Hosting home email

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

Serendipity

New member
Nov 3, 2020
4
0
Hi all, since I know this a topic with a lot of opposing opinions online I want to know what the thought is on hosting an email server at home and whether it can be done securely and reasonably easily (for an IT/computer security professional).

For security reasons I'm thinking Linux vs windows but I'm open to suggestions and figure this is the best place to get an informed opinion.
 
it can be done securely and reasonably easily (for an IT/computer security professional).
Email is not secure, and probably never will be. It's pure, unencrypted, text, after all.

Your ISP will 99% likely NOT let you host it at home, and most probably will ACTIVELY interfere if you try.

Have you looked into something like The Helm? That sounds like your best option for easy, but not free.
 
So I should clarify. I get that email itself is plaintext, my secure comment was more to the server itself.

I will admit that I totally failed to think about the ISP aspect since Im used to being able to easily avoid that for most of the services ive run for home servers but im not sure if/how that would work with SMTP...

I remember reading about the helm a while back but had forgotten about it until you mentioned it so ill give it a read and refresh my memory on cost and how it works.
Email is not secure, and probably never will be. It's pure, unencrypted, text, after all.

Your ISP will 99% likely NOT let you host it at home, and most probably will ACTIVELY interfere if you try.

Have you looked into something like The Helm? That sounds like your best option for easy, but not free.
 
I'm in the UK and did this for many years albeit some time ago now. My broadband Internet provider (Now Virgin) didn't care and certainly didn't interfere in any way. It was a physical CentOS server using Postfix and Cyrus IMAP. However, I did choose to move the mail service to the cloud where I still manage my own mail server.

Running a home-based mail server became difficult for several reasons. The main ones were: it become clear that some Internet mail servers were starting to dislike sending traffic to some IP address blocks - my guess is ones identified for non-commercial/home Internet use and having a DNS PTR record which didn't resolve to the same domain as the A record was problematic. Another reason was reliability both at the network layer and of the physical hardware. Other reasons were cost, noise, heat etc - put simply I didn't want a noisy server running full-time in the office.

Hope that's useful.

Andrew
 
My broadband Internet provider (Now Virgin) didn't care and certainly didn't interfere in any way.
It may be different in different countries, but here in Canada the two majors (Bell and Rogers) both have very specific wording in their acceptable use policy. You may get away with it, even for some length of time, but if you cause ANY grief for them, they will go on the attack, and you may even get kicked off the services. Of course, if you pay at 3x the rate and get "business service" then you can do whatever you want.

Here's a quote from the Rogers terms of use:

Prohibited Activities Without limitation, you may not use (or allow anyone else to use) our Services to:

...

xvi. operate a server in connection with the Services, including, without limitation, mail, news, file, gopher, telnet, chat, Web, or host configuration servers, multimedia streamers or multi-user interactive forums;
 
A friend and I have looked at The Helm, it looks pretty good.

There is a concern about the internet side of the service which is provided as part of the annual fee. It seems like a perfect place for The Helm to be like Google and parse the email to sell information about you to others. We couldn't find anything addressing this directly.

I may just do it anyway, as it would get my information away from Google.
 
What is the problem you are trying to solve?

I am using a custom domain on M365 but come from a background of running a mail server at home, one that I understood and managed at work so could use at home with no issues.

Simplicity: a NAS like a Synology that will give you a simple mailserver; you will want to look at having SMTP over TLS and a secure connection for you to leverage the mailboxes. It could be a pain in the behind maintaining this and having a good anti-spam solution.

Which is why I use M365. It's not perfect but costs me peanuts annually on a Family sub and costs me zero time once set up....
 
I would prefer my email not to be used to monetize me.

Using O365 would give Microsoft more information to try and tweak advertisements for me, and as Windows gets more intrusive advertising added, this will be more obnoxious.

The other issue is most home ISPs have rules and even blocking for servers on their network, preventing email servers from existing. Using O365 gets around this as the mail server is hosted by Microsoft. The Helm has a server for you allocated on their network, and the server transfers your email to your home server. In theory, not on their servers long enough to be monetized, but I don't know. The Helm process allows you to host your own server, yet have a non-home server that is trusted by senders and not blocked by your ISP, storing your email for your domain.

I just can't find out how long the Helm internet servers hold your mail, and the transfer process.
 
Helm internet servers hold your mail, and the transfer process
The transfer process is probably just IMAP... potentially over a VPN to their servers. The Helm device in your house is required to retrieve the email from their servers and then presumably they remove it when the transaction commits. I believe they provide a backup service for your device, so I guess in some sense they'll get it back, but it will then be locally encrypted before being backed up into their server. The fact remains that email is not secure from the originator, so if you're worried about that aspect, you should probably not... or else you would want to use SMIME or PGP.
 
The transfer process is probably just IMAP... potentially over a VPN to their servers. The Helm device in your house is required to retrieve the email from their servers and then presumably they remove it when the transaction commits. I believe they provide a backup service for your device, so I guess in some sense they'll get it back, but it will then be locally encrypted before being backed up into their server. The fact remains that email is not secure from the originator, so if you're worried about that aspect, you should probably not... or else you would want to use SMIME or PGP.
I understand the insecurity of email and have attempted to school financial institutions on their blatant lack of security using such a porous system. BofA was baffled when I emailed an encrypted zip and left a voicemail with the 28 random character password. They enabled an upload capability for me instead of dealing with me on that level.

The backups are locally encrypted, that much was clear. The transfer technology was not clear. Thanks.
 
Unfortunately, The Helm has posted that supply chain issues are causing them to shutdown at the end of 2022.