Post ANEYJbgCIwDOft7xMe by thatayush@fosstodon.org
(DIR) More posts by thatayush@fosstodon.org
(DIR) Post #ANEXMbSvSO4yvQmhou by kev@fosstodon.org
2022-09-04T21:40:45Z
0 likes, 0 repeats
Not sure what’s happening, but there seems to be a number of posts in my timeline about self-hosting email and how hard it is. I agree, it’s hard, but not because of deliverability - set your SPF, DKIM and DMARC records and email will be delivered everywhere in my experience.Self-hosting email is a PITA, in my opinion, because of spam. There’s simply no good spam filters in open source land. Again, in my experience.
(DIR) Post #ANEXYKH1CbWd51nxh2 by kev@fosstodon.org
2022-09-04T21:42:50Z
0 likes, 0 repeats
In the end I just went with Zoho. Around £1/m/mailbox, has an open privacy policy and works really well. Best yet - still gets me away from the big hitters in email land.
(DIR) Post #ANEXZRhJ5MYIOXdQkS by theavidhorizon@fosstodon.org
2022-09-04T21:42:54Z
0 likes, 0 repeats
@kev I just finished reading https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.htmlIf this is true, it is a big problem.
(DIR) Post #ANEXn1QPYxL4xyCpJQ by edboythinks@fosstodon.org
2022-09-04T21:45:30Z
0 likes, 0 repeats
@kev any point-to-point encryption to worry about? considering for thunderbird
(DIR) Post #ANEXuZhcWBBLIrrB6u by kev@fosstodon.org
2022-09-04T21:46:54Z
0 likes, 0 repeats
@theavidhorizon I found this to be quite inflammatory, personally. But hey, everyone’s experience is different.
(DIR) Post #ANEY49GtdukYDzvDvM by yojimbo@hackers.town
2022-09-04T21:48:39Z
0 likes, 0 repeats
@kev If you're running a mailserver that's primarily for yourself, dealing with incoming spam isn't too hard. It's easy to see in your MUA, and there's no reason you should be delivering "status unknown" to the default Inbox anyway; only put known-good messages in there.I agree that the RBLs available are less complete than the commercial ones (that you cannot access unless you're using their own products), and content analysis is a bit weak.I think the actual missing piece is when you end up running mail for other people - sadly that includes family - who don't understand the problem the same way.The other reason to not do it, is available time/inclination to tinker. I used to have more of that than I do these days ... that's probably the biggest PITA for me.
(DIR) Post #ANEYAys4i2pPznZO6K by kev@fosstodon.org
2022-09-04T21:49:45Z
0 likes, 0 repeats
@edboythinks sorry, I don’t understand your question.
(DIR) Post #ANEYJbgCIwDOft7xMe by thatayush@fosstodon.org
2022-09-04T21:51:29Z
0 likes, 0 repeats
@kev in my experience, companies outright block domains if its not a known one. But otherwise, have had 0 deliverability issues.
(DIR) Post #ANEYP0VTQRgj7dgceu by kev@fosstodon.org
2022-09-04T21:52:26Z
0 likes, 0 repeats
@yojimbo yep, it’s certainly a time sink!When I did self-host, I ended up using MXGuardDog. They were very good and reasonably priced. No idea if they’re still around though.
(DIR) Post #ANEYmuoAGRDYOlpTXs by edboythinks@fosstodon.org
2022-09-04T21:56:46Z
0 likes, 0 repeats
@kev so i currently have to use protonmail-bridge to integrate my email into thunderbird due to its integrated encryption. it uses localhost as a proxy to disable encryption, so it has that shortcoming. i guess my question is: does it require any particular mail client to run?
(DIR) Post #ANEZE1w5s3NgK9T2mm by kev@fosstodon.org
2022-09-04T22:01:39Z
0 likes, 0 repeats
@edboythinks nope. Supports open standards - IMAP, POP, SMTP and Cal/Card DAV for syncing al and contacts. Also supports ActiveSync.Side note: I feel that Protonmail and their ilk are the most pointless thing to ever happen to email. The whole thing is inherently flawed.
(DIR) Post #ANEZx5TfYAn2L5enNw by edboythinks@fosstodon.org
2022-09-04T22:09:49Z
0 likes, 0 repeats
@kev yeah i’m starting to feel that way too. when you get into things like company-owned clients being required to enable integrated encryption that is required to function without the intervention of a dedicated bridge, it’s no longer a feature. it’s a bug
(DIR) Post #ANEcEbssW4JPg4vooa by lightweight@mastodon.nzoss.nz
2022-09-04T22:35:13Z
0 likes, 0 repeats
@kev @yojimbo I'm intrigued to know what you folks consider a time sink... I've probably spent 3-4 hrs managing my Mailcow systems (I look after 3) in the past year or so... great spam filtering, all the SPF/DKIM/DMARC management, etc. for probably 40 domains across them. Seems very low time and absurdly cost-effective to me...
(DIR) Post #ANEdUZ8aazYzkMS6nA by gruff@mastodon.technology
2022-09-04T22:49:29Z
0 likes, 0 repeats
@kev @edboythinks I'm a Proton customer and torn on this.It's solid. Proper encryption. I've one of the old Visionary accounts, so have custom domains, unlimited users, mail, drive,calendar and VPN. I think, 100's of Gb of storage etc. It costs about £200 a year. I also run a Nextcloud instance with S3 storage which maybe costs less than £100 which I can build on or migrate to Proton.So, Proton 'costs' about £100 over and above.... I'm torn.... :(
(DIR) Post #ANEexZYYDYhxOhzVZ2 by JayT@fosstodon.org
2022-09-04T23:05:56Z
0 likes, 0 repeats
@kev I've wondered if the solution to spam is some combo of the "first email from new address needs to be accepted" idea that hey.com uses, combined with some sort of distributed reputation list, like what what CrowdSec does for IP's
(DIR) Post #ANEif6y8ALyrL6PNh2 by theavidhorizon@fosstodon.org
2022-09-04T23:47:27Z
0 likes, 0 repeats
@kev I tend to take such things with a grain of salt, but I imagine the blog style post I linked to (and ones like it) aren't helping the situation any.
(DIR) Post #ANElSqGIkvSHuYkTuC by nhr@fosstodon.org
2022-09-05T00:18:41Z
0 likes, 0 repeats
@kev agreed that spam management is the biggest problem. One of my Red Hat colleagues just posted his new setup (https://jan.wildeboer.net/2022/08/Email-0-The-Journey-2022/) and his main spam strategy is fail2ban. I’d rather throw in with a larger client pool; Fastmail is a decent option (for me, in the US)
(DIR) Post #ANEljshQwicCOVZ3o0 by IslandUsurper@fosstodon.org
2022-09-05T00:21:54Z
0 likes, 0 repeats
@kev I have a self-hosted email. I don’t post it publicly, but I also don’t know what anti-spam measures I’ve taken because I don’t see spam. I use simple-nixos-mailserver/nixos-mailserver (on GitLab), and I think the `enableManageSieve` option is the only thing remotely related in that config.
(DIR) Post #ANF75pJe0u0cewqAUK by ocdtrekkie@mastodon.social
2022-09-04T22:43:04Z
0 likes, 0 repeats
@lightweight @kev @yojimbo Sysadmins complained for years about running their own Exchange servers in the enterprise space too but I find it largely a low effort thing. Patches every so often but if the server has enough file space there isn't anything more to manage than on 365.
(DIR) Post #ANF75poq8uxkDhR572 by lightweight@mastodon.nzoss.nz
2022-09-04T22:56:39Z
0 likes, 0 repeats
@ocdtrekkie that said, I wouldn't advocate for hosting MS Exchange, either locally or in the cloud ;)
(DIR) Post #ANF75qTxg1r8HEfvCy by ocdtrekkie@mastodon.social
2022-09-04T23:01:16Z
0 likes, 0 repeats
@lightweight I mean, if you're whole enterprise stack is Microsoft-based already, it's a solid product, but they're also planning on making it fully subscription-based next version, so you pay monthly even if it runs on your own infrastructure.
(DIR) Post #ANF75r1zdV4tymb6Fk by lightweight@mastodon.nzoss.nz
2022-09-04T23:06:24Z
0 likes, 0 repeats
@ocdtrekkie yeah, there's nothing good about being dependent on Microsoft. The quality of their tech is largely irrelevant to that (although I consider them remarkably inept technologists as a whole, mostly because they're marketing-led, not technology-led). It's just that they're a rapacious corporate monopolist and always will be.
(DIR) Post #ANF75rdZNn8TrKB6p6 by ocdtrekkie@mastodon.social
2022-09-04T23:14:08Z
0 likes, 0 repeats
@lightweight I don't disagree but there are areas the alternatives are still woefully deficient. Active Directory, and in particular, Group Policy, is one of the most impressive and comprehensive way to configure, secure, and manage computers, and I've yet to hear of anything that is really anything close to it... yet.The irony, of course, is Microsoft itself now discourages this in favor of their cloud products though.
(DIR) Post #ANF75sBFMa4fXlw0Jc by lightweight@mastodon.nzoss.nz
2022-09-04T23:17:15Z
0 likes, 0 repeats
@ocdtrekkie I'm not impressed by AD. It's a solution that exists to keep low-grade IT techs employed (i.e. the ones who mostly sell MSFT stuff in their business/org because it's all they know). I think it's vastly over-complicated and largely unnecessary in almost every place it's implemented. Ironically, I'm just having a side convo in another channel about this exact thing with some AD admins. Poor sods.
(DIR) Post #ANF75sgnTHJN7chCUa by ocdtrekkie@mastodon.social
2022-09-04T23:19:46Z
0 likes, 0 repeats
@lightweight I would honesty love to hear what your alternative recommendations would be. As I said, I'm not aware of anything I feel could suitably replace it in the FOSS world. (I actually run a domain controller at home now... not sure that's a good thing, but it makes me happy?)
(DIR) Post #ANF75tAvfFPkd4nGSW by lightweight@mastodon.nzoss.nz
2022-09-04T23:26:33Z
0 likes, 0 repeats
@ocdtrekkie I've consciously avoided scenarios where such a heavy solution is justifiable... When I've been forced to flirt with the idea (e.g. when discussions wander over to the topic of SSO), I've looked at straight LDAP or Keycloak or maybe even FreeIPA... but I've managed to avoid that so far. To me it seems that the cost/complexity of that 'convenience' is substantial.
(DIR) Post #ANF75teLtqwy6KYlJw by ocdtrekkie@mastodon.social
2022-09-04T23:28:20Z
0 likes, 0 repeats
@lightweight Probably the biggest question I'd have is the group policy portion, how do you manage configuration across a large number of machines? (On the authentication side, yeah AD is hardly more than an LDAP server at the end of the day, especially if you have a single site.)
(DIR) Post #ANF75u8U5p3LbmepHs by lightweight@mastodon.nzoss.nz
2022-09-04T23:32:10Z
0 likes, 0 repeats
@ocdtrekkie as someone who's implemented a lot of tech-based ACL & moderation functionality for businesses who thought they needed it (when I ran a web app dev shop), I've seen how almost uniformly they backfire, costing a lot implement and then not working in practice. I almost always advocate for using human management practices rather than tech-enforced policies, as I find the latter too un-responsive and ultimately trust-eroding... but maybe I'm naïve.
(DIR) Post #ANF75uXIbYu0qkGdxw by ocdtrekkie@mastodon.social
2022-09-04T23:42:53Z
0 likes, 0 repeats
@lightweight Honestly security is a part of it but convenience is bigger. I get tired of manually setting up Firefox privacy settings on six PCs at home. One change in Group Policy can set them on 300 PCs at work, and when we encounter an issue with a website, I can fix it in everyone's settings with a single change.
(DIR) Post #ANF75uxt0iAaBChsPI by lightweight@mastodon.nzoss.nz
2022-09-04T23:49:28Z
0 likes, 0 repeats
@ocdtrekkie interestingly, in our household (with about 8 or 9 laptops+PCs) I don't try to do any management at that level. We do talk about privacy around the dinner table, but I don't enforce any settings... (my family uses a mix of Linux, ChromeOS, and Android, and yeah, two occasionally use Windows).
(DIR) Post #ANF75vNlSUrzTSoXk8 by ocdtrekkie@mastodon.social
2022-09-04T23:57:47Z
0 likes, 0 repeats
@lightweight With such a diverse ecosystem it's hard to set common settings, I suppose, but I really like knowing when I go to any of my computers they are set up reasonably. At work, of course, triply so.
(DIR) Post #ANF75vyzE6dzKuEGlE by lightweight@mastodon.nzoss.nz
2022-09-05T00:00:06Z
0 likes, 0 repeats
@ocdtrekkie we see diversity as strength ;) - my personal aim is to teach my kids (and wife) how to manage these things themselves (i.e. agency and self-direction) and understand the underlying concepts.
(DIR) Post #ANF75wNnjqUeZrq5RI by ocdtrekkie@mastodon.social
2022-09-05T00:07:38Z
0 likes, 0 repeats
@lightweight Works good for home (and I'm only using AD on my own computers!) but I work in an environment where people can't figure out how to log into the ticket system without help, and have no desire to learn. :P
(DIR) Post #ANF75x1rKuXIa6a4sS by ocdtrekkie@mastodon.social
2022-09-04T23:59:24Z
0 likes, 0 repeats
@lightweight Between Group Policy and a third-party software deployment tool (which relies on AD as well), I basically unbox a new PC, join it to Active Directory, and within an hour it has self-configured to do whatever role it is needed for.
(DIR) Post #ANF75yiR46BfoRVasa by strypey@mastodon.nzoss.nz
2022-09-05T04:20:57Z
0 likes, 0 repeats
@ocdtrekkie> have no desire to learnThis may be the single greatest challenge. How do you engineer for brainless simplicity without engineering away committing freedoms in the prices? Is it even possible? Or does defending software freedom depend on dissociating discovering the reasons why people don't seem to want to learn about the computer they depend on, and doing something about them?@lightweight
(DIR) Post #ANFErx2VIfbMC0iYoy by lx@tooting.ch
2022-09-05T05:48:17Z
0 likes, 0 repeats
@kev From my experience, I agree 100% with what you said. Sure, you need to read a lot about Postfix’ options to get the setup safe but after that it’s fine. I also learned that getting in touch with whitelist providers can help your reputation if that is an issue, which it usually isn’t.I believe that this mentality of “you can’t self host email” only makes the situation worse. Things should be going that direction, not be centralised.
(DIR) Post #ANFGIfKPMFvX2FOWJs by dusnm@fosstodon.org
2022-09-05T06:04:20Z
0 likes, 0 repeats
@kev Spam was certainly the reason I switched from self-hosting to mailbox.org. Spam Assassin just couldn’t keep up. After hours of settings and dubious solutions I’ve simply had enough.
(DIR) Post #ANFZ09cQPcvkbghyxU by kev@fosstodon.org
2022-09-05T09:33:52Z
0 likes, 0 repeats
@dusnm pretty much the same here. The constant cat and mouse became tiresome.
(DIR) Post #ANFZU0NtJI8Wed90mu by kev@fosstodon.org
2022-09-05T09:39:15Z
0 likes, 0 repeats
@gruff is it proper encryption though? If you send an email to someone on Gmail, that’s not encrypted. As I understand it, if you send to an external server, it just sends a link for that person to view the email.Proton and their ill will never have “real encryption” until such time as the rest of the email industry define and implement a standard for it.@edboythinks
(DIR) Post #ANFaWr44W6UUZZnSeO by kev@fosstodon.org
2022-09-05T09:50:59Z
0 likes, 0 repeats
@JayT I think that's an interesting concept, but it's moving the heavy lifting onto the user. There's still things we can do to get rid of the most obvious spam.
(DIR) Post #ANFajxRu5i1w8dBxWy by kev@fosstodon.org
2022-09-05T09:53:22Z
0 likes, 0 repeats
@nhr someone else linked to this, I saw. I need to read through it.
(DIR) Post #ANFaqaM6Lob8Xedd32 by kev@fosstodon.org
2022-09-05T09:54:33Z
0 likes, 0 repeats
@lx absolutely!
(DIR) Post #ANFavDcKJp6hT5R8gS by kev@fosstodon.org
2022-09-05T09:55:23Z
0 likes, 0 repeats
@dusnm how do you find mailbox.org? I used them years ago and they were fine for the most part, their support was awful though.It was a long time ago, mind.
(DIR) Post #ANFbBJuwf6zhdpp6GG by dusnm@fosstodon.org
2022-09-05T09:58:20Z
0 likes, 0 repeats
@kev I never had to deal with support so I don't know anything about that. Their annual plans are affordable and the service is stable. Most importantly there's little to no spam.Overall I'd say I'm pretty satisfied with their service. The docs are excellent and pretty easy to follow if you want to use your own domain.
(DIR) Post #ANFdKciILenGS0TCVs by gruff@mastodon.technology
2022-09-05T10:22:24Z
0 likes, 0 repeats
@kev @edboythinks I don't think Gmail supports stuff like PGP etc. directly. I'm not even sure the recipient will even get a link. I assumed they would end up with an encrypted e-mail in their in box and not much else. The onus is on the recipient to use an e-mail client that can decrypt. Once PGP is configured by both parties it works well.I think there maybe an option in Proton to password protect an e-mail which just sends link, like you suggest, but clearly that's a dogs dinner approach.
(DIR) Post #ANFduA3ONjeZzOHeka by kytta@fosstodon.org
2022-09-05T10:28:48Z
0 likes, 0 repeats
@kev same as @dusnm here: never had to deal with their support. I also love their documentation a lot. They offer a Tor exit node for E2EE access to their website, which is a nice touch. I appreciate their openness when it comes to authorities' requests, and I trust them more in general for not being US-based. Their webmail leaves a lot to be desired, but since I use my email client-side, I don't care. Overall, a great provider, and I don't think I'll even consider switching any time soon.
(DIR) Post #ANFiyjm410jBhgBDZg by gloopsies@fosstodon.org
2022-09-05T11:25:39Z
0 likes, 0 repeats
@kev I do self host my email, had a bit of problem configuring it for the first time but all in all it works great now. I don't have the problem with spam tho, even tho I post my email online I do not have a big following for bots to find and scrape. If I create an account for something I don't trust I just use a gmail account that's set-up to forward all my email anyway
(DIR) Post #ANKHc0Se3kGbcrrc12 by benstigsen@fosstodon.org
2022-09-07T16:12:23Z
0 likes, 0 repeats
@kev haven't heard of Zoho before, I'll be sure to check it out.Also de-googling my life and so far I'm using posteo.de