Follow

Does anyone here have experience with Mailcow, Mailu, Mail-in-a-box or something similar? I would love to have my own email server, but I do not think I have the skill and time to set up everything manually.

And: I do not want to get my domain onto some blacklists, which apparently is pretty common.

How big is the potential to really fuck this up? (Assuming I use such a "all in one" solution)

Show thread

@f4814n Mailserver always need ongoing monitoring and maintenance. Usually not too work-intense, but at least daily (better hourly) log monitoring. That can be helped with automated log and trend evaluation tools - but needs to be done.
Fuckups can mean abuse as SPAMrelay, being flooded by SPAM (nonworking filters), lost mails (config problems, overzealous filters), blocked server (due to problems), ...

@vampirdaddy @f4814n If you are a company I would agree with your monitoring intervals. But as an single person hosting their own selfhosted mailservers monitoring in this dimension is way to much. I think after everything runs like it should its enough to check the logs every week or at least once a month.

@vampirdaddy @f4814n I don't think the thread starter has a log monitoring structure he can easily integrate his server in.

@codiflow @f4814n A mail server needs more attention than e.g. a wordpress blog.
It‘s not a install-and-forget setup, even with a pre-configured package.

@vampirdaddy @f4814n Thats true but not that often imho. And mailcow already comes with fail2ban and other security related stuff which reduces the misuse potential.

@codiflow @f4814n nope - you need to be alerted better hourly than daily whenever something more problematic occurs. You do not have to look yourself manually, but need to become aware of problems in a timely fashion.

You can (and should) do that automatically - but that also needs tweaking then and again.

@vampirdaddy @f4814n I think the "average user" who wants to host his own mail server (which is a really important and cool step imho) will do it for independency and flexibility and not for getting much more work to do like "check logs daily", "build monitoring structure", "differenciate between good and evil traffic" and so forth. It seems to be complicated to find a way inbetween... And just for the records: I can understand your POV. :think_bread:

@f4814n All in one solutions protect you from most of the mistakes you can make (e.g. the classic open relay) but its nevertheless possible to fuck up, e.g. if you change sth. in the config without really knowing what you do or when you choose simple passwords.
This happened to me a few (maybe 3) years ago (was probably the same age as you). I set up an test@ account with an easy password and some bot flooded my mail queue... I learned from that...

@f4814n To be fair, I think I did not use mailcow at that time. Mailcow also includes fail2ban as a brute force protection.

@f4814n your domain or server gets blacklisted if you send or relay spam. The first is easy and the latter means, that you should understand the configuration of your mail transfer agent.

I‘d advise against a prebuilt setup. If you want to have a personal mail server, take your time and set it up properly, if you use something out-of-the-box, it will break someday and to debug it, you’ll have to learn it anyway, but in this case under more pressure.

@f4814n Good article on why „mail is hard“:
poolp.org/posts/2019-08-30/you

Good starting point to roll your own (it doesn’t need to be openBSD):

poolp.org/posts/2019-09-14/set

Opensmtpd makes it hard to configure a footgun, this is why i‘d recommend it over postfix. Rspamd kills your spam in both directions, and maybe save your ass, if something goes wrong.

@aurorus @f4814n I second that.

I use @yunohost to host email and xmpp on a secondary "playground" domain. It really works good and if you're an average tech confident person you can have email very quick and easy. But this astraction does not teach you how stuff works. I wouldn't want to rely on something on something I don't understand for my critical infrastructure (first domain), hence I let email be done by professionals and use a self configured prosody for XMPP.

@aslmx @aurorus @f4814n

Abstractions are indeed not meant to teach how they work nor how to repair them if they fail ... But there's a point where an abstraction is so polished that you don't expect it to fail anymore and therefore you won't need to know how to fix it.

Many people use computers without a PhD in electronics because the probability that the electronics fail became negligible. Same thing for wget: you don't need a PhD TCP/HTTP requests in case it fails, because it won't.

@aslmx @aurorus @f4814n

YunoHost stills needs polishing of course, but the point is that ultimately it should not fail, or if it fails because of external factors (e.g. blacklisting, ...), it should detect and warn you about them and provide advices on how to fix those...

@yunohost @aslmx @f4814n I have never tried YunoHost, but every „abstraction“ of complex software systems I have encountered so far, was leaking and required me, sooner or later, to learn about the underlying stuff to fix it. All of them got in my way when fixing stuff, because I had to fix the abstraction too.

@yunohost @aslmx @f4814n
I’d counter your second argument, yes the probabilities have changed, but the more important factor is that we’re more accustomed to stuff failing and getting on. Software fails all the time and nobody bothers.

@aurorus @aslmx @f4814n Or it could be that it's because we use so many software that ultimately one will fail and we'll remember this one without realizing the thousands other that do such a good job you don't even realize they're here anymore ...

Idk, I never really had to "fix" the kernel myself or Firefox or LibreOffice

@yunohost @aurorus @f4814n me neither - and after one time i broke my ynh installation and had to reinstall, it now works stable for a year. But it's still my playground to test things 😉

@f4814n I am using Mailcow and I found the setup pretty straight forward...

@n0emis @f4814n I can confirm this. mailcow-dockerized works like a charm and updates are sooo easy to install.

@f4814n Mailcow works very well for me. Setup, update and monitoring/administration is easy, there is a good documentation online and there is also a community that is willing to help if you have any questions.
@diekuh
mailcow.github.io/mailcow-dock
t.me/mailcow

@joshi @f4814n Veto! I said it was an option, not a recommendation. Also, that was many years ago and, surprise, things change. With email, always to the worse.
While iRedMail is acceptable to install it is impossible to maintain. Don‘t go there.

I personally recommend getting rid of email as much as possible!
Hosting email *is* complex and it is becoming more and more so because people keep bolting on new stuff every month to keep riding the carcass of a dead zombie horse.

@joshi @f4814n If you understand german, here‘s my most recent talk in Email given at :

Email - wie funktioniert das eigentlich?
media.ccc.de/v/2018-159-email-

If you prefer english, the same talk from (Sorry, that one is only available on YouTube.)

Email - How does it even work?
m.youtube.com/watch?v=ptaiwDJY

@MacLemon I have seen it (great talk btw). I am already trying to get rid of email as much as possible, but IMO it won't go away in the near future. And since I am trying to self host all important services, I'd love to do email as well (if it is not too hard, which I'm trying to find out rn).

Thanks for all the detailed answers.

@f4814n For some things email is likely going to stay, at least in the enterprise. Many historic reasons, workflows, ease of making a system send email, etc. cone to mind.

You can sometimes get by by abstracting email, for example with a ticket system which allows for somewhat less convoluted email setups in some cases.
I still consider SMTP/Submission/IMAP/AV/Spamfilter/SPF/DKIM/DMARC/SRS the bare minimum for a proper setup.
Many ready-made solutions don‘t even match that.

@f4814n Also think about your requirements and desires. What *exactly* do you want to achieve? How do you define “self-hosting”?
Configure *everything* on your own metal? Or on one of your own hypervisor managed VMs, or rented VMs?
Is hosting your own domain on some (partially/hybrid) managed host OK? (Something like uberspace for example.)

@MacLemon @joshi @f4814n well, I was referring to your talk in Salzburg. Is there a drop-in replacement for e-mail? It is hardly an advantage if everyone uses MS Teams instead.

@joshi IIRC that was 2016. Consider it outdated. Most tech talks don‘t age well. :-)

As for replacements: That depends on the audience and your goals.
For internal communication: Use whatever you like. Most modern tools are likely to better than email in many regards.

It‘s usually feasible to roll out something and replace email as *internal* communications tool.

The problem is external communication with other organisation who may have made a different choice or only have email.

@f4814n

@joshi What properties are you looking at when it comes to measuring “better” than email? @f4814n

@MacLemon None of the modern communication means implement "formal" communication. IM solutions encourage a lot of short messages rather than one concise letter. Moreover I am relying on the searchable archive. @f4814n

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community