastMail (paid plan).
However, that $2 per user per month only applies if you buy a minimum of 5 user licences, so it worked out more expensive for me than the 5 Euros a month for ProtonMail Plus:
Keeping the server up to date and secure is mostly done by your distro maintainers. The only issues you will have to deal with is configuration and deliverability.
To me it falls under the same category as assembling my own computer. I can do it but to me it's not worth the trouble.
Between DKIM, DMARC, and SPF, security, backup strategy, the fact if you are an open relay for even a day a bot net will find you and get your IP blacklisted for life... or an ISP could just blacklist you because they saw other spam from your same subnet on a shared hosting provider...
Granted this article covers a lot of that (it talks about DKIM, DMARC, and SPF) I'm still counting this as one of the things I outsource.
Friends don't let friends host their own email. It's just not worth the hassle these days unless you're managing hundreds of accounts and it's a full time endeavour.
Even at the hundreds level, I'm sure there are people who'd rather outsource. It's not just email that these guys (Gmail, Outlook, Fastmail, etc) provide.
I've been hosting my own email server for 10 years until a couple of weeks ago, when I switched everything to gsuite. During the sign up process there is a step claiming "email just got awesome". That's as close of a description of my experience so far as you can possibly get. Email just got awesome.
[+] [-] jasode|8 years ago|reply
On the other hand, if you absolutely depend on the ability to send emails such that your recipients reliably get them, hosting your own email server is extremely tricky. One could carefully go through the checklist of SPF, DKIM, ip blacklists, etc and emails will still be rejected by MS Hotmail, GMail, Yahoo, etc. Those giants are "black boxes" when it comes to their heuristics for rejecting incoming mail as spam. E.g. your hosted email server does nothing wrong but some other bad actor on your ip block sends spam which then makes MS/Google block you because of "guilty by association". Trying to debug your "sender reputation" is not easy.
In the 1990s, I hosted my own home email server over ISDN lines. These days, I have a million other things I'd rather do than babysit a personal email server with software updates, SpamAssassin lists, etc. I get the whole decentralized ethos but it's just not worth the effort for email servers.
[+] [-] insertnickname|8 years ago|reply
Running your own mail server does require investing some time in learning the software, the protocols and all the ways spam filters will sabotage your attempts to send legitimate, non-bulk e-mail, as well as a little time for maintenance, but it's really not as bad as people say, at least in my experience. It's not something you "just" do, but it is doable.
[+] [-] lucb1e|8 years ago|reply
I don't think we should dissuade people from doing it, especially if the fact that more people doing it means that it'll be easier next time because it'll be slightly more common. Many of us are in tech and the field is a small subset of the population. Even if it's a small amount of servers setup by us, that could make a noticeable on those working at bigcorps who write the hostile receivers.
[+] [-] Neil44|8 years ago|reply
[+] [-] SudoAlex|8 years ago|reply
You could attempt to limit the outgoing emails per account per hour, however if that's set too low then you end up with other users who can't send out emails to their "mailing lists" consisting of hundreds of contacts, instead of using a real mailing list to manage it.
The effort just isn't worth it.
[+] [-] eric_h|8 years ago|reply
[+] [-] tjoff|8 years ago|reply
Is this an urban legend that just keeps getting repeated?
[+] [-] dk28|8 years ago|reply
[deleted]
[+] [-] cjsuk|8 years ago|reply
The moment Yahoo, Microsoft or google decide that they don’t like you, you’re SOL.
Yahoo are the worst. If you try and deliver to them you get a deferral with an error message in your log with a URL. Then you have to open the link in the URL and fill in a form. They don’t have to accept the form and they ignore you for 3 months if it goes wrong.
This happens even if you’re not on an RBL and have set up DKIM and SPF properly.
Edit: you want to see the trouble we had to go to so we could run an SMTP server in AWS for outbound/abuse address inbound only and get that talking to Office 365 for internal use only. Two days of hell.
[+] [-] jankins|8 years ago|reply
I've only seen one blocked send happen -- blocked by my grandma's @att.net account. Since it happens so infrequently and nobody uses @att.net, I just re-sent from a Hotmail account instead. No issues with the other major players. But for my use-case it's easy to mitigate and if the problem persists I can invest more time in it, but one recipient blocking me in 4 years isn't bad.
It's the only way to have ownership, which is is one of the benefits I really like - Google, Yahoo, etc. still get pieces of my personal email history because nobody else self-hosts or uses PGP, which is disappointing, but I prefer it over handing one player ownership the full history.
BTW, I'm running it on the same 512MB DigitalOcean droplet that I use to host my static sites (personal website, small product sites, etc), so it's basically free since I'd need to host those things anyway, which is nice. Needs some swap though.
Edit: Not saying these points are invalid. They're certainly valid, a service like Gmail _will_ be more reliable and easier. If you're blocked for some reason or have any other email probs, there's nobody else to fix it besides you.
[+] [-] stephengillie|8 years ago|reply
MS has 2 layers of spam blocking - one for Outlook.com, and a much stricter invisible layer for O365 with no support team.
[+] [-] kuczmama|8 years ago|reply
[+] [-] interfixus|8 years ago|reply
[+] [-] buovjaga|8 years ago|reply
[+] [-] fiatpandas|8 years ago|reply
It’s setup to receive everything that’s sent to it, which means I occasionally have to delete rando spam. TLS is setup too. But it’s an interesting system because you can keep tabs on what exactly you are receiving per service (e.g. using [email protected]), and maybe one day will tip me off to services giving away email addresses.
Otherwise I’m using gmail for personal sending.
[+] [-] extra88|8 years ago|reply
[+] [-] ryan-c|8 years ago|reply
I also ran through a couple of IPs with my provider before I found one that wasn't on any meaningful RBLs (my IP's on SpamGrouper, but that list is clearly run by an insane person and nobody seems to use it).
As other people point out, some mail providers are just complete assholes and will blackhole your mail with no indication to the sender or recipient that it happened.
[+] [-] prashnts|8 years ago|reply
A reasonably good and cheap service I could not recommend enough is https://www.migadu.com . They allow you to use unlimited email domains, storage, addresses with the only limit being on total daily outgoing emails. The mini plan allows 100 outgoing emails a day which is more than sufficient for most of my purposes.
[+] [-] fredsted|8 years ago|reply
By the way, here's the obligatory HN-style critic of the format, not the content: the blog template in this is a little annoying, it fiddles with scrolling by making it really slow on Safari on Mac, and Reader mode doesn't work.
[+] [-] kuczmama|8 years ago|reply
Yeah thanks for the feedback, I need to get around to self-hosting my blog as well. I set up blogger a few years ago and I never got around to changing it.
[+] [-] jstimpfle|8 years ago|reply
Hosted on a cheap Strato VServer in Germany, I've never cared for the technical details, could not explain right now what DKIM and SPF are (and they're not configured), and only recently installed a self-signed SSL certificate in my Exim configuration to be able to use it with a Desktop client for submission (pretty sure outbound traffic still runs unencrypted).
[+] [-] MrPatan|8 years ago|reply
Step one to freedom was to use my own domain, redirected to my old account, but I'm seriously thinking about doing it all myself.
But keeping a whole server up to date, secure, etc.... that's a full time job. Is there a good solution?
[+] [-] innocenat|8 years ago|reply
[+] [-] qznc|8 years ago|reply
[+] [-] ZenoArrow|8 years ago|reply
I recently signed up for ProtonMail.
https://protonmail.com/
I wanted a reasonably cheap and secure email service that allowed me to use custom domains. Proton Mail seemed like a good fit. No complaints so far.
One other option that I almost went with was Rackspace Webmail:
https://www.rackspace.com/en-gb/email-hosting/webmail
However, that $2 per user per month only applies if you buy a minimum of 5 user licences, so it worked out more expensive for me than the 5 Euros a month for ProtonMail Plus:
https://protonmail.com/pricing
[+] [-] blfr|8 years ago|reply
[+] [-] throwaway2016a|8 years ago|reply
To me it falls under the same category as assembling my own computer. I can do it but to me it's not worth the trouble.
Between DKIM, DMARC, and SPF, security, backup strategy, the fact if you are an open relay for even a day a bot net will find you and get your IP blacklisted for life... or an ISP could just blacklist you because they saw other spam from your same subnet on a shared hosting provider...
Granted this article covers a lot of that (it talks about DKIM, DMARC, and SPF) I'm still counting this as one of the things I outsource.
[+] [-] oliwarner|8 years ago|reply
Even at the hundreds level, I'm sure there are people who'd rather outsource. It's not just email that these guys (Gmail, Outlook, Fastmail, etc) provide.
[+] [-] cedivad|8 years ago|reply
[+] [-] cygned|8 years ago|reply
We used this to setup a multi-domain email server. Works reliably and fast at both sending and receiving mail.
[+] [-] tramtrist|8 years ago|reply
[+] [-] clemenspw|8 years ago|reply
[+] [-] azr79|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] luord|8 years ago|reply
[+] [-] apple4ever|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]