July 22, 2015
Running your own mail server in 2015
Running your own mail server always was a pain in the ass1. Ever since I started to become involved with IT, operating your own mail server was a lot of work. You always had to tweak something here or update something there, because you wanted it to be safe and secure. In my early days it was even possible to use DynDNS and run your mail server behind a dial-up modem or ISDN line. It started to change even then, but it was still possible.
Nowadays this is neither recommended nor possible, as all major email service providers are blocking dial-up IP ranges. It became a necessity with all the zombies2 out there trying to push their spam to the masses. Even though it got a lot easier to have your own server “on the Internet”, with a public non-dial-up IP, it also became even harder to operate your own mail server. Cloud providers like Amazon Web Services or DigitalOcean make it easy for you to deploy your own virtual private server within minutes. Unfortunately it is as easy for the spammers and scammers as it is for you. This means many email service providers started to block whole IP ranges from cloud providers or automatically assign a higher “score” to the email originating from these IPs — which makes them to disappear more often into the “digital abyss” of the junk or spam folder. Most of the time this can only be remedied by using a 3rd-party provider like Mailgun, specialised in email services and taking very good care of the reputation of their servers and IPs.
But that is not all. If you are like me and have several domains with even more mailboxes, aliases and domain aliases, the configuration can get quite complicated. You might want to have a backend database and — to keep maintenance as low as possible — some sort of configuration utility (usually a web interface of some kind). If you decide against a 3rd-party provider, you will have to configure SPF and DKIM yourself. This configuration requires extra attention, but without it many of the larger email providers will put your email almost directly into the junk folder. Besides all this, the system has also to be kept up-to-date at all times and logs need to be watched(https://jason.re/email-in-2015/#easy-footnote-bottom-3-51 "Usually with the help of special tools like Pflogsumm, rrdtool and/or mailgraph") for stray emails, break-in attempts and spammers who try a DOS or even a DDOS attack. You see that operating your own mail server is not a good idea if you are inexperienced or cannot spare the time for all the design decisions, configuration and the debugging involved.
Currently I am using Dovecot, Postfix, a MySQL database as backend and PostfixAdmin for administration. But i am currently looking for another solution that requires less time. I tried Google Apps for Business, which was not for me, and also several other solutions. At the moment I am trying to get into the Amazon WorkMail preview, which could be exactly what I am looking for. DigitalOcean recently wrote an article about Mail-in-a-Box, which I wanted to take a closer look at as well.
Of course there are other important topics I have not covered in this post. For example data security and surveillance. But this is subject for another article, which will describe my thoughts on email in general and what implications the different solutions can have.