Contents
It recently occurred to me that it has been almost six months to the day since I (finally) jumped into hosting my own email and since I didn’t take the time to write up the process as I went along, a look back after half a year seemed appropriate.
As goals go, hosting my own email had been on the proverbial back burner for years: though I would periodically grouse about the parlous state of Apple’s iTools → mac.com → me.com → iCloud services, I never mustered enough motivation to actually do something (and frankly, there’s something to be said for the daunting nature of the task). However, over the last few years I’ve felt a growing—if vague—discontent about the increasing centralization of internet services and concomitant loss of privacy; while it would be easy to say that the Snowden leak changed everything, there’s no question that it served as additional motivation.
So. Without further ado…
The tech
My setup is based in part on the Sovereign collection of Ansible playbooks, though I don’t track it too closely: for one, I have had a VPS for many years and accumulated my own configuration and for two, I don’t have need for a number of the services that the Sovereign collection can install. The major differences for me are:
- using Nginx instead of Apache
- the addition of Wordpress/MySQL for a family blog
- dropping the woefully out of date distro package for Roundcube webmail and referencing the release directly
- a FeedHQ installation (my solution to the disappearance of Google Reader)
- running Ubuntu 12.04 LTS instead of straight-up Debian
Hosting is courtesy of Linode which has only gotten better over time, especially with the semi-recent rollout of SSDs along with hefty physical CPU and RAM upgrades. If you’re curious about more of the particulars on the software side, see the Sovereign project page for a detailed list.
For anyone who has ever peeked into the sprawling, messy and at times intimidating world of email transmission, it may come as a mild surprise to discover that pointing the set of Ansible playbooks at a fresh VPS results in the creation of a fully-functional mail server in less time than it takes to drink a cup of coffee (plus or minus the time required to create/update various DNS records). While such ease and convenience may disappoint a crusty veteran or two (get off my lawn!), I am of the opinion that it is largely A Good Thing; programming infrastructure to this degree—with this level of ease—was once (mostly) the stuff of dreams.
Day-to-day experience
Spam
Perhaps the biggest takeaway for me is that in six months, I have yet to see a single piece of spam (even accounting for the fact that the address in question is only six months old and thus relatively “clean”) get to my junk folder, never mind show up in my inbox. In addition to spam filtering via DSPAM, there is an anti-spam feature that kicks in before mail even gets to DSPAM which is worth discussing in more detail: greylisting.
Greylisting works like this: each client that attempts to connect to your mail server to send you email is told that the server is busy and could they please try again later, which is a perfectly legimitate response from a mail server that legitimate clients will handle. Since spammers are typically in a hurry and care less about individual client failures, they just give up and leave you alone; legitimate clients will retry a bit later. Once their second connection attempt is recognized by Postgrey (the greylisting daemon), the client’s particulars are stored in a rolling 30-day whitelist so that future attempts to send you email will go through immediately.
In my experience (YMMV, etc), greylisting goes largely unnoticed with the exception being if I sign up for a website or newsletter at which point any confirmation/welcome emails may be delayed. However, this is mitigated to a degree by Postgrey’s default client whitelist, which—if it contains the client’s domain name—will result in immediate mail delivery. Furthermore, a number of clients will do an early retry: instead of an hour, they’ll retry in 10-20 minutes. While there are clients that will not retry at all (and are thus technically badly behaved themselves!), Postgrey’s default whitelist contains entries for a number of such clients so in practice you may never have an issue but there is, shall we say, a non-zero chance that you might miss an email.
Regarding email originating from my mail server, experience to date has not seen any of it improperly tagged as spam other than a lone test email to an old Hotmail account. However, since my mail server only handles my own email, this is not overly bothersome (Gmail, on the other hand, likes my email just fine, as do Yahoo and Fastmail). Ironically, emails exchanged with friends bearing microsoft.com addresses go through just dandy…
Email on the go
As smartphones have become relatively common, no mail server setup would be complete without addressing the issue of push email. In a move that will surprise almost no one, Apple’s implementation of push notifications for email is a custom bit that’s not shared anywhere and there doesn’t appear to be a freely-available re-implementation. The next best solution is something like Z-Push, which implements Microsoft’s ActiveState protocol and provides true two-way sync. So far, this has worked flawlessly for me on my iPhone, though it does necessitate setting up your email account on your phone as an Exchange account.
I also have Roundcube set up for webmail access, though I don’t have much cause to use it outside of idle curiousity and setting up the occasional Sieve rule. It works well enough: it’s quick, the UI is reasonably sensible, eschewing Gmail’s fancy inbox for the traditional 3-pane layout and it stays out of the way, which is what I need from an occasional-use tool.
Filtering
Another service implemented with the Sovereign playbooks is server-side email filtering. While server-side filtering is certainly no great technical leap, my experience has been that it’s typically disabled or not available (even with corporate Exchange servers). Thanks to Dovecot’s Sieve support, mail is filtered as part of the delivery process so I see the same mail organization no matter how I access it. In addition, Roundcube ships with a fine plugin for configuring Sieve rules without needing to know its rather terse syntax.
Up next
In a future post, I’ll take a closer look at some of the things I’ve learned along the way, like Mail.app’s peculiarities about mailbox naming…