Hi all,
I am in need of some suggestions for some privacy conscious email
providers. I am currently using Migadu email hosting from Switzerland,
basically they allow their users to have as many domains and mailboxes
without storage limits without extra cost.
However they only allow 10 messages to be sent per day on their free tier.
If you aren't paying for it and it's not a demo meant to get you to pay for
it then you're not the customer, you're the product. If you're the product,
guess what the customer is paying for.
Regards,
Bill Herrin
I use KolabNow, based in Switzerland, for a lot of personal e-mail
communications. They are very, very privacy conscious:
- --> https://kolabnow.com/feature/confidence
They are *not* free, but quite reasonable, and I am quite happy with the
m.
- - ferg
- --
Paul Ferguson
ICEBRG.io, Seattle USA
Sort of a side note, but has anyone played with a Magma server?
Ladar Levison’s project to create a totally encryption email system. I donated a bit, but have yet found time to beta test anything.
Just looking for pro’s/con’s and if it’s even worth spending the time.
https://darkmail.info/
If you plan to use it for a small group of people, you should consider
hosting it yourself. You could set it up with SPF, dkim, dmarc, ipv6.
It could be seen as a personal challenge to achieve.
Then if you need real privacy, you will need to encrypt with public keys
like PGP or S/MIME. You can upload your public key to the public pgp key
servers. I guess that one day this thing will be very popular.
Challenge accepted?
Jean
It's kind of a pain to manage a mail server.
Even if you have SPF, DKIM correctly setup and you are not on any common blacklists,
you constantly have to fight for good deliverability - some mail server solutions will simply reject you no matter what.
You might be on some obscure blacklist nobody uses and then you have to waste time sending blacklist removal requests.
I personally run my own mail server, but route outgoing emails via Amazon SES. Gives me all the benefits
of having my own mail server (domain aliases, extensions, custom spam filter etc) and saves me from the pain
of managing outgoing reputation.
Hi Jean,
I appreciate your response.
I was considering purchasing a Raspberry Pi and setting up my own mail
server on it. Would it be capable of running a personal mail server? I
am on the Linux Kernel mailing list which receives around 300 emails a day.
Will I also need a static IP address in order to connect to the server
from anywhere in the world?
Hi Filip I appreciate the response!
Do you host the mail server with a third party provider (e.g Rackspace)
or do you have an 'in-house' solution. If you're able to elaborate more
on your setup, I would love to read more about it.
I am considering purchasing a Raspberry Pi and hosting my own, as it
seems worth the experience. However does it require that I have my own
DNS server and a static IP address in order to connect to the mail
server from anywhere in the world?
I disagree.
I have been running my own mail server for > 15 years and extremely happy with it.
I spend less than an hour a month needing to do things to it. Usually that's just the same type of OS updates that I do to my workstation.
Having my own mail server gives me a LOT more flexibility than relying on someone else's mail server.
For those of us who have the savvy to do so competently, sure.
For others, the key word may be "provider".
Setting up a Linode server on static IP space (to avoid being blacklisted),
setting up greylisting, antivirus/antispam (maybe?), STARTTLS, etc. ...
Maybe the OP is interested in outsourcing all of that - letting someone
else stay current with patching, spammer tactics, etc.
Royce
You make a fair point.
My point is that it is possible to do yourself /if/ you want to do so. Everyone has to make their own decision. - My goal is to provide information to help make said decision.
Not a good idea. Amazon's cloud operations are a constant source of
spam and abuse (e.g., brute-force SSH attacks), they refuse to accept
complaints per RFC 2142, and -- apparently -- they simply don't care to
do anything about it. I've had SES blacklisted in my MTA for years (among
other preventative measures) and highly recommend to others.
---rsk
As an anecdotal aside, approx. 70% of incoming portscanners/rdp bots/ssh bots/etc that hit the firewalls at my sites are coming from AWS.
I used to send abuse emails but eventually gave up after receiving nothing beyond "well, aws ip's are dynamic/shared so we can't help you"
As an anecdotal aside, approx. 70% of incoming portscanners/rdp
bots/ssh bots/etc that hit the firewalls at my sites are coming from
AWS.
I used to send abuse emails but eventually gave up after receiving
nothing beyond "well, aws ip's are dynamic/shared so we can't help
you"
I tried, once upon a time, to run my private SMTP server as an AWS machine. What a disaster, even with a rubber band IP or whatever it is they call a static IP assignment. Tried sending through SES and that was just as bad. Moved it to a Linode and set up the appropriate DNS including the rDNS delegations and it has been perfectly fine (both on IPv4 and IPv6). I do recall having to do something to get it to initially work (maybe Linode does some outbound blocking of port 25 -- I don't remember exactly as it was several years ago).
I know of a couple of other folks that run SMTP on Linodes and a couple of big mailing lists as well, all of which seem to work with no problems. Never had any problems with any listings on any of several hundred DNSbl either.
Plus of course it is a pretty cheap way to get a reliable server (albeit virtual) on decently connected and configured infrastructure.
Similar observations here. I have found it useful to attempt to enumerate
their network allocations and block them from access to any service that
requires authentication, e.g., ssh, pops, imaps, etc. Not a panacea
by any means, but it does cut down on the noise.
---rsk
You will also need your internet provider to setup reverse DNS for you, otherwise many mail servers may reject your mail if the reverse DNS does not match the hostname of the mail server.
If you're only getting 300 a day, your mail infrastructure is severely broken.
As I write this, I've gotten 2,151 mails from linux-kernel so far this month, and
it's only the 4th. So 600-700/day is closer to what you should be seeing (plus
another 300+ if Greg KH patchbombs the list for one of the stable release
candidates...)
Having said that, a Raspberry Pi is more than capable of that volume - many
moons ago I was processing well over 1 million RCPT TO: per day on an IBM
RS6000/220, which boasted a whole whopping 128M of RAM and a 133Mhz CPU.
I was considering purchasing a Raspberry Pi and setting up my own mail server on it. Would it be capable of running a personal mail server? I am on the Linux Kernel mailing list which receives around 300 emails a day.
Is a Raspberry Pi capable of functioning as a mail server, sure. Would I recommend it, most likely not.
I see two things being a limitation for the Raspberry Pi, 1) lack of memory (for various filters and support daemons) and 2) (lack of) disk.
I think you will be spending quite a bit more time than you will likely care to waiting on the Raspberry Pi. An external disk will help.
I would strongly suggest that you look at a Linode VPS (which is what I'm using) or something similar. Preferably something that is very well connected (both speed and more diverse back bone connectivity) and SSD backed.
Will I also need a static IP address in order to connect to the server from anywhere in the world?
Technically, no. You can tune your DNS such that the A record that your MX record points to has a low TTL thus avoiding caching and enabling dynamic DNS. - Would I do this for my mail server? Not at all. Would I do this for my home server that smart hosts through my mail mail server (Linode VPS), sure.
There is a big difference in what will technically work and what you will want to end up using.
If you're serious about this (which I encourage you to scratch the itch if you're so inclined) then I would strongly recommend spending ~$10 a month for a VPS as your primary mail server. (You can then have it forward to an internal mail server if you want to.)
Feel free to reply to me (on or off list) if you would like to discuss further details.
Note: You will need DNS servers with static IPs that you can configure in your domain registrar. (ProTip: Linode allows you to use their five DNS servers for the low price of having a single Linode VPS.) Everything else is ... technically flexible from that point.
AWS is probably the biggest cloud provider in the world. Of course the majority of junk is going to be coming from their network,
simply because they are that big.
Hovever, I really wanted to see what the bot statistics for my mail server were so I scanned my `Postfix` and `secure` log files for "access denied" entries.
In the past 10 hours, there were:
* 573 Postfix SASL Auth Failed entries from 106 different IPs
* 1479 SSH Auth Failed attempts from 13 different IPs
I see lots of OVH, Azure, home/business connection providers (TELSTRA Australia, lot of Asian stuff, Telefonica, Vodafone, Verizon...),
some random cloud/dedicated server provider here and there... but not a single Amazon IP - which surprised me quite a bit actually.
For reference, this server is with OVH in France and does not have fail2ban installed. Postfix has connection rate limiting enabled though.
On another note, I wouldn't recommend blatantly blacklisting anyone, especially not large service/platform/infrastructure providers. Many businesses (such as e-shops) rely completely
on AWS (or other cloud) infrastructure. If you don't receive emails containing order details or invoices because you completely blacklisted them... well, that's your problem.
If your server is setup correctly, those bots are completely harmless and spamassassin will destroy 99.9% of spam emails, which I call success.
The other 0.1% that goes through (that one email a week) I can delete manually.
Regards
In article <37613d30-ae69-9140-5d88-7596857ce99e@wadadli.me> you write:
I am considering purchasing a Raspberry Pi and hosting my own, as it
seems worth the experience. However does it require that I have my own
DNS server and a static IP address in order to connect to the mail
server from anywhere in the world?
You really don't want to do that unless you have a friend at a hosting
center who will let him plug your Pi into his rack and lend you a
static IP. Getting static IPs at home these days is pretty much
impossible unless you get very expensive business class cable service.
Even if you have a static-ish IP on residential cable, nobody accepts
mail directly from resi networks since it is about 99.99% botnet spam.
On the other hand, it is the work of a moment to set up a $5/mo VPS
running linux with a static IP at any of a long list of hosting
providers like Tektonix or Digital Ocean or Linode. From your point
of view, it's a linux box you can ssh into and manage the same way
you'd manage linux on a small physical machine.
R's,
John