Monday, May 30, 2016

Want to run a mailserver? No you don't!

This is the introductory post to a series I've creating on putting together and maintaining a mailserver.

Life is hard, no doubt about it. But if you want to make it really burdensome, run a mailserver.

I started down this path in 2006, or perhaps earlier, when the Internet was still just a harmless global pornography network riddled with Microsoft worms. While Spam has always accounted for a significant portion of Internet traffic, Spam's purpose is now significantly malicious. Remember this: you're not just trying to guard against erectile solicitations, you're trying to avoid Ransomware.

Before you do this, consider the pros and cons.

On the Pro side we have:
  • Amazing experience learning about technologies you mistakenly believed you already knew.
  • Absolute control over the security of your own data.*
  • Control over your own maintenance outages and patching.
  • You choose the applications and protocols, i.e. webmail interface, POP, IMAP etc.
  • Weird bragging rights; none of your friends are doing this, not even your geekier colleagues.
* "Absolute" depends on the level of paranoia and enforcement in your send and receive implementations as well as the obvious problems associated with the platform you host the server on. I don't know why I put this as a pro, I just wanted to make up the numbers.

On the Con side we have:
  • Awful experience for all the reasons that it's an amazing one.
  • Your family will blame you for any email that didn't arrive or get sent.
  • It's impossible to describe to your family why it isn't your mail server's fault, without starting to doubt yourself and trailing off mid sentence...
  • Spam can be crippling.
  • Domains and server hosting cost money.
  • You need to get a number of things aligned to avoid your mailserver being blacklisted.
  • You need a wider understanding of protocols like DNS, with which email is deeply entwined. 
  • Ridicule and derision; none of your friends are doing this, not even your geekier colleagues.
Outside of the mailserver configuration, you have these technical challenges to overcome:
  • You must be in control of your mail domain's forward DNS (resolving hostname to IP).
  • You should have a hosting service that will configure reverse DNS for you (IP to FQDN).
  • You must create and manage SSL certificates.
  • Your server must be hosted by an organisation whose IP range hasn't been blacklisted.
This will not be a one-hour process of spinning up a virtual machine, pointing the DNS to the right places, run through the exim prompts and voila join some mailing lists!

If you don't right now understand any of the abbreviations or terms above, this process is not for you! Come back later when you have a handle on SMTP, IMAP, DNS, HTTP and TLS.

No comments:

Post a Comment