A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Selfhost several domains for over 25 years, from home, on a dynamic IP (though it hasn't changed in a long time) and no PTR records, and I have literally had zero problems with blacklisting or dropped connections. I must live a charmed life, or have set up my DKIM/SPF/dmarc records correctly.
Currently using mailcow-dockerized and it's lovely.
I have not done so in the traditional sense in quite some years. My experience was that it was an increasing headache due to crashing into a wide variety of anti-spam efforts. Get email past one and crash into another.
Depending upon your use case -- using the "forward to a smarthost" feature in some mail server packages to forward to a mailserver run by a SMTP service provider with whom you have an account might work for you. Then it still looks to local software like you have a local mailserver.
If I were going to do a conventional, no-smarthost mailserver today, I think that I would probably start out by setting up a bunch of spam-filtering stuff
SpamAssassin, I dunno what-all gets used these days on a "regular" account
and then emailing stuff from my server and seeing what throws up red flags. That'd let me actually see the scoring and stuff that's killing email. Once I had it as clean as I could get it, I'd get a variety of people I know on different mail servers and ask them to respond back to a test email, and see what made it out.
I currently am and I have been hosting my own mail for the past several decades, so I can tell you from experience that it still is very much possible, but it has become significantly more complex than it used to be, not recommended for anyone who doesn't have a particular interest in mail.
I have been self-hosting my mail server for the past 5 or 6 years with success. Recently my ISP decided to close port 25 so I have to use a third party to deliver my outgoing mail.
The fact that ISPs can do this should be a fkn outrage. But this is so far removed from what people care about. And so net neutrality gets eroded.
I don't think they want to bother with the administration, they were forced to to stop anyone from spamming from random SMTP servers.
Because of dmarc and DKIM, we don't really need this anymore, but there were good reasons for it.
I’ve been hosting my own email servers for 20 years without issue. But email systems were a huge part of my IT career so it was easy.
It works great if you have static IPs and know what you’re doing in terms of following best practices. If you’re missing those two things you’re going to have a bad time.
If you have the statics and want to learn, I’d recommend purchasing a test domain and getting the kinks worked out before you move a domain you care about to your own system.
Any wisdoms to share?
Yeah, don’t do it.
Lol. After professionally hosting email for 15 years I’m happy to let someone else handle it now.
About 90% of incoming mail will be spam and it will be your job to make sure you are doing good job of classifying it so you don’t get junk in your inbox and don’t lose real mail in the spam folder.
Then for outgoing mail you need to make sure SPF, DKIM and DMARC are all in order.
Then there is all the usual stuff of security updates, backups, monitoring, alerting, logging and having a plan for internet outages.
Yes, it’s all doable but I won’t expect it be “set and forget”. I expect there will be quite a bit of tuning with some possible spam and delivery problems while you get kinks worked out.
Email is the hardest thing to self-host, but it’s definitely doable. You’ll need a static IP, and you’ll need to talk to your ISP to make sure outbound connections on port 25 are open.
Set up your servers and your DNS settings (another commenter gave a good guide), then use this tool to check that DKIM and SPF are working and that you’re not seen as spam with SpamAssassin:
Once that’s done, take your static IP and check it with this tool:
https://mxtoolbox.com/blacklists.aspx
If it’s on any of the lists, you’ll need to go to those lists’ sites and try to get it removed. You might need to make an email address for “postmaster@yourdomain” at this point.
Beyond that, you may need to “warm up” your IP address, by sending email to yourself on various services (Gmail, Yahoo, Microsoft) and marking them as not spam.
Then you should be golden.
I had to do this for both my SMTP servers for Port87. If you use more than one server, this process gets a little harder, so probably stick to one at first.
I'm pretty sure gmail's filters are per-user. I've had it react after just one flag/unflag, and I doubt that it would do that it would only take one action to change it for everyone.
It’s more of a signal that the IP address does send trustworthy email. AFAIK, IP reputation isn’t handled on a per-user basis. Domain reputation probably is.
Reminder that you can go for hybrid approaches; receive email and host IMAP/webmail yourself, and send emails through someone like AWS. I am not saying you can't do SMTP yourself, but if you want to just dip your toes, it's an option.
You get many of the advantages; you control your email addresses, you store all of the email and control backups, etc.
...
And another thing: you could also play with https://chatmail.at/relays ; which is pretty cool. I had read about Delta Chat, but decided to play with it recently and... it's blown my mind.
I have been using my own email for many years (to this day). Everything is working great. The main thing is to have a static IP and be able to specify your domain in the PTR record of the ip address.
In general, you will need: postfix (https://wiki.archlinux.org/title/Postfix) OpenDMARC (https://wiki.archlinux.org/title/OpenDMARC) OpenDKIM (https://wiki.archlinux.org/title/OpenDKIM) Dovecot (https://wiki.archlinux.org/title/Dovecot) Some interface to choose from (soGO, roundcube) Maybe graylists, ClamAV, SpamAssassin, or something else to protect your mailbox from spam and viruses. And if you want filtering functionality, then you also need Sieve.
Where are you hosting your mail?
On my home server. My ISP gives me a static address and makes PTR records for only about $1.5 per month.
How do connect to your mail’s server outside your home network?
Sorry for all the questions, I’m trying to get my DNS working with a vpn and it’s been difficult.
If you want to be able to accept mail, you’ll need to directly expose your mail server on your public IP (router configuration required). You’ll also need to allow your server to egress your WAN as well. That being said - if you really want tighten your security, and don’t care about missing some emails, you could limit your server to seeing only those servers you know you’ll be communicating with, such as work, bank, or GMail servers only.
You can make it so that retrieving your email with your client of choice requires a VPN connection to your home network also.
But in reality, this will only allow you to receive incoming mail. In order for outgoing mail to work, it is necessary that the mail server and all the strapping go through the VPS to the Internet. This requires a rather complicated configuration of iptables, and I recommend that you simply either fill up the mailer on a VPS (there will be a maximum of gigabytes of mail. it's not that heavy), or buy a static address at home.
If you still decide to go the hard way, here's an approximate plan for what you need to do in the spirit of iptables, because setting it up in firewalld is a real torment.:
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A OUTPUT -m owner --uid-owner 924 -j MARK --set-mark 0x300
COMMIT
where 924 is the postfix user ID, you may have a different number. check it out
ip route add default via 10.8.12.4 dev wg0 table 100
adding the default route via the VPS address to the routing table 100. replace 10.8.12.4 with the address of your VPS and wg0 with the name of the interface for communication between the VPS and home. Then
ip rule add from all fwmark 0x300 lookup 100
We are sending all packets with the label 0x300 to the routing table 100. In other words, the postfix user will have his own custom routing table via VPS.
This creates several problems due to the fact that with this configuration, it may not be possible to connect to postfix via your server's interfaces. But in basic case all will work. Bypassing this problem will create even more complex routing rules and will generally be overkill. But if you're interested, write to me and I'll sign it.
Well... as I already wrote, my home server is literally on the Internet because I rent a static public IP address from the provider.
But if you have a VPS, then you just need to do port forwarding to your server with a VPS, and then add the following entries to the mx DNS server:
you.domain. 21600 IN MX 10 you.first.vps.
you.domain. 21600 IN MX 20 you.second.vps.
Where 10 and 20 are the server priority Or if the VPS is part of your domain then:
you.domain. 21600 IN MX 10 first.vps.you.domain.
you.domain. 21600 IN MX 20 second.vps.you.domain.
first.vps.you.domain. 21600 IN A 1.1.1.1
second.vps.you.domain. 21600 IN A 2.2.2.2
And if you also have IPv6, you can do
first.vps.you.domain. 21600 IN AAAA fd00::1
second.vps.you.domain. 21600 IN AAAA fd00::2
Where 1.1.1.1, 2.2.2.2, fd00::1 and fd00::2 are the addresses of your VPS
You also need to enter the address in the SPF:
you.domain. 21600 IN TXT "v=spf1 +mx -all"
What does it mean
v=spf1 is the SPF version.
+mx – it is allowed to send mail from the IP addresses specified in the MX records of the domain.
-all – prohibits sending from any other servers (hard refusal).
Also, in order for the signature to work on the mail server, you need to make several TXT entries (for a detailed explanation, see my links about DKIM):
keyname.__domainkey.you.domain. TXT "v=DKIM1; ...%DKIM params%"
and
you.domain. 86400 IN TXT "v=DMARC1...%dmarc params%"
And you need ask you VPS provider set PTR for you VPS IP address with first.vps.you.domain. Or some providers access that config in web panel.
Lucky. I need to use an external service for 12€/month with 100Mbps and 1TB/month limits, per VPN.
I've been running my own mail for 10+ years. I recommend rspamd for spam filtering. It took the place of SpamAssasin, grey listing, SPF checking, etc. All in one single system.
Thanks, I'll give it a try sometime.
No. I do that for my job and wouldn’t do it for personal use. HA/redundancy/security is too expensive.
As someone who tried to self-host it like a month ago (and seemingly still hasn't got it fully working), I'll just write out the overview of what I've done and let you (and others) comment on how correct and feasible it is.
Since my ISP doesn't allow me to get a static IP address, I rented a VPS connection and made a wireguard tunnel from the VPS to my computer. This tunnel forwards traffic at all the necessary ports between the two machines. I really wasn't familiar with all the necessary components for an entire mail server, so I chose mailcow since it packages everything into one single software (well, more like a bunch of docker containers). Another reason I went with mailcow was that I could easily find a github tutorial for how to set up mailcow with wireguard tunneling (it's a bit outdated IMO, but the changes are minor). Mailcow also gives a nice portal interface listing out all the DNS entries you need to put in place to get it working perfectly.
In the end, I still see a few incoming emails getting dropped and reception time being an hour or so, and I'm not sure if it's a problem with my tunnel or DNS or something else. But overall, I'd say it was much easier than setting up all the individual services myself.
I would recommend something like stalwart, which is just a single binary and works. Gives you a web interface and a zonefile you can just copy paste into your DNS including all correct DMARC DKIM SPF and autodiscovery records.
Setting postfix, dovecot etc. up from scratch can be a bit time consuming and annoying.
Deliverability depends on where it is hosted, many VPC providers IP space is completely blocked in spam filters.
I was actually recently discussing self-hosting email on Matrix a while ago, so I'll just copy-paste below. Long story short, find the right existing email software you want to use, set it up correctly with a healthy IP address and domain (not blacklisted), the right DNS entries, and a PTR record, and it'll work just fine.
Honestly, I haven't had any issues with self-hosting email, and I've been doing it for the past 2 years. I think the trick is that you just need to set everything up correctly and then verify your setup with mail-tester.com to ensure all the headers, DNS entries, etc. are correct. There are some great projects that make it extremely easy to self-host, including Mailu github.com/mailu/mailu, Mailcow github.com/mailcow/mailcow-dockerized, Docker mailserver (https://github.com/docker-mailserver/docker-mailserver), Stalwart github.com/stalwartlabs/stalwart, and I'm sure more. I'm currently using Mailu, but I have been eyeing Stalwart, which has recently gotten quite popular and implements modern email protocols and does everything in Rust.
If I were you and just wanted to take a stab at self-hosting email, I would start with Stalwart and see how you like it. The only caveat is that it doesn't yet come with a webmail client, so if you wanted one, you'd have to separately add that to your setup.
Something you would need to think about though is your IP address. It must be static, and it should be in a healthy IP address range (not on any popular blacklists). You also need to be able to set up rDNS (reverse DNS) / PTR record, so you can point your IP address back to your email domain.
I host my own via Hetzner VPS and Mailcow. I use SMTP2GO as an outbound relay so I don't have to worry about IP reputation issues. It's all very straight-forward, no issues to speak of. I use unique aliases for each account, so spam is a non-issue as well. If an alias gets leaked I just shut it down, no more spam.
I use YUNOhost on a VPS and it came with email out of the box. Which is just as well because I had no previous experience self-hosting!
I think I had a couple of emails get marked as spam in the beginning but everything has been totally fine for the last 2/3 years.
Yes I do host my email myself since tens of years.
No I do not self-host it at home
See here https://wiki.gardiol.org/doku.php?id=email%3Astart (disclaimer: my wiki)
Good read. Now I want to do it too.
I'll add your blog to my small search engine I you don't mind (kukei.eu)
Also, you don't need that cookie prompt. If you only use technical cookies and no tracking, no consent needed.
Please add, i don't mind.
I know I don't need the prompt, i just never remembered to disable it...
I do it. Postfix+dovecot+spamassassin managed with ISPConfig running on a VPS. Works just fine, but my domains already have a long-ish good reputation so that may play a part on my experience. Biggest headache is to keep things running, which occasionally means jumping trough hoops microsoft(mostly) and others throw at you by flagging your server as spam for no apparent reason.
I recently set up the whole stack (Postfix, Dovecot, OpenDKIM) on a VPS. I wanted to do it from home, but my ISP won't provide a static IP or open ports 25/465/587 for consumer customers, no exceptions.
It took me about two days to get everything working, but most of that was because I went in with very little knowledge of how email even actually works. If you're looking for a learning experience, I'd say go for it. If you just want a working email setup quickly, I wouldn't recommend it.
I haven't noticed any deliverability issues so far. Just make sure you have SPF, DKIM, DMARC, and PTR records all set correctly from the start.
Which VPS provider are you using? Many of them end up blacklisted for mail delivery due to spammers using them.
I host my mail with mailcow and it is almost set and forget. I only had a couple issues with some mail providers, but a small email exchange with the admins cleared that up.
Have a handful of users, that have not complained about anything not working or spam or whatever 🤷♂️
I am not OP but I love the idea of selhosting email. This is stopping me though:
... set it up correctly with a healthy IP address and domain (not blacklisted)
Any tips on how to accomplish this?
It's quite likely that any given IP, unless you get one from shady VPS provider or something, is "clean". And if it's not it's usually not that big of a deal to get it cleared from major blacklists (spamhaus, google and microsoft covers quite a lot). You just need to dig up proper forms to tell them that you're a new owner of said IP and promise to play nice.
Same goes with domain names, but if you get a new one that's a non-issue. Just set up SPF-records properly (and preferably DKIM/DMARC, but those aren't strictly necessary and need a bit more than a single TXT-record) and you're good to go.
And then you of course need to stay away from those lists. If you configure your SMTP to act as a open proxy you'll be on every shitlist on the planet pretty quickly. So, reasonable measures against compromised account (passwords, firewalls, rate limits...) and against other threats (misconfigured/unsafe web service used for spam and stuff like that). Any of those alone are not too difficult to accomplish, but there's quite a few things you need to get right.
OK, thank you. I'm sure this is why people always say self hosting email is not for beginners.
I did mailinabox for a bit. Worked well but spam made me stop.
Yes. Just today. And every day of the last 26 years. GMail delivery is no big deal. but outlook freaks out in ways I just don't care to solve.
Yes. Using simple-nixos-mailserver as the foundation.
Really great experience, and have had no deliverability issues.