(no title)
cubesnooper | 2 years ago
1. Switched from the GMail web interface and app to open source IMAP clients on phone and PC.
2. Switched away from gmail.com to my own domain, using Google as the provider. This was the hardest part, because I had to change my email address everywhere! It also meant setting up DMARC and SPF records for the domain.
3. Set up a VPS running an SMTP server in a MX configuration. At first I had the server relay over a VPN to a second machine in my house, but later I moved to port forwarding over the tunnel, so the VPS provider never sees the contents of my emails (as long as they’re encrypted). Of course, STARTTLS is subject to downgrade attacks, but this can be reduced somewhat with MTA-STS and DANE. And Google still saw my outgoing emails (but I receive way more private emails than I send, personally).
4. I wanted to remove the last vestige of Google, and also to hard-fail if the recipient doesn't support TLS, so I finally set up a sending SMTP server on my LAN, which routes outgoing mail through a VPN tunnel so it looks like it’s coming from the VPS instead of my home IP. The first few furtive emails I sent went straight to Google’s spam box, but the recipients marked them “not spam,” and I stopped having trouble with that. I can also send to Microsoft addresses. It’s reliable enough that I get replies whenever I expect them. Very rarely, it goes to spam, and I have to follow up with the recipient to mark it not spam—but this is very rare, and surprisingly, happens at about the frequency that it happened when I was using Google to send my mail. Really!
I took these steps months and sometimes years apart. Long enough to be 100% comfortable to move on to the next step, but I could just as easily have been satisfied and stopped at any point, and it would have been better than total dependence on the cloud. Overall maintenance effort is about inline with the other servers I run (DNS, HTTP, Minecraft).
Running your own mail is not for everybody, but “no longer practically possible” is a defeatist, demotivating overstatement.
giancarlostoro|2 years ago
cubesnooper|2 years ago
It’s really important to use a distro that you understand well and are comfortable keeping secure and up to date. For me that’s OpenBSD; for you it might be something else.
For security reasons, I recommend keeping the server setups simple, minimal, and isolated as much as possible. I have three machines: the sending server, the receiving server, and the VPS.
The VPS is the only machine directly accessible from the Internet, so it is locked down as much as possible: it forwards incoming port 25 over a WireGuard tunnel to the receiving server, it forwards traffic from a second WireGuard tunnel (from the sending server) to the Internet, and that’s it. No other services, and all other incoming and outcoming ports are blocked with the firewall. The SPF settings in my DNS list only this VPS’s IP address as a trusted sender, and the MX settings point to the VPS too.
The receiving server runs on a Raspberry Pi. Since it’s almost directly accessible from the Internet over port 25, this one’s heavily locked down too. It’s firewalled from making Internet connections except those relevant to mail receipt (incoming port 25, reverse DNS lookup, DMARC lookups, etc.). It delivers to a Maildir.
The sending server is an Intel NUC actually running two VMs, only one of which is for sending. The second VM is the viewing VM. It periodically rsyncs new mails from the receiving server to a Maildir. I interface with the Maildir directly by logging in with SSH and using command-line tools like mblaze and notmuch. This machine also runs Dovecot as an IMAP server backed by the Maildir; the IMAP is used by my phone, Thunderbird, and my self-hosted webmail (Roundcube).
The other VM, the sending VM, is what I point my mail clients’ outgoing SMTP settings to. It listens for outgoing mails from my LAN (requiring TLS client certificates for authentication), and sends them to the destination server, but with the traffic routed through the VPS so it looks like they came from there rather than a residential connection.
What I described is what I ran for a while, but over time I’ve added additional complexity for the sake of higher uptime. That’s not really necessary, since downtime was already rare and SMTP handles outages of a few hours gracefully, but like the progressive steps in my previous comment, after several months I was comfortable with my setup and wanted to push it further. Now there are two VPSes from different providers (mitigating downtime at one datacenter and the risk of being tied to one VPS provider), port forwarding to two MXes on my LAN. I’m planning to get a second ISP at home, so a VPS can have an alternate path to its MX if one ISP is down.