________________________________________

             I DON'T RUN MY OWN MAIL SERVER ANYMORE

                          Nicolas Herry
            ________________________________________


                           2017/12/26





1 I don't run my own mail server anymore
========================================

 Since I got my first server on the net, I've always been running
 my own mail server. I started with an OpenBSD box at home, behind
 a rather slow DSL line, and spent quite some time configuring
 `sendmail', discovering how one can express his hatred of
 everything that is good in this world through the simple means of
 the design of [configuration file syntax]. I also remember
 hesitating between sticking with POP3 or making the jump to IMAP,
 and whether I should go with [Courier] or [Cyrus-IMAP], switch to
 [QMail] to benefit from a more secure implementation... The most
 challenging question remained whether Maildir was better than
 mbox. As you can see, life was good and simple, and setting up a
 mail server could be done in one evening of hard work and pizza
 eating.


[configuration file syntax]
<http://www.stderr.nl/Blog/Software/FreeBSD/sendmail-horror.html>

[Courier] <https://en.wikipedia.org/wiki/Courier_Mail_Server>

[Cyrus-IMAP] <https://en.wikipedia.org/wiki/Cyrus_IMAP_server>

[QMail] <https://en.wikipedia.org/wiki/Qmail>

1.1 Mail today
~~~~~~~~~~~~~~

 Today, things have changed. Spam, phishing and other delicacies
 now represent around [97% of all email traffic] and running a
 spam-filtering MDA like [SpamAssassin] is not going to cut it. In
 reaction to that, many standards emerged, trying to filter out
 domains displaying a bad behaviour, known spam relays,
 impersonating domains, and so on. Over the course of a few years,
 we've seen the following make it to our checklist when setting up
 a mail server:
 - SPF, [Sender Policy Framework]
 - DKIM, [DomainKeys Identified Mail]
 - DMARC, [Domain-based Message Authentication, Reporting and
   Conformance]
 - PTR fiddling and reverse DNS lookup

 Once you've learnt about all this, configured it properly,
 securely, you realise that your email still doesn't make it to
 GMail. Why? Maybe your public IP used to belong to some known
 email relay, and this IP is now blacklisted everywhere. Who
 knows? /You/ certainly don't. At least, you don't if you're not a
 professional. So this is what happened: we went from a world
 where anyone could set up their own mail server to one where
 running such a service is best left to big corporations who can
 afford spending the time. Even if you can set it up, can you
 maintain it?


[97% of all email traffic]
<http://news.bbc.co.uk/2/hi/technology/7988579.stm>

[SpamAssassin] <https://en.wikipedia.org/wiki/SpamAssassin>

[Sender Policy Framework]
<https://en.wikipedia.org/wiki/Sender_Policy_Framework>

[DomainKeys Identified Mail]
<https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail>

[Domain-based Message Authentication, Reporting and Conformance]
<https://en.wikipedia.org/wiki/DMARC>


1.2 A compromise
~~~~~~~~~~~~~~~~

 Like I say in my contact page, having my mailbox hosted by GMail
 was only supposed to be a temporary solution to get by with, the
 time for me to set up a nice, clean email server again after the
 tear in the very fabric of reality was repaired and I would have
 my server fully up and running again. But considering the list of
 monsters I would have to tame this time, I was faced with a
 conundrum: I didn't want my email stored and used by a company
 like Google, and I didn't want to go through a nightmare of
 configuration to end up with a half-working solution. Luckily,
 while I was still debating those questions in my head, I received
 an alert from my registrar [Gandi.net] about the expiry of my
 domain name. And it clicked: Gandi.net is in many ways a
 dinosaur, escaped from an era where the internet was still this
 free space, opened to anyone, and the company was founded by
 activists who thought that since domain names cost nothing to
 produce, they should be provided as a public service. Gandi.net
 is not just a registrar, they also provide email hosting (as well
 as web hosting and VPSs, now). So, three clicks later, I had
 solved my issue. Sure, I have a quota (3GB for free, 50GB for
 just over 2 euros a month), but I can get by with the wonders of
 Gmane/Gwene to read my lists and news, and I can always backup my
 whole box with tools like OfflineIMAP and friends. So it seems
 really manageable, even for someone like me, who loves email and
 news so much I once spent an entire evening reading through
 alt.religion.emacs without getting bored or going mad.


[Gandi.net] <https://www.gandi.net>


1.3 The email is dead
~~~~~~~~~~~~~~~~~~~~~

 As we are reaching the end of 2017, almost 20 years have passed
 since I set up my first mail server. The naive world where SSL
 was an advanced security layer and a 20-line recipe in
 SpamAssassin was the best armor ever designed to protect your box
 to one where every email is suspect and victim of its own
 openness. Unless you're a professionnal, there's little chance
 you can still count email as a service you set up as a hobby. In
 a way, the email is dead, but my mailbox lives on.  Now if you'd
 excuse me, I have a contact page to update.

You are viewing proxied material from gopher.beastieboy.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.