Elevating Performance and Flexibility
We are excited to announce the release of Stalwart Mail Server v0.5.0. As we approach the end of the year, this significant update marks a major advancement in our journey to provide a robust, efficient, and versatile mail server solution. This latest version incorporates a range of performance enhancements, storage layer improvements, and new features, designed to elevate your email server experience.
Very interested in this as Gmail is one of my last Google cords to cut. But it doesn’t solve the issue of trying to host it from a non-commercial Internet connection. Last I remember most ISPs won’t let you open the ports required to run an email service on a home connection. Anyone have modern experience with that?
I moved from Gmail to ProtonMail, then to Mailbox.org. Ypu can set up a mailserver on your home server, but you would need a VPS that would forward the traffic to and from your home server without you needing to open any ports. This guide can help you with TLS passthrough.
But setting up your own mailserver is a big hassle. Just pay a trusted provider and keep your inbox, and preferably all emails, encrypted with GPG.
What made you switch from Proton to Mailbox, if you don’t mind sharing?
I was paying $7/m for their mail, VPN and drive services. One of my major reasons to switch was their lack of linux support. They claim that it is hard to find Linux developers. Second reason was their drive’s download and upload speeds were terrible, from where I am sitting. Their VPN service is great. I always got great speeds, but their linux apps have always been terrible. Their mail service is also great, but I would like more control over it, like Mailbox.org. on Mailbox, I can encrypt my inbox using a different key, while also having the SMTP submission feature. I really ned that to integrate emails with my websites and services. Mailbox can also encrypt their cloud drive with our key, while also providing WebDAV support (how cool is that). Their mail app on android is open-source but is not available on f-droid. And the apk they provide on their website neither has a notification functionality, nor does it auto-update. Another reason was that I was limited to 3 custom domains, unless I buy their business plan. Mailbox has no such limit.
One final reason was that I did not want to keep all my apples in one basket. So, for mail, I am using mailbox, for storage, I am using a personal nextcloud and a Hetzner managed nextcloud, for VPN, I started using mullvad, but their speeds are terrible and connections are unreliable. For passwords I am using self-hosted vaultwarden.
There are a few more reasons that I do not remember, now. Proton is great, I still trust them. But these small things really go a long way.
Thank you for that detailed reply. You have far greater needs than I do. 😊
It would be cool to do all these things and self-host. One day I’ll get there, in life.
That’s pretty much exactly my story except I went with fastmail.com, mullvad for vpn (you really need to test with some script to find your best exit nodes I forget which one I used ages ago but it found me a couple of nodes about 1000 kms away from my location and in a different country that I can do nearly a gig through routinely… Maybe it was this script? https://github.com/bastiandoetsch/mullvad-best-server) . I went with pcloud for a bit but tailscale and now currently netbird make it kind of irrelevant since its’ so easy to get all my devices able to communicate back to my house file server. I want to like hetzner so bad but every time I try it the latency to north america just kills me and the north american offering was really far away and undeveloped last time Itried it
For me the issue with Mullvad is like this… I connect to a server, I get good speeds, but after an hour or two, I get stuck at 2-3mbps. This issue gets resolved when I reconnect, even to the same server. Also, I like using OpenVPN over TCP, but their speeds, in Mullvad’s case, are terrible for all exit nodes.
It also may be the case that my ISP is deliberately ruining the IPv4 routes because I am connecting to a VPN for privacy.
Nevee saw that on wireguard once i foind the better connections for my location, weird
Most non-business Internet service in the IS has email ports blocked. They don’t open unless you switch to business class Internet and that’s $$$
Thanks for confirming. So pay for a vps to run this on, or just pay an email provider.
If the VPS allows email ports to be open.
Then deal with your email going to spam most of the time because you’re domain/IP is so new and not “warmed up” that email systems think it’s all spam.
Yeah, it seems like the latter option is the obvious answer. It’s an awful lot of work you still have to pay for. I’d rather just pay someone to offer me secure email and not harvest my information.
In my experience, this is nothing more than an urban legend at this point. There are great standards, like DMARC, DKIM, SPF, proper reverse DNS and more, that are much more reliable and are actually used by major mail servers. Pick a free service that scans the publicly visible parts of your email server and one that accepts an email that you send to them and generates a report. Make sure all checks are green. After an initial day of two of getting it right, I’ve never had trouble with any provider accepting mail and the ongoing maintenance is very low.
Milage may vary with an unknown domain and large email volumes or suspicious contents, though.
There are literally RBLs in use by many major mail providers that just contain all dynamic IPs. There are others that block entire subnets used by VPSs at certain hosters. In neither of those you can remove your IP yourself (unlike the ones that list individual IPs because of that IP’s reputation).
Weird, I’ve never had problems over the past 15 years or so and I’ve been using VPS servers exclusively. Maybe my providers were reputable enough.
I realize my evidence is only anecdotal, but that’s why I started “in my experience”. Also, common blacklists are checked by the services I mentioned.
That’s insane to me. How is that a free and open Internet? Should be illegal.
Too many people get malware that setup an email server and start sending out spam/phishing emails.
That’s interesting. Is it easily preventable?
Yes.
ISPs block email ports on residential connections to prevent this.
I meant on the part of the host. Would it be easily preventable on the server if the ports weren’t blocked by the ISP?
Not for the average person who pays for a home (vs business) internet connection.
Gmail to MXroute when Google threatened to pull the grandfathered free Gmail custom domain thing. Got their lifetime plan, easy enough to configure so outgoing mails don’t get marked as spam. However, the major downside is it’s still using Spam Assassin as spam filter.
This looks nice, even has a clean docker image.
Will check it out. Setting up postfix + dovecot with dmarc and postgres was a funny experience but it’s starting to slip out of my memory how I did it and I don’t want to be through it again.
I looked at this, it looks pretty rudimentary compared to something like Mailcow-dockerized which has a full docker stack with clamAV, sieve, etc that you can add Roundcube on to, and has worked very well for me for years. There are precious few jmap clients out there so that’s not much of a consideration really. I’d rather have rspamd itself rather than their fork of it because then I can depend on the original’s documentation, because their documentation doesn’t seem very comprehensive comparatively.
Plus, I’d rather have a stack of separate docker containers rather than a single container that munges it all together, but maybe that’s not a big deal. I like to let Postgres manage the postgres container image and not put another layer in there.
I don’t think it’s you, it generally is a bad practice to have multiple processes inside a container. It usually defeats most of the isolation, introduces problems with handling zombie processes (therefore you need an init) and restarting tools when they crash (then you need something like supervisord, which I guess this image might use - I didn’t check). Each software adds dependencies, which can conflict (again defeating the idea of containers), and of course CVEs. Then you have a problem with users etc.
So yeah, containers are generally not meant to be used this way. The project might be cool but I would be very uncomfortable running it like this, especially if that’s going to be my primary email, with all the password resetting capabilities etc.
Reading the Dockerfile in their repo, it’s simply a clean debian:slim with four compiled rust binaries placed into it. There’s no services, no supervisord, nothing except the mail server binaries themselves.
Does it run multiple processes inside the container? Looks like the entrypoint only launchs one.
Hosting the software is only part of the problem, and not the hardest one from my experience.
The great spam catcher of Microsoft and Google are incrediblely dense and arcane, mail will often be rejected or swallowed from small mail servers.
You’re right and it’s crazy how much spam still comes through.
I tried to set this up beside my existing mailcow server. Mailcow runs smooth and has a web interface. And I am not on my way to ditch it just for jmap.
Idk, what’s happening earlier:
1.dovecot integrates jmap (I would stay with mailcow) 2. More clients support jmap (eventually switch to stalwart) 3. Stalwart get an webinterface (eventually switch to stalwart)
According to this message, a web interface is worked on: https://discord.com/channels/923615863037390889/923616187349356545/1141059612548796448
Yes, I know, but since it’s open source, I don’t ask for release dates. :-)
If I look carefully, will I find some performance comparisons between an EL9 host installed with either a postfix/dovecot/etc stack or this manatee?
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System IP Internet Protocol SMTP Simple Mail Transfer Protocol SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
6 acronyms in this thread; the most compressed thread commented on today has 4 acronyms.
[Thread #381 for this sub, first seen 28th Dec 2023, 07:55] [FAQ] [Full list] [Contact] [Source code]
New Lemmy Post: Elevating Performance and Flexibility | Stalwart Labs (https://lemmy.world/post/10034802)
Tagging: #SelfHosted(Replying in the OP of this thread (NOT THIS BOT!) will appear as a comment in the lemmy discussion.)
I am a FOSS bot. Check my README: https://github.com/db0/lemmy-tagginator/blob/main/README.md