email hosting

Over the last few years I have hosted my email with my domain registrar (Gandi), a semi-self hosted solution (The Helm) and Google GSuite.

With Gandi I had deliverability issues.
The Helm was a disaster, deliverability and stability issues.
Google works fine, no issues. But it IS Google...

So, looking for a new home for our three domains. Rackspace? Something like that? I can/do/will setup DNS records like DKIM to support deliverability. I don't care about other features like an office suite or calendar/contacts. Web mail is nice but not critical. Just really good email hosting.

Deliverability needs to be good/perfect. Would like a host that doesn't depend on monetizing surveillance data.

Any ideas? Thanks!

bingo600

@jwj
I'm running my own mailserver, and when it's working it is super nice. When the sysdisk says "goodbye" it's less of a success.

If i had to do a new setup i'd use a VM , with NFS attached maildirs. Then i would be up in no time. And could clone/backup/restore the mailserver easily , and could do the mail (NFS) backup separately.

I can't help with a good mail host , but make sure you get IMAP access , as pop3 and multi clients gets annoying. Since the same mail is unread on all pop3 machines.

/Bingo

Thanks @bingo600 .

It's annoying that email is still so central. I don't use it to talk to anyone important (that's what signal is for), but it's needed for almost everything. Banking - Yes, Utilities - Yes, Buy things online - Yes. Communicate with doctors - Yes. Hunt for a job - Yes.

It's required as an identity and it's the worst thing I can think of to use as identity. I'm beginning to think I should just drop the vanity domain names, use icloud or whatnot and get over it...

bingo600

@jwj said in email hosting:

I'm beginning to think I should just drop the vanity domain names, use icloud or whatnot and get over it...

Naah ...
If you're a Signal user , you know better than to put anything sensitive on a Cloud.

TLDR - Brainstorming

I have been thinking of a mailhack i once saw used.
Making a "remote mail buffer server" that delivers to your local server. I just cant figure out if it really is neat , or just more complicated.

Use a hosted mail server for your domains with a MX record of 20 , then make your local mail server , hosting the same domains with a MX record of 10.

The hack is : On your local mailserver you will only allow smtp from the remote mail server.

That way everyone will try your local mailserver and fail.
Then they will deliver it to your remote mailserver, but your remote mailserver knows that it's MX 20 , and there is a MX 10.
Now the remote mailserver will deliver to your local mailserver , and you get mail at local wire speed.

If your local mailserver dies , the mails will just be buffering up at the remote, nothing lost.

But then why not just let your local mailserver be open too , and let that be first try.

This hack was made for having a central mailserver where Virus Scanning was made before the mail got released to the final servers.

Now that i have explained it in words.
It doesn't seem that smart , not to let it try your local MX10 as first , and just keep the MX20 as backup / buffer server.

Well thanx for "clearing that up for me"

For sure self hosting is enormously appealing. Problem is even if your on no ones blacklist your also not on the whitelist that major email providers appear to use. Result is, you end up in the spam mailbox. For those times you do need to send someone you don't have an existing relationship with an email, they just don't see it, and you have no way to nudge them to look in the spam folder for your message.

Yeah, I have a general reluctance to dumping a bunch of stuff in the cloud. I'm also reluctant to open up a bunch of ports on my network and then defend them to self-host shared calendars, contact lists, smtp, etc. The Helm was/is a great idea to get around these issues. You get a AWS instance that does nothing but forward traffic from your public AWS IP to a host in your network via a vpn. You can do all that yourself but it was worth it, $99/year, to let them set it all up. Again, the issue is that public AWS IP isn't on anyone's white list. You're spam every time...

I would love to be able to send a document to my lawyer via signal. Same for my investment advisor. That's not going to happen anytime soon. :(

kiokoman

@jwj
bind9 for dns+postfix+dovecot+owncloud+collabora i can't ask for more for personal use for my domains
if you want something easy to manage there is webgui like ispconfig

@kiokoman I do like that idea. I've had a look at, more or less, exactly the pieces you mention. Problem is my dynamic ip from Spectrum is sh*t by definition...

bingo600

@jwj said in email hosting:

Again, the issue is that public AWS IP isn't on anyone's white list. You're spam every time...

That is somewhat true ...

I have that issue with TrendMicro's mailprotection system.
Even though i have a static ip , it's "carved out of" a Dynamic range that my ISP is announcing.

And I have contacted them several times to explain that i'm not on any RBL's besides theirs (All clear w. spamhous etc..)

They always answer - Get your ISP to announce your ip as non dynamic. Like that's ever going to happen

The wife has to use Gmail to send work related mails.
So i can relate to that issue.

That is my only "dark hole" atm.

I even think i can e-mail gmx.de addresses now , used to be a challenge too.

/Bingo

It's been a minute since I went down this road but a year or so ago just not being on spamhaus or proofpoint wasn't enough. So many professional offices (doctors/schools/etc) use packaged solutions that have, as best I can tell, whitelists for spam filtering. If you're not coming from a well known block of IP's you're toast.

bingo600

@jwj said in email hosting:

Problem is my dynamic ip from Spectrum is sh*t by definition...

You do know you can request your ip to be removed from the Spamhaus PBL , even if it's "announced by isp as dynamic ?

That solved like 95% of my issues

Ahh . too late , you answered that

@bingo600 Thanks brother :)

I do think in the end I will go back to some form of self-hosting. All on my own or some service like the Helm that will deal with all of setup for a fee...

bingo600

So what is needed is a "Legal" smarthost mail forwarder , to route/relay your outbound mail through.

And setup TLS

@bingo600 That's what these guy s do:

https://www.thehelm.com/

They just need to get a block of IP's that are seen as blessed like google or micro$oft's servers.

Better yet all these other services (bank!) could stop using email as a way to identify me. Then I wouldn't need email at all except for some edge cases.

bingo600

@jwj

So they sell you a HW box and a $99 subscription ?
And you'll get a VPN w. an exit ip via their system ?

@bingo600 Yeah. Although I think the VPN is vaporware atm. You get email, carddav, caldav and nextcloud. I nice app (connects to your box via bluetooth) to admin the whole thing...

bingo600

@jwj

Hmmm ... Not happy users
https://community.thehelm.com/t/email-security-in-individual-email-accounts/246

Are they just using Gmail ?
https://community.thehelm.com/t/gmail-outage-ongoing/279

@bingo600 The company has become something of a dumpster fire. People paid for devices over a year ago and have yet to receive anything.

Their community is a dumpster fire on top of a train wreck driven by idiots. Typical Helm users have brain damage from tin foil hats that are way too tight.

That thread is really about how people thought the bounced emails because of gmails meltdown were Helms problem not googles.

My opinion is the Helm is a good idea executed poorly. Too bad really...

On the other hand there is nothing they do you couldn't do yourself with the some persistence and the right skills.

kiokoman

@jwj
without a static ip you are screwed
i myself have searched all available isp on my country that could give me what i want, static ip was a must, do you have no alternative?

@kiokoman Not at the moment. Spectrum or AT&T. I'm moving later this year. I'll have a number of choices in the new place (NYC) including a community service that gives 1G symmetric service with static ipv4 and a static /48 prefix. I'm on the edge of my seat waiting for that :)

As a follow on to this line of thinking.

If you self host things not email. Calendars, Contacts, File Sync/Sharing and the like do you open ports or keep it local and only accessible via VPN when not at home?