Re: OT: "domain-level" email hosting services?
Nathan Stratton Treadway wrote: > On Sat, Oct 23, 2021 at 09:55:12 -0400, Ofer Inbar wrote: > > I run postfix on a cheap cloud-hosted linux instance. That does mean > Do any of you have specific recommendations for cheap cloud providers > who don't mind customers running their own mail servers on the VMs? The > first couple cloud providers I looked at (e.g. Digital Ocean) seem to > discourage that (and actually mention that SMTP traffic is blocked on > their networks, though I didn't dive in to figure out the details of > what is blocked), so it didn't seem like those we be a good fit for what > I'd be trying to do My primary MX is in fact on a digitalocean droplet. Multiple domains, but quite low volume. I haven't noticed them blocking anything. -- Cos
Re: OT: "domain-level" email hosting services?
On Fri, Oct 22, 2021 at 08:43:02PM -0400, Nathan Stratton Treadway wrote: > So on the theory that there are likely to be other users of advanced > email-server functionality among the Mutt folks, I thought I would ask > here to see if anyone has recommendations for mail hosting services > that target neither "consumer" nor "enterprise" clients, but somewhere > in the middle (and which play nicely with Mutt and other IMAP > clients)? > > For example, a service that allows unlimited "aliases" for a set of > domains, pointing to a handful of "user mailboxes" which actually > receive email? Possibly of interest: https://drewdevault.com/2020/06/19/Mail-service-provider-recommendations.html >From that post, Drew's recommendations are: - https://www.migadu.com/ - https://mailbox.org/en/ Alternatively, the following may do what you need. It's a while since I checked, so some of the below may be out of date. Also, I have not used all these services, so in some cases all I have to go on are notes from when I last researched email hosting. - https://www.dreamhost.com/products/email/ - https://kolabnow.com (at least under their "Group" service) - https://www.neomailbox.com - https://novo-ordo.com - https://www.infomaniak.ch - https://runbox.com Good luck! -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
Re: OT: "domain-level" email hosting services?
On Sat, Oct 23, 2021 at 02:28:43PM -0400, Nathan Stratton Treadway wrote: On Sat, Oct 23, 2021 at 10:04:57 -0400, Patrick Shanahan wrote: I have done the same for >20 years. but I do use relays for quite a bit. Relaying outgoing email (i.e. what I sent out from Mutt running at home) via my ISP's "submission"/port 587 service seems straightforward. If you are going to continue running an inbound mail server but are losing your ISP for outgoing mail I've had good experience with SMTP2GO. My outgoing volume is small and they have a free service for upto 1000 messages/month. They also say they will slow down delivery if you send more than 25 messages/hr. But I weekly send a notice to 40+ club members and have never noticed any slow down. Jon -- Jon H. LaBadie j...@labadie.us 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)
Re: OT: "domain-level" email hosting services?
On Sat, Oct 23, 2021 at 06:15:35PM +0200, Jens John wrote: > On Sat, 23 Oct 2021, at 16:21, Bastian wrote: > > The stack I use is exim, spamassassin, dovecot on debian > > stable since ~2006. > > If somebody would set something up new today, I would recommend the following > 3-piece software stack: > > 1. postfix as the SMTP server and Let's Encrypt for a proper validated host > SSL certificate > > 2. dovecot as the IMAP mailbox server > > 3. rspamd as the "policy engine". It can validate incoming SPF, > DKIM, DMARC and ARCs which are all current best practice among the > commercial email hosts, and it also can apply DKIM signatures and > ARC seals to outgoing mail in a standards compliant way. The usual > spam learning techniques are all implemented in rspamd, and it can > interface with spamassassin, clamav etc as well. rspamd is very useful > to prevent the piling up of different milters in postfix which work > all differently. Thanks. I didn't realise that rspamd did all that. For anyone using Let's Encrypt / certbot for their mail server certificate, I'd like to throw in a shameless plug for a little program I wrote that makes it easy to properly implement DANE (DNS-Based Authentication of Named Entities), which is supported by both Postfix and Exim. It's at https://github.com/raforg/danectl DANE makes it possible for a mail server administrator to let other mail servers know in advance, not only that encryption is supported, but also precisely which key will be used, thus making it possible to eliminate man-in-the-middle attacks between mail servers (as long as the other mail servers are DANE-aware). It's like MTA-STS except that it's good. You do need DNSSEC for your domain as a prerequisite, but that has become incredibly easy these days (e.g., one extra line of Bind9 config in Debian stable, or a checkbox in Google's Cloud DNS service). Even if you don't have DNSSEC or want this for your own mail server, I'd recommend running a local DNSSEC-validating DNS resolver on your mail server (e.g., Bind9, Unbound), and enabling the client-side of DANE-awareness in your mail server. You'd need /etc/resolve.conf to look like this: nameserver 127.0.0.1 options trust-ad For Postfix, you'd need this in main.cf: smtp_dns_support_level = dnssec smtp_tls_security_level = dane For Exim, you'd need: dns_dnssec_ok = 1 remote_smtp: hosts_try_dane = * cheers, raf
Re: OT: "domain-level" email hosting services?
On Sat, Oct 23, 2021 at 02:22:18PM -0400, Nathan Stratton Treadway wrote: > On Sat, Oct 23, 2021 at 09:55:12 -0400, Ofer Inbar wrote: > > I run postfix on a cheap cloud-hosted linux instance. That does mean > > Thanks all (Ofer, Bastian, raf, etc.) for this suggestion -- I tend to > agree with you that giving up access to the mail server logs would be a > big loss over my current setup. > > Do any of you have specific recommendations for cheap cloud providers > who don't mind customers running their own mail servers on the VMs? The > first couple cloud providers I looked at (e.g. Digital Ocean) seem to > discourage that (and actually mention that SMTP traffic is blocked on > their networks, though I didn't dive in to figure out the details of > what is blocked), so it didn't seem like those we be a good fit for what > I'd be trying to do > > > Nathan I use OVH. Unlike AWS/EC2, OVH gives you virtual console access, so any problems with booting the VPS can be investigated and solved. Their only restriction (if I remember correctly) is that you must not do any port scans or anything illegal from their VPSs. Advice: If your IPv6 address ever gets added to an RBL because the RBL refuses to accept that IPv6 addresses can be assigned individually, and someone nearby is sending spam, you set can set "smtp_address_preference = ipv4" in Postfix's main.cf to only use the IPv4 address to send email (while still allowing the IPv6 address to be used to accept mail). I had to do that because another OVH customer is presuably sending spam. By the way, a good tutorial for setting up postfix and all the addons can be found here: https://www.linuxbabe.com/mail-server/build-email-server-from-scratch-debian-postfix-smtp There are 12+ parts to it. I used it for setting up SPF/DKIM/DMARC. The rest is probably good too. cheers, raf
Re: OT: "domain-level" email hosting services?
* Nathan Stratton Treadway [10-23-21 14:30]: > On Sat, Oct 23, 2021 at 10:04:57 -0400, Patrick Shanahan wrote: > > I have done the same for >20 years. but I do use relays for quite a bit. > > Relaying outgoing email (i.e. what I sent out from Mutt running at home) > via my ISP's "submission"/port 587 service seems straightforward. > > Do you also use "relays" for e.g. collecting messages arriving in from > the Internet, or anything like that? no, fetchmail and procmail I do use relays for mail originating on the 7 other boxes in my local net. the server provides outgoing mail path for the clients. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.orgopenSUSE Community Memberfacebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode
Re: OT: "domain-level" email hosting services?
On Sat, Oct 23, 2021 at 10:04:57 -0400, Patrick Shanahan wrote: > I have done the same for >20 years. but I do use relays for quite a bit. Relaying outgoing email (i.e. what I sent out from Mutt running at home) via my ISP's "submission"/port 587 service seems straightforward. Do you also use "relays" for e.g. collecting messages arriving in from the Internet, or anything like that? Thanks. Nathan
Re: OT: "domain-level" email hosting services?
On Sat, Oct 23, 2021 at 09:55:12 -0400, Ofer Inbar wrote: > I run postfix on a cheap cloud-hosted linux instance. That does mean Thanks all (Ofer, Bastian, raf, etc.) for this suggestion -- I tend to agree with you that giving up access to the mail server logs would be a big loss over my current setup. Do any of you have specific recommendations for cheap cloud providers who don't mind customers running their own mail servers on the VMs? The first couple cloud providers I looked at (e.g. Digital Ocean) seem to discourage that (and actually mention that SMTP traffic is blocked on their networks, though I didn't dive in to figure out the details of what is blocked), so it didn't seem like those we be a good fit for what I'd be trying to do Nathan
Re: OT: "domain-level" email hosting services?
On Sat, 23 Oct 2021, at 16:21, Bastian wrote: > The stack I use is exim, spamassassin, dovecot on debian > stable since ~2006. If somebody would set something up new today, I would recommend the following 3-piece software stack: 1. postfix as the SMTP server and Let's Encrypt for a proper validated host SSL certificate 2. dovecot as the IMAP mailbox server 3. rspamd as the "policy engine". It can validate incoming SPF, DKIM, DMARC and ARCs which are all current best practice among the commercial email hosts, and it also can apply DKIM signatures and ARC seals to outgoing mail in a standards compliant way. The usual spam learning techniques are all implemented in rspamd, and it can interface with spamassassin, clamav etc as well. rspamd is very useful to prevent the piling up of different milters in postfix which work all differently.
Re: OT: "domain-level" email hosting services?
On 23Oct21 09:55-0400, Ofer Inbar wrote: > I run postfix on a cheap cloud-hosted linux instance. That does mean > I sometimes have to deal with deliverability issues which can be annoying. > However, I've searched for a more fully managed email hosting service > that would let me see my logs, including logs of attempts to connect > to deliver to my domain(s), and I don't think such a thing exists. > I value the ability to tail -f my mail server logs enough to make it > worth it to me to run my own server. Same/similar here. The biggest issue for me was when the big players demanded SPF and DKIM. That was around 6-8 yrs ago if I'm not mistaken. There are tools on the net which can verify your setup, e.g. mailtester [0]. That was very helpful at that time. Other than that, I never had troubles [1]. Outgoing mails mostly end up in graylisting, but that's acceptable. The stack I use is exim, spamassassin, dovecot on debian stable since ~2006. In addition to the reasons above, I also learned a lot about how email works and I was able to tweak exim config in a way which is only possible on a self hosted system. 0: https://www.mail-tester.com 1: My VM got hacked just after I started it due to a vulnerability in exim. Lesson learned: Read debian-security mailing list and keep system updated! But I was still young and re-installed everything. -- Bastian
Re: OT: "domain-level" email hosting services?
* Ofer Inbar [10-23-21 09:56]: > I run postfix on a cheap cloud-hosted linux instance. That does mean > I sometimes have to deal with deliverability issues which can be annoying. > However, I've searched for a more fully managed email hosting service > that would let me see my logs, including logs of attempts to connect > to deliver to my domain(s), and I don't think such a thing exists. > I value the ability to tail -f my mail server logs enough to make it > worth it to me to run my own server. I have done the same for >20 years. but I do use relays for quite a bit. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.orgopenSUSE Community Memberfacebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode
Re: OT: "domain-level" email hosting services?
I run postfix on a cheap cloud-hosted linux instance. That does mean I sometimes have to deal with deliverability issues which can be annoying. However, I've searched for a more fully managed email hosting service that would let me see my logs, including logs of attempts to connect to deliver to my domain(s), and I don't think such a thing exists. I value the ability to tail -f my mail server logs enough to make it worth it to me to run my own server. -- Cos
Re: OT: "domain-level" email hosting services?
On Fri, Oct 22, 2021 at 08:43:02PM -0400, Nathan Stratton Treadway wrote: > I've always just run my own (Linux) email server locally in my home > office, but my current Internet service is soon going to be going away > and I was wondering if it would make sense to move to some sort of > mail-hosting company as part of reorganizing my network setup. > > So on the theory that there are likely to be other users of advanced > email-server functionality among the Mutt folks, I thought I would ask > here to see if anyone has recommendations for mail hosting services that > target neither "consumer" nor "enterprise" clients, but somewhere in the > middle (and which play nicely with Mutt and other IMAP clients)? > > For example, a service that allows unlimited "aliases" for a set of > domains, pointing to a handful of "user mailboxes" which actually > receive email? > > Or alternatively some service that queues incoming Internet mail for my > domains and then allows the queued email to be fetched by my local mail > server for local delivery (thus avoiding having an open SMTP port on my > home connection to the Internet)? > > (I currently host a few domains and deliver mail to ~5 users via hundreds > of aliases) > > Thanks for any ideas I should consider. > > Nathan A cheap virtual private server running postfix, dovecot, amavis, spamassassin or rspamd, postfix-policyd-spf-perl, OpenDKIM, and OpenDMARC will do the trick if you don't mind the hassle of setting everything up. :-) cheers, raf
Re: OT: "domain-level" email hosting services?
Nathan Stratton Treadway wrote: > I've always just run my own (Linux) email server locally in my home > office, but my current Internet service is soon going to be going away > and I was wondering if it would make sense to move to some sort of > mail-hosting company as part of reorganizing my network setup. It could be worth it. I've run my own mailservers for the last couple of decades, and it keeps becoming more of a pain in the ass as the 900-lb gorillas of the email world impose arbitrary new restrictions in the name of anti-spam. > here to see if anyone has recommendations for mail hosting services that > target neither "consumer" nor "enterprise" clients, but somewhere in the > middle (and which play nicely with Mutt and other IMAP clients)? Yes, there are a number out there. The specific ones I'd recommend are way out of date, but look for ones running "vmailmgr" by Bruce Guenter. They tend to be technically savvy and give you full control over the way email is handled for the domain -- it's not just a catchall POP/IMAP account. > For example, a service that allows unlimited "aliases" for a set of > domains, pointing to a handful of "user mailboxes" which actually > receive email? This is easy with vmailmgr. Charles -- --- Charles Cazabon GPL'ed software available at: http://pyropus.ca/software/ ---
Re: OT: "domain-level" email hosting services?
On Fri, Oct 22, 2021 at 08:43:02PM -0400, Nathan Stratton Treadway wrote: I've always just run my own (Linux) email server locally in my home office, but my current Internet service is soon going to be going away and I was wondering if it would make sense to move to some sort of mail-hosting company as part of reorganizing my network setup. So on the theory that there are likely to be other users of advanced email-server functionality among the Mutt folks, I thought I would ask here to see if anyone has recommendations for mail hosting services that target neither "consumer" nor "enterprise" clients, but somewhere in the middle (and which play nicely with Mutt and other IMAP clients)? For example, a service that allows unlimited "aliases" for a set of domains, pointing to a handful of "user mailboxes" which actually receive email? Or alternatively some service that queues incoming Internet mail for my domains and then allows the queued email to be fetched by my local mail server for local delivery (thus avoiding having an open SMTP port on my home connection to the Internet)? (I currently host a few domains and deliver mail to ~5 users via hundreds of aliases) Thanks for any ideas I should consider. Take advantage of hosting sales (such as Hostgator currently is running) and set up a mail system on a shared host. Cheap and reliable; a wealth of features, but easy to set up. Then use getmail to download mail to your local machine where you run Mutt. RLH -- How should one chase a thousand, and two put ten thousand to flight, except their Rock had sold them, and the Lord had shut them up? - Deuteronomy 32:30
OT: "domain-level" email hosting services?
I've always just run my own (Linux) email server locally in my home office, but my current Internet service is soon going to be going away and I was wondering if it would make sense to move to some sort of mail-hosting company as part of reorganizing my network setup. So on the theory that there are likely to be other users of advanced email-server functionality among the Mutt folks, I thought I would ask here to see if anyone has recommendations for mail hosting services that target neither "consumer" nor "enterprise" clients, but somewhere in the middle (and which play nicely with Mutt and other IMAP clients)? For example, a service that allows unlimited "aliases" for a set of domains, pointing to a handful of "user mailboxes" which actually receive email? Or alternatively some service that queues incoming Internet mail for my domains and then allows the queued email to be fetched by my local mail server for local delivery (thus avoiding having an open SMTP port on my home connection to the Internet)? (I currently host a few domains and deliver mail to ~5 users via hundreds of aliases) Thanks for any ideas I should consider. Nathan
