Like the title says, I’m new to self hosting world. 😀 while I was researching, I found out that many people dissuaded me to self host email server. Just too complicated and hard to manage. What other services that you think we should just go use the currently available providers in the market and why? 🙂thank you
E-mail
In my opinion, cloud storage for (zero knowledge) backup. Your backup strategy should include a diversity of physical locations. I had a house fire a few years ago. Luckily, my data drives survived, but if they hadn’t, my cloud backup would’ve been invaluable.
Passwords:
-> You want to have immediat access to them, even if your house burns downNotes:
-> You want to be able to read the documentation how to fix your selfhosted service, even when your selfhosted services are downPublic Reverse proxy:
-> A reverse proxy is only as safe as the applications behind. And NO, most selfhosted-applications are not hardened or had security audits
(reverse proxy with a forward authentication proxy is something different)A password manager because if anything goes wrong, you’ll be completely screwed.
What you SHOULD absolutely self host though is a password manager, so you can be in control of your most sensitive data.
Regarding email, I think everyone should absolutely self host it, but it’s less and less viable in this google/Microsoft duopoly world. But ideally everyone would self host it. The reason why people advise against it really comes down to lack of real competition, and the two tech giants dictating how we violate every RFC possible.
A password manager because if anything goes wrong, you’ll be completely screwed.
What you SHOULD absolutely self host though is a password manager, so you can be in control of your most sensitive data.
Wot?
Okay I understand that email hosting is bad for SENDING email , but what about only RECEIVING email , isn’t it a good idea to keep my stuff private ? I rarely send personal emails, and like to avoid my data being used for marketing purposes Is that bad to have smtp imap open on dynamic ip address ? Just asking your opinion
Self hosted doesn’t mean hosted on your home connection. Even with a static IP I would recommend against hosting your mail server at home because any outage means no mail (been there, done that). I have hosted my own imap/smtp server for decades and couldn’t be happier with it, but yes, the smtp part is tricky to evade blocks, especially from MSFT who would just block entire networks without a real reason (Linode for example)
Antispam is hell, just saying
Antispam is easy with a mix of greylisting and spamassassin
I’m doing exactly that, and it works like a charm. Get a DynDNS, backup mx and SMTP relay and you’re good, or get a domain provider like strato.de that already includes all three with the domain.
Spam is also manageable. I get maybe 1-2 per day that make it past the filter, and I do have to add some custom keyword filters from time to time, but that’s about it. Fetching updated filter lists and self-learning from past errors keeps the filter up to date and is completely automated.
I’d say backups. At least it shouldn’t be only local. I follow the rule of threes: two local copies and one off site with backblaze. Yeah, it ties up a not insignificant amount of disk space I could use for other things, but dammit, I’m not loosing my wedding photos, important system configurations, etc.
Don’t host your own email server.
Just trust me.
Meh, been doing it for 5 years now with minimal issues. Had one issue come up where my domain was flagged as malicious, but was solved in a few days and some emails to security vendors.
I think it’s important that those who can, and are educated enough to keep it running properly do host their own. Hosting your own email should be encouraged if capable because it helps reduce the monopoly, and keep a little bit of power for those who want to retain email privacy.
I agree with KN4MKB. I’ve been hosting my own mail server for decades. Not one issue. I use that in lieu of a mail service provider (Google immediately comes to mind), as their EULA service agreement will tell you that - since you’re using their service, on their servers - anything goes. Read the fine print on Gmail, and you’ll see. 😉
I did for years quite successfully. Ultimately blocklists did me in however - I don’t have the knowledge to resolve those timely and it became a headache I couldn’t tolerate at that time.
They are not hard to setup, easy to keep running (once going they pretty much just work). If you follow the right steps you can avoid being undeliverable and keep people from abusing your sending server (as a relay).
Why?
I did it anyway some time ago and I’m really happy with it. I’m using my own email addresses for absolutely anything by now.
People saying email, look into using external SMTP servers as relays. Your domain most likely comes with at least one email account with SMTP access. You can use that as a relay to send personal/business emails from your server using the provider’s reputable IP addresses.
Primary backups
Some generic purpose LLM probably.
I’m running Ollama, the LLAMA2 port for Mac. I hosted an LLM for a site that generated the next line of story, no issues.
There’s no reason to hide from running an LLM at home if you can, people should, the source is out there for a reason.
I’m not telling people to avoid running a LLM at home. I’m just saying that it wouldn’t be a generic purpose one close to what ChatGPT provides. The reason I would guess is primarily a lack of computational power.
Personally I don’t think it’s worth hosting recursive dns resolvers. Most of the options with ad blocking are single points of failure and when it breaks the household acceptance factor is just too low.
Just…set up two RPIs with Pihole instead of one? Chances are your router can have a fallback DNS. Sure, you have to update the rules in both places, but honestly it’s not a big deal, and you now have redudancy.
I’m running 2 powerdns recursors and authoritative servers, and 2 piholes (long story why so many), and none of them have failed on me so far, and when I took one of them offline, I didn’t notice anything because the other took over. And if anything REALLY fails, I’ll just switch my router back to using cloudflare or Google or quad9 temporarily, and at least Internet access will be restored so people can at least browse the internet.
Pihole also has an API and a home Assistant integration, so you can create an AdBlock toggle switch for others, in case it blocks something and they need immediate access. Not ideal, but it’s a doable workaround.
This is really something that’s super easy to self host, and mitigate if something goes wrong. Especially since that commercial router is already a single point of failure for most households.
Chances are your router can have a fallback DNS.
Chances are it can’t. You can probably set multiple DNS servers (anywhere, not just routers) but they aren’t a primary/secondary sort of deal. Most traffic might be weighted towards the first one in a list but you will find traffic still hits the others.
Internet-accessible authoritative DNS nameserver(s) (unless you have a completely static public IP).
Any public facing service that other (services) depend on should not be running on a public IP (especially ones that translate addresses, and ones you have to manually update).
You could run an authoritative NS “hidden” where only your secondary NS can reach out to for zone transfers. You could also escape having a public IP if you configure rsync or scripts to update secodary host files on every IP change.
Password manager. While some may cache on your client devices, by and large if your server goes down, no passwords.
Vaultwarden with SyncThing is a robust combo from what I hear. Everything is local.
Not necesarily. If you self host SyncThing and use it to synchronise your password database across devices (for example KeePassXC’s .kdbx file) only the synchronisation goes down with your server.
Same with Bit/vaultwarden, all clients grab a copy of the vault from the server when they sync so if the server is offline all clients still “just work”.
Vaultwarden is perfect for that then, it does cache locally.
Mail server, too many troubles related to domaine name blocking/ban, good for internal network/VPN use but not for anything serious
Email. I always recommend AWS SES. Use it at as an SMTP relay and any internal services gets restricted access through IAM.