From 14667c036fbde7ed46e22178f1328ac860c89104 Mon Sep 17 00:00:00 2001 From: Nick Thomas Date: Fri, 17 Nov 2017 00:03:55 +0000 Subject: [PATCH] Add email blog post --- content/post/email.md | 91 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 content/post/email.md diff --git a/content/post/email.md b/content/post/email.md new file mode 100644 index 0000000..5b6bc01 --- /dev/null +++ b/content/post/email.md @@ -0,0 +1,91 @@ ++++ +title = "Email!" +date = "2017-11-16" +tags = ["technical", "Email"] ++++ + +#### Email sucks + +It really does, and yet we still need it. I've been hosting my own for over a +decade now, although for the bulk of the time I outsourced most of the mail +server smarts necessary to do so to the excellent [Symbiosis](https://symbiosis.bytemark.co.uk) +virtual hosting package, although I switched to [@tomav's docker-mailserver](https://github.com/tomav/docker-mailserver) about six months ago. + +Today, I finally switched to running my own mail server, directly on the server +with no third-party configuration or any docker. "But why?!" cried a friend +desperately, pointing out the existence of [Mailcow]() and [Libre.sh](https://libre.sh), +in addition to the options I'd already tried. + +The mail server setup I wanted had two requirements: + +* Use as few system resources as possible +* Be as unobtrusive to the rest of the system as possible + +Both of these requirements are tightly linked to *where* I self-host my +email. Normally, servers are hosted in datacentres with big, fast Internet +connections. About 2 years ago, I noticed that home Internet connections are +quite fast enough, thank you very much; since then, I've mostly been running +email on servers sat at home. In York, I used a standard rack-mounted server +that hid in the larder! + +In Shetland (more on that another time), I've switched to an +[APU2](https://pcengines.ch/apu2.htm), which also happens to be my router, +website, and everything else as well. Yes, this post was served from Shetland! + +Being tiny and multi-purpose, a heavyweight mail server solution wasn't an +option. In particular, no Docker. It would be absurd to install Docker on a +machine acting as a router. And in any case, I was always terrible about +rebuilding the containers to get fixes for security issues - I'm too used to +`unattended-upgrades`. + +The good thing about docker-based mail server setups is that they are very +self-contained - it's just a few files in `/var/lib/docker`, in the end. +non-docker mail server solutions like Symbiosis or Mailcow have an unfortunate +tendency to try to take over the whole machine. They come with piles of +dependencies, maybe a database and web interface you have to hook up, config +files modified or added across the system. It's not pretty. You also tend to +be stuck on older OS versions for an extended period as the vendor takes a while +to port their octopus-like solution to the updated system. + +#### Make it better? + +I use [Debian](https://debian.org) on all my personal hardware. It's rock-solid +and comes with lots of useful software, with very useful default configurations. +I also have a set of [Ansible](https://ansible.com) recipes I use to automate +setting things up on those machines - you can view them [here](https://gitlab.com/lupine/ansible-personal). + +So, I resolved to create a minimal set of Ansible recipes that would get email +working simply by installing Debian packages and modifying their configuration, +with as light a touch as possible. You can view what I ended up with in the +[`mail` role](https://gitlab.com/lupine/ansible-personal/tree/master/roles/mail), +so I won't document them in detail, but here's a brief overview: + +* Exim4 SMTP server +* Dovecot IMAP server +* amavisd-new + spam-assassin + +Everything gets solid TLS support, using certificates issued by [LetsEncrypt](https://letsencrypt.org). +It's quite rare to have a mail server with valid certificates! In any case, if +someone wants **my** email archive, they'll have to serve the warrant on **me** +to get it. And the APU2 is small enough to hide under a floorboard or so, if I +turned out to be really paranoid... + +#### TODO + +The anti-spam setup is extremely rudimentary, and will likely need a lot of +extra work. I'll see how much spam comes in and adjust accordingly. Ultimately, +this was the most disappointing part of the setup - it's Perl-heavy and it took +a lot of head-scratching to work out how the different parts even fit together. + +There's no webmail. I'm OK with that. + +Dovecot has solr and lucene search engine integration. I doubt either will fit +onto the APU2, but I'll evaluate it. + +A long-term ambition of mine is to put together a vertical slice of email +functionality as a single, neat daemon that's optimised for the small, single +domain use case - a sort of [Caddy](https://caddyserver.com) for email. It could +even use JMAP and database storage instead of IMAP and Maildir, ship a +HTTP server, and handle the tricky DNS parts too. + +One day. Until then, this setup is working well enough. Give it a try!