Forums

Resolved
0 votes
Hello,

This post is in regards to the idea of setting up my own email server. I have been working really hard over the past couple of months to regain my privacy from clouds and online services. Just a couple of days ago there was an attempt to gain access to my yahoo personal email. I had the address for many years and I understand they got breached not long ago. I instantly closed the account. It was a difficult decision because most my things are tied to that account.

My business is from my home and really my question is - is it worth it to use my own email server for just myself? Most the articles I have been researching has stated it's best not to security wise from a home perspective. I guess I would like some thoughts before I get a domain. Getting the domain is an OK cost. I wanted to eventually cut my teeth doing a website; however not in this junction in time. I haven't decided exactly what setup route I was going to take yet. I have Vmware Workstation 12 on my clear box, so I could go virtual for a mail server. If any of you feel this scope of work is not valid for my use - any good email providers focused on security besides the usual big names?

Thank you
In Mail
Tuesday, February 12 2019, 02:58 AM
Share this post:

Accepted Answer

Tuesday, February 12 2019, 09:20 AM - #Permalink
Resolved
0 votes
I did this a few years ago as I wanted to remove reliance on ISP provided e-mail addresses and I did not like the way M$ had gone and Google were heading and I've been running my own mail server for the family.

There are some downsides. You need a good internet connection or a reliable MX backup service to receive e-mails if your internet goes down, although it should not matter if it is for a few hours. ClearCenter do provide one if you get your domain through them, but I've recently hit a snag. For a month or so I've been getting thousands of spam messages a week from qq.com. None of them get through because of the measures I've implemented from here, but most of them were coming from the MX Backup service which the spammers were targeting and only a small proportion were coming directly. The direct ones I could cut down on by doing some even more aggressive firewalling with fail2ban but I have no control over the MX backup and can do nothing about it. Also the firewalling forces even more of this spam over to the MX backup. Turning off the MX backup and using the aggressive firewalling cuts the spam attempts down to 100-200 a day (but none gets through anyway).

I have a nominally dynamic IP so I cannot send out e-mails directly as I am automatically on any blacklist which blacklists dynamic ISP's IP blocks and note that even if you have a static domestic IP it could be from within an ISP's dynamic block of addresses. To get round this I have to relay through an SMTP service. My ISP allows us to use his normal mail server to relay through and this is relatively common, but some ISP's don't have this facility or change e-mail headers if you relay through them (GMail change headers - either the from or the reply-to or something like that). I am just about to change ISP's to one without an SMTP relay so I've had to sign up to a public service. I've used AuthSMTP and should be able to stay within their free limits.

I also recently fell foul of another setup issue. One recipient started bouncing messages and it turns out that your MX record must point to an A record or IP address. Mine was pointing to a CNAME record. As my domain is with ClearCenter, they maintain my domain's A record with their Dynamic DNS and I used CNAME records for things like mail.mydomain.com pointing to my A record which seems to be fine for everything except MX records, and I quickly had to change my MX record to point to mydomain.com.

I do have to say that, with a dynamic IP, Clearcenter's Domain/DNS offering is quite attractive and has proved useful but you do have a bit of a learning curve. I have no idea how other Dynamic DNS services operate so these facilities may be available elsewhere.

Before you go anywhere, it is worth checking your ISP does not block incoming tcp on port 25. Some do, and if your's does, you are dead in the water. Note to trial this you can use your xyz.poweredbyclear.com domain as an e-mail address domain and see if you can get it working with that.
The reply is currently minimized Show
Responses (6)
  • Accepted Answer

    Wednesday, February 13 2019, 03:04 AM - #Permalink
    Resolved
    0 votes
    Thank you all for your replies. Definitely a wealth of information here. Everyone has been a very helpful, and welcoming in the clear community in the eyes of a newcomer such as myself.

    Tony Ellis I read the article and it was a good read, especially since I have been experiencing something similar...just on the level of a regular Joe.

    My box is configured as a gateway. Due to the time constraints and digesting everyone's replies I decided not to host my own email server...for now. Since my recent experience I have become pretty paranoid how my data is handled, especially how tech giants handle privacy concerns with it's user's data recently.

    I ended up registering a domain name. I wanted to do it through clear but I don't think it supported the tier (I think that's that right term?) I registered a .art domain and I thought it was really cool considering I'm an artist. I might do some web stuff with it later. For the email portion I went with proton mail. Considering I was paying for an office365 subscription I hardly used - the cost was justifiable. Domain reg with privacy was $15/year, and the proton mail is $5 a month and really slick at that. It uses a bridge app for email clients. I wonder if I can move a .art to clear center?

    Anyways, I thought this would be a good start for now considering most my online accounts were linked to nothing anymore. Down the road the email server will be a good project when I clean my plate of things to do. If I can resolve some issues with the gateway management filter on my box, I'll be golden. :p

    Thanks again everyone! I'm sure I will be picking brains later. :)
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, February 13 2019, 12:59 AM - #Permalink
    Resolved
    0 votes
    Just as this is being discussed...

    Email Servers hacked - massive data loss
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, February 12 2019, 07:46 PM - #Permalink
    Resolved
    0 votes
    You are correct, sir. I looked at one of my old receipts and it was only $25. That's even better!

    I corrected the amount in my earlier post on this thread, soze future readers weren't misled.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, February 12 2019, 07:05 PM - #Permalink
    Resolved
    0 votes
    Dirk Albring wrote:
    Once you decide you like ClearOS, because you will like it, you'll then want to decide if you want to register a domain name with a registrar. ClearOS offers that as well for a mere $50/yr.


    If I'm correct register a domain is $25/yr. ;)
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, February 12 2019, 02:28 PM - #Permalink
    Resolved
    0 votes
    I would say setting it up and getting it to work flawlessly isn't for the faint of heart, but if you don't mind a little R&D, ClearOS provides a very nice well-rounded package, to include some nice security features for email. You could try it out using the Community version or the 30-day trial offered with the business version, although you'll lose some of that 30 days just getting things running. A web server is available as well, so you would be able to host websites placed in your web root on your ClearOS server. ClearOS has multiple update services you can subscribe to that keep the latest security patches in place for things like anti-malware, anti-virus, content filtering, and intrusion detection.

    You'll also want to decide if you want your ClearOS server to work in standalone mode, behind a router in your house, or if you want it to work in gateway mode, which will serve as a router with a firewall. If you choose the former, that will be another time of discovery for you getting traffic to reach your mail and web servers. Not impossible though. Albeit there is discovery using either mode. Once you decide you like ClearOS, because you will like it, you'll then want to decide if you want to register a domain name with a registrar. ClearOS offers that as well for a mere $25/yr.

    If you just wanted to enhance your email security using ClearOS' mail servers, you could keep existing email accounts you already have and just use the fetchmail app in ClearOS, which will pull in all your different accounts. Using the smtp mail server that ClearOS offers, combined with the elegant Kopano webmail package would allow you to send mail out disguising it with "from" email accounts that match your existing accounts. There's a number of ways you can handle your email.
    The reply is currently minimized Show
  • Accepted Answer

    Robert
    Robert
    Offline
    Tuesday, February 12 2019, 11:47 AM - #Permalink
    Resolved
    0 votes
    Hi,

    I am probably somewhere inbetween. I use Zarafa/Kopano since years, but rely on an ISP provided email (with fetchmail/postfix). The reason for this is the backup problem in case somethings goes off like Nick mentioned (I do have a backup, but not a failover). To access Zarafa/Kopano I use the clearcenter domain/DNS offering Nick mentioned to have an address which is easily memorizable and does not look odd to other people. I did not have a break in into my mail account, but I cannot guaranty for any email provider.

    Best wishes,

    Robert
    The reply is currently minimized Show
Your Reply