-- Leo's gemini proxy
-- Connecting to ur.gs:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini; lang=en
Posted on 2017-11-16 by Nick Thomas
It really does, and yet we still need it. I've been hosting my own for over a
decade now, although for the bulk of the time I outsourced most of the mail
server smarts necessary to do so to the excellent Symbiosis virtual hosting
package, although I switched to `@tomav`'s docker-mailserver about six months
ago.
Today, I finally switched to running my own mail server, directly on the server
with no third-party configuration or any docker. "But why?!" cried a friend
desperately, pointing out the existence of Mailcow and Libre.sh,
in addition to the options I'd already tried.
The mail server setup I wanted had two requirements:
Use as few system resources as possible
Be as unobtrusive to the rest of the system as possible
Both of these requirements are tightly linked to *where* I self-host my
email. Normally, servers are hosted in datacentres with big, fast Internet
connections. About 2 years ago, I noticed that home Internet connections are
quite fast enough, thank you very much; since then, I've mostly been running
email on servers sat at home. In York, I used a standard rack-mounted server
that hid in the larder!
In Shetland (more on that another time), I've switched to an
APU2, which also happens to be my router, website, and everything else as well.
Yes, this post was served from Shetland!
Being tiny and multi-purpose, a heavyweight mail server solution wasn't an
option. In particular, no Docker. It would be absurd to install Docker on a
machine acting as a router. And in any case, I was always terrible about
rebuilding the containers to get fixes for security issues - I'm too used to
`unattended-upgrades`.
The good thing about docker-based mail server setups is that they are very
self-contained - it's just a few files in `/var/lib/docker`, in the end.
non-docker mail server solutions like Symbiosis or Mailcow have an unfortunate
tendency to try to take over the whole machine. They come with piles of
dependencies, maybe a database and web interface you have to hook up, config
files modified or added across the system. It's not pretty. You also tend to
be stuck on older OS versions for an extended period as the vendor takes a while
to port their octopus-like solution to the updated system.
I use Debian on all my personal hardware. It's rock-solid and comes with lots of
useful software, with very useful default configurations. I also have a set of
Ansible recipes I use to automate setting things up on those machines - you can
view them on the link below.
So, I resolved to create a minimal set of Ansible recipes that would get email
working simply by installing Debian packages and modifying their configuration,
with as light a touch as possible. You can view what I ended up with in the
`mail` role, so I won't document them in detail, but here's a brief overview:
Exim4 SMTP server
Dovecot IMAP server
amavisd-new + spam-assassin
Everything gets solid TLS support, using certificates issued by LetsEncrypt.
It's quite rare to have a mail server with valid certificates! In any case, if
someone wants *my* email archive, they'll have to serve the warrant on *me* to
get it. And the APU2 is small enough to hide under a floorboard or so, if I
turned out to be really paranoid...
The anti-spam setup is extremely rudimentary, and will likely need a lot of
extra work. I'll see how much spam comes in and adjust accordingly. Ultimately,
this was the most disappointing part of the setup - it's Perl-heavy and it took
a lot of head-scratching to work out how the different parts even fit together.
There's no webmail. I'm OK with that.
Dovecot has solr and lucene search engine integration. I doubt either will fit
onto the APU2, but I'll evaluate it.
A long-term ambition of mine is to put together a vertical slice of email
functionality as a single, neat daemon that's optimised for the small, single
domain use case - a sort of Caddy for email. It could even use JMAP and database
storage instead of IMAP and Maildir, ship a HTTP server, and handle the tricky
DNS parts too.
One day. Until then, this setup is working well enough. Give it a try!
Questions? Comments? Criticisms? Contact the author by email: gemini@ur.gs
-- Response ended
-- Page fetched on Sat May 18 10:17:06 2024