Upgrade to kiln 0.2
This commit is contained in:
104
content/blog/2017-11-16-email.gmi
Normal file
104
content/blog/2017-11-16-email.gmi
Normal file
@@ -0,0 +1,104 @@
|
||||
---
|
||||
title: "Email!"
|
||||
---
|
||||
|
||||
## Email sucks
|
||||
|
||||
It really does, and yet we still need it. I've been hosting my own for over a
|
||||
decade now, although for the bulk of the time I outsourced most of the mail
|
||||
server smarts necessary to do so to the excellent Symbiosis virtual hosting
|
||||
package, although I switched to `@tomav`'s docker-mailserver about six months
|
||||
ago.
|
||||
|
||||
=> https://symbiosis.bytemark.co.uk Symbiosis
|
||||
=> https://github.com/tomav/docker-mailserver docker-mailserver
|
||||
|
||||
Today, I finally switched to running my own mail server, directly on the server
|
||||
with no third-party configuration or any docker. "But why?!" cried a friend
|
||||
desperately, pointing out the existence of Mailcow and Libre.sh,
|
||||
in addition to the options I'd already tried.
|
||||
|
||||
=> https://libre.sh, Libre.sh
|
||||
|
||||
The mail server setup I wanted had two requirements:
|
||||
|
||||
* Use as few system resources as possible
|
||||
* Be as unobtrusive to the rest of the system as possible
|
||||
|
||||
Both of these requirements are tightly linked to *where* I self-host my
|
||||
email. Normally, servers are hosted in datacentres with big, fast Internet
|
||||
connections. About 2 years ago, I noticed that home Internet connections are
|
||||
quite fast enough, thank you very much; since then, I've mostly been running
|
||||
email on servers sat at home. In York, I used a standard rack-mounted server
|
||||
that hid in the larder!
|
||||
|
||||
In Shetland (more on that another time), I've switched to an
|
||||
APU2, which also happens to be my router, website, and everything else as well.
|
||||
Yes, this post was served from Shetland!
|
||||
|
||||
=> https://pcengines.ch/apu2.htm APU2
|
||||
|
||||
Being tiny and multi-purpose, a heavyweight mail server solution wasn't an
|
||||
option. In particular, no Docker. It would be absurd to install Docker on a
|
||||
machine acting as a router. And in any case, I was always terrible about
|
||||
rebuilding the containers to get fixes for security issues - I'm too used to
|
||||
`unattended-upgrades`.
|
||||
|
||||
The good thing about docker-based mail server setups is that they are very
|
||||
self-contained - it's just a few files in `/var/lib/docker`, in the end.
|
||||
non-docker mail server solutions like Symbiosis or Mailcow have an unfortunate
|
||||
tendency to try to take over the whole machine. They come with piles of
|
||||
dependencies, maybe a database and web interface you have to hook up, config
|
||||
files modified or added across the system. It's not pretty. You also tend to
|
||||
be stuck on older OS versions for an extended period as the vendor takes a while
|
||||
to port their octopus-like solution to the updated system.
|
||||
|
||||
## Make it better?
|
||||
|
||||
I use Debian on all my personal hardware. It's rock-solid and comes with lots of
|
||||
useful software, with very useful default configurations. I also have a set of
|
||||
Ansible recipes I use to automate setting things up on those machines - you can
|
||||
view them on the link below.
|
||||
|
||||
=> https://debian.org
|
||||
=> https://ansible.com
|
||||
=> https://code.ur.gs/lupine/ansible-personal
|
||||
|
||||
So, I resolved to create a minimal set of Ansible recipes that would get email
|
||||
working simply by installing Debian packages and modifying their configuration,
|
||||
with as light a touch as possible. You can view what I ended up with in the
|
||||
`mail` role, so I won't document them in detail, but here's a brief overview:
|
||||
|
||||
* Exim4 SMTP server
|
||||
* Dovecot IMAP server
|
||||
* amavisd-new + spam-assassin
|
||||
|
||||
Everything gets solid TLS support, using certificates issued by LetsEncrypt.
|
||||
It's quite rare to have a mail server with valid certificates! In any case, if
|
||||
someone wants *my* email archive, they'll have to serve the warrant on *me* to
|
||||
get it. And the APU2 is small enough to hide under a floorboard or so, if I
|
||||
turned out to be really paranoid...
|
||||
|
||||
=> https://letsencrypt.org LetsEncrypt
|
||||
|
||||
## TODO
|
||||
|
||||
The anti-spam setup is extremely rudimentary, and will likely need a lot of
|
||||
extra work. I'll see how much spam comes in and adjust accordingly. Ultimately,
|
||||
this was the most disappointing part of the setup - it's Perl-heavy and it took
|
||||
a lot of head-scratching to work out how the different parts even fit together.
|
||||
|
||||
There's no webmail. I'm OK with that.
|
||||
|
||||
Dovecot has solr and lucene search engine integration. I doubt either will fit
|
||||
onto the APU2, but I'll evaluate it.
|
||||
|
||||
A long-term ambition of mine is to put together a vertical slice of email
|
||||
functionality as a single, neat daemon that's optimised for the small, single
|
||||
domain use case - a sort of Caddy for email. It could even use JMAP and database
|
||||
storage instead of IMAP and Maildir, ship a HTTP server, and handle the tricky
|
||||
DNS parts too.
|
||||
|
||||
One day. Until then, this setup is working well enough. Give it a try!
|
||||
|
||||
=> https://caddyserver.com Caddy
|
||||
Reference in New Issue
Block a user