this post was submitted on 01 Sep 2023
33 points (94.6% liked)

Selfhosted

40200 readers
522 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
33
Thinking of a local mail storage with anti spam (discuss.tchncs.de)
submitted 1 year ago by [email protected] to c/[email protected]
7 comments fedilink hide all child comments
 

TL;DR: I want to pull emails from 5 accounts on to my homeserver to anti spam them and have my clients pull from there

I currently have like 5 major email accounts on different providers which I use for 100s of accounts on many platforms.

Some of these accounts are very old and come with the added bonus of no spam filter on the free tier.

Now, if you use outlook, you can define anti spam rules there, I know. But since I‘m using many different devices and different mail clients, I can’t be bothered to make anti spam rules for all of them.

So I thought it should be doable to pull all the emails from all my accounts and have them go through anti spam on my home server. Sidenote: I have anti spam on some email providers but I can’t redirect the one address to there as to use that accounts anti spam.

One solution would be to just get rid of this one account but I‘m a little anxious about the consequences since it is my oldest account with unthinkable amounts of accounts linked to it.

Does anyone have a similar scenario or an idea for a solution?

top 7 comments
sorted by: hot top controversial new old
[–] [email protected] 16 points 1 year ago* (last edited 1 year ago) (1 children)

My advice - do not fall into the trap that you can run e-mail better than a provider who does that for a living.

The easiest way imo is to pick a provider who specializes in this sort of thing. Then begin to rotate your accounts from the old account to the new one, utilizing aliases or masks as needed and desired.

as you do so , archive old emails off your old account. Periodically check but remove it from your daily driver. At some point, all will be left is spam at which point you can … let that mail provider manage for you.

Many mail providers have excellent spam protection so you are right - get it at the source.

Depends how much your time is worth? For some it is easily worth the $1-$5/USD Month to let your mail provider handle the bulk of it.

[–] [email protected] 4 points 1 year ago (1 children)

I might be wrong, but for me OP is not trying to actually run email, rather have a staging ground that pulls all emails from their accounts on actual providers, apply some treatment to said emails and pull them from client-side apps on their devices.

[–] [email protected] 2 points 1 year ago

Yeah I get that, but the way that usually works is by running a mail host that relays to upstream accounts.

Such things are a stairway to heaven to malware & Trojan horses…nothing says “check me out” like a bot finding out smtp is open on a local domain behind a firewall. That moves the attack from auto crypto mal to “how can we control this dudes email”.

I get the intention just be very very careful.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (2 children)

Dovecot + Postfix + Rspamd can do it. Instead of pulling emails you can simply forward those providers to your homeserver account. You may also setup Postfix in a way that would allow you to use our @gmail @hotmail addresses as "from" addresses / aliases to your local account and it will automatically submit the email through the provider SMTP server when you send something.

If you really want to pull email instead of setting up forwards (have your server offline more time and whatnot) there are a few options:

To route the outgoing email through the right provider / external SMTP server based on the "from" address you may configured it like this:

main.cf:

smtp_sasl_auth_enable = yes
smtp_sender_dependent_authentication = yes
smtp_sasl_password_maps = mysql:/etc/postfix/virtual/mysql-external-alias-credentials.cf
sender_dependent_relayhost_maps = mysql:/etc/postfix/virtual/mysql-external-alias-relay-hosts.cf
smtp_sasl_security_options = noanonymous

mysql-external-alias-credentials.cf:

user = XXXXX
password = XXXXXX
hosts = 127.0.0.1
dbname = mailserver
query = SELECT concat(relay_user, ':', relay_passwd) AS credential FROM `Virtual_Alias_External` WHERE alias='%s' AND active = 1;

mysql-external-alias-relay-hosts.cf:

user = XXXXX
password = XXXXXX
hosts = 127.0.0.1
dbname = mailserver
query = SELECT relay_host AS transport FROM `Virtual_Alias_External` WHERE alias='%s' AND active = 1;

MySQL table structure:

CREATE TABLE `Virtual_Alias_External` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `alias` varchar(70) NOT NULL,
  `owner` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
  `active` tinyint(1) NOT NULL DEFAULT 0,
  `relay_host` varchar(70) NOT NULL DEFAULT '',
  `relay_user` varchar(70) NOT NULL,
  `relay_passwd` varchar(70) NOT NULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci ROW_FORMAT=COMPACT;

Create an entry like this:

alias: [email protected]
owner: [email protected]
active: 1
relay_host: [smtp.gmail.com]:587
relay_user:  [email protected]
relay_passwd: your-gmail-password-or-app-password

Now when you send and email and the from is set as [email protected] Postfix will route the email through Gmail's SMTP server with credential stored on that table. If done correctly (smtpd_sasl_authenticated_header = no) no references to [email protected] will show up on the email headers.

[–] [email protected] 2 points 1 year ago

Wow! Thanks for elaborating! I‘ll look into this! Looks like a ton of useful advice.

[–] [email protected] 0 points 1 year ago

Oh man. If I could find a way to stop the phishing emails, I would absolutely love it.

No idea why exchange consistently lets through emails asking to change exchange passwords? Surely they would be the easiest to seperate out