Spam Resource Newsletter

Be your own mailbox provider and save!


I finally broke down and did it. I set myself up as my own mailbox provider. I’ve got some of my inbound mail (I’ve got multiple addresses and domains) pointed at my new infrastructure and I’ve had lots of fun these past few weeks getting back into the role of postmaster.

Why did I do it? All of the talk about Google potentially letting political senders bypass Gmail spam filters started to annoy me, first of all. And beyond my political concerns, Gmail allows a lot of mail through to my spam folder that I wish they would just block outright.  So, with my own server, I can block whatever domains and IPs I want.

I also wanted to bust the myth that hobbyist and small volume mail servers are effectively locked out of Gmail. I know from experience that it's not true, and I wanted to have a server or service I could point to as a live example of running one's own mail server and Gmail deliverability success.

So, I set up Mail in a Box. It’s a cool, free set of scripts by Joshua Tauberer that pull together a mail server (Postfix), webmail, IMAP server, calendar server, contact management server, and more. It’s got spam filtering, a control panel, tools to help configure end devices, and more. And because it’s built on Postfix, it was easy for me to add in Spamhaus ZEN (via DQS) and a few other blocklists. I also compiled my own personal blocking list of IPs and domains that annoy me, and I add to them regularly.

And thus, I now host my own mail. Yay!

It was fun to set it up, if a bit challenging. I intentionally blew the thing up and started over three different times, after deciding I’d made a wrong setup decision during some step of the process and deciding it’d be easier to just start again. I found nothing inherently wrong with the install process – it’s much more likely that I’m just an idiot. And those cloud provider services makes it super easy to nuke an instance and create a new one, with a fresh install of the correct operating system. So, when I took a wrong turn, I would just melt it all down to nothing and start fresh.

Mail in a Box includes DKIM support, and it was pretty easy to dig out the public key and add it to DNS for all of the domains I’m using. SPF is certainly easy enough to set up, as well, meaning that with both authentication protocols in place, it was safe to set a quarantine or reject DMARC policy, as well.

Since AWS and Google Cloud block port 25 by default, I’m not going to be sending mail directly to the internet from my MIAB server. I didn’t want to try Amazon SES (would it work well for something like this? I’m not sure), but I didn’t really need to. I already have a mail server that I send a fair amount of (wanted) mail through, hosting various mailing lists, including my Spam Resource email newsletter list, and some other stuff. I very simply configured Postfix on the MIAB server to relay outbound mail through my existing outbound MTA and its good reputation.

Thus, I was able to send outbound email successfully from the second I finished setting up the server. No Gmail issues at all -- nothing to disprove my theory that it is NOT HARD TO SEND MAIL TO GMAIL, even for small servers and hobbyists. Some people struggle, but alas, I observe that too many folks seem to not want to read instructions or prefer to tilt at windmills, declining to properly configure DNS and/or authentication. Configure your servers to the level of 2022 modern best practices and ignore the haters who don’t understand that best practices evolve and they need to evolve, too. Do that, and you’ll be fine.

I already followed my own advice to avoid sending to Gmail over IPv6; I’ve long had IPv6 disabled on my existing MTA to prevent that particular set of Gmail issues.

Is it all worth it? Yes and no. Google’s got more resources than I do. More data points from which to make spam filtering decisions. But I can react more nimbly to individual spam messages, and I can easily make future attempts from the same sender bounce right back to the sender. I can configure my SpamAssassin rules to be as touchy (or not) as I desire. I can use whatever DNSBLs I want. But keeping an eye on all of this takes effort and time, and there’s a reason why most folks would want to just outsource this to a provider like Gmail instead of managing it themselves. For me, for now, it’s good to be able to flex the mental muscles a bit and prevent skill atrophy through exercises like this.

7 Comments

Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.

  1. No that you have DMARC p=reject, will you be enabling BIMI?

    ReplyDelete
  2. I have set up BIMI on a number of my domains, but I'm not up for spending $1000/year for a certificate, so the only place it's going to show is Yahoo. For Gmail coverage I use the fake BIMI method that I've blogged about here before.

    ReplyDelete
  3. MIAB says they are not customizable and upgrades will overwrite your config, do you plan on not upgrading or do you have your custom configs backed up?

    ReplyDelete
    Replies
    1. I have my custom configs backed up and a script to restore them.

      Delete
  4. Nice post. Yet, I find the "configure your servers to the level of 2022 modern best practices" doesn't quite combine with disabling IPv6.

    Also, by using an existing MTA with good reputation you actually circumvent the issue of establishing (initial) reputation for a private mail server to be able to deliver to e.g. Google, so that the claimed "NOT HARD TO SEND MAIL TO GMAIL" is a bit speculative :)

    Thanks!

    ReplyDelete
    Replies
    1. I disagree. IPv6 is not broadly used for email, the old chicken or the egg paradox still applies here. There are a few specific regions where it's quite well implemented for email, but that's the exception, not the rule. At scale, it's still clear to me that most email is sending over IPv4. As far as the existing MTA, the people I've had to listen to about how mean Gmail is are implying it's not possible for a hobbyist to have that MTA at all. It's just a VPS running Postfix that I send small amounts of mail from, that I've always had configured correctly.

      Delete
Previous Post Next Post