Comment on Email ownership, I give up.
zr0@lemmy.dbzer0.com 1 day agoOne wrong config entry, and you have an open relay and a domain that can never be used for SMTP again, yay.
Actually managing an email server properly is demanding, as it is one of the most attacked services. Of course, you can also take the easy route and just pray.
Sorry man, i understand your fears, but it’s not that difficult. Granted, you need to STUDY and UNDERSTAND what you do, it’s not just deploy a container and run. But hey, you can give up on learning new stuff and don’t run risks ever, in that case you should also stop driving a car, since it’s much more dangerous than running an open relay by error.
Also, use mailcow stalwart or any other already packaged solution if you want to be safe.
zr0@lemmy.dbzer0.com 1 day ago
I used mailcow, got an open relay immediately. Stalwart seems to do things a bit better.
I host so many services and it is not that I don’t want to learn new stuff. The effort is simply too high for a single service. And since there are very good providers which fully encrypt your data, I went this route to keep my mind off this part of my system.
I fully understand your point, but the mailcow as open relay seems strange. Anyway, it’s a risk/cost tradeoff right? Everybody should do it’s own assessment and experimentation. But after the initial setup, it’s zero maintenance. The only maintenance i do is keep the stack regularly updated, and it broke twice in 20+ years (dovecot new config format, WTF…)
zr0@lemmy.dbzer0.com 1 day ago
I had long discussions with some mailcow contributors and it turns out, that some default settings can lead to an open relay if you are not careful. The biggest problem is that they use postfix. Postfix is not bad itself, as it is probably the most battle tested mail server. The configuration of postfix is a different story. And even if I prefer battle tested GNU/BSD software, postfix would be one of the rare exceptions where I would be careful.
I had a postfix running for years without issues, when I self-hosted SimpleLogin, and I fully agree with you. Once it runs, you only need to make sure that the security is managed.