Running your own mail server

[woollypigs]

I wondered if any of you run their own mail server ?

So you have your mailserver running on your own pc, like a RaspberryPI, what happens to you mail if that server goes down? How long does other mail server try to deliver, will they just bounce back right away, where does your new email go when it is down and for how long? What happens to your email between the sender and you getting it, will it be stored safely. Amusing that your server is nice and secure etc.

Could you set up two mail servers at two different places and to cover each other other if one is down ?

Just thinking...

[nmcgann]

I use no-ip.com and their backup MX service to handle my own mail server outages.

That works fine for me.

[Kim]

I wondered if any of you run their own mail server ?

So you have your mailserver running on your own pc, like a RaspberryPI, what happens to you mail if that server goes down?

The sending server tries the next MX in the list.  If there isn't one, it does something.  You can't predict what something is, but it'll probably be somewhere on the "wait and retry later"-"bounce"-"silently delete it" spectrum.

How long does other mail server try to deliver, will they just bounce back right away, where does your new email go when it is down and for how long?

As I say, you can't predict how the sending server has been configured.  You can predict how your secondary (or indeed tertiary) MX is configured.  This is why you have a secondary MX, configured to queue and retry at intervals (or in response to the primary server coming back up, if you want to be clever) for some reasonably long period of time.

What happens to your email between the sender and you getting it, will it be stored safely.

It's not going to go missing in the tubes, if that's what you mean.  The outgoing server won't delete it from the queue until the receiving server has acknowledged it.  If the connection times out, it'll try again.

Could you set up two mail servers at two different places and to cover each other other if one is down ?

Yes.  This is the way things are supposed to be done.  The magic words are "secondary MX".  It's superficially trivial, but becomes complicated when you start wanting to reject spam.  You need to work out how to make sure the secondary doesn't accept mail for non-existent users (or messages of excessive spamminess), then bounce it back when it's later rejected by the primary.  This is a standard trick exploited by spammers.

[Greenbank]

I wondered if any of you run their own mail server ?

Yes, I run one for a few domains (not my own personal email though).

So you have your mailserver running on your own pc, like a RaspberryPI, what happens to you mail if that server goes down? How long does other mail server try to deliver, will they just bounce back right away, where does your new email go when it is down and for how long? What happens to your email between the sender and you getting it, will it be stored safely. Amusing that your server is nice and secure etc.

It's on a rented VPS (Virtual Private Server). ~£8 a month (before VAT) through racksrv.com

Configuring postfix isn't a simple job, it's hard to get a secure configuration, but then I've done mailserver admin in previous jobs.

If mail can't be delivered then it just gets requeued and it'll be attempted again later. It'll do this a finite amount of times so email doesn't permanently sit somewhere never being delivered.

Emails generally go:-

User sends an email from their MUA (Mail User Agent; gmail, outlook, Thunderbird, etc) to their outgoing SMTP server.
This SMTP server follows its rules of what to do with it, sometimes it bounces around a few internal mail servers before going out into the big bad world.
SMTP server does a DNS lookup for the MX records (Mail-eXchange) for the domain of the destination email address. This gives them a list of machines to attempt delivery to along with a set of priorities. It tries them in order of priority and if it successfully passes it on then that's that SMTP server's job done. If it can't get to any of them, or they all reject it temporarily, then it requeues it and tries again later.

The receiving SMTP server for your domain may even route the email through a few more internal SMTP servers until it gets to wherever it needs to go to appear in your email (which you get via web interface, POP3 or IMAP).

It's dependent on config of the individual mail servers, but delivery will be attempted for about 48 hours before it gets bounced back to you as undeliverable.

http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol

Could you set up two mail servers at two different places and to cover each other other if one is down ?

Yes, you have multiple MX records. However you then have to deal with your incoming email being on two different machines.

Most of the time it's just easier to use a well known email provider as they've got more redundancy and expertise than you could possibly even consider yourself.

[arvid]

I used to run my own mailserver at home. Now I have a VPS for that.
What happens when it cannot be reached is dependant on the sender software. According to the RFC they should retry for a couple of days. This is usually done with increasing intervals. Noncompliant senders can do other things though. I once got my electricity bills by e-mail, and after an outage of about a day or two it didn't appear and I got a reminder through snailmail when I didn't pay.
I do not use backup MXes.

[woollypigs]

Just thinking since various "secure/encrypted" has closed their doors since Snowden has used them. And the comment was set up your own mail server server.

When the mail goes from your send box it is talking directly to your inbox (mail server) but it will be stored for a wee while some where as it goes from ISP to ISP, network to network etc etc or am I really wrong ?

[arvid]

Depends. I use the outgoing mailserver from my ISP. I could make it so that I use my own server, then the contact would be direct between my own server and the destination server. Now I'm supplying the NSA through my ISP all the addresses I send mail to.

[Feanor]

I too run my own mailserver.

<ETA> and I think this will become increasingly important, along with encryption, as users slowly learn that the big commercial providers are not secure, being open to both commercial and government pressures.   I trust less and less of my data to 'the cloud'.   I can choose to encrypt my mail, and send it directly from my mailserver to the recipient's server, with no ISP involvement at my end.   All of us AAISP types are probably on 'A List' somewhere...

I have my own server set as the primary MX, with AAISP providing a secondary MX for me.
Here's what exists in DNS for my mail:

C:\Users\Ron.HOMENET>nslookup
Default Server:  homenetdc03.homenet.local
Address:  2001:8b0:b7:1::3

> set type=mx
> lowe-family.me.uk
Server:  homenetdc03.homenet.local
Address:  2001:8b0:b7:1::3

Non-authoritative answer:
lowe-family.me.uk       MX preference = 10, mail exchanger = alligin.lowe-family.me.uk
lowe-family.me.uk       MX preference = 30, mail exchanger = tertiary-mx.co.uk

alligin.lowe-family.me.uk       internet address = 81.2.123.187
alligin.lowe-family.me.uk       AAAA IPv6 address = 2001:8b0:b7:1::4
>

So AAISP's tertiary-mx.co.uk will pick up mail if I'm offline.
Even if I didn't have a secondary MX, most mail would still get through if the sending end correctly re-tried after an outage at my end.
My AAISP account is configured to issue a ETRN command to their secondary mailserver whenever I cone back on-line, so it will forward the mail to my own server at that point.

F.

[Kim]

I find the main advantage of running your own mail server (paranoia and customisation aside) is that you can have it on the local network.  Which means you can access large folders over IMAP at LAN speed, and still get at your mail when there's no internet connection.

Anecdatally, over the last few years, my mail server has compared favourably to various ISP offerings, if not the webmail giants, in terms of availability.  That includes random acts of our-favourite-telco, substation fires and occasional downtime to maintain the hardware.

[Greenbank]

A bit of a generalisation but if you look at the headers of any email you receive then every "Received:" line at the top means a SMTP server it has gone through.

So for the notification email I get to tell me I received a PM on YACF the Received headers look like:-


Received: from s15319122.onlinehome-server.info [212.227.98.10] by dpmail09.doteasy.com with SMTP;
   Fri, 9 Aug 2013 11:14:11 -0700
Received: from apache by ares.bigreddesign.com with local (Exim 4.63)
   (envelope-from <apache@ares.bigreddesign.com>)
   id 1V7rCR-00071C-OV
   for alex@greenbank.org; Fri, 09 Aug 2013 19:14:07 +0100


So that's come direct from the YACF server(s) (onlinehome-server.info) to the mail server that handles my email (doteasy.com in Canada).

It's a generalisation as any SMTP server in the middle can rewrite/edit/remove/insert Received: headers, so you can only absolutely trust the last entry (and that's only if you trust that server!).

(No I don't care about my email address being public).

[drossall]

I run a mail server at home because it's convenient to collect mail from several ISPs and pass it on to various clients as a combined result (Joe gets all Joe's mail, and so on). However, I'm collecting via POP, so mail just queues as normal at the ISP.

[woollypigs]

Thanks for all that input, I have learnt stuff tonight.

So how do you backup the mail server? Right now all my mail goes to Gmail and then I back up with Thunderbird onto my laptop which I then copy to a hard drive - that way I got three versions of my mail (not counting the versions NSA and GCHQ got )

[Kim]

Same way we back up everything else, pinky.  The mail spool (in Maildir format) lives alongside all the other Stuff in users' home directories on the server, which is RAID1ed for resilience and rsynced to a third (normally mounted read-only) disk nightly.  Every month I manually connect a fourth disk and perform an offline backup.  (There are some DVD-Rs and DDS3 tapes kicking around somewhere with further copies of the really important stuff.)

The great thing about backing up the IMAP folders directly is that you're immune to mail client specific proprietary formats, and the restore process is trivial.  mbox and Maildir aren't going to go away any time soon.

[woollypigs]

As for backup I'm going to use two USB drives one here and one offsite e.g. at Peli's mum, whom we visit often where I then can swap.

I wonder how the up time is for our ISP and also how often there is power cuts here. Had a thunderstorm the other day and the light dimmed a few times. The main reason for all these questions are that I'm thinking about getting a RaspberryPI to play with.

[Kim]

Raspberry Pis are great, but should come with a health warning about the flaky USB performance and lack of gigabit ethernet.  You might be better off with some other platform (Sheevaplug or something?) if it's going to be a disk-intensive headless server (rather than something geeky that makes use of the Pi's excellent GPIO capabilities).  The cost differential may not be that great once you've factored in a case, power supply and SD card for the Pi.

[arvid]

So how do you backup the mail server? Right now all my mail goes to Gmail and then I back up with Thunderbird onto my laptop which I then copy to a hard drive - that way I got three versions of my mail (not counting the versions NSA and GCHQ got )

When I ran it at home, I didn't. Which was one of the reasons to get a VPS (power usage was the other). I get daily snapshots for a week on that, and bought the extra back-up option, that does a daily incremental rsync to a different host in a different datacenter (or at least that's what I remember they told me). Doubles the price though. I pay EUR22 per month now inc tax, that's about 19 GBP. This means it's more than the savings of not running a mac mini 24/7 anymore.

There is the Thunderbird cache as well, but I don't regard that as a backup, since my laptop is the most likely thing to get stolen.

If everything gets stolen from my house I expect all my hardware to be gone, so backup disks kept at home don't look too useful to me.

I would not recommend an SD card for e-mail purposes, those things aren't made for lots of tiny I/O actions, and that's exactly what e-mail (at least in maildir format) does. It will be terribly slow and probably break relatively soon due to hardware/filesystem failure.

[woollypigs]

I got LEGO for a case, small spare USB hard disk which I understand that you can run most off the OS from so you only use the SD for booting, might need a power supply need to check the amp on the USB charger I got. I'm happy with the old speed on LAN nor moving big files around that often.

When I get set up I'll experiment with a lesser used email account that I got, so at least I will not suffer on my main account when I stuff it up.
 

[woollypigs]

So if I should go ahead with this, what mail server would you recommend? Preferable something that runs on ubuntu (or RasberryPi) since I know a little about ubuntu and might get myself a RasberryPi.

[Feanor]

WP,

I'm not going to recommend a mailserver for Ubuntu, because I don't use that.
( Postfix is popular. )

But be aware that you are taking on the responsibility for spam filtering.
That is non-trivial.
SpamAssasin is well-regarded, but does require skilled setup AIUI.

[woollypigs]

Yes that is a "problem/something I have to learn" I know about. One of my accounts get its fair share of spam and I know where it comes from - a friend used the wrong email and signed me up at an IT event in France in 1999 and my email have since been sold to who ever wanted it in France.

I will set up a mail server for one of my lesser used accounts to test it out first before I set it up on my main email address.

[vorsprung]

I ran my own email server at home for several years but switched to google mail with my own domain

The minuses to home servers are

1) there are potential ip address problems, you have to use some kind of dyndns thing or have a static

2) spam spam spam, you have to implement your own spam filters

3) mx secondaries

4) use of electricity

5) reliability of your email server is an issue, patching for security too

mr google deals with all this stuff for me, the email is available on a global basis and I am not bothered by the google sponsored adverts or the NSA spying on me.