So, as the topic says, I'm going to set up a self hosted email service for myself, family and friends. I know that this one is a controversial topic around here, but trust me when I say I know what I'm getting into. I've had a small hosting business for years and I've had my share of issues with microsoft and others, I know how to set things up and keep them running and so on.
However, on the business side we used both commercial solution and a dirt-cheap service with just IMAPS/SMTPS and webmail with roundcube. Commercial one (Kerio Connect, neat piece of software, check it out if you need one) is something I don't want to pay for anymore (even if their pricing is pretty decent, it's still money out from my pocket).
I know for sure I can rely to bog-standard postfix+dovecot+spamassassin -combo, and it will work just fine for plain email. However, I'd really like to have calendar and contacts in the mix as well and as I've only worked with commercial solution for the last few years I'm not up to speed on what the newest toys can offer.
I'm not that strict on anything, but the thing needs to run on linux and it must have the most basic standards supported, like messages stored on maildir-format (simplifies migration to other platform if things change), support for sieve (or other commonly supported protocol) and contacts/calendar need to work with pretty much anything (android, ios, linux, windows, mac...) without extra software on client end (*DAV excluded, those are fine in my books). And obviously the thing needs to work with imaps, smtps, dkim and other necessities, but that should be implied anyways.
I know that things like zimbra, sogo and iredmail exist, but as mentioned, it's been a while since I've played with things like that, so what are your recommendations for setup like this today?
You may have already read this but I always think back to this blog post about self hosted email:
TLDR;
https://poolp.org/posts/2019-08-30/you-should-not-run-your-mail-server-because-mail-is-hard/
You're not wrong about centralization being bad, but email is a pain in the ass at scale. Reputation, block lists, any downtime, client bullshit, infrastructure costs... about a hundred things can go wrong, and any one of them is a SPOF.
Email being hard is not a myth, and saying it is dismisses a ton of legitimate concerns.
You’re right, but we’re not talking about “at scale” here if I understood OP correctly. We’re talking about considering self hosting email for those who have the technical know-how to do so and obviously not on a rickety 2010’s desktop PC in your living room on consumer broadband as another commenter hinted at. Anything online “at scale” is always going to be harder than doing it on a small scale.
Mail is freaking hard. It's not the setup that's the issue. It's getting enough reputation that your emails don't get bounced into oblivion.
Believe me, I have tried.
You run into things like registering your netblock with Microsoft so it can accept your emails. You don't own a netblock? Didn't think so. Do you have enough outgoing emails so your IP builds up reputation as a reliable sender, so you don't get thrown into spam by Google? Didnt think so either. And that's just the tip of the iceberg.
What I ended up doing is use one of the big providers (be it Google, Microsoft, Tuta, Proton or something else) and just pull the email to my server. Sending out works the same. Basically using them as proxy.
I still get to keep my email and I'm I independent from the whims of my email provider. The tradeoff being I need to shell out a few bucks per month and email still passes their servers.
Haven't found a better solution yet, unfortunately.
I guess what I mean is that even a single user email system is a pain.
Want to send an email from one person to another? Stupid easy, I can do that with a single command.
Want to be able to send messages over long periods (years) to friends/family AND clients AND prospective employers (who are probably running their own email system) AND various businesses that you are trying to get support or services from? Well, okay, but the more messages you send, the more chances for some douche (or automated system) to report as spam because they think that anything other than @yahoo or @gmail is a hack-spam (I've had this happen, and had someone call me frantically telling me that my identity was stolen, and I had to tell them it was actually me; People are fucking stupid). And if you navigate all that, you still have to worry about your IP going wayward because you needed to change your infrastructure for some reason (switching regions, system types, whatever), and if that happens you basically start from scratch with an IP that might have had a shitty reputation (even if only due to range association).
And it's not just needing to maintain your IP/domain/account reputation with dumb people/systems/lists. You also need to set up SPF and DKIM or you'll be summarily rejected (even though SPF has fallen out of favor, some services still use it, or use both). One time config, sure, but not intuitive unless you work with systems all the time, and it's just a matter of time before they introduce yet another secure email verification system that you need to jam into your DNS (or server, or header, or...).
So now you're sending mail (probably), but you still have to receive it. More DNS configuration, and you have to make sure your email server never goes down, or you permanently miss any messages you might have gotten (yes, email systems are supposed to retry, but I've seen a LOT of admins at very recognizable names in email basically just retry for 15 minutes then dump the mail, rather than keeping their outbound queue backed up for multiple days).
And god help you if you set up multiple incoming servers, because now you have to deal with some kind of centralized storage, which itself also needs multiple nodes to avoid yet another SPOF. Again, not super hard by itself, but now you're basically designing multi-tiered infrastructure, which you have to maintain and pay for. We're definitely in for more than you'd end up paying for an email service, and that's not counting your personal time at all (which even a single hour of is probably double the monthly cost of an email provider's top tier offering, if you know how to manage all this crap).
TL;DR, you're still not wrong that centralization is very, very bad, but if you actually care about people receiving your messages, and not missing any important incoming messages, it's not easy to deal with. Not saying people shouldn't try it, but they need to be ready for a mountain of headaches.
Re-reading my own post, it occurs to me that if we really want a lot of people running their own email system, someone would need to basically document/automate the whole thing, make recommendations on providers, and figure out how to do the whole thing cheap and push-button. Get huge numbers of people running a semi-standard config so email services and RBL maintainers can get used to it and build up a tolerance (and processes) for dealing with it without being blockers.
My problem is what happens if my internet goes down when there's an important email or something. I suppose I could run it on a VPS just in case, but that's still not as reliable as an email service, nor is it necessarily cheaper.
So I pay for Tuta email. It's €3/month, supports my custom domains, and generally works pretty well. My VPS costs €4.5/month, and I may get rid of it once my city finishes rolling out fiber because I only need it due to CGNAT. Neither is particularly expensive, but Tuta is really good value for what I get. If my family members want to join, costs will go up (€3/user), so I may consider switching if that happens.
SMTP retries. It's resilient. If it fails a couple of connections it'll even let the other side know it happened and when it's going to retry. If it can't get it to you in a couple of days it'll let them know it was not able to deliver.
The rest stands true, hosted Mail is dirt cheap and is more reliable I'm trying to host it in a non-professional capacity.
Ah, interesting. I have two domains, one for personal (family and friends) and one for online crap, so maybe I'll try moving one to be self-hosted. Or maybe use one of my other domains (I have several).
You won't be able to host email on a residential IP - all of them are on a permanent blacklist. I understand the money argument - and it's a real argument - but host your own email is just so cool!
Good point. Does the same hold for popular VPS services? I'm behind CGNAT so I need a VPS regardless, but others may prefer to have it at a VPS if they want to mitigate extended service disruption (i.e. equipment dies while they're on vacation).
No, comercial IPs are fine. You'll have trouble with some of them - Digital Ocean is a notorious example - where the provider itself blocks outbound port 25 and there's nothing you can do. I think DO only does that for new accounts.
I myself am running it on Linode - it did get purchased by Akamai a couple of years ago, so I can no longer blindly recommend it - but so far it's been working fine. One thing I did recently discover was the ability to request a /56 block on Linode - my pre-assigned IPv6 got blacklisted somewhere as at least the whole /64 and simply generating another IP from the same /64 did not help. Getting a fresh block solved it for me, though, and now I know that if this /56 gets blacklisted - it's my fault. Unless, of course, I get caught up in a /48... 😳
Cool. I'm w/ Hetzner, and it seems they will unblock port 25 if you ask nicely and provide a good reason (and surely hosting your own email service is a good reason). They don't look at those requests until after your first month, and I've been with them for several months now from when I ditched Vultr (had been with them for years) due to their stupid UI-blocking EULA accept popup when they added forced abitration. Hetzner also has forced arbitration, but so far I haven't been forced to accept new terms in order to continue using services I've paid for, so I'm giving them a chance.
So yeah, I'll definitely try playing with it with one of my domains. I currently use two, and I can play around with a third that's connected to the domain I use for remote access to my self-hosted things.
And good luck! Hopefully you don't get screwed over again.
Well, from personal (professional) experience Email is hard.