I just set up my first ever email server and I’m proud of myself! 😊 Do you have any advice to avoid common problems? I mean something beginners often do that they shouldn’t. Thanks!
I just set up my first ever email server and I’m proud of myself! 😊 Do you have any advice to avoid common problems? I mean something beginners often do that they shouldn’t. Thanks!
You’re in for a world of hurt. Email security is a pain in the ass. I used to do this full time and I’m so glad I don’t have to anymore.
Not trying to discourage you, it’s fun, it’s cool, but it can be a real PITA.
Well, that’s exactly what it sounds like :/
Don’t listen to him OP, running your own email server is not “a world of hurt”.
The initial configuration involves quite a few things (DNS records, DKIM, spam filters, …) But it’s definitely manageable. And when all this is setup, you don’t have to touch it anymore, it just works!
I’ve been doing it for years now, and I’m not going back ! Congratulations on doing it, and good luck on keeping it running!
Take it from someone who’s got over 15 years experience in the field… Or not. Your call :)
As someone who also has 15+ years of experience in the field and is currently infosec management, it’s not that bad. Certainly not something I’d say “you’re in for a world of hurt” about like somebody just bought a bad timeshare.
Especially if you’re not hosting production email for a company and you’re not leaving the server as an open relay, it isn’t very painful at all.
You could also be less condescending, but as you said: your call. :)
Wasn’t intending to come off condescending. IMO exposing your internal network to the internet without a proper firewall is a risk, one I wouldn’t take unless I had a DMZ and a dedicated VLAN.
In addition, you’d have to be on top of patch management. And when you do that, there’s a chance of something breaking too. My preference is not to have to muck around troubleshooting my own email server when a patch window goes bad since that’s what I deal with all day anyway. There will always be zero days, I’ll just pawn that off the the big boys.
All of that is inherent in self hosting anything publicly accessible. You wouldn’t start off a reply to someone setting up openvpn with “you’re in for a world of hurt,” would you?
I’ve also been doing that for ~10 years. It’s not the easiest service to run, but it’s definitely not the one I had the most issues with. I would agree that in the professional field, there isn’t much advantage to host it yourself, and I would advise going with hosted services in this case. But on a selfthosted community forum I see no reason to say such things to a new user trying it out, especially if they don’t plan to host other people mailboxes.
I’d say the difficulty depends mostly on the stack you decide to run. I’ve tried Microsoft Exchange, which is very complex, postfix which is okay once you get the hang of the config file syntax, and opensmtpd which is delightful to configure given its simplicity. Docker also helps tremendously compared to what was available 15 years ago.
Actually delivering emails into inbox is another difficult aspect, but now there are just so many good resources to learn from that you can easily figure out what to do.
I run my own email server, but I use an outbound relay. I mostly get the good parts of self-hosting (having full control over storage of my emails) without the annoying parts (dealing with server reputation for sending emails).
That’s true, but only initially. Once you get SPF/DKIM right, that you domain name grows a few years old (enough to be considered established) and that you nailed your configuration, there is no issue anymore. I’ve been running my own Postfix on a Pi in my home for about 5 years, and It Just Works ™. The only maintenance I do is updating the software (done when updating the rest of the OS), and I don’t get shadowbanned mails anymore, even when sending to outlook.com (which is. by far, the worst peer when self-hosting emails).
EDIT : by the way, fun fact : it seems not as related to IP reputation as it’s often said (well, unless the IP has bad reputation, of course). I changed my ISP late last year (thus changed my IP), I was very afraid I would lose my good reputation and have to start over with getting my mails shadowbanned, and… nothing happened. My mails just got delivered as usual. So I bet the domain name is at least as important as the IP.