Forgot your password?
typodupeerror
Google Software

Ask Slashdot: Self-Hosted Gmail Alternatives? 554

Posted by timothy
from the that-is-one-tall-order dept.
linkedlinked writes "I'm tired of building my sandcastles on Google's beachfront. I've moved off Docs, Plus, and Analytics, so now it's time to host my own email servers. What are the best self-host open-source email solutions available? I'm looking for 'the full stack' — including a Gmail-competitive web GUI — and don't mind getting my hands dirty to set it up. I leverage most of Gmail's features, including multi-domain support, and fetching from remote POP/IMAP servers. Bonus points: Since I'm a hobbyist, not a sysadmin, and I normally outsource my mail servers, what new security considerations do I need to make in managing these services?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Self-Hosted Gmail Alternatives?

Comments Filter:
  • by josgeluk (842109) on Sunday August 07, 2011 @11:39AM (#37014366) Homepage
    Well, for starters, you want a damn good spam filter.
    • Re:Spam filtering (Score:5, Insightful)

      by baptiste (256004) <{su.etsitpab} {ta} {ekim}> on Sunday August 07, 2011 @02:18PM (#37015682) Homepage Journal
      I think the whole exercise is short sighted. I've been there, done that. The amount of effort to keep everything running, updated, configured, etc is a PITA. Setting up a solid spam filter is a huge undertaking because it's a multi layered approach. SA or equiv, various milters, and more and you still won't come close to GMail. When I finally gave in and decided to switch to Google Apps I was floored by the improvement in Spam filtering. Are there quirks with Google' stuff. Sure. But they are improving it. I finally today got most of my stuff tied to my personal count migrated to my Apps account. The family enjoy using their apps accounts too compared to what we used to have. We've used IMP, Squirrel Mail, ROundcube, and others. Roundcube is the best in that group interface wise, but is still very buggy. Was Horde fun to play with way back before Google's services existed? Yup - because they were something not easily done elsewhere. But now? So good luck - it certainly can be done, but to be done right requires a lot of effort that's only worth it if you have nothign better to do or are a internet services admin at work and like to tinker at home. And even then... I can spend all that time spent screwing with my internet 'stack' and apply it to better things now that Google just handles the day to day stuff. Am I concerned about them 'owning' me - maybe a little. But so far, they've not done evil to me. Plus even if I wanted to migrate all my stuff back to a personal server again, Google Voice is the deal breaker for me. Can't live without it.
  • by Anonymous Coward on Sunday August 07, 2011 @11:43AM (#37014384)

    Especially with email, I like the fact that I'm not going to accidentally break something, miss an email and lose my job.

    I also like that I'm not updating everything all the time with security updates. Google does all that for me.

    I also like the integration between all the services.

    I also like the two-factor authentication. (Good luck getting that set up on a self-hosted system, I suppose you could use X.509 on a USB drive or something).

    Don't fix what ain't broke.

    • by Penguinisto (415985) on Sunday August 07, 2011 @12:07PM (#37014604) Journal

      Depends.

      While yeah, Google does all the grunt-work on the back-end, you still have all the hazards that any SaaS has... and it's not like GMail hasn't had its share of embarrassing security bombs or occasional outages (however brief they may have been) due to either the back-end, or the ISP you use to connect to it.

      • by Registered Coward v2 (447531) on Sunday August 07, 2011 @12:35PM (#37014850)

        Depends.

        While yeah, Google does all the grunt-work on the back-end, you still have all the hazards that any SaaS has... and it's not like GMail hasn't had its share of embarrassing security bombs or occasional outages (however brief they may have been) due to either the back-end, or the ISP you use to connect to it.

        True - but you can download and remove from the server your mail so at least you can limit the damage while still having the benefits of letting GMail do the grunt work; unless of course Google caches all your mail somewhere else as well.

      • by DrgnDancer (137700) on Sunday August 07, 2011 @12:36PM (#37014852) Homepage

        I've been a sysadmin for about 15 years now. I used to host all my own e-mail, my own website, all that stuff. I had a webmail interface (Squirrelmail), spam filtering, IMAP, blah, blah blah. Then about 6 years ago I got deployed to Iraq. I couldn't use SSH from the DoD network, so updates became a big issue, spam became an issue as I couldn't maintain my filters easily. After a couple of months I went hosted on my domain. Web based admin tools meant I could maintain stuff without SSH, they had a much less "hands on" backup procedure (at the time mine involved CDs), the service was down less often than my DSL used to be... Honestly at this point I can't see the value in maintaining all this stuff for myself. I pay less for hosting than I would have to pay for a "business class" DSL or cable line for the static IP, they handle most of the hard work, and what they don't handle, I manage from a web based dashboard.

        There are tradeoffs and disadvantages, but for 80-90% of personal uses cases I can't see why you'd want to personally maintain a server these days. If you simply enjoy doing it, that's one thing. If you have a business of any size, again, there's a good argument for self hosting. For most people though, just pay someone to take care of the grunt work for you. You'll have less downtime, and spend a lot less of your free time fiddling with it.

      • by bickerdyke (670000) on Sunday August 07, 2011 @12:39PM (#37014878)

        But Google has a whole team to counter any security threads.

        Good luck finding that for your one-person hobby server.

  • zimbra (Score:5, Informative)

    by lampsie (830980) on Sunday August 07, 2011 @11:43AM (#37014386)
    Grab yourself a Zimbra appliance from http://www.turnkeylinux.org/email [turnkeylinux.org] - up and running in a few minutes, and it should give you most of what you'd expect coming from Gmail.
  • by Xiph1980 (944189) on Sunday August 07, 2011 @11:45AM (#37014408)
    You do know that whatever email solution you choose, unless you use full encryption in all your email messages, outbound and inbound (good luck with that) it's still pretty much in the open, and anyone who knows what they're doing in the intermittant path, especially your internet provider, can intercept and read (parts of) those emails?
    At least google has proven their worth with standing up to the US gov't in stead of just bending over and giving them all plus some extra as some others have.
    • by CastrTroy (595695) on Sunday August 07, 2011 @11:53AM (#37014460) Homepage
      One wonders why it has to be so public though. You can easily set up secure login and data transfer to your own servers. I would wonder why email servers wouldn't be able to set up secure services for sending mail between them. Sure at one time encryption may have been too much extra work, but now it seems like it would be quite advantageous without having too much extra load on the systems. It would be really nice if you could request a message to be sent using encryption between your mail host and the destination of the mail. Sure, it may or may not be encrypted when it is stored (it could be) but at least nobody could read it as it goes over the wire. They could use the existing ssl infrastructure to easily accomodate secure communication between email servers.
      • by Anonymous Coward on Sunday August 07, 2011 @12:22PM (#37014758)

        Uh, look at the headers in one of your mesages. Nowadays, most mail transport agents ("email servers") will use encrypted channels for talking to each other. In a typical 2011 setup, there will be an encrypted connection between the sender's mail user agent and his mail relay, then an encrypted connection between that one and the destination user's mail transport agent, then an encrypted connection between the destination's imap server and his mail user agent.

        It's "open" in that this is transport security, not end-to-end encryption. The message is still present in an unencrypted form on each of the systems involved in transmitting it. And none of these steps are guaranteed to be encrypted -- normally, the MTA will just fall back to an unencrypted connection if the other host does not advertise that it can receive encrypted data. But it's not exactly public, either.

      • by PAjamian (679137) on Sunday August 07, 2011 @10:26PM (#37018666)

        There is, it's called TLS (which is the same technology that modern SSL uses, so the same encryption used by https) and is implemented by STARTTLS. It establishes a secure connection between two email servers and sends the email off secure between them and it suffers from the following pitfalls:

        1. It only encrypts the data stream between two email servers that support it, or between the email server and client.
        2. The email is still decrypted and stored plaintext in the queue of any given email server, and is subject to reading by the admin of any server in the chain.
        3. It relies on each email server in the chain supporting TLS (most do, but there are still old ones out there that do not and the ones that do will generally fall back to unencrypted email if need be to communicate with an older server).
        4. While it is possible to purchase and verify certificates between two servers no one does because a lot of servers use self-signed or invalid certificates, so verifying them would simply cause a lot of email communications to fail, thus it is susceptible to a man in the middle attack.

        The best way to secure your emails has been and still is to use PGP (and before someone says it, that includes GPG), which secures the email end-to-end and so it is not subject to any snooping or attack in between with the exception that the envelope sender, recipient, and email headers still have to be sent in plain text. Of course this requires that both the originator and recipient of the email both have PGP support installed on their email clients and it requires the maintenance of PGP keys be done by the end-user, so it is more complicated than the vast majority of email users are willing to commit to.

    • by billstewart (78916) on Sunday August 07, 2011 @01:20PM (#37015226) Journal

      If you're running the SMTP server on your machine, and set it up to accept encrypted SMTP, most SMTP MTAs systems will encrypt mail to you and your ISP won't have access to it. The real issue is getting other people to accept SMTP from you, as opposed to deciding that any home internet connection that tries to send mail is a spam botnet zombie.

      And gmail may not be proactively handing the Feds everything they want on a whim, but if the Feds hand them a subpoena and a "don't tell the customer" order, they'll hand over your mail, IP records, and anything else in the subpoena, and won't tell you, because they don't have a choice.

  • Try Zimbra! (Score:3, Insightful)

    by i_want_you_to_throw_ (559379) on Sunday August 07, 2011 @11:47AM (#37014418) Homepage Journal
    My company uses Zimbra [zimbra.com]. It works pretty well for us.
    • by 404 Clue Not Found (763556) * on Sunday August 07, 2011 @12:59PM (#37015054)

      My university just moved off Zimbra to Google Apps and most folks I know couldn't be happier.

      Zimbra had an annoying, Hotmail-esque interface and was missing many of Gmail's innovative labs features.

      It also had the disadvantage of, well, not being Gmail -- meaning the vast majority of folks I know use Gmail for their personal accounts, data security be damned, and thus having the same interface was a huge plus.

      Are you absolutely sure you need to do this (as opposed to, say, regular automated exports from Google services -- POP3 for email and documents export for GDocs)... especially since you're a hobbyist with limited time and resources? Do you really need to be wasting hours of your life betting on a Google server failure or data breach if you're not a company with mission-critical services?

      • by ZorinLynx (31751) on Sunday August 07, 2011 @02:42PM (#37015854) Homepage

        >betting on a Google server failure or data breach

        Nah, it's not this.

        Google has proven they can no longer be trusted. People have had their accounts suspended for "name violations" and other perceived ToS violations that have led to loss of access to Gmail. They CLAIM to have fixed the issues, but then I see more people suspended. Also, their appeal process is inefficient and unreliable (I know one person waiting over two weeks now and their account still isn't fixed)

    • by msobkow (48369) on Sunday August 07, 2011 @01:05PM (#37015098) Homepage Journal

      I'll second that. Zimbra has the best HTML interface of any web-based email system I've ever used, but still supports "traditional" email clients as well.

  • Roundcube (Score:5, Informative)

    by wolrahnaes (632574) <sean@@@seanharlow...info> on Sunday August 07, 2011 @11:47AM (#37014422) Homepage Journal

    The best webmail UI I've used other than Gmail is Roundcube [roundcube.net]. It's simple, clean, and works quite well.

    • by booch (4157) * <slashdot2010@noSpAM.craigbuchek.com> on Sunday August 07, 2011 @12:01PM (#37014532) Homepage

      I'm also a big Roundcube fan, and use it on several sites. The nice thing about it is that you can just point it at an IMAP server, and it uses the IMAP server for authentication. It's quite easy to set up, and the GUI is a lot nicer than other competitors, like SquirrelMail.

      Zimbra is nice too, but seems to lock you into a full stack of software. (There have been promises of a stand-alone version, but I've never been able to find it.) That might be the right answer for the original poster, but I found it too limiting and inflexible for my needs.

  • why? (Score:5, Insightful)

    by mr.dreadful (758768) on Sunday August 07, 2011 @11:51AM (#37014450)
    As a guy who ran email servers for a small organization, let me say enjoy it while you can, because email admin is a never-ending pain in the butt. The spam management, the 24x7x365 server monitoring for security issues, the blacklisting and DNS issues, and that people get really bitchy when their email service is disturbed in any way.

    That being said, I hear nice things about Zimbra.
    • Re:why? (Score:3, Interesting)

      by dbc (135354) on Sunday August 07, 2011 @12:17PM (#37014700)

      Spot on. I ran my own full mail server for a while. It got old very fast. You really need at least two servers for fail-over and simply the ability to down one while you update the other. (And those two should be geographically separated so power outages don't take out both, etc.) *blech* So in the end what I've done is just have simple pop accounts, and then use fetchmail to pop the mail down to my own IMAP server. If my server goes down, I don't care, the mail just spools up at the ISPs (yes, multiple). If things go totally haywire, I can repoint the clients directly at the pop accounts and keep mail flowing -- of course I give up the convenience of IMAP in that case. Anyway, by outsourcing the core POP account you offload all the DNS issues, can get spam filtering if you want it, and get relief from the 24x7 server(s) health monitoring. I like the increased privacy over having a hosted IMAP service.

      • by wagnerrp (1305589) on Sunday August 07, 2011 @12:31PM (#37014826)
        So use a free service like rollernet to operate as a backup MX. If your server goes down, it spools up on their server and then gets pushed through whenever yours comes back online.
      • Re:why? (Score:2, Informative)

        by Anonymous Coward on Sunday August 07, 2011 @12:45PM (#37014928)

        Spot on. I ran my own full mail server for a while. It got old very fast. You really need at least two servers for fail-over and simply the ability to down one while you update the other.

        No, you don't. If you are running a mail server just for yourself, you know it is going to be down, and you are probably trying to get it up again instead of reading mail. Other MTAs are required to hold on to mail they can't deliver for up to three days. If they don't, you probably didn't want that mail anyway.

        You do not need two servers for anything else than the DNS entries.

      • by Vellmont (569020) on Sunday August 07, 2011 @12:46PM (#37014938)


        You really need at least two servers for fail-over and simply the ability to down one while you update the other. (And those two should be geographically separated so power outages don't take out both, etc.)

        Honestly, why would you go to that extreme for your own personal email? Do you have that level of redundancy for other pieces of equipment, like your car?

    • Re:why? (Score:4, Informative)

      by 1s44c (552956) on Sunday August 07, 2011 @12:21PM (#37014742)

      As a guy who ran email servers for a small organization, let me say enjoy it while you can, because email admin is a never-ending pain in the butt. The spam management, the 24x7x365 server monitoring for security issues, the blacklisting and DNS issues, and that people get really bitchy when their email service is disturbed in any way.

      I also manage such things. I don't know why you say it's a never-ending pain because that's just not my experience. I use BIND, Postfix+Postgrey, DNSBLs, Spamassassin, ClamAV, SPF, Cyrus, Roundcube, and Nagios monitoring everything. Every now and then I get someone panicking because he hasn't got mail for 4 hours, and every now and then I have to investigate where a specific mail went wrong. Every 2 years or so I rebuild the systems on a newer distro and in the mean time I apply updates as needed. I have learn/spam and learn/ham folders that all users can dump spam and ham in and spamassassin is trained from those. It is work to look after these things but I would not call it a never ending pain in the butt. Most of the time it just works.

      I totally agree about people getting bitchy when their email is disrupted in any way. I did have to go to work on xmas day once to reboot a crashed mail server. Guess it serves me right for using an old dell server for a critical service.

      • by darkmeridian (119044) <william.chuang @ g m a il.com> on Sunday August 07, 2011 @03:34PM (#37016284) Homepage

        You don't understand why it's a never-ending pain while you're detailing how you have to do all of that stuff, which sounds like a full-time job? Look, if you're a sys admin, then it's not a never-ending pain; it's your job. But if it's not your job, it's a never-ending pain.

        For many other people, email is mission critical. If you lose your email or lose connectivity for a bit, you're fucked. So yes, you can go through all that effort to run your server on a Dell and risk losing all your data, but it's not as easy as you're saying.

    • Re:why? (Score:4, Interesting)

      by Vellmont (569020) on Sunday August 07, 2011 @12:42PM (#37014906)

      I've hosted my own email for the past 15 years, and I simply don't see the problem you're describing at all. Spam is well handled by spamassassin. I've never had blacklisting or DNS issues. With just YOU controlling everything, and not multiple people, the change management problems are minimal. If you choose software with a proven track record, then the security problems become minimal. Install all your software from a linux distribution with multi-year support, turn on auto-updates, and the security problems mostly go away from all but the most dedicated and skilled attackers. You're a lot less juicy of a target than say Google, so the skilled attackers don't really care about you anyway. If it's just YOUR email, then the people getting bitchy is just you. I'd never host email for someone else. The only real issues are when the internet connection is down. Even then, you can get to any old mail, but new mail obviously doesn't come in. Even that you could fix with a low priority mx record pointed to a gmail account.

      The one thing I would caution is you need to know what the hell you're doing. The OP said he was "a hobbiest and not a system admin". Well, if you want to host your own email, you'll soon learn the skills to be a real system administrator, (or give up and go back to hosting).

      • by elbles (516589) on Sunday August 07, 2011 @12:56PM (#37015016)
        I agree completely. I started hosting my own e-mail server when I was in college (~6 years ago now), and I've been running it ever since. I did a lot of learning as I went along, and the setup has been about as stable as you can possibly expect it to be running over a home connection. Just in case though, I threw in a VM from Linode earlier this year (initially acting as my primary MX and forwarding to my home server, but now acting only as my backup MX), which brings the reliability up to a pretty good standard for personal e-mail. Plus, it gives you a public IP with reverse DNS, which can easily cost you another $10-15/month with cable or DSL, if they even offer it on a residential package (and it's a huge boon for a sending mail server, beyond simply using your ISP's mail server as a smarthost).

        That Linode VM is only about $30/month, and it comes in handy for lots of other things. If it's a hobby, it's well within the realm of affordability. Can't recommend them enough for something like this (their competitors are probably good too, but I only have personal experience with Linode).

        All in all, if I spend 2 hours a month maintaining the setup (generally upgrading ClamAV), that'd be a lot. I use CentOS+Sendmail (been running Sendmail since the get-go, don't have much motivation to swap it out) out of the box, with custom compiled (latest-and-greatest) versions of SpamAssassin and ClamAV.
    • by Greyfox (87712) on Sunday August 07, 2011 @01:33PM (#37015328) Homepage Journal
      Ooh I'm jumping on this thread! I had a static IP and ran my own E-Mail server for years and it is a huge pain in the ass. Every time you think you've killed the spammers, another one gets through. Constantly having to worry that your set-up is secure is also a huge pain in the ass. Even finding a mail client that doesn't completely suck is a huge pain in the ass.

      I switched to google a few years ago and even though I'm not completely happy with them, the ass-pain factor is so much lower that I really don't care.

  • by emx (186289) on Sunday August 07, 2011 @11:56AM (#37014488) Homepage

    ... and I can safely write that there is no way you will ever achieve anything comparable to gmail.

    You can try:
    - squirrelmail, ugly and so last century
    - openwebmail, old-fashioned Perl webmail, not maintained any longer
    - zimbra mail, lots of functionalities and fancy features
    - roundcube, decent but nowhere near what you're hoping for

    Spam control on the server side is going to be an issue. You will have to use a combination of solutions (e.g. custom sendmail configs, RBL/XBL blacklists, spamassassin, greylisting, procmail rules, smf-spf, j-chkmail) and it will take quite some time and effort to get everything fine-tuned.

    For anti-virus, clamav works well

    For IMAP I found that dovecot does a decent job. If you want to fetch from remote servers into your own server then fetchmail can do the job.

    Usual security considerations apply - patch early, patch often.

    You will spend long hours maintaining this, highly recommend using a log colorizer to help watching logs e.g. ccze
    In the end you will feel you got a half-baked solution that doesn't even come close to comparing to gmail in terms of functionality, ease of user interface, security and spam control. But hey, it'll be your own stuff.

  • Maybe not Zimbra (Score:5, Informative)

    by jra (5600) on Sunday August 07, 2011 @11:56AM (#37014490)

    I've run Zimbra for 3 years now, back to 5.0.9, which I installed for my then employer. The architectural people there have taken, right along, an attitude that I can characterize only as "RFCs? Who cares about those?"

    It doesn't handle fixed-pitch well; its editor won't re-wrap (though they might have finally fixed that in 7), it doesn't uknow from RFC 2369 -- in fact, it handles mailing lists poorly in general; notably, you can't change the Reply-To in any way when replying, if you generally want HTML off (as I do), the only way to turn it on is to dive into the Preferences and switch it, then reload; same turning off...

    Check for bugs filed on their bugzilla by jra@baylink.com if you want a full list of the ignominy. But in general, I would say: evaluate it pretty thoroughly to see if you can deal with its crap before deploying.

    It's *very* pretty. I just don't know if it's worth the trouble.

  • Thats funny (Score:5, Insightful)

    by WindBourne (631190) on Sunday August 07, 2011 @12:00PM (#37014526) Journal
    For over 15 years, I spent my time doing my own servers. Figured out that I was spending too much time doing server admin and not enough building sand castles. Now, I am on Google.
    • Re:Thats funny (Score:5, Informative)

      by Pieroxy (222434) on Sunday August 07, 2011 @12:07PM (#37014606) Homepage

      Same here. I had an online agenda, mail, address book and all that running from my dsl box. Things were fine. Now I am full 100% Google. There is no way anyone is going to approach this level of polish with a 10 foot pole with open source stuff. You can get things done, sure, but it's going to take a heck of a lot of time and the result will be nothing compared to Google. But your data is yours. Can't beat that.

    • by jedidiah (1196) on Sunday August 07, 2011 @12:15PM (#37014682) Homepage

      I've had my own self-hosted email for years. Every so often I wonder if it would make sense to "outsource" it all.

      Then there was this rash of accounts being hacked on sites like Yahoo and that entirely cured me of any interest in depending on anyone else for this. I may not be the best mail admin out there but at least I don't have a target painted on my forehead. Whatever headache I have from being my own server admin is mitigated by not needing to explain myself to clueless rubes that think I've started spamming them with malware.

      • by WindBourne (631190) on Sunday August 07, 2011 @12:29PM (#37014814) Journal
        Well, and that is understandable. That is also why I continue with a couple of domains and use google applications (though I do the web hosting on rackspace at this time). But, I used to enjoy doing my own server, etc. however, I have decided that I want a family and to focus on start-ups.
      • by WindBourne (631190) on Sunday August 07, 2011 @12:37PM (#37014862) Journal
        BTW, at some point, I will probably use fetchmail or some other daemon to copy our emails just to have local backups. But I will continue to use gmail to send. They handle too many things nicely and easily.
        As to their looking into my mail, well, yeah, they do. So does microsoft, apple, yahoo, etc. And when you send your email, even the backbone servers watch and record. But if security is a real issue, then simply encrypt it and that way only those on the commercial server will not know what you sent.

        Who has ever thought that you were spamming with malware by using google?
      • by JAlexoi (1085785) on Sunday August 07, 2011 @02:47PM (#37015880) Homepage

        I don't have a target painted on my forehead

        And that will be your undoing. As an admin you should feel like it, always. Because you are responsible for security. If you think small sites don't get hacked, then where are the spam relays coming from? A crapload of them are small MX'es hacked....

      • Re:Thats funny (Score:4, Insightful)

        by MojoRilla (591502) on Sunday August 07, 2011 @03:20PM (#37016166)
        So you offer two factor identification? SSL webmail?

        Gmail does.

        Security through being small isn't security.
  • by tangent3 (449222) on Sunday August 07, 2011 @12:01PM (#37014530)

    ... + squirrelmail + apache + spamassassin (later switched to dspam)

    I used this guide: http://www.gentoo.org/doc/en/virt-mail-howto.xml [gentoo.org]

    It was great when it started out. It handles multiple domains. Handled spam well. Ran on a low end PC. Handled email for my family and a couple of friends.

    Then it became a fucking pain in the ass to maintain. Mainly the spam filtering started failing, and it was a resource drain. Switched from spamassassin to dspam which improved the situation. But dspam was a fucking chore to train the filter.

    Eventually I gave up. It took too much of my precious time to manage all the shit on my own and I moved my domains to Google Apps and can't be happier.

    • Training spamassasin is not that big of a deal really. Just automate a process for feeding it new bits of spam to train the filters. You can do this by just designating a standard place for it to look for new examples.

      It's Unix. If there are any "chores" then you probably failed to automate something and the solution is probably not that hard.

      • by bigtrike (904535) on Sunday August 07, 2011 @01:25PM (#37015262)

        I've got the same setup and it is indeed a pain. I find myself having to constantly tweak my blacklists. Part of the problem is that we absolutely can't ever have any false positives, so I subtract points for DKIM and SPF. This would have been a great idea if companies like Yahoo! actually scanned their outbound mail before marking it as valid and hosting providers took faster action against spammers. Hurricane Electric and Rackspace seem to mostly just forward the abuse emails on to their customers, who do nothing because they are the ones responsible for spamming.

  • by cshark (673578) on Sunday August 07, 2011 @12:04PM (#37014576)

    The whole beauty of gmail isn't that you get a lot of neat features. It's the fact that your email almost always gets from point a to point b. This is because you have the luxury of being on a "big" mail server. Smaller mail servers, like one that you or I would set up do not get special treatment. The whole system right now is stacked against small mail servers. The minute you hit operation, you'll find that you might already be on spam lists, and that you have to fight to get yourself off of them. The minute you find that you're off the lists, you'll probably end up back on them because someone three ip addresses away has been sending welcome emails from his web site, and someone forgot that they asked for one.

    If none of that scares you, the following list will get you close to what gmail can do.

    So here is what you need first and foremost:

    1. A dedicated server just for Zimbra with Domain Keys installed
    2. A block of 24-32 ip numbers. (49 ip numbers would be ideal, but it's harder to buy odd blocks like that.) Put your mail server as close to the middle of that range as possible. It sounds like a lot, but most collocation facilities can hook you up with this for 300-500 usd a month.
    3. Proactive attention to getting your ip block removed from all spam lists (especially Barracuda, their list is the most annoying for the high number of false positives) before the fact. Just let them know you exist.
    4. Pray that all of the hundreds of moving pieces you've just put in place don't break, that bad hackers don't brute force their way into your server. Strong passwords don't really help as much as people tell you they do either. That's now something you have to worry about too.

    So there you go.
    It doesn't make sense to me that you would try to do this for something that only you would use.
    The expense is too high, and the benefit just isn't there.

    Over the last few years, I've been offloading my email to the social networks and blogs. Facebook, Linked In, personal Drupal installations, Twitter, etc.

    They don't have a lot of the core problems that email has, and pretty much everyone I communicate with will use one or multiples of those.

    For everything else, I use Gmail for domains because, even if I end up upgrading and paying per account... it's still less of a headache than the Dante inspired hell that is managing my own email server.

    I hate running fucking email servers.
    Hate them.
    Hate.
    Hate.
    Hate.

    There. I feel better now.

    • by SJS (1851) on Sunday August 07, 2011 @12:29PM (#37014812) Homepage Journal

      The minute you hit operation, you'll find that you might already be on spam lists, and that you have to fight to get yourself off of them. The minute you find that you're off the lists, you'll probably end up back on them because someone three ip addresses away has been sending welcome emails from his web site, and someone forgot that they asked for one.

      It's partially a matter of what you want to deal with, and how comfortable you are with making some issues somebody else's problem. Set up your own system. Tell friends, family, and employers your new set of email addresses.

      If they can't send you email because you're on some blacklist, have *them* tell *you* how to get off that blacklist.

      Follow these instructions once, if reasonable.

      After that, tell them that their mail server is broken, and it's their problem, not yours. Then stop worrying about it. "YOUR service put ME on a blacklist without cause. YOU should use a better service if you want to hear from me."

      Online vendors are even better. They have an incentive to make sure they receive email from you. If they use a blacklist service that drops you... take your business elsewhere. Call them if they have a 1-800 number to tell them about the issue of you're feeling nice.

      Part of the problem here is that a lot of people have set up email servers for a commercial enterprise, and they bring home the set of best practices and habits -- so that when they set up their home system, they forget that it isn't a commercial system.

      Remember, telling a friend, relative, or business "*Your* system is rejecting my RFC-complaint emails. *You* should look into fixing that if you want to hear from me." is perfectly acceptable, even though a business telling you exactly the same thing isn't.

      • by rsborg (111459) on Sunday August 07, 2011 @02:40PM (#37015830) Homepage

        Remember, telling a friend, relative, or business "*Your* system is rejecting my RFC-complaint emails. *You* should look into fixing that if you want to hear from me." is perfectly acceptable, even though a business telling you exactly the same thing isn't.

        I don't know who your friends or relatives are, but if anyone told me that, I'd personally put them on my ignore list, as I have way too many things to do, and have about 0 control with any of my email "systems".

        This kind of message is similar to "your government is not accepting my packages, *you* should look into fixing that if you want my deliveries"... it may be valid, but good luck with getting any meaningful response on that.

  • Why #2? (Score:5, Insightful)

    by theNAM666 (179776) on Sunday August 07, 2011 @12:04PM (#37014578)

    The previous "why" poster has it right. It's like you're complaining about success. You are never going to do it 50 percent as well as Google. -- don't try. Rolling your own is an academic exercise. Zimbra is ok-- if you can live in the 90s. Google is it. Just backup your data.

  • by LBArrettAnderson (655246) on Sunday August 07, 2011 @12:09PM (#37014634)

    I know this isn't what your question is, and I respect your reasons (even though I don't understand them), but I think you'll find that most admins are going in the other direction. Email is something that should just work. When you host it yourself, you have to worry about a ton of factors... spam, incoming, outgoing, forwarding, being sure your mail isn't getting filtered by recipients' services (which requires a surprising amount of work from the default installations of most self-host services, though the spf entry in your dns is recommended regardless of what you use). I've moved all of my sites to google apps email. It's so so so much easier. Plus you get the awesome gmail interface, and you don't have to worry about your configuration.

  • by dotancohen (1015143) on Sunday August 07, 2011 @12:15PM (#37014680) Homepage

    ...these guys:
    http://fastmail.fm/ [fastmail.fm]

    I think their staff frequent /., at least they have in the past. I'm not using them yet, but I keep the link handy for the day when I get kicked off my current server.

  • by amn108 (1231606) on Sunday August 07, 2011 @12:16PM (#37014694)

    You have at least two good choices:

    1. You rent a Linux host, point a domain name to it, and set up your own email accounts on that domain by means of installing the relevant email software stack like IMAP/POP3 service etc. You host - your rules - you can set up your own spam filters, rules, actually you can do so much my rambling cannot even cover half of it. You certainly can install some form of web interface to access your mail on it.

    2. You do the same as above, but instead of renting, you just set up a box in wherever you live, make sure it stays always-on, make sure it's reachable to the world and use a public dynamic DNS service to make sure the domain name points to it so that you can set up the software as with point 1. The benefits are that it's for total control freaks, and it includes many benefits of point 1. The cons are well... it's your hardware, so you maintain and run it!

    There are many hosting companies that will give you a nice virtual CentOS Linux with plenty of computing power for a fraction of average monthly income. If you think it costs too much, imagine that later on your box can be your face to the world - install a Diaspora POD on it (if it ships hehe), web server for you and your family, friends, projects, compute stuff, rent it out if it stays idle enough...

  • by jht (5006) on Sunday August 07, 2011 @12:16PM (#37014696) Homepage Journal

    Kerio Connect is based on a lot of open-source technologies, and they do contribute back - but it is in itself a commercial product. For a small number of users, though, it's still a good value for those looking to DIY.

    (disclaimer: Though I'm a user of it, I'm also a fairly large reseller by Kerio standards and my business gets a lot of our revenue from it)

    The minus of Kerio is that it's commercial software and therefore not roll-your-own in nature. Limited tinkering is available. And to get updates after year 1, there's a subscription charge. The webmail is good but a little dated compared to some of the latest stuff out there.

    The pluses, though, are these (in my non-biased opinion):

    - Good antispam tech (blacklists, SpamAssassin, Bayes filtering). Not state-of-the-art, but traps most of it.
    - Uses built-in Sophos engine and/or your own AV for filtering
    - Easy to administer with web GUI, plus it's extensible with an API.
    - Mail and config files are stored in plain text and can be accessed and edited by hand if needed.
    - Supports native client for pretty much everything (Outlook, Mac apps, Sunbird and Thunderbird, etc.). Supports IMAP, CalDAV, and CardDAV.
    - Integrates with AD or OD if needed
    - Supports ActiveSync and if you have a Windows server it can support Blackberries (you have to run BES to do that, and BES is Windows-only)
    - Easy to manage SSL, and it'll automatically use SSL for SMTP transfers if the target server supports it as well (so you get encrypted transmission)
    - Runs on Mac, Windows, or Linux. Plus it comes as a pre-packaged VM for VMware or Parallels for appliance use. That's kind of handy.
    - Scales well. It'll go from 5 to 1000 users pretty well on good-enough hardware. My largest client on it has an Xserve with an SSD boot drive and a RAID 1 mirror to support 1000 users.

    They'll give you a 30-day trial if you want for free. And if you try it and like it, feel free to buy it from someone other than me - I don't get referral fees or anything for that but I'm not pimping it on my own behalf here.

  • by bflong (107195) on Sunday August 07, 2011 @12:19PM (#37014728)

    We used to run Kolab at the office until we switched to Google Apps. It wasn't bad.

  • by mea_culpa (145339) on Sunday August 07, 2011 @12:21PM (#37014748)

    Kerio Connect [kerio.com]. Can be free if you become a partner and have less than 5 users or $540 which is still a great deal IMO due to the ease of administration and being able to set it up in mere minutes with very little effort. You very well could spend many times this in effort trying to do it yourself with a free product.

    100% configurable via intuitive web GUI
    Multi-platform (Windows, Linux, Mac, VMWare)
    Very good multiple anti-spam features
    Full featured webmail, very near parity with MS Outlook.
    ActiveSync support for Andorid, WinMo, iOS (Push mail, contacts, calendar) Optional Blackberry connector.
    Multi-domain support
    Near instant phone support with actual engineers (if licensed)
    Very active development with easy to apply updates
    Tons of other features.

    Download the fully functional free trial and give it a spin.
    I don't mean to sound like an advertisement but I have been using this product for 5 years and it has been the easiest mail server I have ever managed.

  • by dstillz (704959) on Sunday August 07, 2011 @12:27PM (#37014788) Homepage Journal

    Why are you doing this?

    I guarantee you that any self-hosted system will have more downtime, and more overall management time than just sticking with Google or another provider.

    I wouldn't put the e-mail server and the Web/database server on the same machine. In fact, if you're going to do this right, you probably want a mail server in a datacenter that does nothing but receive the incoming mail and hold it back in case your local e-mail server is down. And once you've done that, you might as well be using a "cloud" e-mail provider.

    That said, I have used Zimbra, and it works. I will also support the recommendation of Roundcube.

  • by pongo000 (97357) on Sunday August 07, 2011 @12:29PM (#37014810)

    ...because in one breath, story submitter says he/she is ready to host his/her own email server, then the very next breath he/she is talking about hosted solutions.

    My recommendation? If you can't figure out what it means to "host my own email servers" as opposed to "outsource my mail servers," you should probably just stick with Gmail or another hosted provider.

    That said, I'll play: I've been hosting my own e-mail servers for 15 years now. That's 15 years of SpamAssassin tweaking, 15 years of qmail vs. postfix vs. exim, 15 years of weathering DDOS and joejob attacks. I'm currently running an exim server on my DMZ that simply accepts inbound/outbound e-mail, and I use ODMR and fetchmail to get my mail on intervals from behind my firewall.

    Running an e-mail server is not for the faint of heart (especially for self-proclaimed "hobbyists"). If I were starting at this new without benefit of hindsight, I'd definitely consider a hosted e-mail solution.

  • by toygeek (473120) on Sunday August 07, 2011 @01:02PM (#37015070) Homepage Journal

    1) Install Linux
    2) Put all the software on it
    3) Be happy with yourself for mail actually working
    4) Get blocked by your friends email hosts because they have no idea who the hell your server is
    5) Learn about reverse dns, all the fucking host entries that you have to add so that you don't get automagically blocked by half the populated world
    6) Some asshole user sends email with no subject and an executable attachment, it comes back to them bounced and they scream at you.
    7) Same asshole user bitches and moans 3 times a day about how much spam they get and what a piece of shit your server is

    This ends up with the following consequences:

    1) Give up your life as an actual person. You're now a mail server admin
    2) You stop giving a shit about said asshole user.
    3) You start to second guess your decision to run your own mail server after somebody exploits something (weak password from asshole customer?) and sends half a million spam messages, and 2/3 of them bounce back at you.
    4) You start growing pale and have hideous dark bags under your eyes
    5) You're "that guy" in your apartment complex ("he never leaves!")
    6) Eventually you miss your life, the outside world, and what is left of your sanity.
    7) You start prioritizing your life and you finally give up and.....go back to Gmail.

  • by veg (76076) on Sunday August 07, 2011 @01:02PM (#37015074) Homepage Journal

    It's ironic for me that you should post this on the day after I just abandoned my last home-maintained mail server in favour of Google.
    For the past 15 years I've been a mail administrator in some capacity for a variety of mail systems ranging from my own personal colo to a vast multi-national corporation. Solving the technical problems of building and maintaining a functional and reliable system was fun for a number of years, especially when email was dominated by geeks. But nowadays, running your own server is a perpetual nightmare.

    First, there's the problem of where to host it. It has to be accessible wherever you are, and it has to be able to send mail out. If you're planning on hosting it at home, on the end of a cable/DSL/fios connection, bear in mind that your IP address will almost certainly be blackhole listed. Also, your ISP may well be blocking outgoing mail to prevent spam. You will probably have to configure your system to route all out going mail via your ISP's SMTP server. Why are you hosting an SMTP server again?
    If you're hosting it in a nice VM or in a colo, you're better off, but paying. Google costs you nothing.
    Next, storage. Obviously that's no problem because you have a mirrored RAID eleventy-five array you built yourself. If that's in the colo then you can forget about it - except when a drive goes bad or it crashes unexpectedly. But then it's fine because you're paying for support aren't you. And backups. You are backing it up aren't you?
    Next the server software. Personally I've had a lot of success with Sendmail/Cyrus IMAP/IMSP/Squirrelmail and friends, despite enduring jeers from other sysadmins who think they have a better combination. In the end, it doesn't matter. They all suck. They all need patching regularly. They all break. They all need tweaking on a regular basis.
    Then the final turd in the swimming-pool: spam. It costs you so, so much; bandwidth, around 95% of all of the inbound traffic is spam; time, configuring and maintaining spamassassin and various blackhole lists that occasionally start rejecting mail indescriminately; pride, the only time your clients contact you will be to ask why the mail is so slow and why there's so much spam. "But my gmail doesn't get this much spam - can't you filter it" they say, while you bite chunks out of your tongue. Spam to a mail administrator is like the gopher in Caddyshack: it will keep you awake and turn you into a monster. And the day will come where you, spam-slayer and junk-mail terminator, get put on a blackhole list for being a spammer. That's really fucking harsh the first time.

    I could go on. but we're already in the TL;DR territory.

    Most people do not host their own mail server. They live longer and healthier lives as a result. Follow their example and let Google worry about all of that for you - and in return you just have to pay them...nothing.

    • by discord5 (798235) on Sunday August 07, 2011 @03:20PM (#37016168)

      Personally I've had a lot of success with Sendmail/Cyrus IMAP/IMSP/Squirrelmail and friends, despite enduring jeers from other sysadmins who think they have a better combination. In the end, it doesn't matter. They all suck. They all need patching regularly. They all break. They all need tweaking on a regular basis.

      This! Even on the software side of things, it's constant fiddling and tinkering. I spent about 7 or 8 years administrating qmail and postfix. If it wasn't Spamassassin or the anti-virus going haywire, there would be some other issue. Some braindead mope setting his password to something ridiculous resulting in a flurry of spam sent out a week later, some guy infecting his laptop with something nasty and sending out a fuckton of spam... A bug in all the shit that glues qmail, spamassassin and the anti-virus together that generates a veritable shitstorm of bounce messages to yourself, resulting in more bounce messages to yourself until finally the queue is stuffed with bounce messages...

      Of course, nothing would be complete without the mail queue going corrupt. And once that happens you know you'll be making a tarball of that sucker and cleaning it as fast as possible to get it back online. After that you get do something fun, that's digging through the mailqueue with some obscure shell script from some guy who actually had this very rare thing happen to him too that one time, only with just a small difference, so it won't work out of the box of course. Oh, don't worry, at times like these there will be absolutely nobody breathing down your neck, especially not the person who told you to go F*** yourself when you suggested that it might be a good idea to not be so dependent on a single mail server.

      Then the final turd in the swimming-pool: spam.

      And the problem with spam is : once you've mitigated the issue you just KNOW that by this time next month you'll be at it again and again and... And then there's the problem of false positives. If someone so much as suspects having a false positive there's hell to pay. "You marked this as spam but this is an actual e-mail". Not "The mailserver marked this as..." but YOU.

      various blackhole lists that occasionally start rejecting mail indescriminately

      Oh, don't worry, the foam you have at the mouth that day can be reused in meetings about why the mailserver was rejecting all incoming e-mails.

      the only time your clients contact you will be to ask why the mail is so slow and why there's so much spam

      Or why they can't send out an attachment of 4GB, why their mailbox is full, why their mail from russianbrides.com isn't coming through, ... Oh don't worry, deep down you know by the sheer volume of mail you handle daily your users love you.

      put on a blackhole list for being a spammer. That's really fucking harsh the first time.

      That was the breaking point for me. I simply gave the mailserver an IP in a range that wasn't blacklisted and started looking for a new job. On my way out I congratulated the guy who was promoted to the new mail admin and whistled a merry tune as I shut the door behind me. I vowed never to touch mailservers again in my life and became a better person because of it.

      Take this advice and heed it well : Unless you have a REALLY good reason to do your own e-mail, just fucking don't. I'm sure that a lot of people are going to say "Run qmail", "Run postfix" or "Run sendmail" or whatever and point you towards a lot of incredible HOWTOs, but the truth is that's just the beginning of it, and it will slowly devour more and more of your time until one day somewhere between 10PM and 1AM you're upgrading some part of the mailserver again and wondering to yourself : "What happened? I used to do so many cool and interesting things..."

      If you don't want to deal with Google, find a reliable company you want to deal with and have them do it for you. Running a decent mailserver is just a pain in the ass.

  • by masdog (794316) <<masdog> <at> <gmail.com>> on Sunday August 07, 2011 @01:12PM (#37015146)
    Have you thought about buying a Technet Plus subscription and installing Exchange 2010 plus Forefront Protection for Exchange?
  • by baomike (143457) on Sunday August 07, 2011 @01:27PM (#37015288)

    I have been doing it for years and it is not that big a deal once it is configured.
    If you want to get fancy then it can be a problem.
    We run courier (I wanted sendmail but lost ) using imap to our local net.
    it runs on a local virtual machine and is pretty much maintenance free.
    It can not be accessed from outside (the "fancy" part) and it has no spam filtering.
    The jewel in this is the alias file. Untrustworthy sites (most) get a specific alias.
    If I get spam with that I delete the alias.

  • by N1AK (864906) on Sunday August 07, 2011 @01:28PM (#37015302) Homepage
    I've got my own domain and hosting. I use that to manage all my email addresses and then forward them to Gmail. When I send an email in Gmail, it authenticates and sends it via the email address of my choice. This means that I get the benefit of google's interface, labels, spam filter etc without my email address belonging to them. Effectively, I can get the good stuff now and should they pick up the ball and go home I still have what I really need (access to the addresses people are using).

    The above might not be sufficiently independent for you, however running your own solution is going to be a major headache...
  • by Requiem18th (742389) on Sunday August 07, 2011 @02:06PM (#37015604)

    Even before opening this article I knew it would be overflowing with cries to drop this self-dependency stupidity and just surrender to the corporate gods.

    What the fuck?

    What is the purpose of free software if you are not supposed to use your freedom? You can build your system using open standards, install an open source OS with an open source mail server. But you will get blocked because you are not a business? More over, what is the purpose of freedom when you are not supposed to exercise it? It really has come to the point where "freedom" means "freedom to work for the system".

    It should not be like this, it doesn't have to be like this. There's plenty of solutions, something like WoT can be build to prevent spam much better than a simple "block everything not from gmail yahoo or hotmail" that's just business whoring.

    • by cgenman (325138) on Sunday August 07, 2011 @06:21PM (#37017372) Homepage

      The guy is "a hobbyist, not a sysadmin" and is looking for a self-hosted alternative webmail. The thing is, unlike a lot of other parts of life, mail hosting is basically a sewer of pain. Potholes and pitfalls are absolutely everywhere. To make a bad analogy, the guy basically posted "I'd like to be more independent. So I've decided to learn to fix my car, start growing some vegetables in my backyard. And, oh yes, have a baby. Are babies hard?" All of those are valid goals, that people everywhere should aspire to. But, as the germans say, he needs to be aware of the commitment and Kindersheisse of maintaining a mail server.

      And I've been on both sides of the "black-hole everyone's mail" problem. If a server is sending out spam, a single server can easily be sending out hundreds of pieces of spam to each and every one of your users per day. Chances are, that "server" is a hacked Windows XP box someone in their IP block left online (there really aren't anything other than hacked Windows XP boxes online these days). Or a server with inadequate protections that is being maliciously harnessed. Or someone put the address into a blacklist wrong. Either way, without these blacklists e-mail service as we know it would be over. And, unfortunately, there are people profiting from spam, fighting every bit as hard as the legitimate users to get off of the blacklists.

      And that's without taking into account the basic technological issues, like needing redundancy and response significantly higher than take-it-or-leave-it services. If your docs server is down, you have to wait a bit to access your documentation. If your mail server is down for long enough, you lose all of those messages. Also, all of your clients get messages that your system is down, but you don't. You get hit constantly by volumes of spam, leading to waves of DDOSing. People don't back any mail up, but require it to be available forever. And, this may just be personal perception, but I swear that all mail servers are coded to be suicidal.

      So yes, the effort put out to host one's own mail server is disproportional to the payoff in terms of personal information security. Because it's not building a server. It's committing to hosting an ongoing part of the mail ecosystem.

"The trouble with doing something right the first time is that nobody appreciates how difficult it was." -- Walt West

Working...