So I’ve been running self-hosted email using Mailu for a couple of months (after migrating out of Google Workspace). Today it turned that although my server seems to be capable of sending and receiving emails, it also seems to be used by spammers. I’ve stumbled upon this accidentally by looking through logs. This seems to have been going on for all this time (first “unknown” access happened just a couple of hours after I’ve set everything up).

While browsing the logs there were just so many crazy things happening - the incoming connections were coming through some kind of proxy built-in to Mailu, so I couldn’t even figure out what was their source IP. I have no idea why they could send emails without authorization - the server was not a relay. Every spammy email also got maximum spam score - which is great - but not very useful since SMTP agent ignored it and proceeded to send it out. Debugging was difficult because every service was running in a different container and they were all hooked up in a way that involved (in addition to the already mentioned proxy) bridges, virtual ethernet interfaces and a jungle of iptables-based NAT that was actually nft under the hood. Nothing in this architecture was actually documented anywhere, no network diagrams or anything - everything has to be inferred from netfilter rulesets. For some reason “docker compose” left some configuration mess during the “down” step and I couldn’t “docker compose up” afterwards. This means that every change in configuration required a full OS reboot to be applied. Finally, the server kept retrying to send the spammy emails for hours so even after (hypothetically) fixing all the configuration issues, it would still be impossible to tell whether they really were fixed because the spammy emails that were submitted before the fix already got into the retry loop.

I have worked on obfuscation technologies and I’m honestly impressed by the state of email servers. I have temporarily moved back to Google Workspace but I’m still on the lookout for alternatives.

Do you know of any email server that could be described as simple? Ideally a single binary with sane defaults, similarly to what dnsmasq is for DNS+DHCP?

  • markstos@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    I hosted email professionally for over a decade… and I can’t recommend getting back into the business. At that time we were using Qmail, although I also have experience managing Exim and Postfix. About 90% of incoming email remains spam.

    For outgoing email for things like server cron mail, a stub service like msmtpdcan be used to receive local mail and forward it to to a local service.

    To receive and host email, Fastmail is good.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    7 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    Git Popular version control system, primarily for code
    IMAP Internet Message Access Protocol for email
    IP Internet Protocol
    SMTP Simple Mail Transfer Protocol
    SSL Secure Sockets Layer, for transparent encryption
    TLS Transport Layer Security, supersedes SSL
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)

    8 acronyms in this thread; the most compressed thread commented on today has 3 acronyms.

    [Thread #169 for this sub, first seen 27th Sep 2023, 14:35] [FAQ] [Full list] [Contact] [Source code]

  • vzq@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    After spending a considerable amount of time on it, I have come to the conclusion that there is no completely reliable way to send email without relying on a third party that is considered to have a “good reputation”.

    Your set up might work right now, but tomorrow everyone on the internet could stop accepting your mail without explanation and without recourse.

    If you own your own IP range, things look a bit brighter, but if you’re dependent on residential and housing provider addresses, you’re boned.

  • slander@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    unless you realllllly enjoy self hosting your email, IMO it’s just not worth it anymore with the state of things. I use Fastmail and could not be happier.

  • Cosmo@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I use fastmail, and I enjoy it a lot. Their masked email is very nice as well, and integrates with bitwarden. So quite convenient to use my personal domain for stuff where my identity matters, and use masked @fastmail addresses for more disposable stuff.

    The only thing that ticks me a tiny bit is that their mobile app doesn’t have offline mode; but you can use imap client or w/e, so it’s not too much of an issue.

    Also hear good things about protonmail; I would consider it if I didn’t already use/trust fastmail.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Great configuration, very flexible and fill of features. They make it easy to get all the DNS records you need to add to your domains and they have a diagnostic tool that checks that everything is set correctly. They even include wildcard aliases (which I’m not sure if it’s mentioned in their public pages).

      Should also note that they don’t limit accounts, domains, aliases or any features, just overall mails and storage space. The only additional limitation on the lite account is inability to set account quotas.

    • Oliver Lowe@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This was the provider I went with after self-hosting my mail for 7+ years on an OpenBSD VPS. I feel like Migadu is an honest and good-value service.