I have a raspberry pi running postfix. I Realised unless I open port 25 I absolutely cannot receive emails (I have 587 open and can send but not receive them). However I heard there are scaries online which someone could potentially send emails from your server without consent. I believe as well my ISP doesn’t block port 25. Is there anything I should do right now before opening port 25, or should everything be safe enough?
Ideally, don’t. Self-hosting email is complicated, easy to get wrong (and dangerously wrong, where people could use your server as an open relay and send spam).
That said, if you really want to, make sure you’re not accepting email except for what’s destined for you. There are a bunch of postfix best-practice guides out there that can be easily found with a Google search. I don’t host my own email, so I can’t vouch for any.
Agreed. I used to host email professionally and would not recommend managing your own mail server. It will constantly be under attack by spammers and if the inbox email address is exposed at all, soon 90% of incoming mail will be spam and you’ll need antispam software to filter it.
And even if you do everything 100% right, your emails will mostly get flagged as spam if not outright blocked anyway. Esp. if you’re using a residential IP.
friends dont let friends host email. its just become too top heavy (complexity-wise) if you want it to be fully functional and secure.
How can I have reliable email that I can control, then?
Buy your own domain name and put it in front of someone else’s service. This is going to be a ton of work to do correctly and you’re unlikely to be able to host it out of your house.
Also, something you’re running off a Raspberry Pi in your house is not going to meet most definitions of ‘reliable’.
What “someone else’s service” would you recommend?
Personally I’d probably go with MS hosted exchange or a Google business account. If you don’t trust those entities I’ve heard good things about ProtonMail - I imagine they have some kind of business solution.
Google and MS are the entities you’d definitely want to keep your data away from, no thanks. And Proton doesn’t work with normal mail clients, which is kind of a dealbreaker. I remember seeing a comparison chart somewhere with an assortment of other services.
Mango mail, porkbun, proton mail
Each does a slightly different niche.
Mango is cheap, but limits outbound mail. Porkbun has a good all-around mail service, bit is a little more costly. Proton is very secure, but can be inconvenient for export (though it can be done, it requires purchase of a month of business service to export away from them).
There’s mailbox.org for example
If you own your domain name, then you can use any email service and still have control over it and move around if needed.
100% agreed. It’s well worth outsourcing to someone else for $10/mo versus the amount of work it takes to do it well unless you’re a large business.
I’d make this argument for DNS too - a lot of work for how easy it is to pay someone else to handle it.
Avoid being an open relay indeed. Some background information : https://www.postfix.org/SMTPD_ACCESS_README.html#relay But with the defaults in postfix you should be fine unless you made a lot of changes and made a mistake in it.
IMHO a RasPi is just not reliable enough. Your internet connection is just not reliable enough. You are going to lose some of your incoming mail and NOT notice it, unless you have somebody who hosts a secondary MX for your domain.
Chances are also that it’s not powerful enough when some of these automated attacks come knocking.
You can check for being an open relay with tools like this one: https://mxtoolbox.com/diagnostic.aspx
Thank you so much! It just tested it for me
If you follow the ISPMail guide at https://workaround.org/ you’ll be safe.
I heard there are scaries online which someone could potentially send emails from your server without consent
That’s called an open relay and websites like https://mxtoolbox.com/diagnostic.aspx can test for it.
Either way your biggest issue won’t be that, if you’re running on a residential internet connection the IP is already flagged as such and will have a very low reputation with other e-mail providers causing Microsoft, Google and any other large provider will simply refuse your email. You’ll also need reverse DNS for your IP pointing at the domain you’re using that your ISP is most likely not going to provide.
What do you mean reserve DNS?
Pretty sure they meant reverse dns :)
Yes, reverse DNS. Typo there.
Hi, I recommend you read the book “Run Your Own Mail Server”. The fact that a book exists for this topic is all the proof you need to not do this decision. But if you absolutely must, this is the way.
🤣
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System IMAP Internet Message Access Protocol for email IP Internet Protocol RPi Raspberry Pi brand of SBC SBC Single-Board Computer SMTP Simple Mail Transfer Protocol TCP Transmission Control Protocol, most often over IP VPS Virtual Private Server (opposed to shared hosting)
7 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.
[Thread #705 for this sub, first seen 22nd Apr 2024, 19:05] [FAQ] [Full list] [Contact] [Source code]
Many ISPs will also block inbound SMTP unless you have business account (and sometimes even then) because it’s a common malware/spam vector.
If you insist on going through with this the key thing is to make sure that you’re not an open relay.
Have you ensured that your setup will pass email authentication processes?
It has been a long time since email from random hosts is accepted for forwarding or delivery. This Wikipedia may help https://en.wikipedia.org/wiki/Email_authentication
Don’t do that
too late.