Linked by Thom Holwerda on Mon 8th Aug 2016 20:08 UTC
Internet & Networking

Fast forward to July 15, 2016 (there’s that lab journal again…) when, after receiving an email from Google asking me to indicate how exactly I would like them to use my data to customise adverts around the web, and after thinking for a bit about what kind of machine learning tricks I would be able to pull on you with 12 years of your email, I decided that I really had to make alternative plans for my little email empire.

Somehow FastMail came up and in one of those impulsive LET'S WASTE SOME TIME manoeuvres, I pressed the big red MIGRATE button!

The rest of this post is my mini-review of the FastMail service after almost 3 weeks of intensive use.

I'm pretty sure at least some of you are contemplating a similar migration, away from companies like Google, Microsoft, and Apple, to something else.

Thread beginning with comment 632911
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Run your own mail server
by laffer1 on Tue 9th Aug 2016 13:24 UTC in reply to "RE: Run your own mail server"
laffer1
Member since:
2007-11-09

I've had a few problems with mail delivery to specific servers over the years because of the address space (use comcast busniess and run it from home on static ips). Most people would probably just get a virtual private server or aws ec2 or something and that would be fine.

I'm at a loss with the mysql vs sqlite comments. While some mail servers and web mail programs require storing settings or data in a database, it's not required for most SMTP/IMAP setups.

Here are the parts you need:

1. DNS. This can be something like BIND or you can use a hosted DNS solution like amazon's route 53 which is web based. A mail server needs an A record and a MX record. The MX record announces where to deliver mail and that's about it. I read DNS & BIND which is a good book and covers MX records well.

2. SMTP software. I used sendmail because it was considered good at the time. Now most people setup with postfix. There are many guides on this subject and postfix is a bit easier to configure than sendmail. There are also tons of books on this.

3. IMAP or POP software. Personally, I always like IMAP and that's what you get by default with Google. I recommend Dovecot for IMAP or POP3 software. It's reasonably easy to configure. It works with all common SMTP servers too.

4. Optional: spam filtering. I use spam assassin which is a perl program. It can be complex to setup but once it's working it's ok. This can use a database or files for configuration. I did it with files.

5. Optional: Web mail. This allows you to check your email from a browser. If you do this, please use a SSL/TLS certificate with it. For simple mail setups, i use squirrelmail. Roundcube is a good choice for a more modern web mail interface, but it requires a database. Both need php

6. Optional: antivirus. I have clamav setup with a milter (plugin) in sendmail. There are other ways to use it and depending on OS, you may have commercial AV available too.

7 Optional but recommended: TLS/SSL certificates for dovecot and your SMTP server. These can be generated with openssl or you can buy one. Many people just generate a self signed cert and they work ok with most email clients. If you use Macs, you have to get it to trust your cert so you don't get prompted all the time in Mail. The certificate should be configured for the mail server domain name e.g mail.foo.com. It's a good idea to name the box the name that you publish for your MX record. it also does not have to be named mail.

8 optional: greylist milter or similar. There are many add-ons for mail servers that can do different filtering. greylist delays accepting mail to stop spammers. It makes any domain wait. The problem is that if a service uses a lot of servers, it won't come in. Facebook is a problem for instance. it will cut spam a lot but at a cost of mail you may want.


You're right there is a lot to learn, but you don't have to do all of it at once. It's also much easier now with services like amazon web services and azure. You can actually get a server running half the software, and setup dns from a browser.

You need the DNS, SMTP and IMAP to get started. Everything else is an add on and you can do it over time.

Reply Parent Score: 4

Alfman Member since:
2011-01-28

affer1,

2. SMTP software. I used sendmail because it was considered good at the time. Now most people setup with postfix. There are many guides on this subject and postfix is a bit easier to configure than sendmail. There are also tons of books on this.


SMTP is one of those things where it's difficult to know what software to choose. I used postfix for a while because it came with the default install, but I found it to be heavy on resources. It can spawn thousands of processes if you are sending email in large batches, you can set a hard limit on processes but then the emails start to queue and don't make efficient use of the network. None of this matters in personal cases like this though and in the end they are all viable.


8 optional: greylist milter or similar. There are many add-ons for mail servers that can do different filtering. greylist delays accepting mail to stop spammers. It makes any domain wait. The problem is that if a service uses a lot of servers, it won't come in. Facebook is a problem for instance. it will cut spam a lot but at a cost of mail you may want.


IMHO this technique isn't very good because the costs outweigh the benefits. In theory it's argued that spammers will give up on slow connections, but I don't know if that assumption carries any weight. On my servers I've never seen additional delays cause disconnects, spammers or otherwise. Now this might be simply because other blacklists preemptively filtered these guys out, but regardless it doesn't seem to be useful and it can hurt legitimate but inefficient SMTP servers that fork per connection far more than spammers with software optimized for spamming.

Consider that the cost of keeping a socket open and idle in custom spam software is negligible. With a few dozen bytes you can park an idle socket using epoll with almost no overhead under a modern linux kernel. A spammer using efficient software is not going to flinch at the delays.

Another technique I've seen is for some SMTP servers (google in particular) to abort email sessions and wait for the email to get resent automatically. I think this is more likely to be effective against spammers than a simple delay because they might not be programmed to retry the way a legitimate SMTP daemon would. Although a competent spammer should be able to handle this case as well, in which case you've added alot overhead for yourself without stopping the spam.

IP based blacklisting is pretty effective and spam is kept to a minimum that way, but I really wonder about the feasibility of blacklisting in the future with ipv6 where the address space would technically allow for a new IP for every email.

Edited 2016-08-09 15:01 UTC

Reply Parent Score: 3

ssokolow Member since:
2010-01-21

The approach I'm planning to self-host to enable is a setup where I dedicate an entire subdomain to myself and then assign each sender a specific incoming alias to act as a revokable API key, restricted to their SPF-verified From address.

(eg. That way, I can bounce any mail resulting from eBay sellers adding PayPal or eBay addresses to their mailing lists without asking.)

Much more deterministic than traditional spam filtering and, if I implement it properly, it should ALSO have greater accuracy.

Edited 2016-08-09 20:08 UTC

Reply Parent Score: 2