Hi guy, Setting up a working MX and keeping it working is more painful than it should be but it is doable. One of the issues is that the other servers add custom restrictions over the standard to try and fight back against spammers, scammers etc. Keeping up to date with all the custom restrictions can be tedious.
A proper DKIM & SPF setup is more or less mandatory nowadays, I am working to make DKIM support a bit better in james (make it easier to support DKIM for multiple domains, possibly make DKIM applied automatically if domain certificates are configured) You can use dmarcian.eu's free tier to make sure your setup (DKIM/SPF) is correct and is properly aligned with your envelope from domain name. If you have some forwarding rules, you should adjust your mailetcontainer.xml to make sure you don't sign forwarded emails if you don't also rewrite the sender. Implementing the [ARC protocol](https://www.rfc-editor.org/info/rfc8617) for authenticated forwards is on my TODO list, but I haven't started yet. Having proper PTR records (reverse DNS records that point your IP to your domain) are also a good practice required by many, especially when you start having regular volume. You also need to keep an eye on the black lists providers, making sure you IP doesn't make it into one of the spam black list (investigating how ipv6 is managed is on my TODO list) you can use https://mxtoolbox.com/blacklists.aspx or any one of the numerous services offering this check. In France, some providers are known to be very conservative, borderline paranoid with incoming emails. Orange, SFR, Laposte are notorious "bad" actors in that regard, with sometimes completely unreasonable rate limits and no way to get in touch to negotiate rate limit adjustment except managing to organize a massive name and shame campaign on social networks (this was done a couple years ago by a non profit operating a rather large mailing list service which was having deliverability issues) If you do run an MX exposed to the internet, I strongly suggest using some kind of fail2ban protection, either using fail2ban itself and driving your server's firewall or using the apache james Crowdsec extension which is available in james repository. The internet is NOT a nice place. I use the crowdsec extension and I can see massive scan or bruteforce attempts. I have pretty strong ban rules but I still see a couple IPs that attempt very very slow bruteforces (~1 attempt per hour !) With regard to the OS, Windows or linux are not really relevant to running an MX/MTA server such as james. Stats seem to indicate that Linux is more commonly used for servers exposed on the internet so developpers and ops are more likely to be familiar with working with linux but linux is by no means mandatory to run james. Cheers Jean On Fri, Mar 14, 2025 at 2:47 AM <guy.tremb...@welnx.com> wrote: > Hi Ilya, > > Thank you for the info. I feel vindicated in the scarcity of email server > options. > Your discussion of different options is most interesting, indeed James > remains the way to go. > > I did not get bounce mails, and James is very fast indeed. I am concerned > about bounce due to the other issues I had mentioned but probably it is > okay. > Of the setup list the only one I did not implement is PTR record. Is it > important? > But for windows I am still not convinced, I may perhaps setup a Linux > system in the future. > > Kind regards, Cordialement, > Guy > > -----Original Message----- > From: Ilya Terskov <prosgar...@gmail.com> > Sent: March 13, 2025 8:29 PM > To: James Users List <server-user@james.apache.org> > Subject: Re: Setting your own Email server, is it a good idea after all? > If NO yet you do it; well then James is the best option compared to other > not so good options!?!?!! > > Hi there. I set up one server on windows 10 just my own home pc, also try > on windows server 2022, gentoo linux, ubuntu linux, work completely fine > even on windows, to start on windows startup u need use scheduler with > other user to make it start even if u dont login to system. Also if your > mails dont go to gmail or any other mail service then something from this > list: > SFP > DMARC > DKIM > Certificate > PTR record > IP in spamlist > > Not setup correctly. Because when i done configuring everything going fast > to any mail services and never get to Spam. > > I found only 4 really good options for setup your free self hosted mail > server: > Stalwart > Carbonio/Zimbra > Citadel > Apache James > > Any other options or not free with limits or just another > dovecot/sendmail/heraka solution > > Stalwart about 3 years old and authors says its not exactly production > solution cuz they change many things when it comes to 1.0 version (0.15 > now) Carbonio Zimbra oh god that not exactly mail server more like > collaboration suite and its too complex and even that its just dovecot > inside etc... > Citadel pretty solid... But developing for now rly slow and if u see webui > u sure sont like it... Its good but functional a little outdated. > James have all u need mostly crop address book which dont about mail > server exactly but citadel, carbonio and stalwart have this function... > James have everything most ppl need in modern mail server. > James lightning fast - mail from gmail comes in about 2+- seconds. > But what i rly like in james - it have API, with that u can make and > develop on top of it anything u need. > Yes cons here - no webui, no WebMail. > But from all in one mail server solutions that most matured, stable and > powerhouse thing u can find in open source world and even mostly in not > free and open too. Microsoft exchange too complex and without active > directory not functional and EOL in this year :) So yes james rly good, > w8ing for 3.9, have now 3.8.2 and happy. > Sir Benoit i want 3.9 >_< > > пт, 14 мар. 2025 г., 06:39 <guy.tremb...@welnx.com>: > > > Hi Jamers, > > > > > > > > I have setup my own Apache www server under Windows 11 serving my > > small business web pages. Then at that moment I also made the decision > > to setup my own email server. I thought to myself: Ah this is going to > > be EASY. right? > > > > > > > > Searching for it I realized there weren't that many options and the > > options seemed awkward and underwhelming. I opted for James that > > looked the most serious and apt for my needs. It was tough to setup, but > it worked. > > > > > > > > The email was tough to get through at first but setting up DKIM and > > the certificates were instrumental. So I thought: well this works fine > > but somethings amiss. > > > > > > > > I start James inside a batch file in a command prompt windows within a > > Windows 11 session which starts at startup. So, it's a bit 'shaky' I'd > say. > > (Windows less than ideal for that purpose) (issue #1) > > > > > > > > Then Gmail won't accept the IMAP from James it seems and email clients > > are finnicky with it (why?). > > > > > > > > I do use Outlook on my phone, but I don't receive notification from > > the emails sent to my James server on my phone (actually, sometimes I > > do, but not always !!) (issue #3). > > > > > > > > . > > > > > > > > Then okay well this works after all, but what is my next move, and > > what going on? Stay with James or what? If I stay with James, what > > should I do to make it rugged and reliable 100%? What will I do when I > > hire employees? > > > > > > > > Needs to be stable and rugged. > > > > > > > > THEN I read THIS on Reddit: > > > > > > > > "As some one who has done self-hosted email for personal and small > > biz, its basically all cons... Its seems like a great idea, having > > unlimited free email addresses for all your domains. Its not *that* > > hard to set up as well. > > The issue is the big email providers are basically set up like the > > email mafia. Mail to gmail and outlook go spam. You think you have > > solved the issue, then a new recipient informs you mail in going to > > spam now. You spend hours to days trying to figure out why, and how to > > fix it. Now rinse are repeated every few months. You also have to > > figure out if the IP (range) you can use is already blacklisted. Most > > VPS and consumer/small biz ISP are. > > It's a massive pain the ass and not worth it unless you need 100's of > > emails address or require that level of security. 1/10, would not > > recommend it. > > Pony up the few bucks to gmail to get a reliable email and great > > WebClient." > > -- > > > > https://www.reddit.com/r/selfhosted/comments/107iodp/self_hosted_email > > _serve > > r/ > > <https://www.reddit.com/r/selfhosted/comments/107iodp/self_hosted_emai > > l_server/> > > > > > > > > That explains it all. James is not a temporary solution, but one of > > the best solutions to the ridiculous problem of email access that's > > not "Big Corporate". > > > > > > > > So, my questions (any thoughts welcomed though): > > > > > > > > * If I want to enable James in a manner that is as stable and > robust > > as can be (not in a silly command prompt window at startup) and robust > > (will receive outlook notifications and never in spam box, etc.), what > > is the best approach to implement? > > > > * Switch to Linux? If so which Linux? > > * > > * What are my options really for stable, sustainable email? > > * > > * Do you get emails sent to spam from your James > > > > * I actually have not seen this issue since setting up DKIM and > > certificates, but who knows.. > > * > > > > * Alternatively, should I pay for an email service, if so which > one? > > > > * > > > > > > > > Kind regards, Cordialement, > > > > Guy > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org > >
