[kwlug-disc] Re-re-re-re hashing the idea of running your own email server.

[CrankyOldBugger]

Back to the roll-your-own-email-server idea..  Linux.com is currently
running a multipart series on building an email server, written by Carla
Shroder, at https://www.linux.com/learn/how-build-email-server-ubuntu-linux



On Thu, 15 Dec 2016 at 10:30 Chamunks <chamunks at gmail.com> wrote:

Any example of a SaaS filter because I thought that SaaS meant something
else.

On Thu, Dec 15, 2016, 10:05 AM Cedric Puddy <cedric at ccj.host> wrote:

tl;dr: I recommend using a outside SaaS inbound/outbound email filter to
keep the jerks from causing you hassle -- I think that cuts out 90% of the
hassle of running your own server.

------------
Setting up a straight-forward SMTP/POP/IMAP mail server is pretty
straightforward, most have decent implementation how-tos written; though I
might be remembering my own learning process through rose-tinted glasses --
perhaps it was harder to learn to than I remember.

I used to use Sendmail extensively, and now I use EXIM (under cPanel,
which, granted, automates several of the key points of setting up a mail
server, but costs enough that it's not practical for revenue-free
projects), but the tuning, understanding delivery rules, being able to
understand the and correct the behaviour of the system remains.

We've got tonnes of accounts in there, multiple servers, etc... but the
biggest simplifying factor that keeps the wily internet jerks at bay is
choosing to use an outsourced SaaS email filter on both inbound and
outbound email; if your goal is guaranteed privacy*, or absolute minimal
cost, then this might not be an option; for people running like me trying
to run a service, and don't want to be fighting with RBL blacklist
operators, wondering what to do when someone tries to DDOS your SMTP port,
etc, then it's very viable indeed, especially if you have a small number of
users.

The key point is that when outbound mail goes out, it goes out via the
filtering providers outbound relay nodes (and if they want to keep getting
paid, they've got to make sure those nodes stay off blacklists, etc), and
when mail comes in, the only thing they can talk to is the relay provider
(who has security and network people to deal with all the inbound crazy,
DDOS crap, etc).

Something to consider anyway; I expect to be always running mail servers
for myself and clients, and I have no plans to ever do so without a managed
filter in front of those machines.

-Cedric

*(if you believe that email can be secured, without encrypting content, and
even then that the meta-data is nothing to worry about, and the fact the
servers you communicate with can be huge info leaks you can control or
monitor ... all I'm saying is that the SaaS filter has to be considered in
context.  If you already encrypt 100% of your email body text, use smtp
mixers via Tor from a VPN exit node in Sweden, and etc, etc to accomplish
perfect info-sec, then yeah, you probably don't want or need a SaaS filter)

On 15 December 2016 at 00:06, Chamunks <chamunks at gmail.com> wrote:

I figured since I accidentally threadjacked that last conversation about
NextCloud that I would start a new one.

B.S. <bs27975.2 at gmail.com>

















*Running one's own e-mail server is always a popular topic.Any amount of
poking into the idea quickly reveals an unexpected amountof complexity and
gotchas, which can be daunting - perhaps not so muche-mail / the server
itself, but the necessary ecosystem that surroundsit in today's world. Let
alone if you expand the topic to'communications' (instant messaging,
'skype', IRC, and the like). Iexpect many skitter away from the idea rather
quickly.Yet many do it, presumably happily and successfully.[Mind you, I
thought the same thing about voip / voip.ms <http://voip.ms/>,
buteventually, especially after posts from John, Oksana, and Raul,
haven'tlooked back since.]Any favourite 'how to' links out there?(Such seem
to be a moving target, it can be hard to discern what's'current'.)*

https://mailinabox.email/ if you trust the concept of curl'ing directly to
bash.  I've been tempted to try and get all of the dependencies pulled into
one gigantic docker image and see if I can't get it running there. Just
seems kinda crazy complex it includes everything like even a damn DNS
provider so that it can just update its own DNS records which will open you
up to DDOS problems.

There are a few dockerized megalithic containers now that exist that can
theoretically ship all of the stuff you need too but I think that
MailInABox recommended via https://privacytools.io sounds like just about
the most promising.

I personally would prefer using something more like Rain Loop
<https://www.rainloop.net/> which might actually help me encourage myself
to use PGP.  I don't trust options that offer to host my PGP keys on
someone else's proprietary service but I also need to have sync.  Also, my
biggest problem is Protonmail may boast a great concept but I don't need
yet another damn app on my phone that's going to burn my battery.  It also
needs to be something that I'll actually check too so I realize modern
convenience has made this somewhat of a tall order but I don't want my
stuff in the cloud anymore.

_______________________________________________
kwlug-disc mailing list
kwlug-disc at kwlug.org
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org




-- 

|  CCj/ClearLine - Hosting and TCP/IP Network Services since 1997

|  118 Louisa Street, Kitchener, Ontario, N2H 5M3, 519-489-0478x102
<(519)%20489-0478>

\________________________________________________________

   Cedric Puddy, IS Director            cedric at ccj.host
_______________________________________________
kwlug-disc mailing list
kwlug-disc at kwlug.org
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org

_______________________________________________
kwlug-disc mailing list
kwlug-disc at kwlug.org
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20161215/f08bc117/attachment.htm>