So I’ve been running self-hosted email using Mailu for a couple of months (after migrating out of Google Workspace). Today it turned that although my server seems to be capable of sending and receiving emails, it also seems to be used by spammers. I’ve stumbled upon this accidentally by looking through logs. This seems to have been going on for all this time (first “unknown” access happened just a couple of hours after I’ve set everything up).
While browsing the logs there were just so many crazy things happening - the incoming connections were coming through some kind of proxy built-in to Mailu, so I couldn’t even figure out what was their source IP. I have no idea why they could send emails without authorization - the server was not a relay. Every spammy email also got maximum spam score - which is great - but not very useful since SMTP agent ignored it and proceeded to send it out. Debugging was difficult because every service was running in a different container and they were all hooked up in a way that involved (in addition to the already mentioned proxy) bridges, virtual ethernet interfaces and a jungle of iptables-based NAT that was actually nft under the hood. Nothing in this architecture was actually documented anywhere, no network diagrams or anything - everything has to be inferred from netfilter rulesets. For some reason “docker compose” left some configuration mess during the “down” step and I couldn’t “docker compose up” afterwards. This means that every change in configuration required a full OS reboot to be applied. Finally, the server kept retrying to send the spammy emails for hours so even after (hypothetically) fixing all the configuration issues, it would still be impossible to tell whether they really were fixed because the spammy emails that were submitted before the fix already got into the retry loop.
I have worked on obfuscation technologies and I’m honestly impressed by the state of email servers. I have temporarily moved back to Google Workspace but I’m still on the lookout for alternatives.
Do you know of any email server that could be described as simple? Ideally a single binary with sane defaults, similarly to what dnsmasq is for DNS+DHCP?
You must log in or register to comment.
Removed by mod
ProtonMail. 100%.
I set up custom DNS and catchall so [email protected] is really how I filter spam.
Please note, saltycowboy.org isn’t really my domain.
So you’re saying it’s available? 👀
I’ve also done the same, it’s been great.
unless you realllllly enjoy self hosting your email, IMO it’s just not worth it anymore with the state of things. I use Fastmail and could not be happier.
Same here. Gave up and went fastmail. Love em.
I use fastmail, and I enjoy it a lot. Their masked email is very nice as well, and integrates with bitwarden. So quite convenient to use my personal domain for stuff where my identity matters, and use masked @fastmail addresses for more disposable stuff.
The only thing that ticks me a tiny bit is that their mobile app doesn’t have offline mode; but you can use imap client or w/e, so it’s not too much of an issue.
Also hear good things about protonmail; I would consider it if I didn’t already use/trust fastmail.
Another vote for Fastmail. In my recent effort to degoogle I switched to Fastmail and I love it.
For mobile with fastmail, I use fairemail. Works great with it, and provides a nice merged view with my non-fastmail work emails.
im an old school email admin. i gave up on my personal exchange box for protonmail years ago… multiple domains, lots of dns nonsense on my part. zero problems.
i highly recommend them.
https://mxroute.com/ is what I went with. They have a $99 lifetime plan. Semi limited, but worth it imho.
I’d be super cautious about relying on any company that even offers a “lifetime” plan.
Offers like that are tools to raise cash - take money now for a service that you will provide people in the future. They tend to get used in one of two situations:
- We need to raise money for investment in upgrades, so take the equivalent of ~2-3 years subscription from people up front, and count on the investment bringing in enough new customers paying regular rates that you can cover the cost of having the lifetime customers out of revenue
- We need cash now or we aren’t going to be able to pay salaries, and it won’t matter that we’ve screwed our customers if we are bankrupt
Even in the best case, it’d be much simpler to raise cash through usual investment mechanisms, so you do have to wonder how viable their business strategy is if they can’t get money that way
Do you maybe have a link for the lifetime plan? Because I cant find it.
Ah there is a big lifetime promo link in the homepage, thanks
de rien
I use mailcow for self hosting.
Nowadays I’d recommend a simple postfix + dovecot setup. If you care about a web-UI and possibly some groupware functions put SOGo on top.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System Git Popular version control system, primarily for code IMAP Internet Message Access Protocol for email IP Internet Protocol SMTP Simple Mail Transfer Protocol SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
8 acronyms in this thread; the most compressed thread commented on today has 3 acronyms.
[Thread #169 for this sub, first seen 27th Sep 2023, 14:35] [FAQ] [Full list] [Contact] [Source code]
Just switch to mail in a box.
Step 1: cut a hole in the box
The answer bad self hosted apps isn’t less self hosting.
I use docker-mailserver with sendgrid as smtp relay
Fasmail + domain
I found myself in a similar situation last year. MXRoute’s lifetime plan works well for those domains that just need basic email and not a lot of storage.
Moved from a junky setup where I was forwarding my domain mail to gmail. And sending mail through gmail using the smtp server provided by my web host.
I was having too many issues.
I switched to fastmail. It is quite good. And you can get some free basic web hosting included with your paid service.
This is what I did too, after self hosting and self hosting anonaddy for a while. I really like how it integrates into bitwarden to give me most of what I liked about anonaddy as an included thing. I also did it ofr the same reason. Too many Eh holes out there that just want to bang on the mail server all day.
I ended up on purelymail.com for my machine sending email (it’s dirt cheap I think I will be under their minmimum and it will cost something like 10 dollars a year for unlimited unique email addresses for my services)…
Protonmail. That’s what I use connected to my own domain.
