What’s up, what’s down and what are you not sure about?

Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.

  • danA
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    2 days ago

    I self-host my email using Mailcow, and use a VPS for it. I don’t trust my home server to be reliable enough, and the VPS providers have nicer equipment (modern AMD EPYC CPUs, enterprise SSDs, datacenter-grade 10Gbps or 40Gbps connections, etc). I use a separate VPS just for my emails - it’s the one thing I want to ensure is secure, so I didn’t want any other random software (that could potentially have security issues) running on it…

    I also use an outbound SMTP relay to avoid having to deal with IP reputation. Very easy to configure this in Mailcow. SMTP2Go has a free plan for sending <1000 emails per month.

    • tburkhol@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 days ago

      It kind of amazes me that, in this day and age, email has turned out to be the lynchpin of security. Email as a 2FA endpoint. Email password reset systems. If email is compromised, everything else falls. They used to tell us not to put anything in email that you wouldn’t put on a postcard…how did this happen?

      • danA
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 days ago

        That and email protocols are outdated and aren’t too secure. For example:

        • Neither SMTP nor IMAP have no way to use two factor authentication.
        • Spam blocking is so hard because SMTP was not designed with it in mind.
        • SMTP has no way to do end-to-end encryption which is why you need to layer things like GPG on top.

        IMAP has a modern replacement in JMAP, but it’s not widespread. SMTP is practically impossible to replace since it’s how email servers communicate with each other.

        The “solution” has been for companies to make their own proprietary protocols and apps, for example the Gmail and Outlook apps combined with a Gmail or Microsoft 365 account respectively.