this post was submitted on 27 Dec 2023
122 points (99.2% liked)

Selfhosted

39893 readers
358 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
122
Stalwart v0.5.0 (stalw.art)
submitted 10 months ago* (last edited 10 months ago) by [email protected] to c/[email protected]
 

Elevating Performance and Flexibility

We are excited to announce the release of Stalwart Mail Server v0.5.0. As we approach the end of the year, this significant update marks a major advancement in our journey to provide a robust, efficient, and versatile mail server solution. This latest version incorporates a range of performance enhancements, storage layer improvements, and new features, designed to elevate your email server experience.

all 43 comments
sorted by: hot top controversial new old
[–] [email protected] 23 points 10 months ago (3 children)

Very interested in this as Gmail is one of my last Google cords to cut. But it doesn't solve the issue of trying to host it from a non-commercial Internet connection. Last I remember most ISPs won't let you open the ports required to run an email service on a home connection. Anyone have modern experience with that?

[–] [email protected] 10 points 10 months ago (1 children)

I moved from Gmail to ProtonMail, then to Mailbox.org. Ypu can set up a mailserver on your home server, but you would need a VPS that would forward the traffic to and from your home server without you needing to open any ports. This guide can help you with TLS passthrough.

But setting up your own mailserver is a big hassle. Just pay a trusted provider and keep your inbox, and preferably all emails, encrypted with GPG.

[–] [email protected] 7 points 10 months ago (1 children)

What made you switch from Proton to Mailbox, if you don't mind sharing?

[–] [email protected] 3 points 10 months ago (2 children)

I was paying $7/m for their mail, VPN and drive services. One of my major reasons to switch was their lack of linux support. They claim that it is hard to find Linux developers. Second reason was their drive's download and upload speeds were terrible, from where I am sitting. Their VPN service is great. I always got great speeds, but their linux apps have always been terrible. Their mail service is also great, but I would like more control over it, like Mailbox.org. on Mailbox, I can encrypt my inbox using a different key, while also having the SMTP submission feature. I really ned that to integrate emails with my websites and services. Mailbox can also encrypt their cloud drive with our key, while also providing WebDAV support (how cool is that). Their mail app on android is open-source but is not available on f-droid. And the apk they provide on their website neither has a notification functionality, nor does it auto-update. Another reason was that I was limited to 3 custom domains, unless I buy their business plan. Mailbox has no such limit.

One final reason was that I did not want to keep all my apples in one basket. So, for mail, I am using mailbox, for storage, I am using a personal nextcloud and a Hetzner managed nextcloud, for VPN, I started using mullvad, but their speeds are terrible and connections are unreliable. For passwords I am using self-hosted vaultwarden.

There are a few more reasons that I do not remember, now. Proton is great, I still trust them. But these small things really go a long way.

[–] [email protected] 3 points 10 months ago

Thank you for that detailed reply. You have far greater needs than I do. 😊

It would be cool to do all these things and self-host. One day I'll get there, in life.

[–] [email protected] 1 points 10 months ago (1 children)

That's pretty much exactly my story except I went with fastmail.com, mullvad for vpn (you really need to test with some script to find your best exit nodes I forget which one I used ages ago but it found me a couple of nodes about 1000 kms away from my location and in a different country that I can do nearly a gig through routinely.. Maybe it was this script? https://github.com/bastiandoetsch/mullvad-best-server) . I went with pcloud for a bit but tailscale and now currently netbird make it kind of irrelevant since its' so easy to get all my devices able to communicate back to my house file server. I want to like hetzner so bad but every time I try it the latency to north america just kills me and the north american offering was really far away and undeveloped last time Itried it

[–] [email protected] 1 points 10 months ago (1 children)

For me the issue with Mullvad is like this... I connect to a server, I get good speeds, but after an hour or two, I get stuck at 2-3mbps. This issue gets resolved when I reconnect, even to the same server. Also, I like using OpenVPN over TCP, but their speeds, in Mullvad's case, are terrible for all exit nodes.

It also may be the case that my ISP is deliberately ruining the IPv4 routes because I am connecting to a VPN for privacy.

[–] [email protected] 2 points 9 months ago

Nevee saw that on wireguard once i foind the better connections for my location, weird

[–] [email protected] 7 points 10 months ago (2 children)

Most non-business Internet service in the IS has email ports blocked. They don’t open unless you switch to business class Internet and that’s $$$

[–] [email protected] 4 points 10 months ago (1 children)

Thanks for confirming. So pay for a vps to run this on, or just pay an email provider.

[–] [email protected] 6 points 10 months ago* (last edited 10 months ago) (2 children)

If the VPS allows email ports to be open.

Then deal with your email going to spam most of the time because you’re domain/IP is so new and not “warmed up” that email systems think it’s all spam.

[–] [email protected] 2 points 10 months ago

Yeah, it seems like the latter option is the obvious answer. It's an awful lot of work you still have to pay for. I'd rather just pay someone to offer me secure email and not harvest my information.

[–] [email protected] 0 points 10 months ago* (last edited 10 months ago) (1 children)

In my experience, this is nothing more than an urban legend at this point. There are great standards, like DMARC, DKIM, SPF, proper reverse DNS and more, that are much more reliable and are actually used by major mail servers. Pick a free service that scans the publicly visible parts of your email server and one that accepts an email that you send to them and generates a report. Make sure all checks are green. After an initial day of two of getting it right, I've never had trouble with any provider accepting mail and the ongoing maintenance is very low.

Milage may vary with an unknown domain and large email volumes or suspicious contents, though.

[–] taladar 3 points 10 months ago (1 children)

There are literally RBLs in use by many major mail providers that just contain all dynamic IPs. There are others that block entire subnets used by VPSs at certain hosters. In neither of those you can remove your IP yourself (unlike the ones that list individual IPs because of that IP's reputation).

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago) (1 children)

Weird, I've never had problems over the past 15 years or so and I've been using VPS servers exclusively. Maybe my providers were reputable enough.

I realize my evidence is only anecdotal, but that's why I started "in my experience". Also, common blacklists are checked by the services I mentioned.

[–] [email protected] 2 points 10 months ago

For what it’s worth I also haven’t had any problems. Maybe we’re just lucky, though.

[–] [email protected] 2 points 10 months ago (1 children)

That's insane to me. How is that a free and open Internet? Should be illegal.

[–] [email protected] 3 points 10 months ago (1 children)

Too many people get malware that setup an email server and start sending out spam/phishing emails.

[–] [email protected] 2 points 10 months ago (1 children)

That's interesting. Is it easily preventable?

[–] [email protected] 1 points 10 months ago (1 children)

Yes.

ISPs block email ports on residential connections to prevent this.

[–] [email protected] 1 points 10 months ago (1 children)

I meant on the part of the host. Would it be easily preventable on the server if the ports weren't blocked by the ISP?

[–] [email protected] 1 points 10 months ago (1 children)

Not for the average person who pays for a home (vs business) internet connection.

[–] [email protected] 1 points 10 months ago (1 children)
[–] [email protected] 1 points 10 months ago (1 children)

Why?

I can count on no hands the amount of people I know who want to host their own email server on a residential connection (and that includes myself).

[–] [email protected] 0 points 10 months ago (1 children)

Very anecdotal. 🤷‍♂️

[–] [email protected] 1 points 10 months ago (1 children)
[–] [email protected] 3 points 10 months ago* (last edited 10 months ago) (1 children)

It's not a shame because of the amount of people we know, or how many people there are in total, that want to self-host email. It's about the fact that it's so difficult to set up, and hard to secure. I just wish it were simpler and more secure by default so that more people could roll their own and break free from ad-ridden and privacy-invading email services. 👍

[–] [email protected] 2 points 10 months ago

Makes sense.

[–] [email protected] 2 points 10 months ago

Gmail to MXroute when Google threatened to pull the grandfathered free Gmail custom domain thing. Got their lifetime plan, easy enough to configure so outgoing mails don’t get marked as spam. However, the major downside is it’s still using Spam Assassin as spam filter.

[–] [email protected] 9 points 10 months ago* (last edited 10 months ago) (1 children)

This looks nice, even has a clean docker image.

Will check it out. Setting up postfix + dovecot with dmarc and postgres was a funny experience but it's starting to slip out of my memory how I did it and I don't want to be through it again.

[–] [email protected] 6 points 10 months ago (1 children)

I looked at this, it looks pretty rudimentary compared to something like Mailcow-dockerized which has a full docker stack with clamAV, sieve, etc that you can add Roundcube on to, and has worked very well for me for years. There are precious few jmap clients out there so that's not much of a consideration really. I'd rather have rspamd itself rather than their fork of it because then I can depend on the original's documentation, because their documentation doesn't seem very comprehensive comparatively.

Plus, I'd rather have a stack of separate docker containers rather than a single container that munges it all together, but maybe that's not a big deal. I like to let Postgres manage the postgres container image and not put another layer in there.

[–] [email protected] 7 points 10 months ago (2 children)

I don't think it's you, it generally is a bad practice to have multiple processes inside a container. It usually defeats most of the isolation, introduces problems with handling zombie processes (therefore you need an init) and restarting tools when they crash (then you need something like supervisord, which I guess this image might use - I didn't check). Each software adds dependencies, which can conflict (again defeating the idea of containers), and of course CVEs. Then you have a problem with users etc.

So yeah, containers are generally not meant to be used this way. The project might be cool but I would be very uncomfortable running it like this, especially if that's going to be my primary email, with all the password resetting capabilities etc.

[–] [email protected] 2 points 10 months ago

Reading the Dockerfile in their repo, it's simply a clean debian:slim with four compiled rust binaries placed into it. There's no services, no supervisord, nothing except the mail server binaries themselves.

[–] [email protected] 1 points 10 months ago

Does it run multiple processes inside the container? Looks like the entrypoint only launchs one.

[–] [email protected] 6 points 10 months ago (1 children)

Hosting the software is only part of the problem, and not the hardest one from my experience.

The great spam catcher of Microsoft and Google are incrediblely dense and arcane, mail will often be rejected or swallowed from small mail servers.

[–] [email protected] 3 points 10 months ago

You're right and it's crazy how much spam still comes through.

[–] [email protected] 3 points 10 months ago (1 children)

I tried to set this up beside my existing mailcow server. Mailcow runs smooth and has a web interface. And I am not on my way to ditch it just for jmap.

Idk, what's happening earlier:

1.dovecot integrates jmap (I would stay with mailcow) 2. More clients support jmap (eventually switch to stalwart) 3. Stalwart get an webinterface (eventually switch to stalwart)

[–] [email protected] 2 points 10 months ago (1 children)
[–] [email protected] 3 points 10 months ago

Yes, I know, but since it's open source, I don't ask for release dates. :-)

[–] [email protected] 2 points 10 months ago* (last edited 9 months ago) (1 children)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
IP Internet Protocol
SMTP Simple Mail Transfer Protocol
SSL Secure Sockets Layer, for transparent encryption
TLS Transport Layer Security, supersedes SSL
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)

6 acronyms in this thread; the most compressed thread commented on today has 4 acronyms.

[Thread #381 for this sub, first seen 28th Dec 2023, 07:55] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 1 points 10 months ago
[–] [email protected] 1 points 10 months ago

If I look carefully, will I find some performance comparisons between an EL9 host installed with either a postfix/dovecot/etc stack or this manatee?