________________________________________
I DON'T RUN MY OWN MAIL SERVER ANYMORE
Nicolas Herry
________________________________________
2017/12/26
1 I don't run my own mail server anymore
========================================
Since I got my first server on the net, I've always been running
my own mail server. I started with an OpenBSD box at home, behind
a rather slow DSL line, and spent quite some time configuring
`sendmail', discovering how one can express his hatred of
everything that is good in this world through the simple means of
the design of [configuration file syntax]. I also remember
hesitating between sticking with POP3 or making the jump to IMAP,
and whether I should go with [Courier] or [Cyrus-IMAP], switch to
[QMail] to benefit from a more secure implementation... The most
challenging question remained whether Maildir was better than
mbox. As you can see, life was good and simple, and setting up a
mail server could be done in one evening of hard work and pizza
eating.
[configuration file syntax]
<
http://www.stderr.nl/Blog/Software/FreeBSD/sendmail-horror.html>
[Courier] <
https://en.wikipedia.org/wiki/Courier_Mail_Server>
[Cyrus-IMAP] <
https://en.wikipedia.org/wiki/Cyrus_IMAP_server>
[QMail] <
https://en.wikipedia.org/wiki/Qmail>
1.1 Mail today
~~~~~~~~~~~~~~
Today, things have changed. Spam, phishing and other delicacies
now represent around [97% of all email traffic] and running a
spam-filtering MDA like [SpamAssassin] is not going to cut it. In
reaction to that, many standards emerged, trying to filter out
domains displaying a bad behaviour, known spam relays,
impersonating domains, and so on. Over the course of a few years,
we've seen the following make it to our checklist when setting up
a mail server:
- SPF, [Sender Policy Framework]
- DKIM, [DomainKeys Identified Mail]
- DMARC, [Domain-based Message Authentication, Reporting and
Conformance]
- PTR fiddling and reverse DNS lookup
Once you've learnt about all this, configured it properly,
securely, you realise that your email still doesn't make it to
GMail. Why? Maybe your public IP used to belong to some known
email relay, and this IP is now blacklisted everywhere. Who
knows? /You/ certainly don't. At least, you don't if you're not a
professional. So this is what happened: we went from a world
where anyone could set up their own mail server to one where
running such a service is best left to big corporations who can
afford spending the time. Even if you can set it up, can you
maintain it?
[97% of all email traffic]
<
http://news.bbc.co.uk/2/hi/technology/7988579.stm>
[SpamAssassin] <
https://en.wikipedia.org/wiki/SpamAssassin>
[Sender Policy Framework]
<
https://en.wikipedia.org/wiki/Sender_Policy_Framework>
[DomainKeys Identified Mail]
<
https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail>
[Domain-based Message Authentication, Reporting and Conformance]
<
https://en.wikipedia.org/wiki/DMARC>
1.2 A compromise
~~~~~~~~~~~~~~~~
Like I say in my contact page, having my mailbox hosted by GMail
was only supposed to be a temporary solution to get by with, the
time for me to set up a nice, clean email server again after the
tear in the very fabric of reality was repaired and I would have
my server fully up and running again. But considering the list of
monsters I would have to tame this time, I was faced with a
conundrum: I didn't want my email stored and used by a company
like Google, and I didn't want to go through a nightmare of
configuration to end up with a half-working solution. Luckily,
while I was still debating those questions in my head, I received
an alert from my registrar [Gandi.net] about the expiry of my
domain name. And it clicked: Gandi.net is in many ways a
dinosaur, escaped from an era where the internet was still this
free space, opened to anyone, and the company was founded by
activists who thought that since domain names cost nothing to
produce, they should be provided as a public service. Gandi.net
is not just a registrar, they also provide email hosting (as well
as web hosting and VPSs, now). So, three clicks later, I had
solved my issue. Sure, I have a quota (3GB for free, 50GB for
just over 2 euros a month), but I can get by with the wonders of
Gmane/Gwene to read my lists and news, and I can always backup my
whole box with tools like OfflineIMAP and friends. So it seems
really manageable, even for someone like me, who loves email and
news so much I once spent an entire evening reading through
alt.religion.emacs without getting bored or going mad.
[Gandi.net] <
https://www.gandi.net>
1.3 The email is dead
~~~~~~~~~~~~~~~~~~~~~
As we are reaching the end of 2017, almost 20 years have passed
since I set up my first mail server. The naive world where SSL
was an advanced security layer and a 20-line recipe in
SpamAssassin was the best armor ever designed to protect your box
to one where every email is suspect and victim of its own
openness. Unless you're a professionnal, there's little chance
you can still count email as a service you set up as a hobby. In
a way, the email is dead, but my mailbox lives on. Now if you'd
excuse me, I have a contact page to update.