Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   ArchLinux General Discussion (http://www.linux-archive.org/archlinux-general-discussion/)
-   -   Suggestions for email for a paranoid Archer (http://www.linux-archive.org/archlinux-general-discussion/711443-suggestions-email-paranoid-archer.html)

Menachem Moystoviz 10-11-2012 11:23 AM

Suggestions for email for a paranoid Archer
 
Recently, my paranoia levels have been ratcheted up by reading about
companies' treatment of their users, along with an increasing awareness
of my powerlessness with respect to most content providers.
I therefore curbed most online activity and have attempted to host those
services I used on my own server, in most cases living without when
I didn't succeed.

Two months ago, I attempted to install postfix and dovecot on my Arch box
in order to be able to host my own mail. Naively I thought that all I needed
was the right software and a dynamic DNS address. In other words,
I thought it would be as simple as setting up a web server.

Naturally, I found out that most anti-spam software is leery of mail from
dynamic DNS hosts who do not have rDNS and PTR records set up,
that they preferred DKIM mail, etc.

Seeing as these involve even more effort, I thought to ask the enlightened
members of the Arch community which solution they would suggest me to use,
because I trust you to have made intelligent decisions in this matter and
believe you understand this outlook. Also, I've seen many users with email
addresses issued by their own domain, which leads me to believe some of
you may have gone through this before.

The alternatives I'm aware of are:
1) Do what most people do, and just sign up for webmail, paranoia demanding
me to download all email every day. Possibly alias the domain by routing
everything through postfix first.
2) Host my own server, paranoia demanding multiple redundant backups.
3) No email - Knuth style

Pros:
1) Very reliable, better support, and non-crazy
2) Gain vast amounts of power over my email
3) Less distraction, no effort at all

Cons:
1) Less control, more black box. Is aliasing even possible? Too many providers -
which to choose?
2) Hard to maintain, can crash at any moment, will drive me to early grave
3) Harder to keep in touch with people this way, harder to check what's going on

Which do you suggest? Do you have an alternative?

Thanks in advance,

Gesh

Garrik 10-11-2012 12:43 PM

Suggestions for email for a paranoid Archer
 
Le Thu, 11 Oct 2012 13:23:32 +0200,
Menachem Moystoviz <moystovi@g.jct.ac.il> a écrit :

> Recently, my paranoia levels have been ratcheted up by reading about
> companies' treatment of their users, along with an increasing
> awareness of my powerlessness with respect to most content providers.
> I therefore curbed most online activity and have attempted to host
> those services I used on my own server, in most cases living without
> when I didn't succeed.
>
> Two months ago, I attempted to install postfix and dovecot on my Arch
> box in order to be able to host my own mail. Naively I thought that
> all I needed was the right software and a dynamic DNS address. In
> other words, I thought it would be as simple as setting up a web
> server.
>
> Naturally, I found out that most anti-spam software is leery of mail
> from dynamic DNS hosts who do not have rDNS and PTR records set up,
> that they preferred DKIM mail, etc.
>
> Seeing as these involve even more effort, I thought to ask the
> enlightened members of the Arch community which solution they would
> suggest me to use, because I trust you to have made intelligent
> decisions in this matter and believe you understand this outlook.
> Also, I've seen many users with email addresses issued by their own
> domain, which leads me to believe some of you may have gone through
> this before.
>
> The alternatives I'm aware of are:
> 1) Do what most people do, and just sign up for webmail, paranoia
> demanding me to download all email every day. Possibly alias the
> domain by routing everything through postfix first.
> 2) Host my own server, paranoia demanding multiple redundant backups.
> 3) No email - Knuth style
>
> Pros:
> 1) Very reliable, better support, and non-crazy
> 2) Gain vast amounts of power over my email
> 3) Less distraction, no effort at all
>
> Cons:
> 1) Less control, more black box. Is aliasing even possible? Too many
> providers - which to choose?
> 2) Hard to maintain, can crash at any moment, will drive me to early
> grave 3) Harder to keep in touch with people this way, harder to
> check what's going on
>
> Which do you suggest? Do you have an alternative?
>
> Thanks in advance,
>
> Gesh

I chose the 2d alternative, but I have a fixed IPv4 adress since I host
my contents on a dedicated server, so I didn't met theses
dynamic DNS problems.

For the backup part, a simple script using rsync in crond.whatever will
take good care of it.

Sometimes, your IP can be registered as "spam adress" on some DNSBL,
but most of the time you can ask to be removed from this list by
proving you own that IP.

If you tend to be paranoïd, this solution has some drawbacks :

- Security will sometimes make you sweat (Unless your are a security
pro)
- What guarantees you that your provider doesn't peek in your hard
drive?

To answer to the second problem, when I have some really critical files
I save them on an encrypted partition that is closed most of the time.


Hope this helps
--
Garrik

Krzysztof Warzecha 10-11-2012 12:48 PM

Suggestions for email for a paranoid Archer
 
I believe first question you need to answer is: what is your threat model?

Are you afraid of losing all your mails (backups)? Losing control over
your email address? What are you going to do if you can't login to
your mailbox tommorow? How much do you mind if someone else gain
access to your old mails? Computer criminalists, government, rouge
google admin, google scanning your emails content for targeted
advertising (privacy / security)? Are delays in delivering mail
acceptable? (there are more questions)

backups: getmail or imapsync and backup them like files
control over mail address: buy your own domain, setup on your own
server or something like google apps
privacy / security: computer criminalists: good unique password,
2-factor authentication, use only trusted devices, don't do anything
stupid
privacy / security: government and google: use gpg to encrypt / sign
your mails or setup your own server (with luks; remember, government
can just steal your server from datacenter and there is nothing you
can do about it)

I think your own domain + backups + google apps is pretty good setup.
Secure, reliable, cheap and you can switch to other hosting without
changing your email address. If you don't trust google or government
(well, you shouldn't :P) then setup your own email box.

2012/10/11 Menachem Moystoviz <moystovi@g.jct.ac.il>:
> Recently, my paranoia levels have been ratcheted up by reading about
> companies' treatment of their users, along with an increasing awareness
> of my powerlessness with respect to most content providers.
> I therefore curbed most online activity and have attempted to host those
> services I used on my own server, in most cases living without when
> I didn't succeed.
>
> Two months ago, I attempted to install postfix and dovecot on my Arch box
> in order to be able to host my own mail. Naively I thought that all I needed
> was the right software and a dynamic DNS address. In other words,
> I thought it would be as simple as setting up a web server.

Use cheap vps with static ip, it will be much easier. I doubt anyone
keeps their mail server in home with dynamic ip.

--
Krzysztof Warzecha

David Rosenstrauch 10-11-2012 01:46 PM

Suggestions for email for a paranoid Archer
 
On 10/11/2012 07:23 AM, Menachem Moystoviz wrote:

Also, I've seen many users with email
addresses issued by their own domain, which leads me to believe some of
you may have gone through this before.



The alternatives I'm aware of are:
1) Do what most people do, and just sign up for webmail, paranoia demanding
me to download all email every day. Possibly alias the domain by routing
everything through postfix first.
2) Host my own server, paranoia demanding multiple redundant backups.
3) No email - Knuth style


I do a combination of #1 and #2.

I have a (cheap!) web hosting account (with Dreamhost) which also
provides me with an email address on their mail system. I have the DNS
entries for my domain point to Dreamhost, so any mail for my domain gets
delivered there.


But I only use Dreamhost as a mail drop-off point - I don't store my
mail there. I have a cron job that runs fetchmail every few minutes
which pulls the mail down to my home server, where I'm running dovecot,
exim, and squirrelmail (webmail), and I access my mail there. (As well
as make periodic backups of all the mail stored there.)


For outgoing mail I do the same in reverse. I have exim on my home
server set up to relay any outgoing mail up to dreamhost's SMTP server.
That gets me around the issue of not being able to send mail from a
dynamic IP.


HTH,

DR

Taylor Hedberg 10-11-2012 01:56 PM

Suggestions for email for a paranoid Archer
 
Menachem Moystoviz, Thu 2012-10-11 @ 13:23:32+0200:
> Which do you suggest? Do you have an alternative?

I use Postfix + Dovecot on an Arch Linux Linode VPS and I'm pretty happy
with it.


> 2) Hard to maintain, can crash at any moment, will drive me to early
> grave

It is a bit of a pain to initially configure, but after spending a
couple hours getting it set up, I've almost never had to touch the
configuration, except when I added SpamAssassin and, later, procmail to
the stack.

Menachem Moystoviz 10-11-2012 03:46 PM

Suggestions for email for a paranoid Archer
 
Thank you. The questions posed were quite enlightening, and showed me
that this needs a bit more thought.
> I believe first question you need to answer is: what is your threat model?
>
> Are you afraid of losing all your mails (backups)? Losing control over
> your email address? What are you going to do if you can't login to
> your mailbox tommorow? How much do you mind if someone else gain
> access to your old mails? Computer criminalists, government, rouge
> google admin, google scanning your emails content for targeted
> advertising (privacy / security)? Are delays in delivering mail
> acceptable? (there are more questions)
Off the top of my head, the most basic fears are loss of emails and
access, and people who aren't me or
who haven't received specific authorization from me reading my emails.
Delays are fine, as long as the mail gets out there.

> backups: getmail or imapsync and backup them like files
> control over mail address: buy your own domain, setup on your own
> server or something like google apps
Is buying the domain necessary? I can get five free subdomains on freedns.
I do own a server, which is, for a lack of a better place to put it, in my room.
> privacy / security: computer criminalists: good unique password,
> 2-factor authentication, use only trusted devices, don't do anything
> stupid
Sound advice. Bit of an issue since I don't control most devices available to me
and the other people using the devices I do control would be annoyed at the
measures I would take to secure it.
> privacy / security: government and google: use gpg to encrypt / sign
> your mails or setup your own server (with luks; remember, government
> can just steal your server from datacenter and there is nothing you
> can do about it)
Signing emails is something I've been wanting to set up for a while now.
How do I encrypt the mail on google's servers? It seems like my best choice
in this arena is trying to minimize the window of attack on google's servers
and strongly securing my own.
> I think your own domain + backups + google apps is pretty good setup.
> Secure, reliable, cheap and you can switch to other hosting without
> changing your email address. If you don't trust google or government
> (well, you shouldn't :P) then setup your own email box.
Doesn't google apps require you to install their apps on your server?
How would you migrate from them?
> Use cheap vps with static ip, it will be much easier. I doubt anyone
> keeps their mail server in home with dynamic ip.
Problem - as a high school graduate, I don't exactly have a steady source
of income. I could try to find income sources, but I'm not aware of what
cheap VPSs exist.
>
> --
> Krzysztof Warzecha

Again, thanks a lot. You have certainly clarified some of the issues I need to
think about.

Gesh

Menachem Moystoviz 10-11-2012 03:47 PM

Suggestions for email for a paranoid Archer
 
> I do a combination of #1 and #2.
>
> I have a (cheap!) web hosting account (with Dreamhost) which also provides
> me with an email address on their mail system. I have the DNS entries for
> my domain point to Dreamhost, so any mail for my domain gets delivered
> there.
>
> But I only use Dreamhost as a mail drop-off point - I don't store my mail
> there. I have a cron job that runs fetchmail every few minutes which pulls
> the mail down to my home server, where I'm running dovecot, exim, and
> squirrelmail (webmail), and I access my mail there. (As well as make
> periodic backups of all the mail stored there.)
>
> For outgoing mail I do the same in reverse. I have exim on my home server
> set up to relay any outgoing mail up to dreamhost's SMTP server. That gets
> me around the issue of not being able to send mail from a dynamic IP.
>
> HTH,
>
> DR
>

That sounds more or less like what I intended to do before asking for
advice here...
Thanks.
Gesh

Menachem Moystoviz 10-11-2012 03:50 PM

Suggestions for email for a paranoid Archer
 
On Thu, Oct 11, 2012 at 3:56 PM, Taylor Hedberg <tmhedberg@gmail.com> wrote:
> Menachem Moystoviz, Thu 2012-10-11 @ 13:23:32+0200:
>> Which do you suggest? Do you have an alternative?
>
> I use Postfix + Dovecot on an Arch Linux Linode VPS and I'm pretty happy
> with it.
>
>
>> 2) Hard to maintain, can crash at any moment, will drive me to early
>> grave
>
> It is a bit of a pain to initially configure, but after spending a
> couple hours getting it set up, I've almost never had to touch the
> configuration, except when I added SpamAssassin and, later, procmail to
> the stack.

Aye, but I have the following concerns regarding hosting the server myself:
- Only have one server - no redundancy or reliability
- No source of income -> no possibility of VPS AFAIK
- DKIM, PTR, SPF, rDNS all require money and static IP (more money)

Will keep this option in mind.

Gesh

"G. Schlisio" 10-11-2012 03:55 PM

Suggestions for email for a paranoid Archer
 
Problem - as a high school graduate, I don't exactly have a steady source
of income. I could try to find income sources, but I'm not aware of what
cheap VPSs exist.
in the wiki, you can find some vps provider providing arch. check their
prizes, some are below 10€/month.
as i'm in germany, i use netcup (maybe not an option for you). its
pretty cheap.


[1] https://wiki.archlinux.org/index.php/VPS

Taylor Hedberg 10-11-2012 04:14 PM

Suggestions for email for a paranoid Archer
 
Menachem Moystoviz, Thu 2012-10-11 @ 17:50:20+0200:
> Aye, but I have the following concerns regarding hosting the server
> myself: - Only have one server - no redundancy or reliability

You can set up more than one if you're that worried about reliability,
but it's almost certainly overkill for a personal mail server. Also,
Linode offers automatic backups for an additional $5/mo.


> - DKIM, PTR, SPF, rDNS all require money and static IP (more money)

Basically any VPS provider will assign you a static IP address as part
of the standard package. Linode gives you easy to configure PTR records;
most other providers probably do the same.

And I've never set up DKIM, SPF, etc. and yet I've never had problems
with people receiving mail from my domain. Results may vary, of course,
but I don't think it's a big deal as long as you aren't hosting your MTA
on a PC in your basement with a dynamic address from your ISP or
something.


All times are GMT. The time now is 12:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.