[HN Gopher] Self-hosting email like it's 1984
___________________________________________________________________
Self-hosting email like it's 1984
Author : xmx98
Score : 138 points
Date : 2025-10-04 14:53 UTC (8 hours ago)
(HTM) web link (maxadamski.com)
(TXT) w3m dump (maxadamski.com)
| abdullahkhalids wrote:
| Here is my advice to anyone wanting to test out self-hosting
| email. Start by using your self-hosted email to sign-up for
| accounts. You don't have to use the email address for your
| personal correspondence
|
| Use Mail-in-a-box to get started [1]. You can literally set it up
| in a couple of hours by following the instructions and everything
| should just work.
|
| After a few years, you can think about switching your personal
| correspondence to your new email.
|
| [1] https://mailinabox.email./
| bonzog wrote:
| I've been running MIAB for a few years now with generally good
| success as an outgoing sender using a rented cloud machine and
| a "clean" reputation IP. I've had to email the Microsoft
| postmaster on one occasion when my emails weren't reaching
| Outlook users, but they were surprisingly helpful and it's been
| working fine for years now. It's a good learning exercise in
| setting up stuff like DKIM/SPF/DMARC.
|
| That said - receiving account sign-up emails is the absolute
| biggest pain in the backside with Mailinabox! The greylisting
| anti-spam feature relies on bouncing unknown senders and
| waiting for a retry. The trouble is, many legit sites just
| don't bother retrying. So email verification for new accounts
| and 2FA-type stuff often takes ages to come through, if at all.
| MIAB stubbornly has no easy, mail user-facing way to
| temporarily disable spam filtering and it's a real PITA at
| times.
| abdullahkhalids wrote:
| Oh! That's what it is. I just thought some websites just took
| longer to send an email to my unknown domain.
|
| I see that the only way to disable greylisting is to
| configure the underlying tool [1]. But it also means that
| SPAM will increase a lot.
|
| [1] https://discourse.mailinabox.email/t/how-to-turn-off-
| edit-gr...
| behringer wrote:
| It's better to whitelist the domains you'll be getting mfa
| from.
| watermelon0 wrote:
| I can recommend Stalwart [1] which is a complete mail service
| contained in a single binary, that doesn't really have any
| external dependencies, and is really easy to install and
| update.
|
| I've looked (and tried) a few other projects in the past, but
| Stalwart was the easiest to setup, and I haven't had any issues
| with it so far.
|
| [1] https://github.com/stalwartlabs/stalwart
| mfsch wrote:
| It's also what Thunderbird is using to build their paid email
| hosting. Seems like a very ambitious project mostly done by a
| single person - impressive!
| sureglymop wrote:
| Wow! I was just about to comment how email is the one thing
| where I wish something that didn't follow the unix philosophy
| existed. Exactly due to this, it is easy to set up a mail
| server but it is hard to think of all the things around it:
| spam, fishing, dmarc, dkim, spf, etc.
|
| This looks really nice, especially also for saas projects.
| stavros wrote:
| I'm not looking to self-host my email, but this looks
| fantastic. It's making me reconsider the decision, hm. Thank
| you for this.
| the_gipsy wrote:
| What about mail servers generally rejecting email (or marking as
| spam) from residential IP ranges? Decades of malware sending spam
| has spoiled self hosting emails.
|
| I needed some minimal mail delivery for user registration
| confirmation and password recovery, and I finally caved and just
| use some free service. It's okay since those emails are really,
| really, sparse in my case. But it sucks that email, this one old
| and open technology, is not realistically self-hostable.
| renehsz wrote:
| Yeah, _hosting on_ or at least _tunneling through_ a commercial
| IP address is definitely required in order not to be flagged as
| spam. Personally, I chose the latter option of hosting my MTA
| at home but tunneling its traffic through a VPS in a
| datacenter. It 's been working pretty well ever since, although
| I'm not sure it's worth the effort versus just using a cheap
| hosted provider.
| man8alexd wrote:
| Where is UUCP? Why are addresses not bang paths? Where is
| sendmail.cf?
| munchlax wrote:
| Right. You better not self-host like it's 1984 because that
| would also mean you're an open relay. And vulnerable for pretty
| much anything you can think of.
| xmx98 wrote:
| This config doesn't make an open relay.
| man8alexd wrote:
| A typical config from 1984 is an open relay and vulnerable
| to the Morris Worm.
| rascul wrote:
| This config wasn't available in 1984.
| ajross wrote:
| Ditto. I was sorely disappointed to click through "1984" to
| find a subheading on "setting up postfix".
| hmng wrote:
| Those wore the days :-) I remember playing on a University lab
| with half a dozen Unix workstations, sending an email with the
| path of server1!server2!server3 etc and hearing the email
| flowing from server to server by the noise of the disks!
| reaperducer wrote:
| _Why are addresses not bang paths?_
|
| That's what I thought of when I saw the title, too.
|
| Where are my ...killer!jolet! people at?
| boplicity wrote:
| Modern email providers, especially ones offered by ISPs often
| have the same problems that people criticize self-hosted
| providers for. Even Google has problems. For example, I regularly
| order via companies that use Shopify. Now, all of the shopify
| emails are going straight to spam in Gmail, despite constantly
| marking them as not spam. (These even pass dmarc/spf/dkim etc, so
| who knows what's going on here.)
|
| Email delivery and receiving is not hard, but it's inevitably
| going to be imperfect, no matter the provider you use. There are
| so many bad actors out there, it's surprising that it works as
| well as it does.
| singpolyma3 wrote:
| That behaviour is the whole problem. If you use a self hosted
| or small time email provider you're much less likely to have
| email blocked or filtered by aggressive anti-not-gmail filters.
|
| Hilarious Gmail addresses send tonnes of spam so filtering by
| provider doesn't do much there days anyway. But Google insists
| to continue
| dataflow wrote:
| > These even pass dmarc/spf/dkim etc, so who knows what's going
| on here.
|
| Those have nothing to do with being spam, right? Spam is about
| content, those are about authenticity. Anybody can send
| authentic trash, or unauthenticated gold.
| pembrook wrote:
| Bizarrely, I also find Gmail's spam algo is actually
| oversensitive to marketing emails from companies these days,
| which I never thought was something I would complain about. But
| like you said its super annoying when I actually want the
| emails.
|
| Seems like we had the opposite problem 10ish years ago. But now
| the pendulum has swung a bit too far in the other direction.
|
| Ultimately most of the spam I get these days is actually from
| individuals doing low volume cold outreach from personal email
| addresses...not companies sending bulk. The new gmail
| unsubscribe feature works great for marketing emails but is
| worthless against cold email spam -- which somehow rarely ever
| lands in spam.
| fc417fc802 wrote:
| Microsoft Outlook has been flagging their own marketing
| emails as spam for me lately. I'm not sure if I ought to be
| impressed or disappointed.
| lanstin wrote:
| I have self hosted my email for about twenty years; fr about
| ten or fifteen I just forwarded everything to Gmail but had to
| revert to local ( started with local mail in emacs, but
| switched to imapd to solve the airplane ticket in the airport
| issue) because so much important stuff was marked as spam. Like
| in the middle of a conversation between me and on other person
| their reply to my email (which I always bcc:ed ack to myself)
| would disappear. Self hosted is much better. It took few
| iteration to get spf etc working.
| zrm wrote:
| > For example, I regularly order via companies that use
| Shopify. Now, all of the shopify emails are going straight to
| spam in Gmail, despite constantly marking them as not spam.
| (These even pass dmarc/spf/dkim etc, so who knows what's going
| on here.)
|
| There's a pretty good chance this is because Shopify is sending
| a lot of email users mark as spam, or is using the same mail
| server as someone who does. Then you marking them as not spam
| gives them a better score but the sender's reputation is still
| so bad that it can't break the threshold to stay out of the
| spam folder.
| bhaak wrote:
| I haven't read the article and I am to afraid to open the link in
| case they are using sendmail.
| hk1337 wrote:
| How long are you going to keep the cat in the box?
| hmng wrote:
| Spoiler alert, it's Postfix. So not really 1984 software. But
| then again, neither is Linux...
| xmx98 wrote:
| But the experience of using mailx is close to that time,
| hence the title. Even though I'm too young to know for sure
| :)
| man8alexd wrote:
| Almost everything described in the article didn't exist in
| 1984. Postfix, OpenDKIM, TLS, SPF, DKIM, DMARC. Only very
| basic SMTP and DNS, but even MX records didn't exist.
| 1over137 wrote:
| OpenDKIM seems dead:
|
| https://github.com/trusteddomainproject/OpenDKIM/issues/2
| 36
| 627467 wrote:
| Say I want to test the waters for selfhosting email, and I
| already have my how domains setup with SaaS like Google workspace
| and equivalent. Is there a way to setup mx records so that both
| google and my own server gets email for a while? This would be
| useful to test the waters over a few months before fully
| migrating
| hmng wrote:
| Not really, SMTP relays will only send messages once, to one
| server.
|
| But it's not receiving that is the problem, that is generally
| fine, if ports are open at ISP / network level. It is the
| sending that is often tricky. Sending email on the other hand
| can be done from multiple servers (if SPF correctly configured)
| And nothing prevents you from sending email directly from your
| own relay. You could try that, and reception would not be
| affected.
| habibur wrote:
| Configure google to forward mails to your self hosted server.
|
| When replying reply from your self hosted server.
|
| That way you can gradually shift over.
|
| I had been self hosting like this for years.
| man8alexd wrote:
| You can set up a lower-priority MX to point to Google, so if
| your server fails, then email is delivered to Google. But if
| your server is misconfigured and returns permanent 5xx errors
| for legitimate emails, then it won't work, and the emails won't
| be delivered to Google.
| nzeid wrote:
| No easy answer here. Individual MTAs or a cluster of them
| typically live under one unique domain. In your scenario, you'd
| have to point your existing records (or just MX) to your self-
| hosted instance, and have your self-hosted instance
| relay/autoforward to Gmail under a _different_ domain. This
| might entail simply setting your Gmail back to @gmail.com.
| dizhn wrote:
| Not with MX but, look at google's split domain documentation.
| You can either have them handle the domain and forward you a
| copy, or you can have your own domain be the primary and
| forward to google. I have been using the latter for a few years
| now since not all of the users in the domain are using Google
| Workspace. They have a special address for forwarding to so you
| don't get into a loop. It has been working flawlessly for us.
| lifty wrote:
| Not sure why someone would go through the pain of cobbling up a
| self hosted solution based on Postfix when you have fully
| integrated solutions like https://stalw.art/, which are a breeze
| to setup.
| behringer wrote:
| Because postfix is foss, will work with everything and for all
| time and if there's a problem with it you'll actually be able
| to fix it.
| lifty wrote:
| I thought Stalwart's license, AGPL is foss.
| drnick1 wrote:
| Postfix has been around for decades and respects the Unix
| philosophy of doing one thing and doing it well. It's perhaps
| the most widely deployed MTA, and as such it has been
| thoroughly field tested.
|
| Also, people in the FOSS community tend to be wary of "open
| source" projects primarily developed by a commercial company
| under dual licensing.
| billfor wrote:
| Assuming this is not hosted on your home system, since ISPs may
| block the ports and also most of the dynamic ips allocated are
| blacklisted, the issue with postfix is that its difficult to have
| a single set and forget config if you intend to use it on
| multiple internal machines, like for getting your root email on
| each system to one mailbox. Ideally you want a single main.cf for
| all your internal machines and for the outgoing/incoming mailhost
| to be determined solely by your mx or internal dns alias, but
| this is next to impossible with a single postfix config without
| getting mail loops on the system that is the mailhost. Exim and
| sendmail at least separate out the submit config from the rest of
| the configuration. Also you would be insane to try this without
| fail2ban or something similar. Postfix does a reasonable job of
| handling attackers but it does so quietly -- so you may not see
| the activity.
| johnea wrote:
| Actually, full strength virtual (multi-domain) email hosting is
| also quite doable.
|
| This is a great guide that's been used and updated for many
| years:
|
| https://www.purplehat.org/?page_id=1450
|
| Once hosting email for yourself, you may want to add new project-
| specific domains, or host email for friends and family. The
| database user accounts actually make it easier to add and remove
| users after the system is up and running.
|
| This Purplehat guide provides a step by step procedure that's
| allowed many people and orgs to bring self-hosted email online...
| sam_lowry_ wrote:
| (had to dug my comment from under a flagged parent)
|
| I self-hosted for well over 20 years, I did not throw the towel
| and I do not plan to. Self-hosting is a sign of pride. Neither my
| government nor my Prime Minister nor even my Ministry of Interior
| or Foreign Ministry can host their own email.
|
| Last time I checked, only State Security self-hosted.
|
| I was probably lucky, but I rarely had delivery problems. The
| last one was a couple years ago with Microsoft swallowing my
| emails and it was due to the combination of a fairly old exim and
| a TLS certificate verification quirk at *.protection.outlook.com.
| I found a fix in the form of a configuration option somewhere on
| SO.
|
| In all fairness, there is very little maintenance involved, and
| whenever I have to do maintenance work, I take the opportunity to
| learn something new. Like this year, I decided to finally replace
| my aging Debian jessie setup by Arch Linux, and I rewrote all
| cron jobs as systemd timers.
|
| I must admit that when I send a really important email, I check
| the mail server log if it went off without errors, but this does
| not bother me as checking logs manually once in a while is a good
| thing anyway.
|
| Lastly, a piece of advice: treat self-hosting like a hobby and
| learn to enjoy it.
|
| Oh and the very last thing: the person who designed Exim
| configuration for Debian deserves a special place in hell for all
| the hours wasted. If you set up Exim on Debian, just figure out
| how to use the upstream exim config and adapt it to your needs.
| Xenoamorphous wrote:
| > I decided to finally replace my aging Debian jessie setup by
| Arch Linux, and I rewrote all cron jobs as systemd timers.
|
| Man, I wish I had 1% of the motivation I had 20 years ago to do
| something like this, before all the full time job, wife and
| child.
| xandrius wrote:
| Stuff to keep you busy is always there, you can control what
| you spend the rest of the time on.
| hmng wrote:
| My first email usage was at University, pre-WWW. After that I
| briefly used some ISP email service, but that was on a time of
| very limited storage and POP only accounts, so I started
| hosting my own email even before having an always-on internet
| connection, using a relay and dynamic DNS to receive email when
| online. Now a days, I use a small VPS to route and receive
| email, but final destination and storage is on my home server.
| Over the years, I had, like others here, to ask Outlook and
| other providers to unblock my IP or domain, but it has been
| rare.
|
| I really don't want to live in a world where only two or three
| companies run email for the entire world, and this is my little
| act of resistance.
| Krei-se wrote:
| Configure the dmarc reports, they tell you a lot and
| automatically why someone swallowed your mail.
| mey wrote:
| > treat self-hosting like a hobby and learn to enjoy it.
|
| This is why I have stepped away from a lot of my self hosting.
| I have turned my attention/time elsewhere. Apparently though
| the time/money balance is shifting a bit again, so it may be
| worth it to go back.
|
| My biggest hesitance to self hosting email specifically is
| dealing with spam. What does that look like these days and do
| you have any pointers to share?
| elgaard wrote:
| I have been self-hosting for about 25 years. I remember the
| protection.outlook.com issue. Once there was an issue with a
| bank that tried to do encryption, but used an expired
| certificate. But once I told them what the problem was, and
| that it was a problem for paying customers, they actually fixed
| it.
|
| Being able to check the server log can be very useful. E.g. to
| tell someone that their mail was delivered to a served using
| their domain name, with that IP-address at that time.
| stebalien wrote:
| I used to do this. What finally killed it wasn't reputation, it
| was the fact that I needed 100% uptime or risk losing messages,
| getting my address blacklisted, etc. Email is supposed to be
| resilient to down time (retries, trying each MX record, etc.) but
| I found that large mail providers tend to just bounce and walk
| away.
|
| Worse, GitHub (back in 2016 and 2018) would mark a recipient as
| "unavailable" after a single bounce, refusing to send any more
| notifications to that address. They since improved the situation
| and their support was actually very helpful and responsive here,
| but it's pretty clear that modern SMTP senders have an
| expectation that recipients will be "always online" that didn't
| exist when the protocol was invented.
| logifail wrote:
| > it was the fact that I needed 100% uptime or risk losing
| messages
|
| Q: If your server(s) is/are offline for a few hours, why would
| you "lose messages"?
|
| I've just checked my own email server -> "up 219 days"
|
| Honestly, compared with the stuff we do all day, this is _not
| hard_...
| toast0 wrote:
| > Q: If your server(s) is/are offline for a few hours, why
| would you "lose messages"?
|
| They said...
|
| >> Email is supposed to be resilient to down time (retries,
| trying each MX record, etc.) but I found that large mail
| providers tend to just bounce and walk away.
|
| I take that to mean that if your server isn't availble to
| receive the mail at the time it is first offered, it won't be
| retried later. That wasn't the case (for most mail) when I
| gave up on self hosting 10 years ago, but it's plausible.
| Krei-se wrote:
| It's not reasonable. Mail not deliverable is not the same
| as house burned down, recipient moved unknown or sth, it
| simply means the letter was not received. Who and why
| messed up is unknown, thus NO mail server will mark you
| down after a single attempt.
|
| Host your own!!
| toast0 wrote:
| Reasonable and plausible are different things. I wouldn't
| be surprised if some outgoing servers just never get
| around to sending retries.
| Krei-se wrote:
| This is fearmongering. My mails always got resent after some
| hours or a day. It's absolutely NOT possible to tell if the
| problem is on your side, senders side or somewhere in between
| why a mail is not delivered once and no standard server config
| would simply toss it.
|
| Host your own mail. I get 99% deliverability with 0 repuation
| since i do dkim and spf correct.
|
| Don't be distracted by the "complexity" - if you config right
| it's totally doable.
|
| Gives you actual private caldav too btw
| jasode wrote:
| _> I get 99% deliverability with 0 repuation since i do dkim
| and spf correct._
|
| Your anecdote of success doesn't matter to the others that
| correctly configured DKIM/SPF and still don't get their
| emails delivered to Gmail/Outlook/Yahoo/etc. E.g. :
| https://news.ycombinator.com/item?id=32715437
|
| One of the reasons for hard-to-diagnose sending failures is
| that Gmail/Outlook have "extra invisible rules" that override
| correct DKIM/SPF settings _because spammers and phishers also
| have correct DKIM /SPF_. So they use extra heuristics such as
| "ip reputation" etc.
|
| And even after one gets it working, e.g. "submit some form"
| to Microsoft and wait a few days to get things unblocked...
| the _deliverability may break again because of another
| "invisible heuristic"_.
| dijit wrote:
| I have a feature (called greylisting) whereby my server
| intentionally rejects the first mail it receives from a domain.
|
| I have never had anyone claim that their mail has not been
| delivered to me, and I get a lot of mail.
|
| Retry is built in to the spec, and if you're really worried you
| can put a second "receive" SMTP server on the internet with a
| lower priority, and have it backhaul with LMTP.
|
| ------
|
| Email was designed in a time where hosts were not perpetually
| connected to each other.
| pjmlp wrote:
| More like 1994 thereabouts, in 1984 most of us would be very
| lucky to have a dial up connection to the local BBS, under local
| phone call price rates.
| donio wrote:
| Not even that, Postfix didn't exist in 1994. This is a 2025
| mail server setup and about as vanilla as it gets.
| rascul wrote:
| What's the "like it's 1984" part?
| reaperducer wrote:
| _What 's the "like it's 1984" part?_
|
| Maybe there's a sleep() command in there so that it takes six
| days to send an e-mail from upstate New York to Sweden?
|
| Because I can tell you that's how long it took in 1984.
| kinotoko wrote:
| For anyone interested in getting a mail server, I can really
| recommend Michael W. Lucas' Run Your Own Mail Server
| pluc wrote:
| Ars wrote a pretty good series about self-hosting emails back in
| (gasp!) 2014: https://arstechnica.com/information-
| technology/2014/02/how-t...
| clueless wrote:
| in terms of a good self hosted email client, in this day and age,
| I'm looking for great AI integration. I.e. are there good open
| source projects that come packaged with a locally hosted LLM
| integration?
| andai wrote:
| There was a blog posted to HN years ago describing a self hosted
| email setup in detail, and this was indeed the main issue.
| Everyone he emails is on a small number of big companies, and
| most of them don't like his server.
|
| "After self-hosting my email for twenty-three years I have thrown
| in the towel"
|
| https://news.ycombinator.com/item?id=32715437
|
| https://cfenollosa.com/blog/after-self-hosting-my-email-for-...
| supz_k wrote:
| Self Plug-in: We are currently beta testing Hyvor Relay [0], a
| self-hosted alternative for sending emails. We are focusing more
| on observability (monitoring DKIM/SPF, periodically querying
| DNSBLs) and DNS automation.
|
| A simple docker compose up can get a reasonably working setup [1]
|
| [0]https://github.com/hyvor/relay
| [1]https://relay.hyvor.com/hosting/deploy-easy
| Krei-se wrote:
| I have a writeup in german about self-hosting current and with
| debian trixie on https://krei.se/Doc
|
| If you do it yourself and do it correct it's a pleasure. I have
| automatic updates with automatic reboot, tailored systemd to make
| sure all is well and status reports per mail - total bliss, easy
| 2-3 years, with trixie now even 5 until you have to touch it
| again.
|
| It's mature software.
|
| Host yourself! The peace of mind and control is totally worth it.
| drnick1 wrote:
| I think the following is a better guide for someone looking for a
| complete setup that includes an IMAP server and that can be used
| with regular email clients like Thunderbird:
|
| https://workaround.org/ispmail-bookworm/
|
| I set up my own server more or less following the above guide,
| but eschewed the database in favor of plain text files. I wanted
| to keep things simple since I am the only user, but the above
| guide should scale to big enterprise setups.
| jeduardo wrote:
| I also use this guide, but I switched it to PostgreSQL instead.
| The recent upgrade to Trixie brought a new Dovecot with
| breaking changes to its configuration. That was a bit of a pain
| to resolve, but everything is working fine now.
| 1-6 wrote:
| I'm interested in doing something like this and connecting it to
| an AI agent. My autoreply to spam could either an unsubscribe or
| ignore.
| justahuman74 wrote:
| What do people do about PTR records on residential addresses?
| talkingtab wrote:
| I personally believe it is worth exploring the idea of a
| different email realm for communities. The concept is pretty
| simple. Don't accept email from gmail, microsoft, hotmail or any
| other non-community member. Community members don't spam, don't
| send email in bulk and have reputation.
|
| It is funded by pay-per-transgression. If you are a community
| member and someone receives unwanted email your reputation
| suffers. If you are gmail, et al you have to pay for each email
| sent & received.
|
| Someone once wrote (let me know if you know the source) that
| users are not the customer, because they don't pay. It is
| advertisers who are the real email customers. This has resulted
| in a business model where users are prey animals. This is upside
| down and probably cannot be fixed without a hard fork.
|
| I don't mean this is a good idea, or implementation. But I think
| it is a good direction.
___________________________________________________________________
(page generated 2025-10-04 23:00 UTC)