On Sun, 9 Sep 2018, Thomas Bohl wrote: > > But the second (far more important) point I want to make is please *THINK > > TWICE* if "running your own mail server" is something you are planning to > > do on your home internet connection. > > For all intents and purposes, sending emails from a private internet > connection directly to the receiving MX stopped working 15 years ago. > (People started blocking everything with "dial" or "dyn" in the reverse > DNS or HELO not being followed with the matching reverse DNS of the > connected IP.) It should be in all books and tutorials by now. > Word on the street has it that the IP networks of the cloud providers > are slowly getting burned too. > > To live hassle-free you want your MX to have a static IP from a good > "commercial neighbourhood", with a reverse DNS that matches the SPF > entry and with your server's HELO greeting. > Check whether your IP is listed on a DNSBL > https://mxtoolbox.com/blacklists.aspx > Demand a different one from your provider if it is *before* you > associate your domain with it! (Or let the IP idle for a year or two.) > Plus: Thanks to Let's Encrypt and the super easy acme-client in base > there are no more excuses not to have a valid certificate. > > Of course that is only true for your MX. You can host your mailboxes at > home as long as you relay through said MX. > > OpenSMTPD + Dovecot (Sieve, IMAP, dsync) + Nextcloud(Calender, Contacts) > works for me for month without looking. (Be on the announce mailing > lists for security informations.) > > PS, don't sneak through you kids thoughts. Not even by "only" scanning > for "troubling words".
Have run my own mail server for maybe 20 years of OpenBSD, and apart from getting my ISP to give me a static IP and a correct reverse DNS entry, and a couple of run ins with a few filters that dumb ISPs run, it's worked fine all this time. I have a personal archive of emails that goes back 20 years as well, and a few search scripts to parse through it when I need to.
