Not that 250 a year is going to break the bank or something but just
for mail, its silly to pay that much.
I gave up on the rat race of trying to host my own email, for the most part.
For $5/mo I let fastmail handle it. No more stupid delivery problems and their spam filter seems to be decent. Not as secure as, say, protonmail or runbox or those folks, but my use case doesn't call for it, and they are relatively not-evil for the most part.
I still host email for 1 domain on a $4.60/mo hetzner VPS. I use that for text-only email lists and to communicate with folks that also run their own email server. Anybody who sends me MIME-anything there gets plonked. Delivery to gmail or M365 doesn't work, but I don't really care. Same VPS also hosts websites, gemini, asterisk nonsense.
9Front folks are going thru this same struggle it seems.
Wed May 08 2024 13:21:31 EDT from IGnatius T FoobarUnfortunately it may not be enough. I've spent the last few weeks learning the details of how DKIM works, and writing a DKIM signature engine for Citadel.
It hasn't been easy. I intend to complete this before I do battle with the gmail gestapo again.
A pox on the house of google for holding the world's email hostage.
BUT...! Tonight I put the finishing touches on the DKIM signer for Citadel, and it's in-production here on Uncensored now. I've got our DKIM record in place, and unless it barfs I'll be updating our DMARC record to match it tomorrow.
And if I do say so myself, I believe I've written the absolutely finest DKIM implementation in the world. I really mean it. It is sooooooo easy for the administrator to work with. If you don't have a signing key, it generates one automatically and saves it in the config database. Whenever changes are made to your domain name configuration (add or remove email domains) or if you change the key for some reason, it automatically posts an Aide message telling you exactly what DNS TXT records to create.
Funny thing ... about a month ago I jokingly said that Citadel version 1000 would have to be something really special ... and here we are.
I used to think that the big requirements were RDNS, SPF, and maybe DMARC, and that DKIM was just a nice-to-have, particularly if you were a popular domain and people liked to spoof you. Apparently I was wrong: DKIM is now pretty much a requirement if you want to get your mail out to people whose inboxes are on the big sites.
I'd like to write an easy-to-follow guide on how to self host your email and live to tell the tale. Obviously it would be Citadel-centric but I want to get the message out there that ... in the words of Leah Bolden ... "You can do this!"
Would be helpful to a lot of people...
Sat May 18 2024 11:46:21 EDT from IGnatius T Foobar
I'd like to write an easy-to-follow guide on how to self host your email and live to tell the tale.
Soooo seems im in the market for new mail hosting service that isn't
stupid priced. Any suggestions? And im willing to move my
domain to them too, as i bet that price got jacked up too. I do NOT
need web hosting or any other fun-features beyond being able to edit
DNS A records if i move the domain.. its just mail.
How many users do you need to serve? Do you want a managed email solution, or is ummanaged fine?
I used to think that the big requirements were RDNS, SPF, and maybe
DMARC, and that DKIM was just a nice-to-have, particularly if you were
a popular domain and people liked to spoof you. Apparently I was
wrong: DKIM is now pretty much a requirement if you want to get your
mail out to people whose inboxes are on the big sites.
I am not so sure. I used to dish out a lot of email with bad DKIM and it still made it through.
The main mail outgoing gateway at $job? manages mail for multiple domains. When I set it up, it was made in a hurry. I set proper DKIM/SPF/DMARK for the important domains, then I had the server sign every other email with a default key. The problem is the default key would missalign the signatures - if the server is mail.horsemail.com and the domain sending the message foals.com, the signature would get done for domain horsemail.com, which would be tagged as wrong dkim by the receiving end.
Email with good SPF and bad DKIM will pass DMARC but will generate a failure report from the receiving system - ie. they will send you an XML report indicating your DKIM sucks. The mail usually goes through.
I don't see many failures from rDNS. You can have a very wrong rDNS and it will go through, with some exceptions like At&T, as long as you have some rDNS. Bad rDNS will get you by better than no rDNS at all.
What I find in spaces is delivery failures for legit email due to botched EHLO/HELO from legitimate servers because they don't configure their Postfix right. Administrators that cant set their hostname right should have their breathing license revoked.
Just me.
Couple of aliases are nice, but its really one account.
Sat May 18 2024 14:41:16 EDT from darknetuserHow many users do you need to serve? Do you want a managed email solution, or is ummanaged fine?
2024-05-18 15:33 from Nurb432
Just me.
Couple of aliases are nice, but its really one account.
And you said you are using your own domain, didn't you?
I guess I could ask around and find somebody willing to host a mailbox for you for a symbolic prize. I know a bunch of people running personal mail servers, myself included :) Bad news is none of the people I have in mind has anything remotely resembling a high availabilty deployment.
If you want your email to run on a datacenter instead of under somebody's bed then you can get an Startmail account with a custom domain for 70 bucks per year. It offers disposable addresses, multiple aliases, and real IMAP/SMTP integration. Protonmail and Tutanota are cheaper, I think, but they lack real IMAP/SMTP integration and therefore are out of the race.
Also, horsefucker.org is open for email account registrations at cock.li, just in case you want a serious email for business and such (lol).
Ya i have my own domain.
I used to host it myself a couple of decades ago ( using what server, you get one guess :) ) but mid 90s i started having some issues with non-delivery, then my static IP was yanked from me, and instead of fighting i shut it all down and went with a traditional hosting service. ( my ISP at the time did not want to give them out anymore even at an additional cost, and used an excuse to get rid of mine, funny story actually. This was still dialup days.. sooooo long ago )
But.. since IG just announced DKIM, im wondering if i should just bring it back home. Of course keep the domain parked + DNS control, but just toss in the towel for hosting.
Oh and ill peek at startmail.
MxRoute seems a viable choice, but they are lacking in the support department if you run into issues. Basically: " if you are not an expert, dont come here we dont want you "
I'm telling ya ... once you dot all the i's and cross all the t's ... stuff just starts working properly. I wouldn't skip any steps. DNS, RDNS, SPF, DKIM, DMARC. And always send mail using TLS if the receiving server offers it. Basically if you can get the Google Postmaster Tools "Compliance Status" dashboard to go all-green, you'll be able to send mail to pretty much anyone.
It's static again at this point. BUT its a residential subnet as far as i understand.. its not 'business class' just that i had to get static to get off a silly ass 'neighborhood NAT' to allow incoming connections. it was cheaper doing that then buying an incoming VPN, with static. It was decades ago when i went thru that nonsense with an older ISP ( that no longer exists .it was bought up by Comcast ). I have been back on static for at least 15 years now with a fiber company.
I guess ill tell the story, short version:
ISP was in a crunch for addresses or something. Rumor is they gave out too many and for some reason could not get more allocated to them.. hit a wall, so to speak.
After several years, one weekend i was off line for the weekend. I forget why now. Monday i got back on line, got a random address. Called them to ask why. "you violated your contract so we terminated your static IP" "wtf, what" "the contract states you must use it, we saw that you did not use it for 24 hours so the contract was in violation".. "can i pay to get it back" "no" They were not my ISP by end of the week.
Sat May 18 2024 23:58:35 EDT from IGnatius T FoobarI definitely wouldn't try to host email on a dynamic address.
I'm telling ya ... once you dot all the i's and cross all the t's ...
stuff just starts working properly. I wouldn't skip any steps. DNS,
RDNS, SPF, DKIM, DMARC. And always send mail using TLS if the
receiving server offers it. Basically if you can get the Google
Postmaster Tools "Compliance Status" dashboard to go all-green, you'll
be able to send mail to pretty much anyone.
It would be fine for me if they weren't moving the goal posts every few years.
I was reading at ADMIN Magazine that there is a bit of a push to get DANE set up for your smtp. I have never noticed it being enforced, but just as with DMARC and company, if it reaches a certain mass it will be, which SUCKS, because in order to have DANE work in sync with your certificates you either need a DNS provider with an API you can use to rekey, or you need to run your own DNS infrastructure, or you need to do rekey manually. Which SUCKS.
Moving people to ' centralized DNS' a goal perhaps? To better control, block, and monitor...and of course: 'profit!'
"sorry, you are not in the club, your DNS infrastructure does not count, so piss-off"
Wed May 22 2024 07:10:08 EDT from darknetuserI was reading at ADMIN Magazine that there is a bit of a push to get DANE set up for your smtp. I have never noticed it being enforced, but just as with DMARC and company, if it reaches a certain mass it will be, which SUCKS, because in order to have DANE work in sync with your certificates you either need a DNS provider with an API you can use to rekey, or you need to run your own DNS infrastructure, or you need to do rekey manually. Which SUCKS.
And at the end of the day, the Internet was built with IP, and that means there will always be ways to deter gatekeeping. Those who are too young to remember the older networks don't realize what a significant paradigm shift it was to put all of the network intelligence at the endpoints, and to make the network itself a simple packet forwarding infrastructure. They did it to make the network infinitely scalable and powerfully redundant, and it accomplished those goals in a big way (well, except for the 32-bit address space, but at the time they didn't expect there would be an endpoint on every desk and in every pocket).
Before IP, networks were typically built with central controllers. Think about SNA and X.25 and other networks from that era ... or even the PSTN for that matter. Whoever owned the controllers basically gatekeeped the network. Getting away from that was a design win for pure advancement of the craft, but the "masters of the universe" certainly regret that.
Dont be surprised if somehow we end up back there. Perhaps not in exact terms, but the same effect.
Fri May 24 2024 12:31:22 EDT from IGnatius T Foobarbut the "masters of the universe" certainly regret that.