this post was submitted on 23 Nov 2024
81 points (94.5% liked)

Selfhosted

40296 readers
483 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
81
Self hosting email, what's the latest and greatest what FOSS can offer? (sopuli.xyz)
submitted 1 day ago by [email protected] to c/[email protected]
35 comments fedilink hide all child comments
 

So, as the topic says, I'm going to set up a self hosted email service for myself, family and friends. I know that this one is a controversial topic around here, but trust me when I say I know what I'm getting into. I've had a small hosting business for years and I've had my share of issues with microsoft and others, I know how to set things up and keep them running and so on.

However, on the business side we used both commercial solution and a dirt-cheap service with just IMAPS/SMTPS and webmail with roundcube. Commercial one (Kerio Connect, neat piece of software, check it out if you need one) is something I don't want to pay for anymore (even if their pricing is pretty decent, it's still money out from my pocket).

I know for sure I can rely to bog-standard postfix+dovecot+spamassassin -combo, and it will work just fine for plain email. However, I'd really like to have calendar and contacts in the mix as well and as I've only worked with commercial solution for the last few years I'm not up to speed on what the newest toys can offer.

I'm not that strict on anything, but the thing needs to run on linux and it must have the most basic standards supported, like messages stored on maildir-format (simplifies migration to other platform if things change), support for sieve (or other commonly supported protocol) and contacts/calendar need to work with pretty much anything (android, ios, linux, windows, mac...) without extra software on client end (*DAV excluded, those are fine in my books). And obviously the thing needs to work with imaps, smtps, dkim and other necessities, but that should be implied anyways.

I know that things like zimbra, sogo and iredmail exist, but as mentioned, it's been a while since I've played with things like that, so what are your recommendations for setup like this today?

top 35 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 3 hours ago

Has anyone here used Mox? It looks interesting, but maybe a little immature.

[–] [email protected] 1 points 3 hours ago

I have been using modoboa, my installation is fine as far as it goes, but coming up a little short technologically these days, and the upgrade path is total replace. If you have or install Docker on your server, there are poste.io and docker-mailsever,which both look good. Running your mailserver in a container or VM is almost essential, for security, and so you can blow it away and start over if you make a mistake.

Running an email server is not necessarily hard, but it is stressful: if you have other users, even family, they will take it for granted when it works, and complain loudly when it does not. Like any server that others use. But, beyond security, I have a certain stubborn geek machismo about it, it's a level of sysadmin above basic.

[–] [email protected] 10 points 11 hours ago (2 children)

You may have already read this but I always think back to this blog post about self hosted email:

TLDR;

  • Mail is not hard: people keep repeating that because they read it, not because they tried it
  • Big Mailer Corps are quite happy with that myth, it keeps their userbase growing
  • Big Mailer Corps control a large percentage of the e-mail address space which is good for none of us
  • It's ok that people have their e-mails hosted at Big Mailer Corps as long as there's enough people outside too

https://poolp.org/posts/2019-08-30/you-should-not-run-your-mail-server-because-mail-is-hard/

[–] [email protected] 2 points 3 hours ago (1 children)

My problem is what happens if my internet goes down when there's an important email or something. I suppose I could run it on a VPS just in case, but that's still not as reliable as an email service, nor is it necessarily cheaper.

So I pay for Tuta email. It's €3/month, supports my custom domains, and generally works pretty well. My VPS costs €4.5/month, and I may get rid of it once my city finishes rolling out fiber because I only need it due to CGNAT. Neither is particularly expensive, but Tuta is really good value for what I get. If my family members want to join, costs will go up (€3/user), so I may consider switching if that happens.

[–] rumba 2 points 36 minutes ago (1 children)

SMTP retries. It's resilient. If it fails a couple of connections it'll even let the other side know it happened and when it's going to retry. If it can't get it to you in a couple of days it'll let them know it was not able to deliver.

The rest stands true, hosted Mail is dirt cheap and is more reliable I'm trying to host it in a non-professional capacity.

[–] [email protected] 1 points 25 minutes ago

Ah, interesting. I have two domains, one for personal (family and friends) and one for online crap, so maybe I'll try moving one to be self-hosted. Or maybe use one of my other domains (I have several).

[–] [email protected] 2 points 6 hours ago

Well, from personal (professional) experience Email is hard.

[–] [email protected] 24 points 18 hours ago (1 children)

For self-hosting, be mindful IP addresses have reputation scores and your IP needs to build them up positively. You need to have reverse DNS set, DKIM, SPF records etc for a more trusted reputation, domain reputation etc to not be flagged and sent to spam folders. I just got the $1/month Proton E-Mail for 10 addresses for 1 custom domain as I didn't feel like dealing with any of this with self hosting, but props for going the self-hosting route.

[–] [email protected] 8 points 15 hours ago (1 children)

ISPs often have SMTP relay servers. If you hook into that, your mail gets instant street cred.

[–] [email protected] 5 points 11 hours ago

Amazon SES is good for this too. I use it in combination with postfix for the outbound mail. Granted it feels a bit like cheating on the whole self hosting part, at least for outbound. And I only started doing it in the past year of self hosting for 20 years. MS (Hotmail, Outlook, Office 365) was by far the biggest asshole in randomly denying delivery from my (well maintained reputation wise and well configured) outbound IP before switching to an SES relay. Fuck em, seriously. It’s not just about preventing spam, it’s clearly a strategy towards email dominance. Other big players are guilty of this too though.

[–] [email protected] 12 points 20 hours ago (1 children)

I've been playing with Stalwart-Email as a combined SMTP/IMAP server. Its open source and written in rust, still pretty early in development and I haven't played with it enough to give any real opinion on the pluses or minuses compared to other software, but its worth taking a look at.

[–] [email protected] 1 points 11 hours ago

I'm also using Stalwart! It just works!

[–] [email protected] 16 points 1 day ago (4 children)

I've been using mailcow for about a year and i am very satisfied, it checks all your boxes and is easy to configure and deploy over docker.

[–] [email protected] 2 points 14 hours ago

Mailcow-dockerized is bulletproof. Never had a problem with it and has been rock solid.

[–] [email protected] 1 points 15 hours ago (1 children)

Second this. Mailcow very easy to setup, though the docs could use improvement. This might have changed already.

That said, I found it easier to pay for a domain and email service where they worry about reputation and random microsoft blacklists.

[–] [email protected] 2 points 11 hours ago

Yeah, Microsoft are the worst. Even after doing all the proof of work (reverse DNS, DKIM, SPF, …) and registering for their spam prevention postmaster tools equivalent, I still found myself randomly blocked for delivery sometimes.

[–] [email protected] 3 points 1 day ago (1 children)

Just beat me to it...

The one thing that they don't have yet last I updated, though they've been working on it for a while, is a prod ready LDAP/SSO connection. I had the dev branch working with Keycloak, but never got plain LDAP to function.

[–] [email protected] 1 points 1 day ago (1 children)

@ShellMonkey I use the Generic OIDC option, havent tried LDAP.

[–] [email protected] 1 points 1 day ago

I tend to keep things simple so if I can it's easier to not set up the separate auth middleware when there's already an AD comparable system in place.

Another option I've used before is called Neth Server, but that's more one of those SOHO all-in-one systems rather than a dedicated mail box.

https://community.nethserver.org/

[–] [email protected] 1 points 21 hours ago

Another container-based alternative in that space is Mailu.

[–] [email protected] 12 points 1 day ago (1 children)

Great plan! We need more independently hosted email. I’ve been self hosting email for 20 years. Still running Postfix and Dovecot, but don’t have all the features you’d like though. I just wanted to chime in that I’ve moved from spamassassin to rspamd. And I’m happy about that. Given your experience in the hosting business I think you’ll like rspamd. One thing I have changed since a few months is have outgoing mail go through Amazon SES. I moved hosting from Linode to Hetzner and that turned out to be not so great for outbound delivery reputation. I didn’t want to migrate back to Linode so I bit the bullet and compromised with SES. That has been really working well, but I admit it is a bit of a step back from fully self hosting.

[–] [email protected] 4 points 23 hours ago* (last edited 23 hours ago) (1 children)

What's the benefit of rspamd over SA? I've used SA since I first setup my mail stack years ago, and it's been great. Cron jobs run nightly to train based on the contents of all the mailboxes' .spam folders, so it's only gotten better with time.

Not judging, just curious.

[–] [email protected] 2 points 11 hours ago* (last edited 11 hours ago)

I believe the ISPMail tutorials I was following during my rebuild recommended it as the successor to self hosted anti spam. Touting better performance, written in C vs. Perl for spamassassin iirc. The tutorials may have indicated that SA was no longer actively maintained, but that may be a figment of my imagination. Better fact check all of this. But I’ve been very happy with rspamd’s web interface to see what’s going on with the process. There’s a great history view in the dashboard that helps you better understand why a message got flagged as spam. It helped me better fine tune white and blacklists for example. Supposedly it also has a rich module system to enable more advanced filtering techniques like LLM’s and whatnot. But I haven’t looked into that yet. Granted rspamd is also used by ISPs that have massive throughput. I’m definitely not in that category :p

[–] [email protected] 0 points 10 hours ago* (last edited 10 hours ago) (1 children)

this isn't addressing the technical side per se, but consider your user's rebelling factor, i.e. them passively resisting using the stuff you provide and sticking with corpo-crap.

not to go into details, but I've got a number of opensource solutions in place for various clients. we have ~~huge~~ some issues with users who need to be corralled and coerced into using the provided messengers, web portals, and such. some resist out of habit, other's because they prefer the infinitely more polished UX of assorted spyware as opposed to the janky feel and rather rudimental features of opensource alternatives (think gmail vs roundcube).

[–] [email protected] 2 points 10 hours ago* (last edited 10 hours ago)

The couple of domains have been running on my company so the userbase is already there, but as I'm shutting down the business side they need to move to something else. And I don't really care if users want to switch to something else, that's not my problem.

[–] [email protected] 4 points 21 hours ago

You can do calendar and contacts separate from email. Try Radicale. I've been using it for years.

[–] [email protected] 1 points 16 hours ago

I've been using Poste.io for about 2 years on a vps from Netcup. It has caldav/carddav built in. I also use Radicale and Baikal for caldav/carddav.

[–] [email protected] 5 points 1 day ago (1 children)

I have Dovecot and Postfix running on Debian on a server in my closet. Works great for my needs

[–] [email protected] 3 points 17 hours ago (1 children)

Same (but arch btw). It uses the existing Let's Encrypt certificate from certbot --nginx. I did everything possible advised by mxtoolbox (Blocklists, DMARC, SPF, DKIM, LIGMA and whatnot). Some things are hard or impossible, but not really needed, like reverse dns or DNS SOA.

[–] [email protected] 3 points 6 hours ago

Oh, I forgot to mention, I'm going to run the whole thing on a VPS, so I'll have access to proper reverse dns and all, so that's not an issue.

[–] [email protected] 4 points 1 day ago

Check out Mail-in-a-Box

[–] [email protected] 2 points 1 day ago (1 children)

It doesn't answer your questions about calendar and contacts, but you might still find it interesting to take a look at this project:

https://maddy.email/

[–] [email protected] 2 points 7 hours ago

I've been using Maddy for about a year. It's easy to set up and has been trouble free.

[–] swizzlestick 2 points 1 day ago

I've stuck with iredmail for years. Spin up a VM, grab the installer, and see how it performs for you.

[–] [email protected] 2 points 1 day ago

@IsoKiero I don't know about "latest and greatest", but your bog-standard solution seems about right; just add radicale into the mix, and you've got calendaring and contacts.