Suggestions for email for a paranoid Archer
Recently, my paranoia levels have been ratcheted up by reading about
companies' treatment of their users, along with an increasing awareness of my powerlessness with respect to most content providers. I therefore curbed most online activity and have attempted to host those services I used on my own server, in most cases living without when I didn't succeed. Two months ago, I attempted to install postfix and dovecot on my Arch box in order to be able to host my own mail. Naively I thought that all I needed was the right software and a dynamic DNS address. In other words, I thought it would be as simple as setting up a web server. Naturally, I found out that most anti-spam software is leery of mail from dynamic DNS hosts who do not have rDNS and PTR records set up, that they preferred DKIM mail, etc. Seeing as these involve even more effort, I thought to ask the enlightened members of the Arch community which solution they would suggest me to use, because I trust you to have made intelligent decisions in this matter and believe you understand this outlook. Also, I've seen many users with email addresses issued by their own domain, which leads me to believe some of you may have gone through this before. The alternatives I'm aware of are: 1) Do what most people do, and just sign up for webmail, paranoia demanding me to download all email every day. Possibly alias the domain by routing everything through postfix first. 2) Host my own server, paranoia demanding multiple redundant backups. 3) No email - Knuth style Pros: 1) Very reliable, better support, and non-crazy 2) Gain vast amounts of power over my email 3) Less distraction, no effort at all Cons: 1) Less control, more black box. Is aliasing even possible? Too many providers - which to choose? 2) Hard to maintain, can crash at any moment, will drive me to early grave 3) Harder to keep in touch with people this way, harder to check what's going on Which do you suggest? Do you have an alternative? Thanks in advance, Gesh |
Suggestions for email for a paranoid Archer
Le Thu, 11 Oct 2012 13:23:32 +0200,
Menachem Moystoviz <moystovi@g.jct.ac.il> a écrit : > Recently, my paranoia levels have been ratcheted up by reading about > companies' treatment of their users, along with an increasing > awareness of my powerlessness with respect to most content providers. > I therefore curbed most online activity and have attempted to host > those services I used on my own server, in most cases living without > when I didn't succeed. > > Two months ago, I attempted to install postfix and dovecot on my Arch > box in order to be able to host my own mail. Naively I thought that > all I needed was the right software and a dynamic DNS address. In > other words, I thought it would be as simple as setting up a web > server. > > Naturally, I found out that most anti-spam software is leery of mail > from dynamic DNS hosts who do not have rDNS and PTR records set up, > that they preferred DKIM mail, etc. > > Seeing as these involve even more effort, I thought to ask the > enlightened members of the Arch community which solution they would > suggest me to use, because I trust you to have made intelligent > decisions in this matter and believe you understand this outlook. > Also, I've seen many users with email addresses issued by their own > domain, which leads me to believe some of you may have gone through > this before. > > The alternatives I'm aware of are: > 1) Do what most people do, and just sign up for webmail, paranoia > demanding me to download all email every day. Possibly alias the > domain by routing everything through postfix first. > 2) Host my own server, paranoia demanding multiple redundant backups. > 3) No email - Knuth style > > Pros: > 1) Very reliable, better support, and non-crazy > 2) Gain vast amounts of power over my email > 3) Less distraction, no effort at all > > Cons: > 1) Less control, more black box. Is aliasing even possible? Too many > providers - which to choose? > 2) Hard to maintain, can crash at any moment, will drive me to early > grave 3) Harder to keep in touch with people this way, harder to > check what's going on > > Which do you suggest? Do you have an alternative? > > Thanks in advance, > > Gesh I chose the 2d alternative, but I have a fixed IPv4 adress since I host my contents on a dedicated server, so I didn't met theses dynamic DNS problems. For the backup part, a simple script using rsync in crond.whatever will take good care of it. Sometimes, your IP can be registered as "spam adress" on some DNSBL, but most of the time you can ask to be removed from this list by proving you own that IP. If you tend to be paranoïd, this solution has some drawbacks : - Security will sometimes make you sweat (Unless your are a security pro) - What guarantees you that your provider doesn't peek in your hard drive? To answer to the second problem, when I have some really critical files I save them on an encrypted partition that is closed most of the time. Hope this helps -- Garrik |
Suggestions for email for a paranoid Archer
I believe first question you need to answer is: what is your threat model?
Are you afraid of losing all your mails (backups)? Losing control over your email address? What are you going to do if you can't login to your mailbox tommorow? How much do you mind if someone else gain access to your old mails? Computer criminalists, government, rouge google admin, google scanning your emails content for targeted advertising (privacy / security)? Are delays in delivering mail acceptable? (there are more questions) backups: getmail or imapsync and backup them like files control over mail address: buy your own domain, setup on your own server or something like google apps privacy / security: computer criminalists: good unique password, 2-factor authentication, use only trusted devices, don't do anything stupid privacy / security: government and google: use gpg to encrypt / sign your mails or setup your own server (with luks; remember, government can just steal your server from datacenter and there is nothing you can do about it) I think your own domain + backups + google apps is pretty good setup. Secure, reliable, cheap and you can switch to other hosting without changing your email address. If you don't trust google or government (well, you shouldn't :P) then setup your own email box. 2012/10/11 Menachem Moystoviz <moystovi@g.jct.ac.il>: > Recently, my paranoia levels have been ratcheted up by reading about > companies' treatment of their users, along with an increasing awareness > of my powerlessness with respect to most content providers. > I therefore curbed most online activity and have attempted to host those > services I used on my own server, in most cases living without when > I didn't succeed. > > Two months ago, I attempted to install postfix and dovecot on my Arch box > in order to be able to host my own mail. Naively I thought that all I needed > was the right software and a dynamic DNS address. In other words, > I thought it would be as simple as setting up a web server. Use cheap vps with static ip, it will be much easier. I doubt anyone keeps their mail server in home with dynamic ip. -- Krzysztof Warzecha |
Suggestions for email for a paranoid Archer
On 10/11/2012 07:23 AM, Menachem Moystoviz wrote:
Also, I've seen many users with email addresses issued by their own domain, which leads me to believe some of you may have gone through this before. The alternatives I'm aware of are: 1) Do what most people do, and just sign up for webmail, paranoia demanding me to download all email every day. Possibly alias the domain by routing everything through postfix first. 2) Host my own server, paranoia demanding multiple redundant backups. 3) No email - Knuth style I do a combination of #1 and #2. I have a (cheap!) web hosting account (with Dreamhost) which also provides me with an email address on their mail system. I have the DNS entries for my domain point to Dreamhost, so any mail for my domain gets delivered there. But I only use Dreamhost as a mail drop-off point - I don't store my mail there. I have a cron job that runs fetchmail every few minutes which pulls the mail down to my home server, where I'm running dovecot, exim, and squirrelmail (webmail), and I access my mail there. (As well as make periodic backups of all the mail stored there.) For outgoing mail I do the same in reverse. I have exim on my home server set up to relay any outgoing mail up to dreamhost's SMTP server. That gets me around the issue of not being able to send mail from a dynamic IP. HTH, DR |
Suggestions for email for a paranoid Archer
Menachem Moystoviz, Thu 2012-10-11 @ 13:23:32+0200:
> Which do you suggest? Do you have an alternative? I use Postfix + Dovecot on an Arch Linux Linode VPS and I'm pretty happy with it. > 2) Hard to maintain, can crash at any moment, will drive me to early > grave It is a bit of a pain to initially configure, but after spending a couple hours getting it set up, I've almost never had to touch the configuration, except when I added SpamAssassin and, later, procmail to the stack. |
Suggestions for email for a paranoid Archer
Thank you. The questions posed were quite enlightening, and showed me
that this needs a bit more thought. > I believe first question you need to answer is: what is your threat model? > > Are you afraid of losing all your mails (backups)? Losing control over > your email address? What are you going to do if you can't login to > your mailbox tommorow? How much do you mind if someone else gain > access to your old mails? Computer criminalists, government, rouge > google admin, google scanning your emails content for targeted > advertising (privacy / security)? Are delays in delivering mail > acceptable? (there are more questions) Off the top of my head, the most basic fears are loss of emails and access, and people who aren't me or who haven't received specific authorization from me reading my emails. Delays are fine, as long as the mail gets out there. > backups: getmail or imapsync and backup them like files > control over mail address: buy your own domain, setup on your own > server or something like google apps Is buying the domain necessary? I can get five free subdomains on freedns. I do own a server, which is, for a lack of a better place to put it, in my room. > privacy / security: computer criminalists: good unique password, > 2-factor authentication, use only trusted devices, don't do anything > stupid Sound advice. Bit of an issue since I don't control most devices available to me and the other people using the devices I do control would be annoyed at the measures I would take to secure it. > privacy / security: government and google: use gpg to encrypt / sign > your mails or setup your own server (with luks; remember, government > can just steal your server from datacenter and there is nothing you > can do about it) Signing emails is something I've been wanting to set up for a while now. How do I encrypt the mail on google's servers? It seems like my best choice in this arena is trying to minimize the window of attack on google's servers and strongly securing my own. > I think your own domain + backups + google apps is pretty good setup. > Secure, reliable, cheap and you can switch to other hosting without > changing your email address. If you don't trust google or government > (well, you shouldn't :P) then setup your own email box. Doesn't google apps require you to install their apps on your server? How would you migrate from them? > Use cheap vps with static ip, it will be much easier. I doubt anyone > keeps their mail server in home with dynamic ip. Problem - as a high school graduate, I don't exactly have a steady source of income. I could try to find income sources, but I'm not aware of what cheap VPSs exist. > > -- > Krzysztof Warzecha Again, thanks a lot. You have certainly clarified some of the issues I need to think about. Gesh |
Suggestions for email for a paranoid Archer
> I do a combination of #1 and #2.
> > I have a (cheap!) web hosting account (with Dreamhost) which also provides > me with an email address on their mail system. I have the DNS entries for > my domain point to Dreamhost, so any mail for my domain gets delivered > there. > > But I only use Dreamhost as a mail drop-off point - I don't store my mail > there. I have a cron job that runs fetchmail every few minutes which pulls > the mail down to my home server, where I'm running dovecot, exim, and > squirrelmail (webmail), and I access my mail there. (As well as make > periodic backups of all the mail stored there.) > > For outgoing mail I do the same in reverse. I have exim on my home server > set up to relay any outgoing mail up to dreamhost's SMTP server. That gets > me around the issue of not being able to send mail from a dynamic IP. > > HTH, > > DR > That sounds more or less like what I intended to do before asking for advice here... Thanks. Gesh |
Suggestions for email for a paranoid Archer
On Thu, Oct 11, 2012 at 3:56 PM, Taylor Hedberg <tmhedberg@gmail.com> wrote:
> Menachem Moystoviz, Thu 2012-10-11 @ 13:23:32+0200: >> Which do you suggest? Do you have an alternative? > > I use Postfix + Dovecot on an Arch Linux Linode VPS and I'm pretty happy > with it. > > >> 2) Hard to maintain, can crash at any moment, will drive me to early >> grave > > It is a bit of a pain to initially configure, but after spending a > couple hours getting it set up, I've almost never had to touch the > configuration, except when I added SpamAssassin and, later, procmail to > the stack. Aye, but I have the following concerns regarding hosting the server myself: - Only have one server - no redundancy or reliability - No source of income -> no possibility of VPS AFAIK - DKIM, PTR, SPF, rDNS all require money and static IP (more money) Will keep this option in mind. Gesh |
Suggestions for email for a paranoid Archer
Problem - as a high school graduate, I don't exactly have a steady source
of income. I could try to find income sources, but I'm not aware of what cheap VPSs exist. in the wiki, you can find some vps provider providing arch. check their prizes, some are below 10€/month. as i'm in germany, i use netcup (maybe not an option for you). its pretty cheap. [1] https://wiki.archlinux.org/index.php/VPS |
Suggestions for email for a paranoid Archer
Menachem Moystoviz, Thu 2012-10-11 @ 17:50:20+0200:
> Aye, but I have the following concerns regarding hosting the server > myself: - Only have one server - no redundancy or reliability You can set up more than one if you're that worried about reliability, but it's almost certainly overkill for a personal mail server. Also, Linode offers automatic backups for an additional $5/mo. > - DKIM, PTR, SPF, rDNS all require money and static IP (more money) Basically any VPS provider will assign you a static IP address as part of the standard package. Linode gives you easy to configure PTR records; most other providers probably do the same. And I've never set up DKIM, SPF, etc. and yet I've never had problems with people receiving mail from my domain. Results may vary, of course, but I don't think it's a big deal as long as you aren't hosting your MTA on a PC in your basement with a dynamic address from your ISP or something. |
| All times are GMT. The time now is 04:43 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.