I know the adage that self-hosting email is hard. I use a third party smtp server to send emails for my Lemmy instance in order to guarantee delivery, for example.
However, other than potential uptime, what are the disadvantages to setting up self-hosted incoming email?
Incoming email is like 99% of my email usage. I’m happy to use a third party mail provider for outgoing email, but don’t see why I shouldn’t simply host incoming email myself.
Thank you <3
Self hosting email is not difficult. This has been true in the past but with modern standards and tools it’s much easier now. It just takes a few hours/days and some dedication to get right. There are free services that test your mail server and can receive your emails and tell you exactly what’s amiss. I completely changed my mail server and software and got perfect scores in around two to three evenings tinkering around. Granted, I had some experience from the last time around ten years ago. This will likely hold up again for the next ten years as long as I update my software somewhat regularly. And my emails were never bounced/rejected apart from the very beginning of my journey.
Worth it for me. I have the freedom of hosting as many domains, accounts, and aliases but no extra charges. If you only have yourself, simple needs, and care less about holding your own data, maybe it is not worth it. It all depends.
I also would not say it is “easy”. It is if you already know what to do, but you can say that about a lot of things. And mailcow makes it all “easier”, but when something breaks, it is often not at the best time to figure things out.
I get less spam on this setup then I did with Google. I owe much of that to greylisting, which is very effective, but not everyone’s cup of tea.
My biggest problem over the years is delivery failure due to various written and unwritten rules. Some people here will say you just have to have a clean IP, but it is NOT that simple when dealing with Google and MS. In the end, I use Sendgrid for my outgoing. We send so little mail, we will always be in their free tier. I’d rather not use them, but it is better than giving up on selfhosting for me.
And finally, if you are not going to bake in backup and recovery into your plans, don’t bother. Make that aspect of your buildout equally important.It’s probably worth it for registration accounts you want not to give your real email for but still won’t be a single one time usage like ten minute mail services.
You create a single alias and when you are done with it simply drop the alias and never hear about it again.
I hosted my incoming mail for years with a minimal postfix config that would just relay to Gmail. That got me individual email addresses per service (e.g. grubhub@mydomain.com, …) that I could turn off when a service got annoying.
It worked wonderfully without issues for years. And by years i mean 8-10 years!
Recently, 11 months ago, i noticed that some mails were not relayed anymore, and i ultimately switched to Cloudflare for that feature. You can read more about that here: https://www.reddit.com/r/selfhosted/comments/vqk4j9/mail_relay_as_a_service_moving_away_from/
That said, if you only want to store the incoming mail, I don’t think you’ll have issues beyond spam, a lot of spam.
Good luck.
I don’t know. Back in the day, Spamassassin was the thing. Not sure what’s hip these days.
The main drawback is having your ip address bound to your domain, which with a whois can equal to your name and address
Maybe i’m just paranoid, spoiled by cloudflare protection
I don’t see how this is an issue. I would assume self-hosting refers to some VPS at some hosting provider, so the IP doesn’t matter anyways. Of course, if they are talking about hosting at home, then yes. But in this case they’ll probably have a hard time opening receiving ports for email anyways, I could imagine. At least I would block these ports if I were an ISP for end users.
it’s a redirect, and imho doesn’t work very well, at least when i tried i got too many bounces
Most people complain about spam. I think you’ll be surprised just how much incoming spam you get and how hard it is to sort though it. Not to say it’s not worth doing, but that’ll be the hard part.
Agreed. Sensible to only do the incoming too, I had an outgoing one and it got hijacked because SMTP security seems to default to ‘least secure’. For example if there is a single character out of place in the config file, I found it basically opened everything up rather than reporting an issue :)
I have tried for years to self host my email, but finding an upstream SMTP server that will accept your custom domain is pretty much impossible these days. Plus a lot of mainstream servers (Gmail, Hotmail etc.) block pretty much everything except mail sent from another mainstream account.
Every time I have tried, I get back SMTP responses that my domain isn’t trusted, my IP is not trusted enough or they just blackhole my traffic.
This article sums it up well:
https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.htmlI’ve run Zentyal Community on a cheap 1c/2gb VPS for probably 5+ years. Receiving email has never been a problem, and I basically don’t get spam. My top tip is to use a unique alias for everything, e.g. thirdpartyname.randomstring@your.domain every single time you have to give your email address for something. That way, when a third party is compromised and your provided alias starts receiving spam, you can just update your alias with them and on your MX. If you deliberately make any of your aliases public, you’ll probably want to setup rspamd and postgrey.
Getting opendmarc, opendkim, certbot, etc set up in a way that Zentyal wouldn’t nuke it everytime it updated was the biggest hassle for me, and I seem to remember having to open a ticket with Microsoft to get my outbound emails accepted by O365 too. Shouldn’t be an issue anyway if you use a smarthost for outbound.
This definitely isn’t an endorsement of Zentyal btw. In fact, to be clear, most of my setup efforts were spent fighting its design decisions. I’d recommend that you find something containerised which is well maintained and does only what you need. And put some time aside, especially if you’ve never set up an MX from scratch before.
I don’t see anything wrong with self-hosting the receiving part. Especially with something like mailcow it shouldn’t be any more difficult than hosting anything else, provided you have backups in place and will be able to get the server up and running again within 24 hours to not lose any emails. Yes, spam may be an issue, but mailcow has useful defaults configured and it works okay-ish for me.
Btw, they also allow for configuring outbound relays quite easily. This allows for simpler configuration on the client-side. I have it set up so that all emails sent through mailcow will be forwarded to mailgun, for example.
The standard is to retry for 5 days before bouncing emails as undeliverable (and send a warning message that the email hasn’t yet been delivered after 4 hours). However, every server can configure it to be whatever they want, so there’s no guarantee.
You can’t just use any old provider as a secondary mx, you need a server which is configured to accept mail for your domain but not try and deliver it locally. It’s pretty simple to set up. The biggest issue is that you need the same spam protections on the secondary as on the primary, as spammers will send directly to the secondary to try and bypass spam protections.
I think after a few hours the sending mail server will start notifying users of an undeliverable message but will still retry. But of course everyone can configure that themselves, so I don’t know exactly what is typical in this case. I personally wouldn’t want a downtime of more than 6 hours for my mailserver.
Yes, adding a second MX should work. Though I could imagine that this server will get some mails regardless, as there may sometimes be a temporary disruption for just a few seconds on your main mail server (network is funny), in which case the sending server will probably attempt to deliver to the second MX right away, instead of retrying the first one in a few minutes. So make sure you don’t miss any emails because you forget to check the second email provider.