Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    email hosting

    Off-Topic & Non-Support Discussion
    6
    31
    328
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jwj
      jwj last edited by jwj

      Over the last few years I have hosted my email with my domain registrar (Gandi), a semi-self hosted solution (The Helm) and Google GSuite.

      With Gandi I had deliverability issues.
      The Helm was a disaster, deliverability and stability issues.
      Google works fine, no issues. But it IS Google...

      So, looking for a new home for our three domains. Rackspace? Something like that? I can/do/will setup DNS records like DKIM to support deliverability. I don't care about other features like an office suite or calendar/contacts. Web mail is nice but not critical. Just really good email hosting.

      Deliverability needs to be good/perfect. Would like a host that doesn't depend on monetizing surveillance data.

      Any ideas? Thanks!

      bingo600 Gertjan 2 Replies Last reply Reply Quote 0
      • bingo600
        bingo600 @jwj last edited by

        @jwj
        I'm running my own mailserver, and when it's working it is super nice. When the sysdisk says "goodbye" it's less of a success.

        If i had to do a new setup i'd use a VM , with NFS attached maildirs. Then i would be up in no time. And could clone/backup/restore the mailserver easily , and could do the mail (NFS) backup separately.

        I can't help with a good mail host , but make sure you get IMAP access , as pop3 and multi clients gets annoying. Since the same mail is unread on all pop3 machines.

        /Bingo

        1 Reply Last reply Reply Quote 0
        • jwj
          jwj last edited by

          Thanks @bingo600 .

          It's annoying that email is still so central. I don't use it to talk to anyone important (that's what signal is for), but it's needed for almost everything. Banking - Yes, Utilities - Yes, Buy things online - Yes. Communicate with doctors - Yes. Hunt for a job - Yes.

          It's required as an identity and it's the worst thing I can think of to use as identity. I'm beginning to think I should just drop the vanity domain names, use icloud or whatnot and get over it...

          bingo600 1 Reply Last reply Reply Quote 0
          • bingo600
            bingo600 @jwj last edited by

            @jwj said in email hosting:

            I'm beginning to think I should just drop the vanity domain names, use icloud or whatnot and get over it...

            Naah ...
            If you're a Signal user ๐Ÿ‘ , you know better than to put anything sensitive on a Cloud.

            TLDR - Brainstorming

            I have been thinking of a mailhack i once saw used.
            Making a "remote mail buffer server" that delivers to your local server. I just cant figure out if it really is neat , or just more complicated.

            Use a hosted mail server for your domains with a MX record of 20 , then make your local mail server , hosting the same domains with a MX record of 10.

            The hack is : On your local mailserver you will only allow smtp from the remote mail server.

            That way everyone will try your local mailserver and fail.
            Then they will deliver it to your remote mailserver, but your remote mailserver knows that it's MX 20 , and there is a MX 10.
            Now the remote mailserver will deliver to your local mailserver , and you get mail at local wire speed.

            If your local mailserver dies , the mails will just be buffering up at the remote, nothing lost.

            But then why not just let your local mailserver be open too , and let that be first try.

            This hack was made for having a central mailserver where Virus Scanning was made before the mail got released to the final servers.

            Now that i have explained it in words.
            It doesn't seem that smart , not to let it try your local MX10 as first , and just keep the MX20 as backup / buffer server.

            Well thanx for "clearing that up for me" ๐Ÿ˜Š

            1 Reply Last reply Reply Quote 0
            • jwj
              jwj last edited by

              For sure self hosting is enormously appealing. Problem is even if your on no ones blacklist your also not on the whitelist that major email providers appear to use. Result is, you end up in the spam mailbox. For those times you do need to send someone you don't have an existing relationship with an email, they just don't see it, and you have no way to nudge them to look in the spam folder for your message.

              Yeah, I have a general reluctance to dumping a bunch of stuff in the cloud. I'm also reluctant to open up a bunch of ports on my network and then defend them to self-host shared calendars, contact lists, smtp, etc. The Helm was/is a great idea to get around these issues. You get a AWS instance that does nothing but forward traffic from your public AWS IP to a host in your network via a vpn. You can do all that yourself but it was worth it, $99/year, to let them set it all up. Again, the issue is that public AWS IP isn't on anyone's white list. You're spam every time...

              I would love to be able to send a document to my lawyer via signal. Same for my investment advisor. That's not going to happen anytime soon. :(

              kiokoman bingo600 2 Replies Last reply Reply Quote 0
              • kiokoman
                kiokoman LAYER 8 @jwj last edited by kiokoman

                @jwj
                bind9 for dns+postfix+dovecot+owncloud+collabora i can't ask for more for personal use for my domains
                if you want something easy to manage there is webgui like ispconfig

                jwj 1 Reply Last reply Reply Quote 0
                • jwj
                  jwj @kiokoman last edited by

                  @kiokoman I do like that idea. I've had a look at, more or less, exactly the pieces you mention. Problem is my dynamic ip from Spectrum is sh*t by definition...

                  bingo600 1 Reply Last reply Reply Quote 0
                  • bingo600
                    bingo600 @jwj last edited by

                    @jwj said in email hosting:

                    Again, the issue is that public AWS IP isn't on anyone's white list. You're spam every time...

                    That is somewhat true ...

                    I have that issue with TrendMicro's mailprotection system.
                    Even though i have a static ip , it's "carved out of" a Dynamic range that my ISP is announcing.

                    And I have contacted them several times to explain that i'm not on any RBL's besides theirs (All clear w. spamhous etc..)

                    They always answer - Get your ISP to announce your ip as non dynamic. Like that's ever going to happen ๐Ÿ‘Ž

                    The wife has to use Gmail to send work related mails.
                    So i can relate to that issue.

                    That is my only "dark hole" atm.

                    I even think i can e-mail gmx.de addresses now , used to be a challenge too.

                    /Bingo

                    1 Reply Last reply Reply Quote 0
                    • jwj
                      jwj last edited by

                      It's been a minute since I went down this road but a year or so ago just not being on spamhaus or proofpoint wasn't enough. So many professional offices (doctors/schools/etc) use packaged solutions that have, as best I can tell, whitelists for spam filtering. If you're not coming from a well known block of IP's you're toast.

                      1 Reply Last reply Reply Quote 0
                      • bingo600
                        bingo600 @jwj last edited by bingo600

                        @jwj said in email hosting:

                        Problem is my dynamic ip from Spectrum is sh*t by definition...

                        You do know you can request your ip to be removed from the Spamhaus PBL , even if it's "announced by isp as dynamic ?

                        That solved like 95% of my issues

                        Ahh . too late , you answered that

                        jwj 1 Reply Last reply Reply Quote 1
                        • jwj
                          jwj @bingo600 last edited by

                          @bingo600 Thanks brother :)

                          I do think in the end I will go back to some form of self-hosting. All on my own or some service like the Helm that will deal with all of setup for a fee...

                          1 Reply Last reply Reply Quote 1
                          • bingo600
                            bingo600 last edited by bingo600

                            So what is needed is a "Legal" smarthost mail forwarder , to route/relay your outbound mail through.

                            And setup TLS ๐Ÿ‘ฎ

                            jwj 1 Reply Last reply Reply Quote 0
                            • jwj
                              jwj @bingo600 last edited by jwj

                              @bingo600 That's what these guy s do:

                              https://www.thehelm.com/

                              They just need to get a block of IP's that are seen as blessed like google or micro$oft's servers.

                              Better yet all these other services (bank!) could stop using email as a way to identify me. Then I wouldn't need email at all except for some edge cases.

                              bingo600 1 Reply Last reply Reply Quote 0
                              • bingo600
                                bingo600 @jwj last edited by

                                @jwj

                                So they sell you a HW box and a $99 subscription ?
                                And you'll get a VPN w. an exit ip via their system ?

                                jwj 1 Reply Last reply Reply Quote 0
                                • jwj
                                  jwj @bingo600 last edited by jwj

                                  @bingo600 Yeah. Although I think the VPN is vaporware atm. You get email, carddav, caldav and nextcloud. I nice app (connects to your box via bluetooth) to admin the whole thing...

                                  bingo600 kiokoman 2 Replies Last reply Reply Quote 0
                                  • bingo600
                                    bingo600 @jwj last edited by

                                    @jwj

                                    Hmmm ... Not happy users
                                    https://community.thehelm.com/t/email-security-in-individual-email-accounts/246

                                    Are they just using Gmail ?
                                    https://community.thehelm.com/t/gmail-outage-ongoing/279

                                    jwj 1 Reply Last reply Reply Quote 0
                                    • jwj
                                      jwj @bingo600 last edited by jwj

                                      @bingo600 The company has become something of a dumpster fire. People paid for devices over a year ago and have yet to receive anything.

                                      Their community is a dumpster fire on top of a train wreck driven by idiots. Typical Helm users have brain damage from tin foil hats that are way too tight.

                                      That thread is really about how people thought the bounced emails because of gmails meltdown were Helms problem not googles.

                                      My opinion is the Helm is a good idea executed poorly. Too bad really...

                                      On the other hand there is nothing they do you couldn't do yourself with the some persistence and the right skills.

                                      1 Reply Last reply Reply Quote 0
                                      • kiokoman
                                        kiokoman LAYER 8 @jwj last edited by

                                        @jwj
                                        without a static ip you are screwed
                                        i myself have searched all available isp on my country that could give me what i want, static ip was a must, do you have no alternative?

                                        jwj 1 Reply Last reply Reply Quote 0
                                        • jwj
                                          jwj @kiokoman last edited by

                                          @kiokoman Not at the moment. Spectrum or AT&T. I'm moving later this year. I'll have a number of choices in the new place (NYC) including a community service that gives 1G symmetric service with static ipv4 and a static /48 prefix. I'm on the edge of my seat waiting for that :)

                                          1 Reply Last reply Reply Quote 0
                                          • jwj
                                            jwj last edited by jwj

                                            As a follow on to this line of thinking.

                                            If you self host things not email. Calendars, Contacts, File Sync/Sharing and the like do you open ports or keep it local and only accessible via VPN when not at home?

                                            bingo600 1 Reply Last reply Reply Quote 0
                                            • M
                                              mhab12 last edited by

                                              I just migrated my gmail box to Proton Mail. So far so good. Good security. App works fine, web interface is better. Using a custom domain so don't expect to run into issues with sites not accepting protonmail.com or pm.me addresses. Not sure if you can get by with their free offering but PM might be an easy fix. Tutanota seems to be the other option in the same high security/privacy focused category.

                                              1 Reply Last reply Reply Quote 1
                                              • bingo600
                                                bingo600 @jwj last edited by bingo600

                                                @jwj said in email hosting:

                                                As a follow on to this line of thinking.

                                                If you self host things not email. Calendars, Contacts, File Sync/Sharing and the like do you open ports or keep it local and only accessible via VPN when not at home?

                                                I'm not exposing to public.
                                                All has to be done via OpenVPN

                                                It can't be hard to connect , the wifey can do it wo. nagging. ๐Ÿ˜Š

                                                Btw: I have a friend that is happy w. proton mail too.

                                                jwj 1 Reply Last reply Reply Quote 1
                                                • jwj
                                                  jwj @bingo600 last edited by

                                                  @bingo600 Thanks! I appreciate the advice.

                                                  1 Reply Last reply Reply Quote 0
                                                  • Gertjan
                                                    Gertjan @jwj last edited by Gertjan

                                                    @jwj said in email hosting:

                                                    Just really good email hosting.

                                                    Gandi, Google, whatever, forget about them. Go for the real thing, as it is free, used by everybody, and it delivers.

                                                    Take your own dedicated server / VPS. Install postfix, add 'courier' or 'dovecot' for POPS and IMAPS support. postfix handles already SMTPS. Add your domains, add known certificates (LE comes in handy here).

                                                    Add, for example, roundcube, for webmail access.

                                                    Forget about GUI ways to handle postfix. Get to know the two files : main.cf and master.cf and your good. postfix is the most documented program on the Internet.
                                                    Add some SPF, DKIM and DMARC facilities. Take care of your reverse and your good.

                                                    Control incoming mail, control outgoing mail ( ! ), be patient and gmail, hotmail, etc etc (all of them) will accept your mails just fine.

                                                    I switched to that "all myself" mail solution for several domain names a decade ago, and I never regretted it.

                                                    True, it's not a free solution. The servers has to be rented, as the domain names.

                                                    Hosting you own setup means you can try whatever you want : spam detection is an art.

                                                    iPhones, Android devices, Office 365, Thunderbird, other mail clients, my setup works with everything.

                                                    1 Reply Last reply Reply Quote 0
                                                    • bingo600
                                                      bingo600 last edited by bingo600

                                                      I'm still on sendmail ๐Ÿ˜Š
                                                      Never failed me.
                                                      But i still think Stallman was on mushrooms when writing the macro language.

                                                      Sendmail + dovecot + clamav & "spamhaus checks via sendmail"

                                                      Edit:
                                                      But i think i'd go w. GertJan's suggestion, if i had to start from scratch.

                                                      Or if feeling brave & dockerized ... : https://mailcow.email/

                                                      /Bingo

                                                      1 Reply Last reply Reply Quote 0
                                                      • jwj
                                                        jwj last edited by

                                                        Thanks for all the info. I'm a ways away from being able to fully self host email, dynamic IP... Proton mail may be an interim solution.

                                                        I'll take on some lower hanging fruit and revisit self hosted email when it becomes a viable option. One step at a time, reducing the footprint of data scattered on various services. I do this knowing that the privacy issues must be viewed in a larger context. Worrying about where my Amazon emailed receipts live while ignoring the location beacon (Mobile Phone) in my pocket is to miss the point. Not to mention credit cards and facial recognition...

                                                        Removing vendor lock-in is just as appealing as any other aspect of this... Signal was nice step in this direction, removing the dependency on Apple's FaceTime and Messages.

                                                        DaddyGo Gertjan 2 Replies Last reply Reply Quote 0
                                                        • DaddyGo
                                                          DaddyGo @jwj last edited by

                                                          @jwj said in email hosting:

                                                          Proton mail may be an interim solution.

                                                          Hi,

                                                          If youโ€™re in Europe and youโ€™ve already switched to Signal โœ‹ , you might also appreciate this if you pay a little for it.
                                                          https://tutanota.com

                                                          It has long been reliable and usable.๐Ÿ˜‰

                                                          jwj 1 Reply Last reply Reply Quote 1
                                                          • jwj
                                                            jwj @DaddyGo last edited by

                                                            @daddygo Thank you. Paying is fine. Free is often the problem, yeah? It's never really free....

                                                            DaddyGo 1 Reply Last reply Reply Quote 0
                                                            • Gertjan
                                                              Gertjan @jwj last edited by

                                                              @jwj said in email hosting:

                                                              self host email, dynamic IP.

                                                              Self hosting a mail solution : not behind a ISP/SOHO type Internet connection, if your not sure your connection is up 99,99 % of the time. Or been repaired 'fast' if down. The real home show stopper is : ISP IP ranges are very known, and on 'no mail server activity accepted from from them' lists by most big public mail services.
                                                              As said above : a small VPS or dedicated server, with one or more static type IP's(4/6)will do just fine.

                                                              jwj 1 Reply Last reply Reply Quote 0
                                                              • DaddyGo
                                                                DaddyGo @jwj last edited by

                                                                @jwj said in email hosting:

                                                                Free is often the problem, yeah?

                                                                You're absolutely right ๐Ÿ˜‰ , let's see....

                                                                https://mxtoolbox.com/Public/UpgradeV2.aspx?feature=no-feature-selected&source=pricing

                                                                1 Reply Last reply Reply Quote 0
                                                                • jwj
                                                                  jwj @Gertjan last edited by

                                                                  @gertjan Agreed. However, an email outage is not as tragic as it once would have been. I, and I suspect many others, don't see email as critical communications. It's the use of an email address as identity that is troubling. I regularly go days or weeks without sending an email. I do use email addresses multiple times everyday to logon to various services. 2FA is a band-aid at best, security theater most of the time.

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • First post
                                                                    Last post

                                                                  Products

                                                                  • Platform Overview
                                                                  • TNSR
                                                                  • pfSense
                                                                  • Appliances

                                                                  Services

                                                                  • Training
                                                                  • Professional Services

                                                                  Support

                                                                  • Subscription Plans
                                                                  • Contact Support
                                                                  • Product Lifecycle
                                                                  • Documentation

                                                                  News

                                                                  • Media Coverage
                                                                  • Press
                                                                  • Events

                                                                  Resources

                                                                  • Blog
                                                                  • FAQ
                                                                  • Find a Partner
                                                                  • Resource Library
                                                                  • Security Information

                                                                  Company

                                                                  • About Us
                                                                  • Careers
                                                                  • Partners
                                                                  • Contact Us
                                                                  • Legal
                                                                  Our Mission

                                                                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                                                  Subscribe to our Newsletter

                                                                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                                                  © 2021 Rubicon Communications, LLC | Privacy Policy