1. 21
  1.  

  2. 19

    Half a GB of memory is tight for a mail-server now? Postfix is terribly confusing? Running your own mail-server is probably a terrible idea?

    Boy, I am getting old.

    I used to run sendmail on a machine at home with <8 MB of RAM, and I didn’t have an internet connection, so I stored the emails on a floppy disk, which I took by bike to the university to send them, and to fetch any new incoming emails.

    All the SPF, DKIM, DMARC, TLS certificates and spam-prevention is much more complicated these days, admittedly.

    Congratulations on getting it up and running, though.

    1. 6

      Half a GB of memory is tight for a mail-server now?

      …used to run sendmail on a machine at home with <8 MB of RAM

      I don’t think it’s fair to compare sendmail, which is extremely basic, to some of currently mail server, uh, suites with spam filtering, web UIs for config/maintaining (which some people like, I couldn’t care less), etc. Some even provide a webmail interface! I think you lose some system resources in the abstraction necessary to lower the bar for setup/running these things. Not everyone has the patience/know-how/time to configure dozens of tools individually to accomplish all of this.

      Running your own mail-server is probably a terrible idea?

      Nowadays you’ll find your mails being rejected or silently stuffed into recipients’ “spam” folders by google because they don’t recognize your domain(1), and you’ll lose data (incoming mail) when your mail server goes down for (insert unforeseen reason here) and you are on vacation and cannot fix it. It’s not your grandpa’s email anymore.

      1. I still have this problem with my current mail provider mailbox.org, who has been providing email service since 2014. If google still cannot get the hint that they are legit, then there’s little hope for folks using custom domains.
      1. 7

        I’ve been running my own email server since 1998 (and with the current IP address for over a decade now) and I’ve never had an issue of it going down while on vacation. If you are that concerned (and you don’t check email at all on vacation) then spring for a back-up MX service (just be aware that spammers will target the backup MX in the hopes of slipping past spam detection).

        1. 5

          Google silently dropping messages from domains with DKIM/DMARC/etc. setup correctly is a problem of Google, and probably even an anti-competitive tactic. I don’t have that problem often, but when I do, it’s invariably Gmail that does it.

          As of data loss, correctly implemented SMTP servers must retry sending a message at increasing intervals, up to about a week. Most actually do. I haven’t seen Postfix crash in my life, even in very busy setups though, so I never got to verify how far it stretches in practice.

          1. 2

            Regarding resources: One has to bear in mind that it is a personal system. Spam filtering, web UI (does that mean webmail?), etc. would not be under heavy load. I think this is quite reasonable.

            Also regarding ending up in spam. I think that’s mostly a myth. Yes, it’s true if you really only send mail without SPF, DKIM, make sure your PTR is set correctly, etc. If you do this as a one-time setup you’re fine.

            Regarding mailserver going down: First of all this is very, very rare. More rare than in cases of many other protocols. Simply because it’s old and unless you constantly change stuff you will end up with something stable fairly quickly. This is by the way a reason why you might not want to use “new” stuff like docker.

            Other than that, emails don’t really get lost other than for storage reasons usually. Again, unlike with other protocols delivery is retried and mails might be returned.

            I think one has to differentiate between personal email and running a small mail provider, sending out newsletters, etc. Sending the same email to many gmail recipients for example is a lot more likely to trigger something than an individual mail. Also if emails do in fact get rejected you will learn about this. So if you want to be absolutely secure, have a fallback.

            While it’s of course a service and it’s not exactly zero maintenance, email tends to be by far the easiest thing to maintain once initially set up. Of course, that’s given you don’t try to be super smart and of course only if you have a basic understanding on what you are doing. If you use your OS for the first time the story is different of course.

          2. 3

            Boy, I am getting old.

            Either that, or I’m just new. :)
            Thanks anyway!

          3. 7

            Nice! I run OpenSMTPD and Exim on OpenBSD and they are very comfortable on a 500mb ram vps. Welcome to the self-hosted email club!

            1. 6

              Running your own mail server (and a basic website), is an exceptionally great idea. Running yunohost. I am using 379MB out of 1.2 GB available.

              Yunohost is Debian 9 based self-hosting ‘cloud in a box’ that offers email, personal site server, and many other programs that allow one to manage his/her web presence.

              It is free, but please donate.

              It includes the mail-in-box app, that the author has tried. Besides the mail server, I am running a few other small programs, and it allows me to install my own web apps, to be serviced by its preconfigured NGINX (and it also gets automagically TLS certificates from let’s encrypt!)

              It also allows to service multiple domains in one instance (and it manages TLS certs, and user accoutns for each site independently). So I can point say 3 different domains into one YunoHost.

              I also went through an update process with Yunohost and, it worked fine, just clicked a button on UI to do the update of the underlying platform, then the installed plugin apps.

              I am using cheapest 5$ instance offered by prmgr hosting service. https://billing.prgmr.com/index.php/order/main/packages/xen/?group_id=10 Similar in capacity to the vps that the author was looking at.

              PRGMR also donates its hosting to lobste.rs (from what I read). Which made, at least, my choice for VPS easier. My instance has been very stable and the IP addresses are not blacklisted by spam protection software, so my emails go with no problems to outlook and other email hosts.

              I am not sure why author of the article did not look at Yunohost as whole package, and instead tried to install individual programs…

              1. 5

                I have exhausted this topic while playing around self-hosted email server. lol https://github.com/0xboz/digitalocean_email_server

                1. 1

                  I think I went on with the “HARD WAY” haha…

                2. 4

                  Definitely not a terrible idea. I made the switch about six months ago and it has been surprisingly bulletproof. And when you do everything through Evolution or K-9 Mail anyway the UI differences are irrelevant.

                  It’s weird to read all these guides with docker setups and whatever else though. Postfix has perfectly good setup docs with lots of examples, and for <100 users I don’t see much downside to just some simple vhosts rather than a full LDAP setup or whatever. For simple things Docker just puts another layer between you and getting things done. That said, performance-wise, the only things in that dockerfile though that might have issues fitting in 512 MB of RAM are clamav and spamassassin… both of which are goldfish capable of growing to the limits of their environments, in my (limited) experience.

                  1. 3

                    I’m happily using simple-nixos-mailserver: https://gitlab.com/simple-nixos-mailserver/nixos-mailserver

                    1. 1

                      This looks interesting. I have been looking for an excuse to play with nixos, I may give this a shot for some non-critical mail server I would like to have.

                      1. 1

                        I love it and think it’s a fantastic example of a NixOS module.

                    2. 3

                      Privacy:

                      When you host your own mailserver, you truly own your email without having to rely on any third-party.

                      Yeah, not really.

                      • If you send email to someone with a Gmail address, then Google reads the email.
                      • If someone send you an email from a Gmail address, Google reads the email.

                      Only in a scenario where both parties own their infrastructure do you get the privacy gain the author assumes. Even then, you have to trust that the third party has good intentions and sound security practices.

                      I think the best approach to (unencrypted) email is to assume that anyone can read it.

                      1. 1

                        I still relay outgoing mail through Google (most of which is to public mailing lists or GMail accounts anyway), but I set up a receive‐only mail server last month, and now Google no longer has access to my sales receipts, my utility bills, my flight itineraries, nor knows all the mailing lists I subscribe to. That’s a big win in my book, even if email is ultimately unsecurable.

                      2. 3

                        Good for you. The memory requirements for those wrapped products seem exceptionally high. I think you could comfortable run a mail server on the lowest tier EC2 machine or equivalent. Like other comments I’ve been doing my own for a while too, initially on a P200 with 32M RAM, although I wasn’t using modern spam filtering back then (just spamassassin iirc). My present exim instance is using 54212 KiB virt, 2280 KiB resident RAM right now.

                        To pick up on one other point

                        No really, this is the best choice for truly private email. Not ProtonMail, not Tutanota. Sure, they claim so and I don’t dispute it. Quoting Drew Devault,

                        Truly secure systems do not require you to trust the service provider.

                        All you’ve done is push who you are trusting to further down the stack, to the VPS level. Your email server and email are on a virtual storage device being provided by a commercial business. What trust do you have that they aren’t snooping on the bits? Do you know where those bits are actually located? Do you know where they are replicated to, or backed up to? When a RAID disk with some of your data on it is pulled and replaced, do you know where the dead drive is going? Did they wipe it? Did they RMA it without wiping it? Are they using encryption at any layer of their service? Are you? What about their backup scheme? Are your emails on an LTO tape somewhere?

                        An anecdote from my adventures with VPS providers. I have moved through a few providers over the last 15 years. About 5 years after moving from my last host to my current one, I started receiving cron mails from my old server. The old VPS provider had not scrubbed my old VM when I stopped my account, and after performing a system migration or some other kind of maintenance, my old VM got booted up again. I wasn’t paying them, but there it was, in the state I had left it in when I switched it off. I was still able to log into it, so I made sure to scrub the bits as best I could myself that time.

                        1. 2

                          All you’ve done is push who you are trusting to further down the stack, to the VPS level …

                          You’re right. But as I’d also mentioned in the article, it boils down to your threat model. I personally feel this is as far as I would go. Of course, a homelab setup would be ideal, but that’s not something I can achieve at the moment – so settling for a VPS is the next best thing.

                          An anecdote from my adventures with VPS providers …

                          This is very interesting, thanks for sharing. I never once thought something like this would/could occur. Something I’ll have to keep in mind.

                          1. 1

                            I’m running mailcow in a test setup. 1 GB of 2GB used (subtract ~150 MB for one other container), idle - but I don’t think it will go up a lot under load, it’s mostly that there just are quite a few containers/daemons running.

                            Depending what you view as “mailserver”. My prod mailserver (postfix, dovecot, spamassassin, apache+postfixadmin+postgres) uses only ~180MB, but it’s not a full-featured suite. Maybe if you strip off the calendar stuff mailcow would be able to run in 512 MB

                            1. 1

                              Depending what you view as “mailserver”

                              Indeed. I’d personally consider calendaring out of scope bit it seems this isn’t universal.

                            2. 1

                              Well, at some point you have to decide on the best cost compromise between

                              1. Spending the time setting everything up just right, perfectly secure and well-maintained
                              2. Caring about whether some emails get lost in the void without you knowing (GMail and Outlook are known to do that)
                              3. Privacy (or cost resulting from lack thereof)

                              So, you have to weigh many possible scenarios against one another. E.g. what is the cost of GMail reading your mails vs. opportunity costs of lost emails that are sent by your private mail server. I suppose, for the vast majority of people, the worst realistically possible damage by GMail reading your mails is less than the cost of learning how to run your own mail infra properly.

                              I’m not debating whether it’s a good learning exercise. Setting up your own infra with LDAP and everything is a great learning exercise.

                            3. -8

                              this is bad advice.

                              1. 2

                                Why is it bad advice?