Linked by Thom Holwerda on Mon 8th Aug 2016 20:08 UTC
Internet & Networking

Fast forward to July 15, 2016 (there’s that lab journal again…) when, after receiving an email from Google asking me to indicate how exactly I would like them to use my data to customise adverts around the web, and after thinking for a bit about what kind of machine learning tricks I would be able to pull on you with 12 years of your email, I decided that I really had to make alternative plans for my little email empire.

Somehow FastMail came up and in one of those impulsive LET'S WASTE SOME TIME manoeuvres, I pressed the big red MIGRATE button!

The rest of this post is my mini-review of the FastMail service after almost 3 weeks of intensive use.

I'm pretty sure at least some of you are contemplating a similar migration, away from companies like Google, Microsoft, and Apple, to something else.

Thread beginning with comment 632883
To read all comments associated with this story, please click here.
Run your own mail server
by laffer1 on Mon 8th Aug 2016 22:20 UTC
laffer1
Member since:
2007-11-09

Another option if you really care about privacy is to run your own mail server.

Advantages:
1. Emails between family stay private (it's on your mail server) With TLS enabled, you and your family can communicate privately without spying eyes.
2. You can tune spam filtering to your tastes
3. Your little server isn't as juicy a target as Gmail, etc.
4. unlimited disk space (up to what you can afford) I had 20GB of email way before Gmail
5. Works with mailing list software. This can be useful for many things.
6. Your email address never needs to change. Providers like hotmail, gmail and so on aren't guaranteed to last forever. You may lose your email address. If you buy your own domain, it's yours. I've had the same address since 1998.

Disadvantages:
1. Large providers are colluding to block mail from small mail servers thinking it's all spam.
2. Lots of sys admin time to set it up and periodic work to maintain spam filtering at acceptable levels.
3. Blacklists - sometimes you get flagged because someone marked something junk in one of the big providers. Bad security can cause this too
4. Security patches need to be kept up to date and you have to watch for malicious activity.
5. Network traffic is a lot more than you think it's going to be with all the spam sent. Even if you reject it or filter it, it's still traffic.

Reply Score: 7

RE: Run your own mail server
by WorknMan on Tue 9th Aug 2016 00:05 in reply to "Run your own mail server"
WorknMan Member since:
2005-11-13

Another option if you really care about privacy is to run your own mail server.


If you REALLY cared that much about privacy, why use a communication medium (email) that is inherently insecure in the first place? I mean, it's plain text, for christ's sake.

Reply Parent Score: 1

RE[2]: Run your own mail server
by Alfman on Tue 9th Aug 2016 00:43 in reply to "RE: Run your own mail server"
Alfman Member since:
2011-01-28

WorknMan,

If you REALLY cared that much about privacy, why use a communication medium (email) that is inherently insecure in the first place? I mean, it's plain text, for christ's sake.


I'd be interested in hearing other people's opinions about binary versus text protocols, but that in and of itself doesn't imply something is secure or not. The SMTP protocol is text, so is HTTP, both can use crypto with certificates. Email can use GPG on the client to keep message contents private even from the server admin. The problem isn't that these aren't available, it's that they're not default and not enough people use them.

If anything I think this move toward web apps makes security much more challenging because HTTPS only protects the transport between you and the server, virtually nothing is kept secret from the service provider.

Edited 2016-08-09 00:45 UTC

Reply Parent Score: 2

WereCatf Member since:
2006-02-15

I mean, it's plain text, for christ's sake.


No. Email-traffic between any properly-configured servers is protected by SSL/TLS these days, just like HTTPS is HTTP protected by SSL/TLS. Sure, if the destination-servers you're sending email to don't support SSL/TLS then the protocol falls back to plain-text, but many/all of the big ones, like Google, Microsoft and Apple, do support it, and many smaller ones do it these days, too.

I mostly just use my email for receiving mail, but I haven't seen a server in ages now that didn't support SSL/TLS.

Reply Parent Score: 6

fmaxwell Member since:
2005-11-13

"Another option if you really care about privacy is to run your own mail server.


If you REALLY cared that much about privacy, why use a communication medium (email) that is inherently insecure in the first place? I mean, it's plain text, for christ's sake.
"

Because plain text sent to my locally hosted server is completely secure. No one is trying to intercept my email as a man in the middle attack.

Reply Parent Score: 1

RE: Run your own mail server
by Wondercool on Tue 9th Aug 2016 10:54 in reply to "Run your own mail server"
Wondercool Member since:
2005-07-08

I have tried to setup my own mail server a couple of times but never got very far (and I am quite technical).

Do you know any good guide that also guides you through firewalls, setup with sqlite rather than mysql/postgress and how to handle MX records, host files etc?

I remember looking at an Ubuntu guide and scratching my head on the first couple of lines.
It said to name my server something like mail.wcool.org. Does that clash with wcool.org if I want to run a webserver on the same server? It doesn't describe the consequences, just the steps.

Also how reliable has your mail server been?

Would really love to do this though.

Edited 2016-08-09 10:55 UTC

Reply Parent Score: 2

RE[2]: Run your own mail server
by Alfman on Tue 9th Aug 2016 12:43 in reply to "RE: Run your own mail server"
Alfman Member since:
2011-01-28

Wondercool,

I have tried to setup my own mail server a couple of times but never got very far (and I am quite technical).

Do you know any good guide that also guides you through firewalls, setup with sqlite rather than mysql/postgress and how to handle MX records, host files etc?


I'm sure they are out there, but off the top of my head I don't really know of one. And from experience I know that getting everything running well initially and diagnosing problems can be challenging particularly with the more sophisticated setups involving SPF/SRS.


Also how reliable has your mail server been?


Once setup it generally runs itself, although I use third party spam blacklisting. That's not something I would inhouse because I think it would be a full time job.


Would really love to do this though.


I'd be willing to help if you want.

Edited 2016-08-09 12:45 UTC

Reply Parent Score: 2

laffer1 Member since:
2007-11-09

I've had a few problems with mail delivery to specific servers over the years because of the address space (use comcast busniess and run it from home on static ips). Most people would probably just get a virtual private server or aws ec2 or something and that would be fine.

I'm at a loss with the mysql vs sqlite comments. While some mail servers and web mail programs require storing settings or data in a database, it's not required for most SMTP/IMAP setups.

Here are the parts you need:

1. DNS. This can be something like BIND or you can use a hosted DNS solution like amazon's route 53 which is web based. A mail server needs an A record and a MX record. The MX record announces where to deliver mail and that's about it. I read DNS & BIND which is a good book and covers MX records well.

2. SMTP software. I used sendmail because it was considered good at the time. Now most people setup with postfix. There are many guides on this subject and postfix is a bit easier to configure than sendmail. There are also tons of books on this.

3. IMAP or POP software. Personally, I always like IMAP and that's what you get by default with Google. I recommend Dovecot for IMAP or POP3 software. It's reasonably easy to configure. It works with all common SMTP servers too.

4. Optional: spam filtering. I use spam assassin which is a perl program. It can be complex to setup but once it's working it's ok. This can use a database or files for configuration. I did it with files.

5. Optional: Web mail. This allows you to check your email from a browser. If you do this, please use a SSL/TLS certificate with it. For simple mail setups, i use squirrelmail. Roundcube is a good choice for a more modern web mail interface, but it requires a database. Both need php

6. Optional: antivirus. I have clamav setup with a milter (plugin) in sendmail. There are other ways to use it and depending on OS, you may have commercial AV available too.

7 Optional but recommended: TLS/SSL certificates for dovecot and your SMTP server. These can be generated with openssl or you can buy one. Many people just generate a self signed cert and they work ok with most email clients. If you use Macs, you have to get it to trust your cert so you don't get prompted all the time in Mail. The certificate should be configured for the mail server domain name e.g mail.foo.com. It's a good idea to name the box the name that you publish for your MX record. it also does not have to be named mail.

8 optional: greylist milter or similar. There are many add-ons for mail servers that can do different filtering. greylist delays accepting mail to stop spammers. It makes any domain wait. The problem is that if a service uses a lot of servers, it won't come in. Facebook is a problem for instance. it will cut spam a lot but at a cost of mail you may want.


You're right there is a lot to learn, but you don't have to do all of it at once. It's also much easier now with services like amazon web services and azure. You can actually get a server running half the software, and setup dns from a browser.

You need the DNS, SMTP and IMAP to get started. Everything else is an add on and you can do it over time.

Reply Parent Score: 4

justanothersysadmin Member since:
2011-06-09

I have tried to setup my own mail server a couple of times but never got very far (and I am quite technical).

Do you know any good guide that also guides you through firewalls, setup with sqlite rather than mysql/postgress and how to handle MX records, host files etc?


There used to be a great "getting started" guide at http://www200.pair.com/mecham/spam/spamfilter2.html that I used years ago. That doesn't appear to be up anymore, but I had a copy of the raw HTML and pulled together copies of some of the referenced config files and scripts and have posted a copy to https://bamboo.slabnet.com/~hslabbert/spam/spamfilter2.html

Note that guide should be used only as a "getting started" / reference guide, and not considered complete, as some of the info is quite old. Still, it runs through the concepts and provides good defaults in terms of configs, and I found it very helpful as a reference guide.

Ars also had a decent series on this a while back:

http://arstechnica.com/information-technology/2014/02/how-to-run-yo...

Also:
You don't need a database to run a mail server. You can use one of it you want to, e.g. for spam retention/training/etc. or more generally for webmail config data, but you really don't need to.

I remember looking at an Ubuntu guide and scratching my head on the first couple of lines.
It said to name my server something like mail.wcool.org. Does that clash with wcool.org if I want to run a webserver on the same server? It doesn't describe the consequences, just the steps.


No. You can have multiple FQDNs pointing at the same server; that doesn't cause any problems. So, wcool.org, www.wcool.org, mail.wcool.org, and somerandomname.wcool.org can all resolve to the same IP and server. Also: Web servers run on TCP port 80 (HTTP) and/or 443 (HTTPS). Mail servers run on TCP ports 25 (SMTP MTA) along with any of 110 (POP), 143 (IMAP), 465 (SMTPS submission), 587, and/or 993 (IMAPS). If you want to run webmail on the same box, then generally you would either stack that on a different IP on the same server, do it on the same IP and server but with e.g. HTTP only on the regular web page and HTTPS only on the webmail site, or run it as a subdirectory on the same mail server, e.g. regular web is at http(s)://www.wcool.org, with the webmail at http(s)://mail.wcool.org, with both of those resolving to the same IP/server.

Also how reliable has your mail server been?


There are occasional issues, but nothing major. You can't just completely forget about it.

Personally, the bigger issue I had on my personal mail server was around some openldap issues that broke authentication and recipient verification. Aside from that, there was an Ubuntu server amavisd packaging issue at some point that meant I had to put a workaround in place, updates for a set of custom clamav rules I was referencing was no longer available to I had to tweak that, but I think that's pretty much it.

That all said, my background is in the sysadmin world and I currently still work in the neteng space, and I spun this up to keep a pulse on little bits and pieces in the mail world. My setup is also a bit more involved (e.g. ldap for central auth; SPF/DKIM config'd properly; dual stack; did have access to personally set PTR records for v4 and v6; groupware/PIM with horde set up with caldav/carddav; etc.).

Would really love to do this though.


Personally I think we need less centralization and to make this more accessible. I think it's a bit of an uphill battle, but a more decentralized set of federated protocols is good for the Internet as a whole.

Reply Parent Score: 1