(no title)

> My biggest hesitance to self hosting email specifically is dealing with spam. What does that look like these days and do you have any pointers to share?

Postfix can easily be configured to reject incoming emails from senders without a reverse DNS mapping for their IP address, which makes it reject a lot of spam.

For spammers with reverse mapping greylisting still works fine, they almost never retry.

Certain commercial spammers (hello China :-0) use software which can be filtered with a just one rule matching their sending software, which is "nice" enough to display its name in their mail headers.

And last but not least spamassassin / rspamd work fine to filter whatever comes through.

In the end I get less than 10 spam emails per week. And these go into a separate mailbox filtered by good old procmail, based on spamassassin's ratings. I check the spam inbox maybe once a week for false positives and more often than not the box is empty.

The biggest issue isn't necessarily spam, it's proving you aren't spam.

I use a combination of DNSBL and SpamAssassin. Nowadays Rspamd is supposed to be better than SpamAssassin, but SpamAssassin has served me well enough so far, and I haven't gotten around to trying out Rspamd. When a spam email gets past SpamAssassin, I copy it to a special folder, which gets processed by a cron job to train SpamAssassin on it (sa-learn).

Overall the mail server is very low maintenance. I had to add SPF and DMARC a couple years ago (DKIM isn't necessary) and integrate TLS with letsencrypt (just a few lines in a config file), and sometimes a Debian upgrade requires reviewing the configuration (several years apart as well). There's really not that much to do.

I’m not sure that there is any pre made product for this, but I’ve been playing around with LLMs to identify spam, or just generally sorting emails for you. And even the self hosted models seem to be pretty good at classifying emails even without external information like spam blacklists or IP reputation.

rspamd is my go to solution. Out of the box you get a lot of protection. I use Exim as my MTA but I suggest you use Postfix if you are starting from scratch, only because you will find a lot more write ups on it.

The biggest issue is getting an IP address which is not in the banned lists. IP reputation is key along with SPF and do not send spam!

In the UK a "business" static IP address is sometimes/usually/probably/might be OK. If you are unfortunate then it is already in the lists and you can check that out at point of sign up.

You might look into IPv6 too. I managed to do the Hurricane Electric IPv6 email thing on my home connection for a laugh. That was a few years ago. It seems I need to do something more to get to Guru status.

I've been lucky never to get very much spam to my self-hosted domain, but it went to zero once I implemented geo-IP blocking for a few obvious countries and has stayed that way ever since.