Since TidBITS members express occasional interest in setting up their own email servers, I thought the article might satisfy some curiosity.
The guide is rather technical, it is specific to OpenBSD, and it uses Dovecot, which no longer is included in macOS. That said, the adventurous explorer should be able to translate the concepts to any Unix/Linux system without undue effort.
Personally, it has been nearly twenty years since I last ran my own email server, and I haven’t looked back. Running an email server can be very engaging for people with a particular “system administrator” mindset, but it can be very challenging for “civilians” to maintain a reliable, secure mail system over time. In terms of return on investment, most people are better off leaving it to the professionals, IMHO.
My own setup is very specific to me, in that it is designed from the outset to use disposable addresses exclusively. I think most of the problems of defending a mail server really are the result of fighting spam and viruses for well-known addresses and cracking attempts for regular users. That having been said both rspamd and SpamAssassin are still very well-supported software packages (IIRC OS X Server used SA) and it is possible nowadays to hide all but essential public services behind a VPN, as alluded to in that guide, so that most of the noise is cut out.
Running a mail server is certainly not for the faint-hearted nowadays, no, thanks to all the requirements that are imposed by the Great and the Good of the email world on deliverability. It’s still possible though, and even if you only try it out on a risk-free domain or subdomain, I’d encourage people to give it a go in order to build some sysadmin skills. Know the risks, keep things updated and don’t use any weak passwords, and you should be all right. There is great, new software that makes the process much easier than it has been in the past. I’m quite moved by Maddy, which now combines all the core functionality into a single cross-platform binary (written in Go), although letting you integrate with other software. This tutorial uses OpenSMTPD, which is both a relative newcomer to the scene and well tendered for minimalist requirements, albeit with almost no functionality that you will need for defence, which you will add yourself; still, it is much, much easier to configure than other big SMTP servers in the past. I am personally a big fan of Exim, but don’t go with that one unless you know you need to. Dovecot seems to be the preferred IMAP server nowadays, and I can certainly vouch for that, but Cyrus (used by Fastmail) is also very good if you’re really up to it.
I agree. I set up a reliable mail server exclusively for internal messaging on a private, trusted network some years ago. It was used for sysadmin purposes and certain user notification tasks. Without having to worry about spam, constant probing from malicious parties, and deliverability issues, it actually was very simple to set it up and maintain. That particular server ran without any headaches for nearly a decade before we no longer needed it.
Setting up and running a mail server is easy. Exposing it to the global Internet is asking for a world of hurt, both because of what you need to do to be received by leigitmate recipients and what you need to do to block all the abuse.
I wonder if a happy medium might be to run a private server on your LAN, for the benefit of your local users, and configure it to send/receive external mail via one specific mail service that is the public face of your domain. This way your mail spools remain local but you contract out for all of the ugliness.
Absolutely, yes. The big providers provide both email relay services and anti-spam-as-a-service, often because that’s the only way to support various email flows in enterprises that require internal mail handoff or applications that need to send email to the public. Many techthusiasts go further and synchronise their IMAP mailboxes with their providers so the provider can continue to support roaming clients and to be there in case of downtime or disaster, but the local server continues to serve as an offline and trusted (and well-secured and backed up) mail system.
Even if all you do is use an outbound relay like Amazon SES to make self-hosting your personal mail practical on a cable connection, I’d call that a win. I think the key is to have the means to control the storage of your mail and make access to it from your clients fast and flexible without any dependency on a particular provider. There are approaches for doing this that aren’t “hard mode”, if you’d rather avoid that.
While I wouldn’t recommend it as a solution for someone just looking for a new mailbox, it’s not nearly the Herculean task that people make it out to be.
At its peak in the late 20-teens, I was supporting nearly 1,000 mailboxes (though many of them weren’t particularly active). My main email address has been published on public Web pages since the early days (and on Usenet before that) yet I could manage the incoming spam problem. I was CEO and chief medical officer (read: full-time doctor) for a half-million dollar medical practice and I was a single dad to two teenagers and I also ran the practice’s electronic medical record, telephone/fax system, and I wrote and hosted the practice’s EMR – all by way of saying that maintaining the email system by itself was hardly anything like a full-time job. (Though it must be said that retirement has been a relief.) Deliverability problems were minimal even though I was running from a home internet connection. My anti-spam measures were comprehensive but not particularly exotic: a tightly-tuned SpamAssassin instance on the server and Michael Tsai’s awesome SpamSieve on the clients got me down to a couple of false negatives and less than one false positive per week, out of roughly 10,000 weekly attempts to send mail through my server. My uptime was much better than gmail.
So it can be done, even by us mere mortals running cast off/refurbished hardware on home connections.
Fair point, though I would say that doing so in recent years can be a risky prospect, especially for mission-critical systems as a part-time administrator. If you have a significant technical issue or (much worse) a system compromise, you easily can burn a lot of time, money, and professional reputation trying to fix things, especially if it is not your primary responsibility.
Of the setups I’ve overseen or been informed about (small non-profit and self-help orgs), I’d say the single biggest pain point is, surprise surprise, users. In particular users with criminally weak passwords and a pleasingly naive outlook. There’s not much that can be done to deter spam and viruses to regular guessable usernames IME, because they’ll be found eventually, but you can set strict password requirements to deter them from being cracked and then your machine used for relaying. And IP-level lockdowns for persistent abusers wouldn’t hurt if you’re very paranoid and think the DDoS risk is outweighed by the password risk.
Otherwise, try to encourage the use of disposable addresses for any new purpose and be vigilant about spam and phishing. It really is the human that’s the weak point. You’ll find that a personal mail server that is meant for you and a few friends and family won’t have the same problems, because you’ll find a way to drill this into people, but the risk gets worse when you’re dealing with more casual users. Honestly I don’t envy the big players their fraud and abuse/security departments.
While it’s not the hellspawn or whatever Adam called it (I ran one on macOS back in the 200something period)…it’s certainly not trivial work to keep it running and protected. In addition…with all the rules big email providers use on whose mail they will accept and all that I personally think that the cost of an account run by people who do this for a living (60 a year for 1 account, 96 for 2 and 130 for up to 6) is certainly worth it unless one really wants to run your own. The cost isn’t a big issue here for most people.
And now that I’m retired since 2011 (we retired at 57)…running a mail server again for anything other than internal email only just seems like too much trouble for about the cost of a dinner out). YMMV might vary but that’s just too much like a 4 letter word (W O R K) for me:-)