Toying with the idea of running my own email server. Lots of people say this is a bad idea.
Been doing lots of research. I have a VPS for it already and want to set it up with postfix, dovecot, roundcube, and mariadb.
I don’t want to host locally because I don’t want it to depend on my internet connection and because my ip address will likely change at some point and most residential IPs are blacklisted.
But also don’t want to host it on someone else’s machine unless I can totally encrypt the drive. I have been looking at how to do full drive encryption on a vps hard drive by adding dropbear ssh to the initsys so I can ssh in and enter the decryption password when rebooting.
This also doesn’t seem ideal, because it would require me to be available to do this for every reboot.
So still researching to see what other options there are.
Yeah, my plan will be to use a domain that I don’t actually use for my email to start with, make sure that I can reliably send and receive mail with it. Then add my normal email domain for sending-only to start, will just need to add it to my spf and dkim records. Once I test with that and verify that I can reliably send mail then I can fully switch things over.
Still trying to decide what do do about full disk encryption.
Thinking that maybe I can host a decryption key on private github repo, have the preboot environment use a local key to download the decryption key to ephemeral storage and use it to unlock the disk. This doesn’t make it truly secure because anyone with access to the boot partition could figure out what is happening and do it manually. but it would make it difficult enough that a bored sysadmin at the vps provider couldn’t just browse me data easily.
I’d really like it better if I could have it send me a push notification to my phone to authorize the unlock. Maybe I can set that up with how ever I decide to host the decryption key.
As other people said, getting the mail delivered is the hard part. Check if your mail is received by Google, Microsoft, because apparently they blacklist by default.
You can do everything yourself and then set up a relay for sending, so all mail is sent through someone else who can make sure it is delivered. Then you could get something like purelymail, which is 10$/year to deliver your mail.
(I have no relation with purelymail, I am their customer, but it took me quite a while to find a mail relay that is not for sending bulk spam but for real people).
Toying with the idea of running my own email server. Lots of people say this is a bad idea.
Been doing lots of research. I have a VPS for it already and want to set it up with postfix, dovecot, roundcube, and mariadb.
I don’t want to host locally because I don’t want it to depend on my internet connection and because my ip address will likely change at some point and most residential IPs are blacklisted.
But also don’t want to host it on someone else’s machine unless I can totally encrypt the drive. I have been looking at how to do full drive encryption on a vps hard drive by adding dropbear ssh to the initsys so I can ssh in and enter the decryption password when rebooting.
This also doesn’t seem ideal, because it would require me to be available to do this for every reboot.
So still researching to see what other options there are.
If you host your own email, expect your email to land in most people’s SPAM folders unless you warm up the domain first.
If your email is going to be important / mission critical, let someone else host it.
Yeah, my plan will be to use a domain that I don’t actually use for my email to start with, make sure that I can reliably send and receive mail with it. Then add my normal email domain for sending-only to start, will just need to add it to my spf and dkim records. Once I test with that and verify that I can reliably send mail then I can fully switch things over.
Still trying to decide what do do about full disk encryption.
Thinking that maybe I can host a decryption key on private github repo, have the preboot environment use a local key to download the decryption key to ephemeral storage and use it to unlock the disk. This doesn’t make it truly secure because anyone with access to the boot partition could figure out what is happening and do it manually. but it would make it difficult enough that a bored sysadmin at the vps provider couldn’t just browse me data easily.
I’d really like it better if I could have it send me a push notification to my phone to authorize the unlock. Maybe I can set that up with how ever I decide to host the decryption key.
If you’re email is going to be important / mission critical, let someone else host it.
yeah, I know. that why I want to do it.
As other people said, getting the mail delivered is the hard part. Check if your mail is received by Google, Microsoft, because apparently they blacklist by default.
You can do everything yourself and then set up a relay for sending, so all mail is sent through someone else who can make sure it is delivered. Then you could get something like purelymail, which is 10$/year to deliver your mail. (I have no relation with purelymail, I am their customer, but it took me quite a while to find a mail relay that is not for sending bulk spam but for real people).
Ive had great success with Mailcow on my Vps, they have good Docs to follow and also setup the DNS. Just wanted to drop that suggestion :)
That sounds really fun