I have a raspberry pi running postfix. I Realised unless I open port 25 I absolutely cannot receive emails (I have 587 open and can send but not receive them). However I heard there are scaries online which someone could potentially send emails from your server without consent. I believe as well my ISP doesn’t block port 25. Is there anything I should do right now before opening port 25, or should everything be safe enough?

  • catloaf@lemm.ee
    link
    fedilink
    English
    arrow-up
    38
    ·
    7 months ago

    Ideally, don’t. Self-hosting email is complicated, easy to get wrong (and dangerously wrong, where people could use your server as an open relay and send spam).

    That said, if you really want to, make sure you’re not accepting email except for what’s destined for you. There are a bunch of postfix best-practice guides out there that can be easily found with a Google search. I don’t host my own email, so I can’t vouch for any.

    • markstos@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      2
      ·
      7 months ago

      Agreed. I used to host email professionally and would not recommend managing your own mail server. It will constantly be under attack by spammers and if the inbox email address is exposed at all, soon 90% of incoming mail will be spam and you’ll need antispam software to filter it.

      • wildbus8979@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        2
        ·
        edit-2
        7 months ago

        Not sure about you latter point tbh. I run an email server, with nothing but grey listing and spamassassin and the amount of spam is absolutely minimal.

        Proper config and fail2ban easily takes care of direct attacks.

        Nevertheless, I wouldn’t recommend it to anyone but the most determined.

        • lud@lemm.ee
          link
          fedilink
          English
          arrow-up
          11
          ·
          7 months ago

          To be fair, they said that you would need anti spam software and you do use anti spam software.

  • originalucifer@moist.catsweat.com
    link
    fedilink
    arrow-up
    21
    arrow-down
    5
    ·
    7 months ago

    friends dont let friends host email. its just become too top heavy (complexity-wise) if you want it to be fully functional and secure.

      • FalseMyrmidon@kbin.run
        link
        fedilink
        arrow-up
        15
        arrow-down
        1
        ·
        7 months ago

        Buy your own domain name and put it in front of someone else’s service. This is going to be a ton of work to do correctly and you’re unlikely to be able to host it out of your house.

        Also, something you’re running off a Raspberry Pi in your house is not going to meet most definitions of ‘reliable’.

          • FalseMyrmidon@kbin.run
            link
            fedilink
            arrow-up
            2
            ·
            7 months ago

            Personally I’d probably go with MS hosted exchange or a Google business account. If you don’t trust those entities I’ve heard good things about ProtonMail - I imagine they have some kind of business solution.

            • EngineerGaming@feddit.nl
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              7 months ago

              Google and MS are the entities you’d definitely want to keep your data away from, no thanks. And Proton doesn’t work with normal mail clients, which is kind of a dealbreaker. I remember seeing a comparison chart somewhere with an assortment of other services.

          • bastion@feddit.nl
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            6 months ago

            Mango mail, porkbun, proton mail

            Each does a slightly different niche.

            Mango is cheap, but limits outbound mail. Porkbun has a good all-around mail service, bit is a little more costly. Proton is very secure, but can be inconvenient for export (though it can be done, it requires purchase of a month of business service to export away from them).

    • FalseMyrmidon@kbin.run
      link
      fedilink
      arrow-up
      4
      arrow-down
      5
      ·
      edit-2
      7 months ago

      100% agreed. It’s well worth outsourcing to someone else for $10/mo versus the amount of work it takes to do it well unless you’re a large business.

      I’d make this argument for DNS too - a lot of work for how easy it is to pay someone else to handle it.

  • taladar@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    14
    ·
    7 months ago

    You should be aware that a large number of mail hosters will block all mail from your server merely because it is sent from a dynamic IP address.

    • Mixel@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      Meh that sucks i even have a perfectly working ddns, I mean I know I don’t get something like a PTR record but i wish that mail hosters would allow for more self hosting options

      • wildbus8979@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        17
        ·
        7 months ago

        The domain won’t change that. Even with a static IP if it’s coming from an ISP owned up block you’re likely going to get banned. Even with reputable VPS’ it’s hard. Make sure you have DMARC, DKIM, and SPF setup, but even then almost certainly going to get banned. The big player are creating and inherent monopoly instead of improving their spam filters.

      • lemmyreader@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        7 months ago

        If you manage to get a good SMTP relay host or authenticated SMTP account for your outgoing email then playing around with small scale self hosting email (Granted that it is not your important daily driver email accounts) can be an interesting and fun experience. But you will have to invest some time reading and tweaking and figuring things out. Slightly comparable with installing Arch Linux. Lots of people will warn you to not do it but you might learn a few valuable things on the way there.

  • NeoNachtwaechter@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    edit-2
    7 months ago

    IMHO a RasPi is just not reliable enough. Your internet connection is just not reliable enough. You are going to lose some of your incoming mail and NOT notice it, unless you have somebody who hosts a secondary MX for your domain.

    Chances are also that it’s not powerful enough when some of these automated attacks come knocking.

    • Gooey0210@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      6
      ·
      7 months ago

      If you know how to set it up, RPI can be reliable enough

      Even, IMAP is TCP already, any coming mail should be cached by the router until delivered, and your router usually doesn’t loose connection as often as the connected devices

  • TCB13@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    6 months ago

    If you follow the ISPMail guide at https://workaround.org/ you’ll be safe.

    I heard there are scaries online which someone could potentially send emails from your server without consent

    That’s called an open relay and websites like https://mxtoolbox.com/diagnostic.aspx can test for it.

    Either way your biggest issue won’t be that, if you’re running on a residential internet connection the IP is already flagged as such and will have a very low reputation with other e-mail providers causing Microsoft, Google and any other large provider will simply refuse your email. You’ll also need reverse DNS for your IP pointing at the domain you’re using that your ISP is most likely not going to provide.

  • CriticalMiss@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    6 months ago

    Hi, I recommend you read the book “Run Your Own Mail Server”. The fact that a book exists for this topic is all the proof you need to not do this decision. But if you absolutely must, this is the way.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    6 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    IMAP Internet Message Access Protocol for email
    IP Internet Protocol
    RPi Raspberry Pi brand of SBC
    SBC Single-Board Computer
    SMTP Simple Mail Transfer Protocol
    TCP Transmission Control Protocol, most often over IP
    VPS Virtual Private Server (opposed to shared hosting)

    7 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.

    [Thread #705 for this sub, first seen 22nd Apr 2024, 19:05] [FAQ] [Full list] [Contact] [Source code]

  • FalseMyrmidon@kbin.run
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    7 months ago

    Many ISPs will also block inbound SMTP unless you have business account (and sometimes even then) because it’s a common malware/spam vector.

    If you insist on going through with this the key thing is to make sure that you’re not an open relay.