Az

Running Your Own Mail Server

For about a year and a half now I’ve been running “my own” mail server on my sole trader business domain using Mail-in-a-Box on a cheap VPS, slowly migrating more accounts and subscriptions to it. I originally started doing this after thinking about my 2021 ICT goals, focusing on ownership of my own email data.

While there have been privacy issues about email providers before, such as Google using your emails to personalise ad content until 2017, another factor is the risk of losing all your email data if the hosting company decides to cancel your account without any reason. I get that the chance of this occuring is very low, but the consequence is high and that level of control by a provider with no guaranteed way of resolving it freaks me out. Especially as email is such a key part of our online lives; while it may not be used as much for interpersonal communication it’s one of the key ways of signing into most online services but has way less regulation than mobile phone numbers and services.

I do want to say the following though:

Hosting your own email isn’t easy for non-technical people and occasionally requires a bunch of time and maintenance. It isn’t for most people.

I’d worked at Westnet and iiNet (two local ISPs) when I was younger and I knew self-hosted email was an absolute pain even then. Running your own mail server comes with a bunch of requirements. You need:

  • A static IP for your mail server.
  • The ability to set reverse-DNS records for your IP.
  • Good reputation for your IP on RBLs (Real-Time Blackhole List) otherwise you can’t send email.
  • Time for regular maintenance.
  • Time and skills for emergency maintenance when it all goes TITSUP (Total Inability To Send, Use, or Perform).

The first three dot points are usually why you can’t host your own email off a residential internet connection. Even if you have a static IP, some ISPs will block protocols used for mail transfer as an anti-spam measure.

Modern Email Is Complex

You’ve tot a lot of things to consider with email:

  • The MTA or Mail Transfer Agent which takes emails from people and other MTAs and passes them to the destination MTA.
  • The MUA or Mail User Agent that access the mailbox for the user to read their mail. This may be a program like Thunderbird or Outlook or a webmail portal.
  • The email filtering system to help reduce or prevent spam while also not blocking legitimate email.
  • The address routing system to handle aliases and multiple users.
  • The email storage format for each mailbox.
  • How does your system manage email folders?
  • Backups!!!!
  • Contact management.
  • Meeting invites/calendar management.

Mail-in-a-Box

While one day I might build something more from scratch, I felt like for my first foray into email hosting should be a turnkey solution. Thankfully I found Mail-in-a-Box which handles everything itself and produces a nice web interface for accessing your email. It also handles backups, users, aliases, calendars, and contacts.

My first test server took about 45 minutes to set up on a DigitalOcean* VPS and worked straight out of the box (pun intended). You can do it quicker, I was just taking my time to dot all the ’t’s and cross all the ‘i’s. The Mail-in-a-Box setup guide is great!

I have my DNS hosted through AWS for that domain because I also run various stuff through there, so I bucked the guide’s recommendations and manually configured my DNS records which was a bit of a pain from memory. While Mail-in-a-Box provides a handy zone file you can upload, I had to transcribe those to the AWS Route53 console and some of the records needed to be broken up into multiple parts.

Eventually it all worked, but I still receive a monthly complaint email from my Mail-in-a-Box saying that the DNS is not controlled by it and it’s very concerned about that.

Maintenance

In a perfect world, no software would have bugs so you would never need to patch it.

And in an imperfect world, you’d always keep everything up to date, up to the minute.

But we’re all just kinda hanging on in a pretty fucked up world so we do the best we can with the resources we have.

Your operating system and the various packages used by Mail-in-a-Box will regularly need to be updated. Thankfully Mail-in-a-Box can do most of this itself. But sometimes it needs you to run the upgrades, and sometimes it needs to be restarted.

I’ve got it in my weekly routine to do this and have found it’s not a huge hurdle, but make sure you’re the kind of person who can make 5 minutes a week to keep your email server updated.

Backups

If you’re using Mail-in-a-Box, download your secret key and store it somewhere safe. Without it, you can’t access your encrypted backups.

At least once a year try setting up a new mail server from your backups to make sure they work.

When Things Go Wrong

Backups Down

About a month and a half ago I got an email that the backup system (Duplicity) had failed. Looks like it was due to some upgraded versions that weren’t backwards compatible and caused problems with backups to AWS S3.

Of course, not having backups isn’t bad unless your mail server fails but if it does, you’ve lost everything that isn’t backed up.

So I had to spend about 4 hours on a night where I would have rather been working on my reading challenge trying to resolve the issue and fall back to an older package version, and then a few hours some weeks later moving everything back to working upgrades.

So I’d definitely only recommend running your own mail server if you’re prepared that at some point you may have to drop everything to fix everything.

Email Not Sent

There’s a great Twitter thread from Carlos Fenollosa on stopping hosting email due to outbound not working. I haven’t stopped yet, but I’ve also only received one issue - emailing Qantas got rejected by their dinky Proofpoint anti-spam system, and the provider doesn’t have an easy option for getting your IP unbanned. In that case, I had to send the email from an old GMail account I had to sort things out.

So far this is only one sending issue in 21 months, but it’s also something to be aware of if you’re hosting your own email.

Greylisting

By default Mail-in-a-Box uses greylisting, where it doesn’t respond to the first attempted send, as a way to ward off most spammers. Because legitimate email servers should try delivery multiple times (knowing that all systems have downtime) and spammers are mostly just trying to blast the internet as much as possible, it seems to be pretty effective. By which I mean, I have received very little spam since I’ve been using this system. Although maybe that email hasn’t been leaked yet (*knock on wood*)?

This does mean that when I sign up to a new service or buy from a new online shopping site, sometimes it’ll take 5-15 minutes before activation/confirmation emails come through. Keep that in mind if you want to run an email server that uses greylisting.

Aliases, Tag Addresses/Subaddressing

If running an email server just for yourself, I recommend doing a global catchall alias on your domain. That way, you can sign up to every service with a unique email. For instance, if you decided to go with HBF for health insurance, you might use an email like hbf@example.com. This means if you ever start receiving spam email at hbf@example.com and you’ve only ever used it to sign up to them, either they or one of their vendors have sold your email address or been hacked and should probably be heckled or informed as required.

If you have multiple people using the email domain, some mail servers can be configured to use “tag addresses”/subaddresses, where placing a + character and an alphanumberic string before the @ character is usable as an alias to your personal email. For instance, coolgirl73+anytimefitness@example.com would be an alias of coolgirl73@example.com and if the owner of that email started receiving spam addressed to coolgirl73+anytimefitness@example.com they would know where the leak came from. Some commercial providers such as GMail, iCloud, and Outlook.com already provide this functionality.

Keep in mind that tag addresses are in a weird state, they are legitimately different email addresses as considered by RFC 5322 but some services will reject them, even if your server doesn’t use tag addresses and legitimately sees addresses with a + symbol as a separate mailbox you might get rejected.

Running Email For Others

So far this email server is just for my small side business. I’ve been tempted to create a family email address sometime in the future so my wife and I can have our own email, or help host friends’ email who want to migrate away from big providers in which they have no control. I don’t think I’d do this for corporate email, my focus would be on low outgoing volume personal mailboxes.

Of course, this also saddles me with more responsibility, because it’s no longer just my butt on the line. Potentially with more users comes more space requirements, more bounces from recipients, or more issues that I’d have to resolve. If this is tempting for you, remember that you can’t just walk away from such a responsibility once you begin, and ask whether you’re ready to handle that.

Conclusion

Hosting my own email has been a pretty eye-opening experience, definitely interesting and mostly pretty fun. It’s met my goals and needs, although as I said before I would not recommend this for most or even many people.

2022-09-13 Update: Added experience with failed outgoing email, updated Running Email For Others section.

* - My referral code, sign up for $100 credit.