New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Running a mail server
Folks,
I run a personal mail server in a VPS.
Having been having a lot of trouble with Reputation scores.
As near as I can figure out - my VPS provider may have run afoul of people like Talos.
Is anyone out there, successfully running a mail server on a VPS.
If so - with whom?
Ray K
Comments
Ran fine with a few different providers, currently at OVH, no problem.
When getting a new VPS or dedi just check your IP on https://bgp.he.net/ (RBL tab), ensure you get all green. If some are red, visit their websites and find instructions how to file for removal. Also set up SPF and ensure you have a valid PTR (reverse DNS) which matches both ways, i.e. resolves back to the IP. And should be good to go.
Or get a SMTP relay
Don't bother doing your own mail service. The risk and complexity to the cost of getting it hosted for you just isn't there.
I'll give you some advice that I learned myself.
Personal email servers are the biggest waste of time. Do yourself a favour and order from MXRoute, I'm sure @jarland can hook you up with a deal. I got myself 2 years for $16 using some old coupons.
SPF/DKIM/etc all help I've found - set the SPF rules nice and tight, most of mine only specify one host is allowed to send mail for the domain, the MX itself.
Also pick a host who has good spam/etc policies, as they're less likely to have had previous abusive customers.
I feel even doing this is completely useless because the big providers (mainly Microsoft) block /everyone/ regardless unless your IP itself has positive rating in certain reputation websites.
https://www.mail-tester.com/ will be your best friend here, but ignore the DKIM scores because they weight DKIM heavier than recipient services (and the security benefits are imaginary for almost any real world scenario). Focus heavily on just what those IP reputation issues are, and if you can't articulate them down to a science then it's probably not IP reputation issues.
Remember: If you're not getting a rejection message stating something equal to "This message was rejected because your IP is listed on _______" it's almost never an IP reputation issue.
I read that the OP is running a personal mail server, not building a mail service for others.
What risk?
Why would you want unrelated third-party to have all your mail, and even make you pay them on top?
I mean I'm not going to try to sell here, but think real hard about that one...
Because it probably describes what you do just as much. Remember that a dedicated server is never truly protected unless it's sitting directly behind you and you're not dead yet.
I presume inbound and outbound mail silently going missing. I've been running my own personal server for a couple of years and noticed that some expected inbound mail would disappear and I wouldn't know unless I checked the logs.
E.g. where a company is sending mail to me from a server that fails their SPF record.
I'll never understand this. Running/configuring typical mail servers are no more risky or complex than running/configuring a typical LAMP stack.
And to answer the OP's question, I've been running a dovecot(IMAP)+postfix(SMTP)+spamassassin+maildrop stack on a BuyVM 128MV OpenVZ VM for at least 5 years with no deliverability issues. Yes, I've configured the typical rDNS, DKIM, and SPF.
Well, that depends on how you set up your mail server. You must have something that filters out incoming mail on this basis (SPF).
Yes, I had it configured to reject on SPF hard fail. I think I still do.
When running your own mail server you have the choice of accepting spam, or being overly strict on who can send mail.. And it'll catch companies mailing you that set up their servers wrong.
Hence the risk. But this is a risk that you could avoid because you have the power to remove it.
The bigger risk is non-deliverability: that other mail servers may not accept mail from your server/IP for no identifiable reason at all.
I trust @jarland not to leak my nudes.
With your own mail server you have logs you can check, and configuration you can change. Whereas when using a third party service, how are you going to find out if you aren't getting some of the mail addressed to you? It might get silently rejected and you'll never know. And certainly no power to reconfigure things globally if you're just one of thousands of users.
Yeah about that...
I may need to go ahead and refund you.
I have a mail server with Hetzner and found the IP to be blacklisted on a couple of lesser-known lists. Had it removed then contacted Hetzner support which had Talos change the rating from neutral to good. Still, one large Telecom doesn't allow connections from my IP, with an ambiguous "Service not available" message. Bottom line is, you can't force anyone to accept your messages.
Best solution would be what Mailchannels does, to retry from different IPs until the message is delivered. What I do is relay messages to problematic domains to a secondary SMTP.
some really bad advice here. There are no additional problems with running a mail server but is a service that can quickly get your vps blocked/disconnected.
some lesser-known blocklists has almost no chance of it being removed so buying from a known provider is essential. Literally over half of the offers here(leb let) can be problematic with sending mail because the reputation is not there but than you also paying a cheaper price.
Been running my own server for a long time (since around 2002 initially with Pegasus Mail on my home comp, since 2006 on one VPS or other), and its been mostly trouble free.
Main issues where I had to get the odd exception made for my server's IP with telekom.de, some futzing with AOL at one point and the main one I have is that Outlook/Live.com/Hotmail won't accept email from my IP address even though I've never spammed and as far as I can find my IP is not on any lists.
I also missing having my email on fast storage, its noticeably slower on a HDD. (I've actually toyed with delivering email to a VPS and having Dovecot installed there)
All that said, I plan to switch over to MXRoute at some point.
Can you share the config and procedure how you achieve this ?
That's actually the most significant tragedy about running your own mail server: The inability to consistently find decent advice.
Brief tangent: One thing I totally get on that note is that people respond to these threads with "Just pay Jarland" and for many people that's one solution but maybe not necessary for them, and could encourage them not to gain some really useful knowledge/experience, but that's not even what I'm talking about.
Advice like "use mxtoolbox and complain to your provider if you're listed on any blacklist" in response to "my email lands in the spam folder" is actually one of the most common pieces of advice I see. It means a lot of people have opinions about how email works and so very few of them are rooted in reality.
Or another fun one I run into a lot: "It works for me, therefore your experience is invalid and you must be doing something wrong." Couldn't be further from the truth. A lot of things can extend beyond the idea that you've done something wrong that don't plague other people. Example: Having a domain that is more likely to be filtered as spam by Hotmail. They won't admit it, you can only assume it by trial and error. It's not your "fault" that they filter like that.
@jarland,
The impression I get in these types of threads is that setting up a mail server is an order of magnitude greater than a web server and requires constant maintenance. That's just not the case. True there are fewer tutorials and one does have to keep an eye on reputation if you're letting other people use your service. But at some point we need to let people learn (succeed and fail) with this stuff.
A mail stack is a bit more work than a simple web site. But it's not impossible. And if you're technically-inclined it's a fun thing to do.
If it's for low volume, personal mail; I'd say go for it. It's a good learning experience and having full control over your email is nice.
If it's for business or mass mailings, using a delivery service might be a better choice.
I had or have mail servers (low volume, no advertising whatsoever) with i.a. Veesp, Hostsolutions, and Prometheus and never had problems except once but that was solved by the provider (who was the "guilty" party, not me) within a few hours.
/etc/postfix/main.cf
transport_maps = hash:/etc/postfix/transport/etc/postfix/transport
It definitely can be that though, right? It's really a matter of assumption as to what someone is doing. If they're running a personal mail server, installing iredmail and never touching it again will very likely work fine for years. If they're sending 1,000+ messages a day out to people using hotmail, gmail, aol, and a bunch of residential ISP provided email addresses while simultaneously using email forwarders to third party services, more than likely it will require constant maintenance and troubleshooting.
It's all about the angle.
I ran my own mail server on a Linode VPS for a couple years, then I created a testing account, forgot about it and ended up being a spam relay (password was something stupidly easy to brute force). After that I was able to clean up my reputation in all the public blacklists, but Google would still send anything I sent into the junk folder.
Since then I've manged to get my own /24 and have been much more diligent about protecting my server and have had successful delivery rates. Setting up proper PTR, SPF and DKIM/DMARC is an absolute must.
All that being said, it's much easier (and not really expensive) to pay to have your email hosted. Office 365 Exchange online is like $6/user and you can add as many aliases (even on different domains) as you'd like.
@jarland,
For sure.
That's part of the reason I mentioned low volume and personal use. If someone thinks they're going to set this up and sell mailing list services to all the local businesses in their city, they're fooling themselves.
The best part is when Microsoft (Outlook, Live, Hotmail) blocks your IP, you request a delisting, they delist you and then just accept your mails but silently drop them. They never arrive, not in the Spam-Folder, not in the Inbox. I have dealt with this many times and there is basically no way to solve it. It seems to be related to IP reputation, but if you're not sending bulk email and it's just your private mail server, you can't just easily improve your reputation, as every mail that doesn't arrive is a problem. You can never be sure that your mails will arrive. A unfortunate situation.
The only solution I found was to use a SMTP relay. I currently use Mailgun and even they sometimes have problems with Microsoft listings and have to change my sending IP due to this.
Hosting mail server is easy nowadays. Here's a lazy version: buy a cheap VPS with at least 1GB RAM (example: good old Arubacloud for 1 Euro, or the new Hetzner cloud for 2.7 euro, or the old Scaleway cloud for 3 euro), and then use Mailcow Standard from Github.