Re: [libreplanet-discuss] free email

[Zygo Blaxell]

On Wed, Aug 08, 2012 at 08:01:27PM +0200, Thomas Harding wrote:
> On 08/08/2012 08:27, Ramana Kumar wrote:
> >Thomas's reply (below) wasn't sent to the list originally.
> >It seems like in the right direction, but I feel the difficulty is
> >still quite high.

I agree that it's hard, in the same sense that owning and maintaining
a house is harder than renting an apartment.

I've been running my own mail servers on free software for ~17 years now
(since I first had access to a public static IP), and it's something
I'd gladly stop doing if it weren't for the costs, disadvantages, and
risks inherent in delegating that responsibility to someone else.

> Not so :
> 
> * all you need is an ISP which offers for free or as a non free
> option a fixed IPv4 address (my case is "comes together, no extra
> cost"...) [see also inbound 25], and a "domain" you own.
> 
> * If your mail cannot outbound from your ISP net /25, you can also
> relay on your ISP servers (can't reamain the option in Postfix, but
> it is like "forwarders" in Bind). This is a bad workaround -- no
> direct "talk", you can be spied -- Not my case : there is an option
> on my ADSL box setup to allow outbound 25 :)

> * "normally" there is no restriction on 25/inbound on any ISP. If
> any, the only solution is to switch... ISP

You can often solve all three problems at once by renting a VPS host
(using the money you save by using the cheapest ISP at home, or not
bothering with an ISP at home at all).

If you get a VPS with a high user-to-host ratio that is located in a
data center where power and cooling are abundant, it can be kinder to
the Earth than a server in your basement, especially if you are living
on-grid and considering local UPS backup power for the mail server.

A paid VPS hosting company is (at least in theory) under contract
to provide services exclusively to you.  This has different privacy
implications than a gratis provider who is (in well-established industry
practice) under contract to provide services to others using your data,
or a monopoly provider who provides the only service available to you
because you live in a regulated area.

Some VPS services offer preconfigured disk images for various tasks, e.g.
Debian configured with Postfix, ClamAV, and SpamAssassin.  An experienced
user can have a new domain up and running in a few minutes with just
a credit card.  An inexperienced user can gain the gateway experience
necessary for maintaining their own dedicated server host later on,
without a big up-front expenditure on dedicated hardware.

> * "submission" port is for your personal access to your server to
> post while you connect from any location (never filtered by isps). I
> had to setup that after a journey "read only" in my family with "no
> TSP/UDP 25 outbound" :P

If you configure a VPN through your VPS host, you can protect yourself
from all kinds of local snooping/spoofing/filtering attacks, e.g. insecure
wireless, or just an intrusive local ISP.  A VPN just moves all those
problems to the VPS data center, but that's often a huge improvement.

It also means you don't have to run around securing every client and
server application individually--you secure only the ones that interact
directly with the public Internet, and firewall the rest so they are
accessible only through the VPN.

A VPN service could operate the other way as well, providing a static
IP which would route packets through the VPN to your mail host located
elsewhere.  This would let you keep your data on hardware you own
instead of having it reside on the VPS server (e.g. you could put your
mail server in a VM on your laptop and carry it around with you) and
removes the static-IP, routable-IP, and unblocked-port-25 requirements
from your home ISP.

> As a notice : this is also sadly really difficult to setup Mutt
> (text-mail client) with smtp+SSL and imaps, maybe Mutt authors could
> work on that, then integrate html.

I like mutt's "all email is inert text rendered by an external program"
model.  It's not difficult to hit 'v', pick the HTML text out of the
message, and read the HTML interactively (or throw it at a web browser)
for the few times it's needed, and that's much better than accidentally
confirming my address to spammers or doing even worse things upon receipt
of an email all the times it's not needed.

signature.asc
Description: Digital signature