this post was submitted on 18 Aug 2024
2 points (100.0% liked)

Selfhosted

40154 readers
585 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
2
Email server thru cloudflare (lemmy.world)
submitted 2 months ago by [email protected] to c/[email protected]
3 comments fedilink hide all child comments
 

It's a bad title, but I'm trying to figure out how to describe what I want.

First, I got my photoprism working thru cloudflare. Now, on the same domain I would like an email address.

So mysite.com gets routed to 56.654.234.12 let's say by cloudflare such that a global user never sees my ip. But mail.mysite.com that's different, they don't proxy email so if you do a reverse lookup you can find the origin IP.

I heard about tunnels so I stupidly signed up for that, only to learn that a tunnel just lets you into an internal network. So an SMTP server can't get emails from outside that way.

Ideally, somehow I could setup one user at Gmail or proton mail, then somehow setup the same or different [email protected] and I could then use mailu, mailcow, mail docker to house my [email protected] which routes mail thru Gmail or protonmail. I know all this makes little sense because I don't know the proper way, so that's my question for you smart people who have done this twice over. Could someone point me to the best way of setting up a local mail server that routes thru cloudflare but is not easily reverse looked up? Is that even a problem at all?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 2 months ago

Mail hosting is not that simple anymore. Your understanding of how it works is missing an entire world of complex issues that you need to solve outside of just hosting a mail server with an open SMTP port.

The biggest certainty is that just having an open port for an SMTP server dangling out there means you will 100% be attacked. Not just sometimes, non-stop. So you don't want to host on a machine with anything else on it, cuz security. So you need a dedicated host for that portion, and a very capable and restrictive intrusion detection system (let's say crowdsec), which is going to take some amount of resources to run, and stop your machine from toppling over.

Next, you need all your secondary record systems (SPF, DKIM, DMARC) pointing at a defined and unchanging record for your SMTP server, so you'll need a static IP. If you don't have that already, you're kind of SOL.

Next, you'll need to be running your own peer authentication system, then a spam filtering system (of which none of them work well without massive amounts of sample data, but you can use public lists to help block known bad actors), decent file threat scanning...you see where I'm going with this. It all takes a fair amount of resources, and even more if/when you get bad actors spamming the machine all the time.

Finally, you'll probably want this machine completely segmented from the rest of your network, which isn't really complicated, just costs a bit more money.

There's a reason why mail hosts and forwarding services cost money, and still exist. It takes a large amount of effort to be somewhat secure, or at least to best of your efforts. With the added costs associated with hosting your own mail servers, most people just avoid the hell out of it. I certainly wouldn't recommend it.