I have to ask this. Is there a service where I could bring my own FQN like Notgoogle.com and then have them handle emails for me? But with a twist… I want notgoogle.com to send and receive emails via that outside entity, but I want to send the emails from a self hosted server that maybe has mailcow or similar and I want that same server to receive the emails from the outside company. Ideally the outside company is basically just a relay from my IP to the outside world and vise versa. The outside company would basically hold the emails until my server checked and downloaded them. any advice on this. Hopefully with a useful step by step guide from somewhere in the webs?
You must log in or # to comment.
Sure! That’s an SMTP Relay. A lot of folks jumped on the poopoo wagon. It’s common wisdom in IT that you don’t do your own email. There are good reasons for that, and you should know why that sentiment exists, however; if you’re interested in running your own email: try it! Just don’t put all of your eggs in one basket. Keep your third party service until you’re quite sure you want to move it all in-house (after due diligence is satisfied and you’ve successfully completed at least a few months of testing and smtp reputation warming).
Email isn’t complex. It’s tough to get right at scale, a pain in the ass if it breaks, and not running afoul of spam filtering can be a challenge. It rarely makes sense for even a small business to roll their own email solution. For an individual approaching this investigatively it can make sense so long as you’re (a.) interested in learning about it, (b.) find the benefits outweigh the risks, and (c.) that the result is worth the ongoing investment (time and labor to set up, secure, update, maintain, etc).
What’ll get you in trouble regardless is being dependent on that in-house email but not making your solution robust enough to always fill its role. Say you host at home and your house burns down. How inconvenient is it that your self-hosted services burned with it? Can you recover quickly enough, while dealing with tragedy, that the loss of common utility doesn’t make navigating your new reality much more difficult?
That’s why it rarely makes sense for businesses. Email has become an essential gateway to other tooling and processes. It facilitates an incredible amount of our professional interactions. How many of your bills and bank statements and other important communication are delivered primarily by email? An unreliable email service is intolerable.
If you’re going to do it make sure you’re doing it right, respecting your future self’s reliance on what present-you builds, and taking it slow while you learn (and document!) how all the pieces fit together. If you can check all of those boxes with a smile then good luck and godspeed says I.
Derek, thanks for giving a great answer. Your answer was an actual answer rather than just saying don’t.
- For incoming mail, on your server run a mail retrieval agent like fetchmail to fetch mail from the externally hosted mailbox into a maildir on your server.
- To serve that maildir to your clients, on your server run a mail delivery agent like the IMAP server Dovecot.
- To accept outgoing mail from your clients, on your server run something like Postfix with a
relayhostconfigured with the details of your externally hosted SMTP server.
There’s nothing unusual or tricky about any of this arrangement.
Okay! I see. I only need to have the IMAP and SMTP ports open to NGNIX and routed to the internal IP.
That doesn’t work. Spam has made it not possible, sorry. Pay someone else who has a trustworthy IP
What’s the point of hosting a local server in this case, instead of just using a mail client?
maybe multiple mail clients are configured to connect to a local server in an office while that server is configured to outside world and also fetches each mail only once. changing of outisde world provider then does not make you reconfigure all mail clients, but only your central once.
I would say something similar if not exactly.
I’m just looking forward to de-googling my life before my kids are old enough to get Hooked on that shit themselves.
My basic idea is that maybe I can’t or shouldn’t host my own email server. But 15gig limits with constant nagging to pay up, so gmail is not the answer. That gets old quick. I want to just download the files into a central device that my wife and I have access to. But that has been thus far technically obfuscated. I’m not sending thousands of emails per day, just a family level of correspondence.
Ideally my wife and I would login thru our phones to send and receive emails from a common email space that only lives at home. The emails would be routed to the outside entity who would do the actual sending and receiving. I have some basic things that I’m starting to like…email aliases and having my own email domain.
I currently have my own domain on cloud flare but they don’t proxy email servers. So here I be. I want for example to use e-mail like this:
Basic form: notgoogle.com
Stacked not google.com
Alias:
One time use or specific use:
Karenwantsmyemail@notgoogle.com
I already tried serving my own server and all this was possible. But it was insecure in that you can easily go find my IP address and my real address. I don’t want that, don’t really mind if someone knows it, but I don’t want to be spearphished. And so that’s where my desires for a local server that not my wife and I can access and use like gmail but safely come from.
Rant: In general, oh God! Are we fucking retarded? I have a 2 TB disk, I got high speed internet… A rando in China can call my phone but somehow I can’t get a rando to send me email? There’s something wrong with that picture. Or maybe I should do exactly what I do with my phone number… Not use it at all unless it’s family. You can spoof phone numbers, voices and emails. Maybe I should setup a Lemmy instance instead and just use this as a form of communication. The only problems being that my computer sometimes goes down due to power failure or IP change or some other reason, and nobody else would want to use my server…like the kids school or the DMV etc. Anyhoo…
for the 15gb limit it would be sufficient to just get a VM with enough space (in a datacenter or at home, maybe a rapsberry pi) and run an imap , an mta and something to fetch the mails from google so that they are archived and dont fill in the limited space. i think if i were you, i would begin with just that cz that is the annoying thing and it is always possible to change the setup as wished once it is under your control.
i personally would not want to use mailcow but dovecot, postfix and fetchmail directly. fetchmail gets the mails from google and places it into dovecots imap storage while postfix would be used to send mails through google to the outside world using your google credentials. then you’ld have google as the external service to begin with and your server to actually host the emails and configure the phones to send emails through it or directly through google but just get the emails from it and save sent mails there. later you could add another nongoogly service so that fetchmail gets these emails too and just extend the setup.
if you have that, you can send/receive emails when you are at home.
but before downloading (moving) the first mails from the google storage to there i would ensure that an (incremental) backup is already running well and automatically just in case of disk failures.
But it was insecure in that you can easily go find my IP address and my real address. I don’t want that, don’t really mind if someone knows it, but I don’t want to be spearphished.
i have pretty good experience with giving every contact a separate email alias under my domain to communicate with me. my email aliases usually are like <contactshortname>-<randomnumber>@mydomain.tld
that is for a newsletter from somecoolpage.com it would look like coolpage-61514@mydomain.tld
it is near to impossible to guess that random number so i get nearly no emails from other than my real contacts cz only they know a valid address. that alias is only used for this one thing, a contact, a shop even a friend (or group of friends). mails go all into the same inbox but when i receive spam or phishing on it, i 1. know who has leaked my data and 2. i can change the alias to a new number, delete the old alias and thus stop any future spam on that address. this way i have no extra spam filters but also near to no spam.
However your ip address can be found in any email you send in the received headers. is that what you want to prevent, or just the public ip when running an internet facing mailserver with mx records pointing to it ? with ip changes beeing a thing i guess you tried to run the mailserver behind your home internet connection, nonstatic ips are bad for email, you could get a ipv6 tunnel from hurricane electric (still free?) then have static ipv6 addresses, but google afair does not allow you to send them emails via ipv6 and thus i blocked them so they cannot send me emails via ipv6 too, so i think communicating to google victims might be a problem due to google lacking behind current tech. so your idea to use a third party service fits perfectly if you dont want to run your own public mailserver. do you have a vpn to your home network to use the homeserver from remote?
This is exactly the setup I want. Man, I got thousands of notifications and spam pretending to be real notifications I’m tired of it.
I don’t actually want to need to VPN into my home network. I want to use the Mozilla K9 app and login like that if possible. So we would login to the server via some sort of app, in the background the server would send and receive emails and so we would never again touch gmail directly. And exactly, we could add a side service to transition over seamlessly. And how you describe the email addresses for individual purpose is excellent. Spam? Want me to unsubscribe? How about I delete the email address, and you waste your time emailing? I love it!
And how you describe the email addresses for individual purpose is excellent. Spam? Want me to unsubscribe? How about I delete the email address, and you waste your time emailing? I love it!
it actually has yet another upside. when i do receive spam or phishing on such an alias, i go to the portal or shop, change my emailadress to a newly created alias and then i also write an email to the service describing that i got a spam or phishing mail to the email alias, only they and me know about, i also cite how many other spam mails i got for other aliases (usually zero) and suggest that the data was lost on rather their side, not mine. In the past companies usually ofzen “assumed” that their customers used the email elsewehere and the leak on their side was just a hypothesis easily denyable, but only two parties knowing about that address while only that particular address was leaked seems somewhat more convincing to them. of course it could be anything their webserver, their cloud provider, some third party their cloud provider uses, some fourth party their cloud providers provider uses , their email provider, newsletter provider, proxies like cloudflare a.s.o., but as i host my emails by myself, there is not other party involved on my side (besides the VM provider) but at least not without then leaking “all” of my other aliases at the very same time. that happened a few times until now over the years and it really feels great beeing on the “capable to prevent and react” side of it =) that is you really know who failed then, you can offer that little help that they know that too and can prevent their one-time-leak from annoying you more than once.
also interestingly: it was until now always the “good” looking companies that failed this way, not those a bit dodgy looking webpages where i only subscribed to their newsletter cause i could turn off spam anyway.
however i had the idea of parsing logs for all deleted aliases so that i get statistics of how long spammers keep trying after they got ‘unknown user’ first time. but i didnt implement that yet.
the vpn login to my home is one way of reaching the email account on the home server. the way i do it is that my VM -the internetfacing mail server - actually has a vpn server and my home server logs into that. on the VM i run a haproxy with port 443 open anyway for similar things. the haproxy determines what connection it is by SNI value and decides what to do with it. for smtp and imap i use ssl as encryption with client certificate (easy-rsa same i use for vpn). one of which is terminated at the haproxy checking client cercificate there, the other is terminated in the homeserver, but both connections go throug haproxy and through vpn to the homeserver and thats as stable as my internet connection at home, where the ip changes sometimes. you maybe would not have the VM as emailserver, but i guess you want to check emails also when not at home, thats why i asked for vpn. i am using k-9 and it works, only thing missing is that before answering an email with the correct outgoing address, i have to setup that address on the client first, thats not automatically, i’ve heared other clients exist that can answer directly using the from-address for which an email was sent to. another issue with my concept is, that setting up each emailaddress at the server IS work (same with moving already existing accounts to new aliaseses). i currently have a ‘tables’ app table on nextcloud that i can manage from my cellphone and a cronjob checks database for changes and adjusts postfix virtual_alias_maps table on the mx, so that i have a ui to do so easily when not at home, that comes in handy whenever someone asks me for my email address. another concept (that i never did) was just having some email addresses ready to use at hand, so i dont have to set them up when not having access to the server. however having separate emails per portal, shop newsletter a.s.o. also documented where i have accumulated accounts over the decades (and that were a lot)
there is one thing i came up with quite late, the email address that i use to login to my server and also the address that fetchmail uses to place emails into the imap store should not be reachable from the internet as it would be more work to change it on arrival of spam. in your setup this might be the “main” address of that emailservices account, on my setup its the address of the local users mailbox. however as postfix uses that address in the value part of virtual_alias_maps table, it needs to know the address and its also in virtual_mailbox_maps table thus reachable from the internet. in my new setup it is also an address like <internalaccountname>-<randomnumber>@domain.tld so it is not guessable by spambots and changeable of course too.
when the server is at home you can login to it with k-9 when at home for sure. but for connecting from abroad you need some sort of connection like using dyn.io or such which also could be a proxy like cloudflare from cellphone perspectice but that would not work like i do it because in my setup where i terminate one protocols ssl at the haproxy (which would do what imho roughly cloudflare would to) the connection to my homeserver is then without encryption which is ok for me as its through “my” vpn, but with cloudflare i guess thats rather not possible as you said as the protocol is not even http. haproxy instead can just terminate ssl and proxy raw tcp then, so that even ssh could go through haproxy to the local machine so that no extra port is needed to be open (thats actually one of my backup strategies to gain ssh access to the VM when other connections become somehow impossible. i also use knockd and a selfmade https based mechanism to open the ssh port for my current ip just in case.
something like dyn.io has advantages, you would not have to use vpn on the cellphone, but ip changes make you connect to third party IPs regulary and also your home network would have at least one extra port open to the world which i would rather like to prevent - if not for security, then at least for less logs caused by scanners. i prefere the stealth mode of openvpn/udp using that extra ta key, but using port 443 (which also is very likely to be accessible from most networks that want to restrict their users available protocols) to pipe things through haproxy is imho the second-best stealth available, also just random https scans without correct domains can be blocked before the ssl connection even starts only using the sni value.
if you have a VM in a datacenter i’ld suggest to use that as a vpn, make your homeserver login to it and your cellphone doesn’t need a vpn then.
ovh.com sometimes has offers for small VMs for just 1€ / month for new customers, it is also limited to the first year, but a pretty good offer anyway and really not too much for just experimenting a bit.
If you mainly want to “hide” your IP, you can’t. Look at the headers of any message. It’ll still show the original source IP, which will be yours.
For the rest of the time I’d recommend getting a spam filtering service. Mimecast, ProofPoint, Barracuda, etc.
Messages sent to you go to the filter, which then forwards the message over to your mail server. Outbound you configure your server to use the filter as a smart host. These filters will also buffer messages if your mail server is offline. So if the server is down, the filter holds on to messages and retries delivery later when your server is back up (within reason).
Email is the one thing I have stopped trying to do myself. It just has too many things that you absolutely need to keep updated. Have a look at Forward Email (https://forwardemail.net/en). They can hook up to pretty much any domain setup you already have, and do the heavy lifting for you.
Yeah same here. I just want to catch the emails as one would from Thunderbird but be able to share one account with my wife but without having to rely on keeping our emails on their server… That’s the current gmail problem, our emails are on there, they decide to train their AI or whatever with the emails and they just email you an opt out. I’m done with that. Worst is that you can’t quickly delete nor save and backup anything.
For backing up your email from gmail or any other provider, check out MailStore Home edition: https://www.mailstore.com/en/products/mailstore-home/ It will grab everything in the account and store it locally, and then allow you to push it back onto any other imap service when necessary. Great for migrating your email, and keeping a just-in-case backup.
I backed “Run your own Mail Server”, its a good start but email hosting is tricky.
It’s even trickier when your ISP blocks your fucking email port. Thanks, Starlink.
have you read it? i considered buying it a while ago but was unsure, quite high price for an ebook that you cannot glimpse into (like with real books at the store some time ago) i thought. Also i learned a “bit” about most of its topics myself long ago.
tricky yes, but very learnable too.
I get pretty much anything Michael Lucas writes. The information is always great and his writing style is fun to read.
Important to note: it’s not a step-by-step guide to copy and paste and have a mail server running. It’s all about understand all the stuff that goes into it.
thanks for your opinion.
i already have my own mailservers running for roughly two decades now so copy-paste is not what i am looking for.
i ordered that email book and mastering dnssec from him now as i am a bit curious about some topics within the email book and want to dive into dnssec now cz i also host dns for my domains and improvement is always good ;) last time i started with dnssec i got distracted and that was it.
In that case, I’m sure you’ll enjoy it. I’ve been reading a little bit before I go to bed and learning a lot that I glossed over when I set up my own mail server years ago. He and Alan Jude wrote some ZFS books as well that I keep coming back to and picking up new tricks each time.
thanks i’ll start reading soon ;-)
zfs is interesting, but i still don’t ‘need’ it. however its on my tolearn list maybe just after dnssec
I would just get set up on MxRoute and use whatever selfhosted service you want to interact with it.
if the goal is simply to ‘de-google’, then mxroute itself is enough. 3rd party. decent policies. good track record. reasonable price (especially their promos).
i guess step by step was asked for on purpose, but i also don’t know on what level ;-)
i’ld suggest as step by step to start small and increase to what you want:
- register a new account for testing on a freemail service like gmail.com gmx.net , hotmail.com or another. as its just the first step, it does not matter if its google or not, but that you can send and receive emails through it via common protocols like smtp and pop3 and that it is ‘not’ your account you handle important mails with as data losses could occur during experimenting.
- make sure your freemailer account is configured to use smtp and pop3 for sending/receiving email by a mailclient rather than only through their webpage. some freemailers also need you to have a different password for using the mail client than for logging into their portal (which is good). validate with your mailclient that sending/receiving works with those credentials, and note protocols, port numbers, login mechs maybe discovered by your mailclient.
- setup your mailserver (mailcow if you like) and connect it to your freemailers account maybe first for sending via smtp (send one to your real mail account) then for receiving maybe via pop3, testing it by sending a mail from your real mail account to the freemailer one.
- search for a cheap (you are still experimenting, right?) email service where you can use your own domain with, set it up, they likely also have faqs how to do the dns of your domain right to use their MX server. according to https://www.techradar.com/news/best-email-provider NeoMail (https://neo.space/) seems a good choice. i’ld suggest that you get a separate domain for experimenting from a different company (i use name.com) so you are then more aware of how everything works together and also can change parts of it more easily later if needs change. domains are usually cheap like some bucks per year and domain services usually also provide simple ways to define some records like in this case the MX and spf records you need/want for emails to be send to that email service.
- once you have setup dns records and your mail providers account for sending/receiving mails to/from, try to connect your holy email cow to it and experiment with it. also sending from/to your real mail account, and let it run for a while, look into topics like dmarc and dkim, use spf, dmarc and spf online check tools to see if that setup works as you like. based on your experience you might have ideas then how to go on with it.
spf,dkim and dmarc are good to prevent malicious parties from sending emails in your name to third parties. a mail server works good without that but it is a good practice and might prevent your domain (not your ip) from beeing blacklisted because of spam that you haven’t sent but seems to originate from your domain and cannot be distinguished from your genuine emails only due to the lack of missing spf, dkim and dmarc records. spf and dmarc are dns only settings while dkim are crypto keys you create for signing outgoing emails and the public parts of them are published as dns records again so everyone can check that the signature really comes from your domain. i dont know if or how mailcow supports dkim, but it should be at least possible ;-)
Have you looked for providers that offer ETRN? Seems like that might fit your use case well.
I’ve hosted my own email for over a decade with very few issues. It’s low ram and CPU usage so a very cheap VM (or a pair in different locations if you wanna be leet) can be a viable way to avoid the ISP related issues people have trying to host it at home. If you really want it all ending up at home you can do ETRN as mentioned and while TCP/25 is often blocked at home, the submission port (TCP/587) rarely is.
Okay, so I could keep a rolling backup of the server and patch that issue that way.
I would never handle email myself. I would instead use a provider, turn off all filters and set up a mail server locally that works via the provider.
That way I don’t have to convince my ISP to set up a PTR for me, handle DMARC or SPF. Or care if my IP is blacklisted.so, you want something like spamhero standard (in/out relay and spam filtering for one domain)?
(i don’t use them, just the first one i found. i had used similar years ago, but just have email hosted at two of our providers now instead).
hm, sounds like literally any regular webhosting service that also offers email (like every such service i know of) to me, then maybe used together with imap (or pop, if you wish), and if you want to connect servers with it to send mails, then “smarthost” or “sattelite system” should be the configuration you are looking for for your own MTA. to get received emails from that service most common is to use pop3 (still common because seemingly every service offers it for compatibility) but other protocols would be faster like immediate recieve using notify within imap, and there are other options too, but those depends on what that service offers like maybe sending your mails once received by them to your own server via smtp or by other protocols depending on what they implemented. i think there is no “twist” with that and -what i understand of what you want - is a quite common thing.
i for myself don’t want 3rd parties to be able to directly read my emails so i run my own mail server as tiny rented VMs from providers while my real emailserver is my homeserver that uses these VMs as “smarthost” and also pulls emails from there immediately. my mailclients are configured to connect to those VMs butbthat connection is relayed through VPN to my homeserver. thus i think my setup is a bit like what you want but i host everything by myself and i don’t use mailcow but it looks like i use the same software mailcow uses too. i guess you are mainly bound to what mailcow offers when limiting yourself to it ;-)
Big nope. It’s not a technical hurdle, it’s a viability problem. Just search on why you should never host your own SMTP service.
They are not requesting for info on running their own SMTP service that interacts with the greater internet.
Though even if they were, the difficulty is overstated. I’ve run my own for years.
deleted by creator
Yeah, and people ask about suicide on the Internet as well, but I would never help them.
deleted by creator
