email hosting

jwj

Over the last few years I have hosted my email with my domain registrar (Gandi), a semi-self hosted solution (The Helm) and Google GSuite.

With Gandi I had deliverability issues.
The Helm was a disaster, deliverability and stability issues.
Google works fine, no issues. But it IS Google...

So, looking for a new home for our three domains. Rackspace? Something like that? I can/do/will setup DNS records like DKIM to support deliverability. I don't care about other features like an office suite or calendar/contacts. Web mail is nice but not critical. Just really good email hosting.

Deliverability needs to be good/perfect. Would like a host that doesn't depend on monetizing surveillance data.

Any ideas? Thanks!

bingo600

@jwj
I'm running my own mailserver, and when it's working it is super nice. When the sysdisk says "goodbye" it's less of a success.

If i had to do a new setup i'd use a VM , with NFS attached maildirs. Then i would be up in no time. And could clone/backup/restore the mailserver easily , and could do the mail (NFS) backup separately.

I can't help with a good mail host , but make sure you get IMAP access , as pop3 and multi clients gets annoying. Since the same mail is unread on all pop3 machines.

/Bingo

jwj

Thanks @bingo600 .

It's annoying that email is still so central. I don't use it to talk to anyone important (that's what signal is for), but it's needed for almost everything. Banking - Yes, Utilities - Yes, Buy things online - Yes. Communicate with doctors - Yes. Hunt for a job - Yes.

It's required as an identity and it's the worst thing I can think of to use as identity. I'm beginning to think I should just drop the vanity domain names, use icloud or whatnot and get over it...

bingo600

@jwj said in email hosting:

I'm beginning to think I should just drop the vanity domain names, use icloud or whatnot and get over it...

Naah ...
If you're a Signal user , you know better than to put anything sensitive on a Cloud.

TLDR - Brainstorming

I have been thinking of a mailhack i once saw used.
Making a "remote mail buffer server" that delivers to your local server. I just cant figure out if it really is neat , or just more complicated.

Use a hosted mail server for your domains with a MX record of 20 , then make your local mail server , hosting the same domains with a MX record of 10.

The hack is : On your local mailserver you will only allow smtp from the remote mail server.

That way everyone will try your local mailserver and fail.
Then they will deliver it to your remote mailserver, but your remote mailserver knows that it's MX 20 , and there is a MX 10.
Now the remote mailserver will deliver to your local mailserver , and you get mail at local wire speed.

If your local mailserver dies , the mails will just be buffering up at the remote, nothing lost.

But then why not just let your local mailserver be open too , and let that be first try.

This hack was made for having a central mailserver where Virus Scanning was made before the mail got released to the final servers.

Now that i have explained it in words.
It doesn't seem that smart , not to let it try your local MX10 as first , and just keep the MX20 as backup / buffer server.

Well thanx for "clearing that up for me"

jwj

For sure self hosting is enormously appealing. Problem is even if your on no ones blacklist your also not on the whitelist that major email providers appear to use. Result is, you end up in the spam mailbox. For those times you do need to send someone you don't have an existing relationship with an email, they just don't see it, and you have no way to nudge them to look in the spam folder for your message.

Yeah, I have a general reluctance to dumping a bunch of stuff in the cloud. I'm also reluctant to open up a bunch of ports on my network and then defend them to self-host shared calendars, contact lists, smtp, etc. The Helm was/is a great idea to get around these issues. You get a AWS instance that does nothing but forward traffic from your public AWS IP to a host in your network via a vpn. You can do all that yourself but it was worth it, $99/year, to let them set it all up. Again, the issue is that public AWS IP isn't on anyone's white list. You're spam every time...

I would love to be able to send a document to my lawyer via signal. Same for my investment advisor. That's not going to happen anytime soon. :(

kiokoman

@jwj
bind9 for dns+postfix+dovecot+owncloud+collabora i can't ask for more for personal use for my domains
if you want something easy to manage there is webgui like ispconfig

jwj

@kiokoman I do like that idea. I've had a look at, more or less, exactly the pieces you mention. Problem is my dynamic ip from Spectrum is sh*t by definition...

bingo600

@jwj said in email hosting:

Again, the issue is that public AWS IP isn't on anyone's white list. You're spam every time...

That is somewhat true ...

I have that issue with TrendMicro's mailprotection system.
Even though i have a static ip , it's "carved out of" a Dynamic range that my ISP is announcing.

And I have contacted them several times to explain that i'm not on any RBL's besides theirs (All clear w. spamhous etc..)

They always answer - Get your ISP to announce your ip as non dynamic. Like that's ever going to happen

The wife has to use Gmail to send work related mails.
So i can relate to that issue.

That is my only "dark hole" atm.

I even think i can e-mail gmx.de addresses now , used to be a challenge too.

/Bingo

jwj

It's been a minute since I went down this road but a year or so ago just not being on spamhaus or proofpoint wasn't enough. So many professional offices (doctors/schools/etc) use packaged solutions that have, as best I can tell, whitelists for spam filtering. If you're not coming from a well known block of IP's you're toast.

bingo600

@jwj said in email hosting:

Problem is my dynamic ip from Spectrum is sh*t by definition...

You do know you can request your ip to be removed from the Spamhaus PBL , even if it's "announced by isp as dynamic ?

That solved like 95% of my issues

Ahh . too late , you answered that

jwj

@bingo600 Thanks brother :)

I do think in the end I will go back to some form of self-hosting. All on my own or some service like the Helm that will deal with all of setup for a fee...

bingo600

So what is needed is a "Legal" smarthost mail forwarder , to route/relay your outbound mail through.

And setup TLS

jwj

@bingo600 That's what these guy s do:

https://www.thehelm.com/

They just need to get a block of IP's that are seen as blessed like google or micro$oft's servers.

Better yet all these other services (bank!) could stop using email as a way to identify me. Then I wouldn't need email at all except for some edge cases.

bingo600

@jwj

So they sell you a HW box and a $99 subscription ?
And you'll get a VPN w. an exit ip via their system ?

jwj

@bingo600 Yeah. Although I think the VPN is vaporware atm. You get email, carddav, caldav and nextcloud. I nice app (connects to your box via bluetooth) to admin the whole thing...

bingo600

@jwj

Hmmm ... Not happy users
https://community.thehelm.com/t/email-security-in-individual-email-accounts/246

Are they just using Gmail ?
https://community.thehelm.com/t/gmail-outage-ongoing/279

jwj

@bingo600 The company has become something of a dumpster fire. People paid for devices over a year ago and have yet to receive anything.

Their community is a dumpster fire on top of a train wreck driven by idiots. Typical Helm users have brain damage from tin foil hats that are way too tight.

That thread is really about how people thought the bounced emails because of gmails meltdown were Helms problem not googles.

My opinion is the Helm is a good idea executed poorly. Too bad really...

On the other hand there is nothing they do you couldn't do yourself with the some persistence and the right skills.

kiokoman

@jwj
without a static ip you are screwed
i myself have searched all available isp on my country that could give me what i want, static ip was a must, do you have no alternative?

jwj

@kiokoman Not at the moment. Spectrum or AT&T. I'm moving later this year. I'll have a number of choices in the new place (NYC) including a community service that gives 1G symmetric service with static ipv4 and a static /48 prefix. I'm on the edge of my seat waiting for that :)

jwj

As a follow on to this line of thinking.

If you self host things not email. Calendars, Contacts, File Sync/Sharing and the like do you open ports or keep it local and only accessible via VPN when not at home?

mhab12

I just migrated my gmail box to Proton Mail. So far so good. Good security. App works fine, web interface is better. Using a custom domain so don't expect to run into issues with sites not accepting protonmail.com or pm.me addresses. Not sure if you can get by with their free offering but PM might be an easy fix. Tutanota seems to be the other option in the same high security/privacy focused category.

bingo600

@jwj said in email hosting:

As a follow on to this line of thinking.

If you self host things not email. Calendars, Contacts, File Sync/Sharing and the like do you open ports or keep it local and only accessible via VPN when not at home?

I'm not exposing to public.
All has to be done via OpenVPN

It can't be hard to connect , the wifey can do it wo. nagging.

Btw: I have a friend that is happy w. proton mail too.

jwj

@bingo600 Thanks! I appreciate the advice.

Gertjan

@jwj said in email hosting:

Just really good email hosting.

Gandi, Google, whatever, forget about them. Go for the real thing, as it is free, used by everybody, and it delivers.

Take your own dedicated server / VPS. Install postfix, add 'courier' or 'dovecot' for POPS and IMAPS support. postfix handles already SMTPS. Add your domains, add known certificates (LE comes in handy here).

Add, for example, roundcube, for webmail access.

Forget about GUI ways to handle postfix. Get to know the two files : main.cf and master.cf and your good. postfix is the most documented program on the Internet.
Add some SPF, DKIM and DMARC facilities. Take care of your reverse and your good.

Control incoming mail, control outgoing mail ( ! ), be patient and gmail, hotmail, etc etc (all of them) will accept your mails just fine.

I switched to that "all myself" mail solution for several domain names a decade ago, and I never regretted it.

True, it's not a free solution. The servers has to be rented, as the domain names.

Hosting you own setup means you can try whatever you want : spam detection is an art.

iPhones, Android devices, Office 365, Thunderbird, other mail clients, my setup works with everything.

bingo600

I'm still on sendmail
Never failed me.
But i still think Stallman was on mushrooms when writing the macro language.

Sendmail + dovecot + clamav & "spamhaus checks via sendmail"

Edit:
But i think i'd go w. GertJan's suggestion, if i had to start from scratch.

Or if feeling brave & dockerized ... : https://mailcow.email/

/Bingo

jwj

Thanks for all the info. I'm a ways away from being able to fully self host email, dynamic IP... Proton mail may be an interim solution.

I'll take on some lower hanging fruit and revisit self hosted email when it becomes a viable option. One step at a time, reducing the footprint of data scattered on various services. I do this knowing that the privacy issues must be viewed in a larger context. Worrying about where my Amazon emailed receipts live while ignoring the location beacon (Mobile Phone) in my pocket is to miss the point. Not to mention credit cards and facial recognition...

Removing vendor lock-in is just as appealing as any other aspect of this... Signal was nice step in this direction, removing the dependency on Apple's FaceTime and Messages.

DaddyGo

@jwj said in email hosting:

Proton mail may be an interim solution.

Hi,

If you’re in Europe and you’ve already switched to Signal , you might also appreciate this if you pay a little for it.
https://tutanota.com

It has long been reliable and usable.

jwj

@daddygo Thank you. Paying is fine. Free is often the problem, yeah? It's never really free....

Gertjan

@jwj said in email hosting:

self host email, dynamic IP.

Self hosting a mail solution : not behind a ISP/SOHO type Internet connection, if your not sure your connection is up 99,99 % of the time. Or been repaired 'fast' if down. The real home show stopper is : ISP IP ranges are very known, and on 'no mail server activity accepted from from them' lists by most big public mail services.
As said above : a small VPS or dedicated server, with one or more static type IP's(4/6)will do just fine.

DaddyGo

@jwj said in email hosting:

Free is often the problem, yeah?

You're absolutely right , let's see....

https://mxtoolbox.com/Public/UpgradeV2.aspx?feature=no-feature-selected&source=pricing

jwj

@gertjan Agreed. However, an email outage is not as tragic as it once would have been. I, and I suspect many others, don't see email as critical communications. It's the use of an email address as identity that is troubling. I regularly go days or weeks without sending an email. I do use email addresses multiple times everyday to logon to various services. 2FA is a band-aid at best, security theater most of the time.