1. 36
  1.  

  2. 3

    I used maddy possibly over a year ago now and even when it was super early in dev I didn’t have any complaints.

    1. 2

      My one question: Caddy is known for effortless TLS, has it on by default and makes it “just work”. Why can’t Maddy also automatically set up TLS, instead of having to use a cert acquired by some other means?

      1. 3

        Easier for Caddy since it’s a webserver and directly able to search the HTTP verification for LetsEncrypt. Whereas Maddy would either need write access to a directory to create the responses for {nginx, Apache} to serve or integrate a webserver itself - neither a good option if you’re trying to make a simple, secure mail serving solution.

        1. 3

          It could do dns verification, no web server required.

          1. 3

            But then it needs either write access to DNS server configs (directly by file or via an API) or an embedded DNS server. All that’s done is move the extra bits to a different port.

            1. 2

              it’s arguably much more simple to implement than starting a web server, configuring a firewall for it, routing, etc than, e.g. using an API to set a TXT record in DNS.

              1. 3

                Sure. How many APIs are there for that?

                bind9 has one. Amazon has one. Google, Rackspace, Hetzner, Linode, Digital Ocean, EasyDNS, NameCheap, CloudFlare… that’s ten. I bet I left out the most popular choices in Brazil, Mexico and the Czech Republic already, too.

                1. 3

                  And almost all of those are supported by various acme clients, e.g. https://go-acme.github.io/lego/dns/

                  So you don’t even have to implement each one!

                2. 2

                  Sure but not everyone has an API to set a TXT record in their DNS - my servers don’t. And I would be surprised if there was a consistent API between PowerDNS, BIND, MaraDNS, etc. All of which is more effort for Maddy’s developers for little gain when you can just link directly to the certbot storage and it’ll Just Work.

        2. 2

          What’s the story with regards to delivery to major providers and self hosting email these days?

          1. 3

            I can’t speak for others, but I’ve been self hosting my email for a few months now, with no delivery problems whatsoever. Configuring the server to get messages to actually send and not end up in spam was difficult, but once it was done, things basically worked without issue.

            1. 3

              you don’t always know when mails you sent end up in the recipient’s spam folder.

              1. 2

                Or when Gmail silently throws them away with no error or warning. Don’t even show in spam. Just <poof> and … gone.

              2. 2

                I’ve had the same experience running Maddy on Hetzner.

                1. 1

                  Considering how much of my life depends on a working email address and seeing all the horror stories of Gmail blocking accounts apparently for no good reason and with limited ability to appeal, I’m seriously considering hosting email myself too.

                  Could you elaborate what were steps you needed to do for outgoing messages not to end up in the receiver’s spam folder?

                  1. 2

                    It mostly came down to properly setting up the DNS records for authentication. The Arch Wiki page for setting up a mail server is a very useful resource for this. For the most part, setting things up was just trial and error, troubleshooting until things worked. In my experience, hosting email actually isn’t that difficult. It’s definitely not easy, but if you know what you’re doing, it’s definitely doable, and it’s far from the hardest thing I’ve hosted in the past. Of course, this is just my experience, and obviously others have had experiences that differ a lot from mine, so definitely do your research before committing. Especially if you’re extremely dependent on having a working email address, it may be safer to either keep your current email, or just migrate it to a service other than Gmail if you feel uncomfortable with them.

                    One other thing to note is that if you’re using a VPS, make sure your VPS provider actually allows you to self host email. Many VPS providers block crucial ports such as port 25. The process for getting these port(s) unblocked for your server differs from host to host; some don’t let you unblock it at all, for others you just have to open a support ticket and request it.

                    1. 2

                      Using some form of domain authentication is crucial. https://explained-from-first-principles.com/email/#domain-authentication