So, as the topic says, I’m going to set up a self hosted email service for myself, family and friends. I know that this one is a controversial topic around here, but trust me when I say I know what I’m getting into. I’ve had a small hosting business for years and I’ve had my share of issues with microsoft and others, I know how to set things up and keep them running and so on.

However, on the business side we used both commercial solution and a dirt-cheap service with just IMAPS/SMTPS and webmail with roundcube. Commercial one (Kerio Connect, neat piece of software, check it out if you need one) is something I don’t want to pay for anymore (even if their pricing is pretty decent, it’s still money out from my pocket).

I know for sure I can rely to bog-standard postfix+dovecot+spamassassin -combo, and it will work just fine for plain email. However, I’d really like to have calendar and contacts in the mix as well and as I’ve only worked with commercial solution for the last few years I’m not up to speed on what the newest toys can offer.

I’m not that strict on anything, but the thing needs to run on linux and it must have the most basic standards supported, like messages stored on maildir-format (simplifies migration to other platform if things change), support for sieve (or other commonly supported protocol) and contacts/calendar need to work with pretty much anything (android, ios, linux, windows, mac…) without extra software on client end (*DAV excluded, those are fine in my books). And obviously the thing needs to work with imaps, smtps, dkim and other necessities, but that should be implied anyways.

I know that things like zimbra, sogo and iredmail exist, but as mentioned, it’s been a while since I’ve played with things like that, so what are your recommendations for setup like this today?

  • Neo@lemmy.hacktheplanet.be
    link
    fedilink
    English
    arrow-up
    19
    ·
    29 days ago

    You may have already read this but I always think back to this blog post about self hosted email:

    TLDR;

    • Mail is not hard: people keep repeating that because they read it, not because they tried it
    • Big Mailer Corps are quite happy with that myth, it keeps their userbase growing
    • Big Mailer Corps control a large percentage of the e-mail address space which is good for none of us
    • It’s ok that people have their e-mails hosted at Big Mailer Corps as long as there’s enough people outside too

    https://poolp.org/posts/2019-08-30/you-should-not-run-your-mail-server-because-mail-is-hard/

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      5
      ·
      28 days ago

      My problem is what happens if my internet goes down when there’s an important email or something. I suppose I could run it on a VPS just in case, but that’s still not as reliable as an email service, nor is it necessarily cheaper.

      So I pay for Tuta email. It’s €3/month, supports my custom domains, and generally works pretty well. My VPS costs €4.5/month, and I may get rid of it once my city finishes rolling out fiber because I only need it due to CGNAT. Neither is particularly expensive, but Tuta is really good value for what I get. If my family members want to join, costs will go up (€3/user), so I may consider switching if that happens.

      • rumba@lemmy.zip
        link
        fedilink
        English
        arrow-up
        6
        ·
        28 days ago

        SMTP retries. It’s resilient. If it fails a couple of connections it’ll even let the other side know it happened and when it’s going to retry. If it can’t get it to you in a couple of days it’ll let them know it was not able to deliver.

        The rest stands true, hosted Mail is dirt cheap and is more reliable I’m trying to host it in a non-professional capacity.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          28 days ago

          Ah, interesting. I have two domains, one for personal (family and friends) and one for online crap, so maybe I’ll try moving one to be self-hosted. Or maybe use one of my other domains (I have several).

      • Illecors@lemmy.cafe
        link
        fedilink
        English
        arrow-up
        2
        ·
        27 days ago

        You won’t be able to host email on a residential IP - all of them are on a permanent blacklist. I understand the money argument - and it’s a real argument - but host your own email is just so cool!

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          27 days ago

          Good point. Does the same hold for popular VPS services? I’m behind CGNAT so I need a VPS regardless, but others may prefer to have it at a VPS if they want to mitigate extended service disruption (i.e. equipment dies while they’re on vacation).

          • Illecors@lemmy.cafe
            link
            fedilink
            English
            arrow-up
            2
            ·
            27 days ago

            No, comercial IPs are fine. You’ll have trouble with some of them - Digital Ocean is a notorious example - where the provider itself blocks outbound port 25 and there’s nothing you can do. I think DO only does that for new accounts.

            I myself am running it on Linode - it did get purchased by Akamai a couple of years ago, so I can no longer blindly recommend it - but so far it’s been working fine. One thing I did recently discover was the ability to request a /56 block on Linode - my pre-assigned IPv6 got blacklisted somewhere as at least the whole /64 and simply generating another IP from the same /64 did not help. Getting a fresh block solved it for me, though, and now I know that if this /56 gets blacklisted - it’s my fault. Unless, of course, I get caught up in a /48… 😳

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              27 days ago

              Cool. I’m w/ Hetzner, and it seems they will unblock port 25 if you ask nicely and provide a good reason (and surely hosting your own email service is a good reason). They don’t look at those requests until after your first month, and I’ve been with them for several months now from when I ditched Vultr (had been with them for years) due to their stupid UI-blocking EULA accept popup when they added forced abitration. Hetzner also has forced arbitration, but so far I haven’t been forced to accept new terms in order to continue using services I’ve paid for, so I’m giving them a chance.

              So yeah, I’ll definitely try playing with it with one of my domains. I currently use two, and I can play around with a third that’s connected to the domain I use for remote access to my self-hosted things.

              And good luck! Hopefully you don’t get screwed over again.

  • SK@hub.utsukta.org
    link
    fedilink
    arrow-up
    17
    ·
    29 days ago

    I’ve been using mailcow for about a year and i am very satisfied, it checks all your boxes and is easy to configure and deploy over docker.

    • Monkey With A Shell@lemmy.socdojo.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      29 days ago

      Just beat me to it…

      The one thing that they don’t have yet last I updated, though they’ve been working on it for a while, is a prod ready LDAP/SSO connection. I had the dev branch working with Keycloak, but never got plain LDAP to function.

    • liliumstar@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      29 days ago

      Second this. Mailcow very easy to setup, though the docs could use improvement. This might have changed already.

      That said, I found it easier to pay for a domain and email service where they worry about reputation and random microsoft blacklists.

      • Neo@lemmy.hacktheplanet.be
        link
        fedilink
        English
        arrow-up
        2
        ·
        29 days ago

        Yeah, Microsoft are the worst. Even after doing all the proof of work (reverse DNS, DKIM, SPF, …) and registering for their spam prevention postmaster tools equivalent, I still found myself randomly blocked for delivery sometimes.

    • Matthias Klein@lemmy.klein.ruhr
      link
      fedilink
      English
      arrow-up
      1
      ·
      27 days ago

      I also use Mailcow with three domains (one business). No problems with it from day one. Updates run regularly and smoothly like clockwork. I am happy to recommend it to others.

      • rhabarba@feddit.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        27 days ago

        I am happy to recommend it to others.

        If they ever support non-Docker systems again, I might be curious. Right now, I couldn’t even use that.

  • Neo@lemmy.hacktheplanet.be
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    29 days ago

    Great plan! We need more independently hosted email. I’ve been self hosting email for 20 years. Still running Postfix and Dovecot, but don’t have all the features you’d like though. I just wanted to chime in that I’ve moved from spamassassin to rspamd. And I’m happy about that. Given your experience in the hosting business I think you’ll like rspamd. One thing I have changed since a few months is have outgoing mail go through Amazon SES. I moved hosting from Linode to Hetzner and that turned out to be not so great for outbound delivery reputation. I didn’t want to migrate back to Linode so I bit the bullet and compromised with SES. That has been really working well, but I admit it is a bit of a step back from fully self hosting.

    • Admiral Patrick@dubvee.org
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      29 days ago

      What’s the benefit of rspamd over SA? I’ve used SA since I first setup my mail stack years ago, and it’s been great. Cron jobs run nightly to train based on the contents of all the mailboxes’ .spam folders, so it’s only gotten better with time.

      Not judging, just curious.

      • Neo@lemmy.hacktheplanet.be
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        29 days ago

        I believe the ISPMail tutorials I was following during my rebuild recommended it as the successor to self hosted anti spam. Touting better performance, written in C vs. Perl for spamassassin iirc. The tutorials may have indicated that SA was no longer actively maintained, but that may be a figment of my imagination. Better fact check all of this. But I’ve been very happy with rspamd’s web interface to see what’s going on with the process. There’s a great history view in the dashboard that helps you better understand why a message got flagged as spam. It helped me better fine tune white and blacklists for example. Supposedly it also has a rich module system to enable more advanced filtering techniques like LLM’s and whatnot. But I haven’t looked into that yet. Granted rspamd is also used by ISPs that have massive throughput. I’m definitely not in that category :p

  • CaptSpify@lemmy.today
    link
    fedilink
    English
    arrow-up
    5
    ·
    29 days ago

    I have Dovecot and Postfix running on Debian on a server in my closet. Works great for my needs

    • Lucy :3@feddit.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      29 days ago

      Same (but arch btw). It uses the existing Let’s Encrypt certificate from certbot --nginx. I did everything possible advised by mxtoolbox (Blocklists, DMARC, SPF, DKIM, LIGMA and whatnot). Some things are hard or impossible, but not really needed, like reverse dns or DNS SOA.

      • IsoKiero@sopuli.xyzOP
        link
        fedilink
        English
        arrow-up
        3
        ·
        28 days ago

        Oh, I forgot to mention, I’m going to run the whole thing on a VPS, so I’ll have access to proper reverse dns and all, so that’s not an issue.

    • treadful@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      ·
      28 days ago

      I like exim a bit more but yeah. The dead simple solution is my goto. It can be tricky without any experience but there’s a ton of information out there.

      And once you set it up your pretty good almost indefinitely.

  • rhabarba@feddit.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    27 days ago

    Honestly, what I use is not what I would recommend. ;-) My own setup follows these directions (TL;DR: OpenBSD, as much OOTB OpenBSD software as possible, and Dovecot.)

  • SwizzleStick@lemmy.zip
    link
    fedilink
    English
    arrow-up
    2
    ·
    29 days ago

    I’ve stuck with iredmail for years. Spin up a VM, grab the installer, and see how it performs for you.

  • dingdongitsabear@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    29 days ago

    this isn’t addressing the technical side per se, but consider your user’s rebelling factor, i.e. them passively resisting using the stuff you provide and sticking with corpo-crap.

    not to go into details, but I’ve got a number of opensource solutions in place for various clients. we have huge some issues with users who need to be corralled and coerced into using the provided messengers, web portals, and such. some resist out of habit, other’s because they prefer the infinitely more polished UX of assorted spyware as opposed to the janky feel and rather rudimental features of opensource alternatives (think gmail vs roundcube).

    • IsoKiero@sopuli.xyzOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      29 days ago

      The couple of domains have been running on my company so the userbase is already there, but as I’m shutting down the business side they need to move to something else. And I don’t really care if users want to switch to something else, that’s not my problem.

    • Zak@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      29 days ago

      I’ve been using Maddy for about a year. It’s easy to set up and has been trouble free.