I Run My Own Mailserver

Email is a great technology.

It is ubiquitous. Everybody has an email address. A lot of people have several. Everybody knows how to use email, at least to some extent. Email is actually the default way of online communication; notifications, subscriptions, registrations — email is everywhere.

It is simple, yet it allows complex things to be built upon it. In most cases, simple text is enough, but if you need formatting, you have it. If you need to send a file or two, you can. If you need to authenticate your message, you can sign it (with PGP or S/MIME). If you need to send a secure communication, you can (with PGP encryption). If you need hundreds of people to participate in a discussion, you can facilitate it using a mailing list. You can use email to collaborate using git, be it for software development or writing a book. You can use email to post to your blog. You can use it to feed your cat. For anything, really, only your imagination is the limit.

It is federated. Hundreds of thousands of servers exchange email using a common protocol, talking the same language. You can have your email hosted on outlook.com, receive email from someone who is using Gmail, and send email to someone who uses Yahoo. There is no central server, no single point of failure. If Mail.Ru goes down, people who host their email there are in trouble, but the rest of the world can still use email as if nothing has happened. If Google decides to shut down Gmail tomorrow, only people who host their email there will be affected.

Its federated nature makes email resilient. Servers and providers come and go (the first email address I’ve ever had, back in the 1990s, is no longer available, and the email hoster no longer exists) but email as a technology remains and thrives. Governments forbid and ban servers and providers, but the system still works. I can’t use webmail.de for a mailserver, access to it is blocked in Russia, yet I can still exchange emails with people who use it.

As an individual, to get the most out of the federated nature of email, you should own the domain name you’re using. 15 years ago, I used e_kuznetsov@mail.ru for an email address. Later, I decided I didn’t like Mail.Ru for an email hoster so much, and I’d rather use Gmail, but I couldn’t take my address with me. That address is still served by Mail.Ru today, obviously. I don’t use it, but I have all the mail forwarded to my current address. Should Mail.Ru go out of business tomorrow, the address will be gone for good. Today, I use evgeny@kuznetsov.md for my primary email address; and the domain kuznetsov.md is owned by me. I started using it with Gmail and, when I decided I didn’t like Gmail that much, I simply moved it to another email provider (and then to another one, and then to a different one, and so on). As long as I own the domain, I’ll have this email address to use with whichever provider I like at a given time point, a freedom worth spending money on a domain name, I think.

Late last year, I started looking for a new email provider to move to, as I wasn’t quite satisfied with the one I’ve been using for the last two years. It turned out, all the providers I was ready to consider are blocked in Russia, with a notable exception of Fastmail, who would not accept me as a customer to avoid being blocked. And since my experience of hosting my own webserver on a VPS has been a thrill so far, I started contemplating hosting my own mailserver in the same way. As the saying goes, “you want something done right, have it done by yourself”.

Running your own mailserver is usually considered very hard, if at all doable. In fact, it isn’t that great an endeavour. Of course, it does require some knowledge and attention, but nothing that requires a college degree to figure out. As long as you have a static IP address and a domain name, and are able to set up a DNS PTR record¹, all you need is a server (a VPS will do), and some time and effort (not even huge amounts of those). Of course, the cheapest VPS (which is more than capable of running a mailserver) is more expensive than an average email provider’s plan with a comparable amount of storage, but I think the resulting freedom is well worth it (especially if you are not alone and provide email service to your family, for example).

There are some fire-and-forget–type setups that supposedly require less effort. I’ve heard good things about Mail-in-a-Box and mailcow, along with several others. I like to set up my servers myself so as to better understand the inner workings and the intricacies of the systems I use, and being a long-time Linux user helps a lot, so I opted for managing a (quite common) Postfix+Dovecot setup manually. There are numerous step-by-step guides online, almost all of them rather dated, with a lot of obsolete stuff, but they are enough to get a grasp of what needs to be done and know what to look for in the documentation.

I rely on my primary email address heavily for work, and email is very important for my workflows. I can survive several minutes of downtime for server maintenance and reboots, especially if I myself can control when those happen, but I can’t afford to lose messages, to have incoming mail refused or dropped, or any such thing. Taking such a responsibility upon myself was not an easy step, even though, technically, the email providers usually provide no guarantees and assume no responsibilities anyway. The first thing I tested when my new mailserver was up and running was that my home server would indeed receive the incoming mail and temporarily store it while my new mailserver was down or unavailable.

On January 1 I had no experience of setting up and running mail servers, other than simple Postfix setups on my home server and my webserver that send email notifications to myself. On January 3 I fired up a VPS for my new mailserver. On January 6 I changed my MX records to point to my new mailserver, and I’ve been using it ever since. Mind you, I only could read docs and do stuff while my daughter was sleeping, which means it took me less than 10 hours to get everything production-ready. And boy, my email experience last month is so much better than what I had with my previous email providers!

I have Sieve with all the extensions I need, I even have ManageSieve that works without a glitch (yep, I can fine-tune my filters right from my mail client). I have secure IMAP and SMTP. I can have Roundcube for webmail if I ever want, but I feel no need for it now (for the last two years I used webmail exactly once, and that was because there were some issues with my provider’s IMAP server). I have a Spamassassin setup that I fully control and can fine-tune to my liking and my particular flow of mail. Everything works perfectly already, and the fact that I can fine-tune every little thing if I ever need to adds quite a lot to the comfort.

I did hit a couple of roadblocks along the way. The most notable one was Yahoo: they would simply reject all mail from my mailserver without any meaningful explanation. My guess is, Yahoo has the whole DigitalOcean’s AS blacklisted to avoid potential spam from user-deployable servers². It took me a week to have them whitelist my mailserver’s IP (mostly because their contact form kept telling me there was an internal error while sending my request until some random spark of instinct told me to try disabling my adblocker), but I did manage to solve this eventually, along with some other minor issues.

Yes, the modern spam-fighting practices can be quite a nuisance while you’re setting up a mailserver and earning some initial reputation. However, it’s no rocket science; SPF is easy to set up, DKIM is just a little more hassle, and figuring out DMARC takes about two minutes (maybe three if you’re sleep-deprived), and once you’ve set everything up right, it requires almost no maintenance. And so does your whole mailserver: the initial setup is the hard part, maintenance is minimal.

And there’s one more important aspect to running your own mailserver: it helps keep email federated. Big email providers always try their best to monopolize (or at least oligopolize) the technology. They invent little features that only work if everybody involved uses their service: ProtonMail’s praised end-to-end encryption, Microsoft’s bells and whistles for corporate email (including the much-ridiculed email recall feature), Gmail’s seamless calendar sharing, and countless other examples. They treat email originating outside or their little circle of big well-known email servers as spam. They try to become the email, very much like Facebook never ceases trying to become the Internet. If they ever succeed in monopolizing email, this will be the end of this wonderful technology. And I would hate to see it happen.

So there you go, the more various email servers are out there, the more diverse the email ecosystem is, the better. Understandably, not every household is going to run its own mailserver. Running any web-facing server is a responsibility these days, and it is even more so for a mailserver: if hacked, it automatically becomes a source of spam and a problem for everybody. But if you have server admin experience, if you’re a seasoned user, and if you’re ready to invest some due diligence, you should definitely consider serving your own mail and joining this federated network. Don’t be too much afraid, mailserver admins are (mostly) humans, and you can be one if you try.

Owning your communications is not really that hard, but it is very rewarding.