this post was submitted on 18 Jul 2024
322 points (100.0% liked)
TechTakes
1416 readers
179 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What's your alternative to the fake privacy company? I'm assuming the correct thing would be: if your threat model does not include governments, self hosted email, or if it does include governments, probably don't use email.
Self hosted email is its own can of worms. I wouldn't recommend it to anyone outside of experienced IT people. You'll end up blacklisted before you send your first email if you do anything wrong (and there's a lot that can go wrong), and it doesn't solve any security problems email has.
Anything sent over email just isn't private. That goes for Proton customers when they send or receive anything from a non-Proton address too. The one thing privacy email providers can actually do is keep your inbox from being scanned by LLMs and advertisers. That doesn't prevent the inboxes and outboxes of your contacts from being scanned, though.
If you use email, the best thing you can do is be mindful of what kinds of information you send through it. Use aliases via services like simple login or anonaddy when possible. Having a leaked email is a security vulnerability. Once bad actors have your email, they now have half of what they need to breach multiple accounts.
have been that sysadmin setting up a company email server. postfix is trivial to set up, absolutely the easiest experience. following that, though, was weeks of supplicant emails to MS to beg them please not to block us. My recommendation was never do this again, use a third-party outgoing email vendor, email is lost.
MS will send your mail straight to spam if you do not set up your domain keys and DMARC in DNS correctly and do not have a reject or quarantine RUA or the email(s) in your RUA bounce.
Sometimes you may get temporarily sent to spam if your IP is in a /28 of a known spammer IP.
That's about it.
plus the bit where you wait six weeks for a response to your request that they unblock you
none of this process is fucking simple
I've never had to ask MS to unblock me and it sure as hell doesn't take 6 weeks or even 3 days for them to automatically see if everything is right again.
I even set up a non traditional domain with a "non-generic" tld a couple of years ago and I think it was around 16 hours or so before my test emails were hitting outlook inboxes.
Additionally, I think Google still wants SPF setup though it is pretty useless now. And if your RUA was set up right, as I recall, you get an automated email from MS telling you why your mail went to spam (or was rejected), which is the point of it to begin with.
I guess if it worked for you it's perfect! Well done.
As a tip for next time, if you really want to host your email but you don't want to put up with dealing with emails being sent to spam boxes, you can just use an SMTP relay/proxy provider. Your email isn't hosted there but they do send it on and will be the 'source' mail server and is going to be much, much, much cheaper than paying someone to host your email for a bunch of users.
you didn't bother reading the thread first, did you
as a tip for you next time, shut the fuck up when someone with experience tells you you’re giving shit advice
I go have one rare afternoon nap and the (un)professional services posters come out on stage, smdh
oh there’ll definitely be more
Self hosting on a bulletproof vps that actually deletes their logs and has a proven track record like buyvm is my preferred solution. I used this guide. It's not perfect, it doesn't set up encryption, and is a bit dated, but it's an okay starting point. I didn't bother setting up rspamd. You can also technically avoid setting up dovecot if you don't want to use IMAP/POP3, but really limits your selection of mail clients to basically mailx and friends. This setup will let you mail to major mail providers, but be wary of what TLD you buy, my .work TLD means I get autospammed. :(
that’s…extremely off the beaten path, and incredibly very not how most people use / experience email
for the viewers at home: treat this as extremely niche through outright bad advice to follow if you ever want to try set up your own mail
(e: there are more than a few parts of it that are also laughably insufficient for what it aims to do, but this isn’t the place and it’s saturday on top; free tech support comes on other days)
smtpd.conf(5), pf.conf(5), and openssl(1) manpages and friends are your best resources for setting this up, I just provided that guide as examples as setting all this up can be daunting with just the manuals and no other context. The short guide provided in that blog is not going to teach you firewalling, filtering your maildir; and there's definitely stuff missing, like restarting daemons after certs expire, and setting up your outbound dkimsign filter (was not available at the time of writing)
oh my fucking god
you have defnitely never been the guy on the hook professionally for email working
just stop posting
I'll eat as many downvotes as I'd like, though I don't really know what I said that attracted so much ire.
you’re the type of reply guy who rattles off man page names when you’re out of your depth, and you’re reply guying about administrating email to people who professionally administrate email
I don’t expect you to have caught onto that last bit, mainly because you never fucking shut up long enough to catch onto anything at all
I take immense offense at this utterly spurious insult! I only unprofessionally administer email these days, having managed to get the fuck out of having to do anyone else's mail for money :D
there is a(n early career) period of my CV that literally has "mailserver administrator" as the job title/description, though
it was kinda lol. apparently the guy who had the gig before me worked real, real hard (down to sometimes sleeping in the server room). I automated much of the role out with mairix, par2, a couple of extremely nasty shellscripts, and a bit of common sense. got pretty bored from month 4, and left a while after
let me repeat something i wrote in another thread: bringing up the smtp daemon in basic configuration (and, by the way, my preferred one is exim) is trivial. managing working and usable mail service is not.
it's a process! you need to reserve time for that! you need to understand basic networking, you need to intimately know how dns works. you need to know how to use swaks. you need to know your RFCs, and the subtle breakages of the protocol that you need to introduce in order to reduce the amount of spam you're receiving. you need to understand why everything that SPF promises is a lie, but you'll be using it anyway. you need to know how DKIM works, and what is the true meaning of DMARC. you will learn that google wants you to use experimental features in order to be able to deliver your fucking mail to them. you need to understand that the anti-spam blacklists are managed by fucking racketeers, and that you can't avoid them. you need to understand the difference between sending mail and receiving it, and why a correctly configured MX record does absolutely nothing to improve the ability to deliver remote mail. you need to have time to deal with petty tyrants on a mission, and with oblivious bureaucracy of large providers, and learn to be happy if you can reach a human person on the other side at all.
and that's just the SMTP part.
fuckin' mood
hi can I interest you in a serving of "you have 5 OSs and 25+ different versions of OS variants and even more client apps, please make autodiscovery work with" to go with that? no? how about a bit of caldav and carddav?