this post was submitted on 25 Nov 2023
2 points (100.0% liked)
Homelab
371 readers
9 users here now
Rules
- Be Civil.
- Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
- No memes or potato images.
- We love detailed homelab builds, especially network diagrams!
- Report any posts that you feel should be brought to our attention.
- Please no shitposting or blogspam.
- No Referral Linking.
- Keep piracy discussion off of this community
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I've run my own mailserver for about 20 years. I don't know if I'd recommend others do the same, but I wouldn't recommend against it either.
Once it's up and running, it's surprisingly low-friction. I have a VPS with a provider I trust, and it's running nothing else. Other than keeping everything updated, it requires very little ongoing maintenance. Mostly making sure you keep up with dmarc, TLS, etc best practices before the big providers call them requirements, instead of after.
I think the real difficulty is starting fresh, greenfield. Not only can one misconfiguration ruin your day, but if it's an issue that other providers notice, the smell hangs around for a long time. Most the big providers (gmail, microsoft, yahoo) will do absolutely nothing to work with you, so if they take a dislike to you - well you're screwed. There's no way to get in touch with them, no way to ask them to look again, etc. The juggernauts will usually give the impression they don't actually have anyone working for them at all.
You'll also learn a lot more about DNS. Whether you like it or not :)
Things that aren't so fun .. OS updates are always the terrifying one. My provider is really good about letting you spin up a new instance while keeping the old one around for a month so you can switchover when you're ready. I use that for most things - but for my mailserver, I don't want to because I don't want a new IP. I like that it's my ball and I can pick it up and go play somewhere else if I want, but the amount of reputation that the big providers pin to IP, makes this a lot more difficult than it sounds.
The other fun sticking point is monitoring. I get emails if my mailserver (or DNS) go down .. but because my mailserver is down, I don't receive them until it's back. That's not ideal, but I never seem to get around to doing anything about it. (because when it's working, I want to leave it alone. When it's not working, it's too late.)
I think the main thing to keep in mind is that it's difficult to "lab" outbound mail. There's very little "just trying something", very little experimentation, etc. Getting things wrong has too many long-term effects. You wanted to try a new MTA and now Google think you're a spammer? Putting the old one back does not fix your reputation. Putting the old config back does not fix your reputation. Doesn't matter how much you clean, that smell is going to take a long time to go away.
+1 to this.
I find in the IT field that people who run their own mailservers are significantly better engineers than those who do not.
What does a provider make trustworthy for you?
A provider that isn’t on the ball about managing outbound spam will quickly find their IPs (if not the whole prefix) blocked. If someone runs a spambot from a VPS, and then you get the recycled IPv4 address when the instance is removed, what’s to tell Microsoft you’re not also a spammer?
I work for a cloud provider, and even if I wanted to, I could not check for outgoing spam, other than reacting to the NOC mails.
Most mail server use transport encryption, which I can absolutly not inspect.
I never said anything about monitoring outbound SMTP traffic.
The more realistic mitigations are e.g. periodic scanning for open relays, actually handling abuse email reports, RBL checking
I’ve been an admin for a couple of different companies that sent statements to customers. Keeping our legit email systems off spam lists was a daily challenge.
That's a lot more difficult to put into words than I thought it'd be.
I think the big thing is that they're not in the race to the bottom. Their customers choose them for their level of services, not because they were the cheapest host in a list. So spammers don't want to use them because they're not the cheapest, and they don't want to host spammers because that ruins their value proposition to their regular customers.
What else .. small enough that they're not faceless. and I'm not nobody to them either. They've been at this at least as long as I have, so it doesn't feel like they're going to disappear tomorrow. And they're fairly active with their community through a good old-fashioned mailing list. Which also helps to get to know them and what level they're working on. It's nice knowing that when I mail them, I don't get through to an AI, or an L1 on a script, I'm gonna get Andy.
It's a tough one though, because trust is earnt, not researched. But I do prioritise putting a mailserver on a provider that keeps a clean house - because you don't want to find yourself getting blocked because your neighbours misbehave.
tl;dr; everything AWS ain't.
That's a nice writeup. Especially the mailing list part struck with me.
So which provider is it.
I've gone through a lot of providers in the last decade. Currently everything sits in the DC of my current employee, but I feel like a freeloader, which I am clearly am.