I have unsuccessfully tried to use the self-hosting package provided by efoundation.
The main reason may be that reverse DNS proved to be unefficient or undetected (or both) but may be it is mainly because I run my own server with its own apache website, and more importantly its own mail server (currently dovecot+opensmtpd), whereas the installation of murena nextcloud image works under the assumption that it will provide such services for a domain initially not providing them.
My idea to selfhost the services was linked to the fact that at a time I enthusiastically connected more and more of my activities, both private and public, with my e.email adress but then it proved a poor if not disastrous choice and already before it proved so problematic (due to a blocage of any sent email, to drastic spam filtration leading to 50% to 100% of my legitimate email sent in the spam folder and of course due to the interruption of services we endured) I already had concerns about where all my data were stored and eventually circulated between various servers in the world. I am located in France and since then I have read that perhaps at least my data were located in Europe, so perhaps it was not so big an issue as if it had been stored in the United States.
So at a time I would have liked very much to self-host at least my email adress and why not other services but I still am reluctant to take an other hosting with an other domain than my previous one and additional costs and anyway I am in the process of not using murena and e.email adresses anymore at all. Anyway do you consider it possible apart from using a complete nextcloud image, just by tuning my own servers to use murena identity as a selfhosted adress? In order to do so would it be interesting to implement a temporary selfhosted image then using its configuration to modify my own servers? Is such an idea doable, but also would it be OK or problematic for murena, for my own safety and others’ ? I at least have the possibility to use different software servers with the debian distribution that I am using.
Sorry if my questions are inaccurate: my knowledge in computer science is mainly autodidactic and I may have false notions and deep ignorance in fields that should be required to do what I was considering to do, I may also not have one tenth of the required time to do this.
My guess is that these ideas led me in a dead end but I am posting this both out of interest as an opportunity to learn some notions and as an attempt to “save” these email identities with murena.io and e.email which proved rather unadapted to my needs in various aspects.
Anyway I don’t intend to blame anyone and I will be thankful for any insight regarding these matters. And may be I will anyway give it a try later if the procedure is to evolve in the future.
I wouldn’t say that I am happy about it but at least, the answer is clear.
My personal email server is already set up and I can send email with it but until now I never sent thousands of mails with it and I don’t think I will ever unless someone may take illegitimate control of it - which I hope won’t and didn’t happen.
I am also reluctant to use this server as an official email address because I lack the knowledge, resources to securitise it and its data enough for such a use. These limitations include the fact that I have failed to understand so far how to make such a server legitimate for a variety of other servers when I send emails to (legitimate) lists of people due to associative activities, which may sometime entail the emission of hundreds of email indeed.
security 101: only allow ssh pubkey auth in your sshd config - no password/challenge. Ignore the ssh login log noise. Enable unattended upgrades. Install “etckeeper” and backup /etc/.git on christmas - your path to recovery.
mail: there’s lots of acronyms, you really have to care only about 3. Most helper solutions guide you through them
reverse-dns (“rdns”, “ptr record”) - done at the provider of your ip, not your dns provider
spf (sender policy framework): sounds complicated, one easy line at your dns provider
dkim: as spf a dns entry again, you’ll need to copy over a lengthy generated public key from the mail setup
Incoming spam got solved by rspamd.
The concepts can be substantial, but by mere action it isn’t much effort.
I’d focus on basics - using the commandline can turn out to be simpler than any panels. The OP seems to have enough familiarity, it’s more about confidence and failing gracefully.
there are turnkey packages (mailinabox, mailcow, modoboa) - but configuring dovecot and postfix (or opensmtpd) is straightforward if you host mail only for yourself.
That’s right. I do
I also think that the various advices collected here will be useful.
Thanks to all, I don’t reply because it takes time but I will back eventually to give some feedback.
Hi,
I mainly used this link : Setting up a mail server with OpenSMTPD, Dovecot and Rspamd · poolp.org
because it is really what I had already (though the help is aimed at openbsd distribution, not debian but it seemed not too different finally)
SPF was already configured in my DNS zone. I assumed having known what I was doing at the time
I added dkim as described in the link above and combined it with rspamd
I also added dmarc in my DNS Zone as adviced
I actualised ReverseDNS in my IP Provider
Key authenticated in ssh already works, it is still in process because I may connect from various locations
So far my empty test email to my professional adress has been put into a spam folder when I click it is legitimate email it soons returns back to the spam folder in the webmail, but if I say it’s acceptable to my email client then it remains in the Inbox but with its subject changed into {Spam?} test
Part of its classification may be related to it emptyness because when checking the mail source I got this but dkim doesn’t seem to be working. Anyway it may be too soon and I may have to check with a not-empty mail.
I also had to upgrade opensmtpd to stable-backports version because it wouldn’t work with openssl3
MailScanner-SpamCheck: polluriel, SpamAssassin (score=6.894, requis 6,
autolearn=disabled, AWL 0.45, DKIM_SIGNED 0.00, DKIM_VALID -0.00,
DKIM_VALID_AU -0.10, DKIM_VALID_EF -0.10, EMPTY_MESSAGE 2.34,
FROM_SUSPICIOUS_NTLD 0.50, FROM_SUSPICIOUS_NTLD_FP 1.00,
P1_EFROM_BULK_GTLD 1.00, P1_FROM_BULK_GTLD 1.00,
PDS_OTHER_BAD_TLD 1.00, SPF_HELO_PASS -0.10, SPF_PASS -0.10)
X-up1-MailScanner-SpamScore: ssssss
I then wrote a real email to different adresses I am using, including a CC to my professional address and it was received and marked clean, even by e.email, for which I get so many legitimate emails in the spam folder.
Best wishes and a huge lot of thanks again for your advices and encouragements, sorry I didn’t use ispconfig so far, not sure I will need it!
I can recommend https://www.mail-tester.com/ (and Mailhardener email tools) if you haven’t done it already to be sure on outgoing dkim stamping etc. But looks to be right in the spamassassin report already (or there would’ve been a plus count).
… and 5 different TLD criteria upping the score towards “bad”. With a mail body you’d have ended up at ~5.5ish. If you send to lots of receivers with SpamAssassin and that particular ruleset enabled (is this a default?), a regular country TLD might prove to be better.