Hosting home email

[Serendipity]

Hi all, since I know this a topic with a lot of opposing opinions online I want to know what the thought is on hosting an email server at home and whether it can be done securely and reasonably easily (for an IT/computer security professional).

For security reasons I'm thinking Linux vs windows but I'm open to suggestions and figure this is the best place to get an informed opinion.

 

[PHolder]

it can be done securely and reasonably easily (for an IT/computer security professional).

Email is not secure, and probably never will be. It's pure, unencrypted, text, after all.

Your ISP will 99% likely NOT let you host it at home, and most probably will ACTIVELY interfere if you try.

Have you looked into something like The Helm? That sounds like your best option for easy, but not free.

 

[Serendipity]

So I should clarify. I get that email itself is plaintext, my secure comment was more to the server itself.

I will admit that I totally failed to think about the ISP aspect since Im used to being able to easily avoid that for most of the services ive run for home servers but im not sure if/how that would work with SMTP...

I remember reading about the helm a while back but had forgotten about it until you mentioned it so ill give it a read and refresh my memory on cost and how it works.

Email is not secure, and probably never will be. It's pure, unencrypted, text, after all.

Your ISP will 99% likely NOT let you host it at home, and most probably will ACTIVELY interfere if you try.

Have you looked into something like The Helm? That sounds like your best option for easy, but not free.

 

[AndrewGawthrope]

I'm in the UK and did this for many years albeit some time ago now. My broadband Internet provider (Now Virgin) didn't care and certainly didn't interfere in any way. It was a physical CentOS server using Postfix and Cyrus IMAP. However, I did choose to move the mail service to the cloud where I still manage my own mail server.

Running a home-based mail server became difficult for several reasons. The main ones were: it become clear that some Internet mail servers were starting to dislike sending traffic to some IP address blocks - my guess is ones identified for non-commercial/home Internet use and having a DNS PTR record which didn't resolve to the same domain as the A record was problematic. Another reason was reliability both at the network layer and of the physical hardware. Other reasons were cost, noise, heat etc - put simply I didn't want a noisy server running full-time in the office.

Hope that's useful.

Andrew

 

[PHolder]

My broadband Internet provider (Now Virgin) didn't care and certainly didn't interfere in any way.

It may be different in different countries, but here in Canada the two majors (Bell and Rogers) both have very specific wording in their acceptable use policy. You may get away with it, even for some length of time, but if you cause ANY grief for them, they will go on the attack, and you may even get kicked off the services. Of course, if you pay at 3x the rate and get "business service" then you can do whatever you want.

Here's a quote from the Rogers terms of use:

Prohibited Activities Without limitation, you may not use (or allow anyone else to use) our Services to:

...

xvi. operate a server in connection with the Services, including, without limitation, mail, news, file, gopher, telnet, chat, Web, or host configuration servers, multimedia streamers or multi-user interactive forums;

 

[Darcon]

A friend and I have looked at The Helm, it looks pretty good.

There is a concern about the internet side of the service which is provided as part of the annual fee. It seems like a perfect place for The Helm to be like Google and parse the email to sell information about you to others. We couldn't find anything addressing this directly.

I may just do it anyway, as it would get my information away from Google.

 

[Lob]

What is the problem you are trying to solve?

I am using a custom domain on M365 but come from a background of running a mail server at home, one that I understood and managed at work so could use at home with no issues.

Simplicity: a NAS like a Synology that will give you a simple mailserver; you will want to look at having SMTP over TLS and a secure connection for you to leverage the mailboxes. It could be a pain in the behind maintaining this and having a good anti-spam solution.

Which is why I use M365. It's not perfect but costs me peanuts annually on a Family sub and costs me zero time once set up....

 

[Darcon]

I would prefer my email not to be used to monetize me.

Using O365 would give Microsoft more information to try and tweak advertisements for me, and as Windows gets more intrusive advertising added, this will be more obnoxious.

The other issue is most home ISPs have rules and even blocking for servers on their network, preventing email servers from existing. Using O365 gets around this as the mail server is hosted by Microsoft. The Helm has a server for you allocated on their network, and the server transfers your email to your home server. In theory, not on their servers long enough to be monetized, but I don't know. The Helm process allows you to host your own server, yet have a non-home server that is trusted by senders and not blocked by your ISP, storing your email for your domain.

I just can't find out how long the Helm internet servers hold your mail, and the transfer process.

 

[PHolder]

Helm internet servers hold your mail, and the transfer process

The transfer process is probably just IMAP... potentially over a VPN to their servers. The Helm device in your house is required to retrieve the email from their servers and then presumably they remove it when the transaction commits. I believe they provide a backup service for your device, so I guess in some sense they'll get it back, but it will then be locally encrypted before being backed up into their server. The fact remains that email is not secure from the originator, so if you're worried about that aspect, you should probably not... or else you would want to use SMIME or PGP.

 

[Darcon]

The transfer process is probably just IMAP... potentially over a VPN to their servers. The Helm device in your house is required to retrieve the email from their servers and then presumably they remove it when the transaction commits. I believe they provide a backup service for your device, so I guess in some sense they'll get it back, but it will then be locally encrypted before being backed up into their server. The fact remains that email is not secure from the originator, so if you're worried about that aspect, you should probably not... or else you would want to use SMIME or PGP.

I understand the insecurity of email and have attempted to school financial institutions on their blatant lack of security using such a porous system. BofA was baffled when I emailed an encrypted zip and left a voicemail with the 28 random character password. They enabled an upload capability for me instead of dealing with me on that level.

The backups are locally encrypted, that much was clear. The transfer technology was not clear. Thanks.

 

[Darcon]

Unfortunately, The Helm has posted that supply chain issues are causing them to shutdown at the end of 2022.

 

[PHolder]

causing them to shutdown

Oh sh*t! I guess I understand, but that's very unfortunate. Very hard to build a small business into a going concern when you can't get product to sell.