New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Or buy a 128 MB OpenVZ machine and
I'm running a personal mail server (postfix, dovecot, rspam and clamav via amavis with MySQL) on a 1 GB kvm machine and so far it's working well, after I had some setup problems at the beginning. I think you should try yourself! Good luck with it
Mailcow has worked great for me. I'd rather deal with the "headaches" of self-hosted email than being locked out of Gapps for 72 hours then never really got an answer why
SpamAssassin won't work well on 128MB of memory. And you don't want to run a mailserver without an antispam.
I do use SpamAssassin and you're right that it needs a good chunk of RAM.
Postfix does have a ton of options that really do limit spam though. For years I used a Python-based SPF checker along with rDNS checks with great success. I switched all that to SpamAssassin because I found enough ill-configured mail servers getting falsely rejected. Really happy with SpamAssassin now; thing works like magic.
Consider Mail-in-a-box. The kit handles your DNS perfectly and implement all required verification method which will get you a perfect reputation score on almost every mail-test websites.
You might also wanna check if your IP is spam-listed.
The main reason on why running your own mail server is portability and backups. With own mail server, you can move the whole server anytime you want, without the need to know the passwords of the mails you host (e.g. friends, colleagues, partners etc.).
Also, you can always take hot and cold backups of the whole mailserver automatically with crons and backup platforms, without the need to depend on third parties or lose all of the mails in a disaster...
I run 4 mail servers, 3 professionals and 1 personal since 2013. I never had big issues but I am not using them as mass mailers or transactional / ad service.
Steps to maintain / setup a server:
1. Chose a vps with a clean ip. Test the ip using mxtools. If the ip is blacklisted in a major spam list, move elsewere and abandon the ip and the vps.
2. Setup the mail server. You can install dovecot/postfix/exim or whatever you want on your own, or you can use a free panel to install all that for you (I usually use vestacp just to have a really easy way for create - manage accounts, keeping automatic backups etc.)
3. Setup correctly rdns, spf, dkim, dmark.
4. Check the validity of the service using mail-tester.com and see your score. Fine tune your server according to what mailtester shows.
5. Consider using a known mail relay system. There are plenty of them with 5-10K free mails per month. Jarland and MikePT @ MXroute (.com and .io) gives for low price mail relay system with the industry standard mailchannels. Elasticmail.com gives 150K free mails (relay or transactional) per month with an api or smtp relay, but I have not test them for their deliverability score as I do not use mail relays.
6. Secure your server. Disallow mailboxes with weak passwords. Secure the server (disable ssh login, use keys, install fail2ban, use if you can only secure protocols and ports etc.). Make sure you have clamav fresh and running.
7. If you like, install a better than roundcube/squirrel webmail client. There are a few like rainloop, sogo, mailpile, afterlogic lite. We are on 2018, not 2001!
8. Keep frequent backups! Do a whole backup of your server, if possible, to more than one different locations and providers. Keep whenever you can a local backup to your pc.
9. Do regular updates both on your server's OS and your mail software.
Really, it is not so hard, but you have to maintain and monitor your server, not just leave it to work without doing from time to time tests to your backups and to the reputation ip.
@jvnadr hit the nail on the head. Having clean, unbanned IP space with your DNS and all support records setup make the difference between going into the spam folder and possibly making it through to a Gmail inbox. It's no guarantee. If you're expecting 100% deliverability, you're going to have to pay for it in 2018.
True. But nowadays, even the big ones cannot guarantee you 100% deliverability. I have some examples mails from google going to spam in MS accounts or mails from Outlook marked as spam in Gmail and Yahoo mail...
The most annoying part on those big players is that, in some cases, they won't even let me decide if the mail I am receiving is spam or not, rejecting it completely from their servers... And this is a big big con using their services (and I'm saying that when my primary account is a gmail account, just because I have it since 2007 or 2008. Then, I switched my main mail from yahoo and I still using the old one because some people / companies has not yet updated my main mail...)
I didn't mean to imply that 100% was plausible; I forgot to go back and add the asterix. I ran my own mailserver for decades and eventually just gave up because it was a pain in the ass. I was at the point where I'd have to check my bouncebacks and reject messages weekly just to see what the hell had decided to kick a mostly-personal address. After a /16 got thrown into two RBLs, I gave up and moved it to a hosted service. I can sleep at night again!
At this point, all of my stuff is getting forwarded to my primary hosted provider, but I can change it back at the flick of a button. Works for me.
I doubt that. I think that you are 24/7 on LET! There is not even a single hour that you are not active here! Sometimes I think that this is a common account with 5-6 mods on it! :P
*leans down and speaks into collar. then peers up smiling* That's an interesting view to have, HA HA! Are you going to be home, say an hour from now?
Anyhow, if you are really intent on running your own mail server, please don't deal with Sendmail and Qmail. The 80s, and 90s, respectively, are over. Postfix is great, and Exim fits most bills, too. There's plenty of options. Look around, and don't just use something because it's familiar, or because someone suggested it.
Hell, last year I tried to go back to djbdns briefly, and then settled on nsd because it understands BIND zones, does secure transfers, and doesn't take more than a couple hours to completely understand.
Same goes for what sort of webmail reader you end up with. SoGo is pretty nice, MailCow is decent. Squirrel is years behind, and Roundcube is large enough to become a part of systemd..
...are not necessary in my experience. If you go for setting up everything in the world of course it can be difficult -- as you overcomplicate it for yourself. But simply rDNS and SPF should be enough.
rDNS, SPF, DKIM, Dmarc are child's play. You need to increase this difficulty by blocking access to the smtp via only regional locations so the typical suspects don't get a foothold on your box and start sending things off.
Then make sure to keep it updated so you don't miss a security hole. Then make sure to setup proper SSL certs so your smtp clients don't throw up cert errors. then make sure to email regularly so your reputation doesn't dwindle. Then make sure to monitor your IPs for blocklist. Then make sure to monitor it to make sure it hasn't silently failed on you. Then make sure to update again. Oh and you'll probably want to make this a dedicated vps for $20-30 a year..
But i suppose paying $20-30 a year for a service that does this for you is silly.
You gain almost nothing by doing it yourself. And save almost nothing cost wise but still introduce another point of failure to keep track of.
I'm very capable of running a mail server as are many here. There's a reason we'll run our own LAMP/LEMP and yet offload our email. Trust us pay the $20 a year and let someone else deal with it.
Wot. Why do you allow people to send via your server in the first place? If just for yourself, you use authorization, or like I do, just send inside the VPN tunnel I have to the same server.
Like with any sort of a server, including web, game etc...
Again, for a personal server you can use the "snakeoil" self-signed cert valid for 10 years or more.
Wot^2.
Never happened that I would get on any blacklist via my own usage, and any blacklists you were on, you just get off when first getting the VPS/server.
Just by using it.
THE HORROR a whole $20 a year, like half of the 3rd world's yearly wage. Also no, you don't need a VPS just for mail, I combine web/VPN/IRC on the same box just fine.
Doesn't have to be the only thing on the server, but to note if you need great spam filtering you'll need 2-4GB of RAM depending on volume. Some people receive more junk than others and therefore simply require more resources to filter spam. Like my domain I could probably filter with 1GB, but some of my customers must have pissed someone off and easily require 3+ just to keep enough child processes alive to process inbound.
Bonus points for having a catchall that forwards to Gmail.
I know it's not quite on the same scale but it's surprising how much my spam filter will consider as spam despite coming from outlook/gmail based on what the users write.
Someone copied a facebook logo from google images or something but pasted it... including what it linked to. Got flagged straight away coming in, due to where it linked (I don't think they realised).
A nice alternative to SpamAssassin is rspamd
I meant regional for yourself. Obviously if you never plan to visit China there is no need to allow that whole set of IPs to even attempt authorization.
Many applications that sends alerts or need smtp will throw up errors. You can just do let's encrypt though.
Yes this is in regards to a possible hijack situation. It could even tarnish your email address if your hijacked and they use your existing email.
I guess your emails aren't so important than. Not to mention outbound might be working while inbound might be failing without your knowledge till you don't get an email your expecting.
Yes you can combine them but then your also exposing that IP further out. Browsing the web every site now has that ip. Running irc? Now every user has that IP. Your increasing the likelihood of targeted attempts to take over the system. The cost of a decent hosted email solution is about $20 a year for low usage which this appears to be.
Again I can do it. I can also lock it down crazy tight. It'll probably work great for many years But if it one day doesn't and I lose valuable emails then it wasn't worth the effort to save on having it hosted which by my standards its basically the same price as getting a dedicated vps which i would want for emailing to keep the services segmented.
Not a bad idea. Any issues (outside of speed and the occasional missed email) with sending MXRoute catchall to Gmail, then sending back to a main MXRoute account?
Tons. Forwarding to Gmail has to mean filtering with false positives, so you're going to lose some email you would have received otherwise (may not be anything you care about, but will happen). Email they would deliver to your inbox at Gmail will often be viewed as spam when forwarded (srs doesn't change it, it's content). The more "spam" you forward, the more IPs you get rate limited. If you have a catchall, your incoming spam almost always increases exponentially over not having one because then they don't even need a valid recipient address.
It's basically the perfect storm, and if you do it on your own mail server the only way it doesn't sink you is if your spam filters are amazing or your domain happens to not be heavily targeted by spammers which, despite what some want to think, is not entirely within your control but rather it can simply be the roll of dice.
I accommodate it but I recommend no one ever use that combo, and if they do I won't spend much time supporting "I didn't receive an email" because it's very much stacking the deck against yourself.
_> @jarland said:
Glad I asked. I'll keep Gmail out of the setup then. Things are running smoothly for me now and I have no interest in messing it up. Thanks!
Speaking of running a mail server. My server's instance of Wordpress hacked, and it seems that they have started using my smtp server to send outbound email. Was just going to sleep and noticed
So for the first time in my life I've got my IP on at least 1 block list. FFS
I've had only two problems.
1) Outlook.com which just junks mail and or doesn't accept it all (rejects on TCP level) and or black holes messages
2) Barracuda blocking list which blocks my server monthly. Otherwise everythings been pretty good.
If barracuda keeps blocking you, you may want to increase outbound filtering. An outbound relay/filter can do good. Here's kind of a base config I start with for one: https://help.ubuntu.com/lts/serverguide/mail-filtering.html
Well, it's not about that. I'm the only one sending emails from that MTA. So I know very well what's being sent. That's why I'm wondering whatta hll they got against me. Every time when I un-list, I'll provide full contact infos, and nothing... Then boom, month later, listed again.
Funniest part is that some people complain about server being listed on barracuda. No, it's not my fault they're so stupid they're honoring this kind of .ss list... It's up to them, if they choose to honor that kind of extortion listing. Yes, I've noticed that barracuda recommends you to pay for white listing permanently.
That is weird, never run into that kind of behavior from them before
I assume it was possibly due to the IP address having very bad reputation from past. It's just an IP address which I happen to get when I launching a new VPS.
That could happen to anyone.
Edit: Another reason on their policy list is that we don't provide unsubscribe link. That's very true. Because the emails are send to only users whom have them selves configured the address, it's verified, etc. As well as this is business 2 business email, so I don't even believe people forgetting that they've subscribed that email and trying to unsubscripted by reporting it as spam. Probability for that should be really low. Because they're still paying monthly fee for the service, which isn't cheap.
Funniest part is that we only knew about being on that list, because clients complained about not receiving our emails. Eh.
Regarding certificates - why use self signed, when you can just use Let's Encrypt.
In my case because if I'm the only one sending through the server, and it's over a VPN anyways, having the mail client also warn me every 3 months that my certificate has suddenly changed (Confirm/Yes/No/Save/Don't ask) was just a bother and not adding anything in security.
Also nobody requires valid certificates in SMTP between mail servers, so it's not helping in security there either. Meaning, if people want to impersonate your server, they will just use a self-signed one, and other servers will not refuse to connect to them (unlike in HTTPS).