I run my own mail infrastructure. To say the least I wouldn't recommend it even to my worst enemies. It's horrible.
Actually it's fine until it's not. Then your email doesn't work and you could be missing out on important communications. And then you're scrambling to figure out how the spammers managed to exploit your setup this time. And you have to learn a tonne of crap in order to manage it... and the text files! Configuration... configuration everywhere. Obscure configuration. Configuration that has real consequences and causes spooky action at a distance. Configuration that will soon be exploited in strange ways.
I was so frustrated the last time my mail server went down that I started writing an SMTP protocol handler in Haskell with the intent of writing a MTA with the goal of minimizing configuration and being secure and resistant to attacks by default. So that hopefully more people can run their own infrastructure without prematurely aging. I dunno how useful it will be to others but at least it will keep my gray hairs at bay, I hope, when it's ready for use.
Until then though we need more guides like this for us poor souls who do go down this route. There are way too many out-dated guides awash in the sea of information.
"And then you're scrambling to figure out how the spammers managed to exploit your setup this time."
...
" ... writing a MTA with the goal of minimizing configuration and being secure and resistant to attacks by default. "
As a 20+ year UNIX sysadmin and fellow owner of my own email infrastructure for 18 of those, I am surprised to read this and am not even sure what you are talking about.
Can you explain what you mean by attacks and exploits from spammers ?
Other than accidentally running as a relay or actually having a remote exploit in your server(s), what are the attacks that you have in mind ?
"Configuration that will soon be exploited in strange ways."
Again, am genuinely interested in an explanation ... other than running as a relay, and maybe handling backscatter (but that's not really config, it's just a blacklist) what are you referring to ?
I'm in the same boat - been running my own mail since the 90s. I could understand complaints about lots of weird hoops to jump through to get mail from your server accepted elsewhere - that has become harder over time[1] - but there's a very short list of things that need to be done to avoid being hijacked.
Mail server setup for the uninitiated does look a little daunting, especially if you're more accustomed to "all-in-one"-ish software. If you want to do this, I recommend starting with making sure you have a clear mental model of mail server architecture, especially where it touches other things (DNS, DKIM, spam filters, local delivery, probably IMAP, maybe LDAP, maybe databases, etc.) Without a clear idea of the dataflow and reasons for different decision-points, you're going to have a very bad time troubleshooting things.
[1] SBCGlobal.net has been rejecting me for over a decade despite there being zero spam ever having been emitted by my domain. Eh, my userbase communicates with exactly one SBC user; ATT can bite me.
I've been running my mail server for 6 years now. Mail to Microsoft's servers (live.com, etc.) keeps ending up in the spam folder, even though spf, dkim and dmarc are set up and my IP has been clean for the entire period. The bright side is that I only notice this in the rare case of "mail to all contacts", since noone is on outlook.com these days.
Yes, live.com is a problem for us too. It seems they silently blacklist ip addresses and make it very difficult to get off that blacklist. There's a thread here about it with some of us trying to figure out how to solve this problem:
But other than that, running my own mail server hasn't been much of an issue. Set up sendmail, use public blacklists for spam control, and it pretty much runs without any intervention.
Outlook.com/Microsoft blacklists entire subnets because there are spammers in the same IP range. It's ridiculously lazy practice. They should just block IP addresses that are actually sending SPAM. It's not like that's a problem technically. You can fit all IPv4 addresses into a 512MB database.
I'm thinking of solving it by blacklisting outlook.com domain, so that senders at least know that I can't respond to them. I can put a message in the error response, that will be reliably relayed to the sender by the sending system.
Google's slightly better. Recently I did an experiment and created a few gmail accounts and sent some riduculously spammy messages full of typical keywords in between those gmail accounts, and they were all successfully delivered. Always.
Then I sent e-mail from new gmail account to my email server and simply responded and it went to spam. It's ridiculous that such a simple heuristic like someone responding to a message gmail user sends doesn't get the message through spam filters, even though the system can clearly determine taht the message is legit based on many variables (References field referencing message-id of the original message (noone else than the recipient should know this), reply being from a correct source (DKIM/SPF), message having normal looking business content, etc.).
There's way too heavy a weight on sending server IP range reputation.
With gmail you can at least request that they unblock you, and they will do that. With live.com and icloud.com you have to spend inordinate amounts of time bouncing between useless support people before you get anywhere. gmail in general seems to have the best spam filter (lowest false positives and negatives).
I had a problem with ipv6 myself with gmail, but the problem was that I just didn't have ipv6 fully set up on my server, so either SPF or reverse DNS wasn't working or something like that. I think I just configured sendmail to only use ipv4 and that solved the gmail issue.
My issue was that I wasn't very familiar with ipv6, and my ISP (OVH) apparently gave my server a range of about 256 ipv6 addresses, and I didn't really know how to properly set up reverse DNS and SPF. After spending a day or two getting nowhere, I just decided to turn off ipv6 completely for the server.
To be fair I've been running my infrastructure for years and it's usually fine.
The problem I have is that it's a pain in the ass to setup correctly and when things do go wrong it's really hard to figure out what's going on.
> Can you explain what you mean by attacks and exploits from spammers?
I haven't encountered a remote exploit (yet) but yes: accidentally running an open relay, backscattering, etc. You also have to worry about the system security of the box you're running it all on but let's treat that as a separate concern.
I'd been running my setup for years and as recently as August of last year I was dealing with an outage of my email server. I must've missed something somewhere because someone had figured it out and started using my server as a relay. It took me a few days to figure it out and I'm still not sure what the problem was or how I fixed it. Though my server stopped bouncing emails and started forwarding things again so... win?
As I was fixing this issue, not the first time, it occurred to me that it was just criminally easy to not know if your system is being exploited as a relay or not. There are a bunch of different configuration files in all different formats and guides that require working through dozens of steps. It's way too easy to get something wrong.
For someone like me who works at deploying software running on hundreds of nodes it seems manageable but I don't think it's ready for my cousin who's good with computers.
That's where the idea for a secure-by-default MTA that couldn't possibly be configured to be an open relay came from. Minimize the configuration so it was hard to get wrong even at the expense of flexibility.
I dunno, maybe it's not a great idea. But it's fun to hack on in the evenings when I've got nothing better to do and hopefully I'll have a fewer text files to manage in the future.
> That's where the idea for a secure-by-default MTA that couldn't possibly be configured to be an open relay came from.
You're close to describing the motivation behind Postfix. Between the design and the documentation, Postfix is hard to screw up, from a security perspective. And it is really easy to configure, at least in contrast to What Came Before - believe me, if you think this is complex, buy a crusty sysadmin a beer sometime and mention 'sendmail.cf'.
The problem here is that almost all mail servers need to selectively relay, and I don't see how the server is going to guess appropriate policy. For instance, trusted IP ranges (mynetworks, in Postfix). I suppose you could demand authentication unconditionally but that tends to break down when not all of your senders are made of meat[1]. Maybe that's acceptable to you, but it won't be for many.
In my other comment in this thread, I recommended gaining an clear understanding the architecture if you're going to do this. That includes things like knowing what (for postfix) mynetworks does - you can get mad at software for not intuiting local policy preferences, but I've never found that to get me very far.
[1] Getting better, but I still depend on a fair bit of software and hardware that doesn't speak SMTP auth.
I've run my own mail server since probably 1998 or so. I have had a few problems here and there, but nothing major. The worst is when the power goes out, but smtp has a wonderful resend feature when the destination server isn't responding.
I know my emails aren't being farmed from the NSA (at least from my side). I know Google isn't scanning all my emails to sell me garbage. I know it won't be shut down because of some errant algorithm. I have a really short email address. I can setup family and friends easily. I can send newsletters without having to deal with someone else's policies (on my side anyway). I love it.
Backup MX is usually not necessary, especially for home setups. Anything RFC-compliant will retry sending its email to you for days after being rejected.
It's also generally not a wise idea unless you also have your anti-spam/anti-virus setup running on it as well, since things like graylisting can only be done BEFORE the MTA accepts the message.
Spammers WILL know how to search your mx records for things like mailbagging servers and try to exploit them to bypass your security, just don't do it - the sending party will retry.
You can chain SMTP like this: SMTP (backup) -> SMTP (spam filter) -> MTA.
Checking white-lists can take a while and some SMTP servers will give up if they're stuck for over a second, sometimes less (eg when your server checks the spam-lists). Some SMTP servers or DNS server (cought Google caugh) will not try secondary though, so if you can afford it - have just one powerful front server with good uptime and network, or load balance / proxy to internal farm.
My backup MX is set up exactly that way, with an almost identical configuration to my main MX, to avoid this problem. Fortunately the config hasn't changed in over five years.
Running since 1998, haven't been on any blocklists so far.
In the age of password leaks it is really common that email accounts are easy targets and get hijacked – most users are probably still using the same password for their email as they used for LinkedIn in 2012. So it might happen from time to time that an otherwise normal account suddenly sends 20 000 emails to hotmail.com unless you have somehow predicted that and configured the mail server to not allow it.
Oh yes it is, we have around 200k users and fighting with old leaked passwords is like a full time job. Very easy to abuse as well, the attackers can make low frequency requests from scattered IPs and thus are almost impoasible to prevent
You added a predicate not present in the statement you replied to, "where mailprovider like LinkedIn_dump.mailprovider". Anecdotally, in authorized enterprise password audits I am frequently forced to remind people who were part of that breach that they need to change all instances of their compromised password, not just the one for the email they used in the breach. Maltego is a thing.
Also, with regard to your claim to have data about which passwords work. You should be aware that accessing someone's account with their username:password without permission (even a breached password) is likely illegal in the United States under the CFAA.
Identity aware proxy. User has to auth over http, then mail client can connect to IAP and ultimately to mail. And or two factor. Giving the user 10% easier usage gives the sysadmins 200% harder job. Take away the 10%.
Most users that reuse passwords statistically did not rotate their passwords across all websites because most users that reuse passwords statistically do not rotate their passwords.
We aren't talking about the overall Linkedin userbase, just that specific subset that reuses passwords for secure services.
I run an E-mail server with over 250,000 users. I started by following some generic "dovecot+postfix+mysql" tutorial on howtoforge and I'm still using mostly the same setup over 4 years later.
>Then your email doesn't work and you could be missing out on important communications
Pretty much every E-mail server will retry sending your E-mail for a long time (like 2 days is default on postfix). Once your mail server comes back up all of your E-mail you missed during the downtime will come in slowly as messages are retried
>you're scrambling to figure out how the spammers managed to exploit your setup this time
Any tutorial should point you in the right direction restricting open relay on your mail server, just basically requiring authentication to send E-mail outside of your server.
>I started writing an SMTP protocol handler in Haskell
Do you have any link to your progress? Postfix's configuration definitely shows age, but all of the options do important things that you could actually want to change. It seems other MTAs either have just as complicated configuration (to do the same things), or have stunted functionality.
>being secure and resistant to attacks by default
I agree about sensible and more secure defaults in configuration. But the application security of postfix and dovecot are both pretty robust[0][1]. Considering they are 19 and 15 years old, both applications have seen several developer-lifetimes of effort.
>we need more guides like this for us poor souls who do go down this route
I agree, though mediocre howtoforge tutorials seem to have worked fine for this poor soul.
Would you be able to share some stats, like how much disk space these accounts take up and such?
For larger scale e-mail sending I built my own MTA (https://github.com/zone-eu/zone-mta), our main instance sends about 750k emails a day (mostly normal ISP traffic, maybe 25% marketing emails) and its most valuable feature is juggling with IP addresses and blacklist detection, so if some mailbox gets hacked, starts sending out spam and the IP ends up in Spamhaus et al then this IP is removed from the list for other users automatically. Has saved us a ton of time.
Sure, the mail storage currently takes up 1.01TB, using dovecot's mdbox. This mail store started in January 2016, after the service got raided twice by german authorities[0] (at request of u.s. gov), otherwise it would be larger.
I'm not going to run like per-user stats but I know historically there's been about 11kb per E-mail on average, so that's about 90 million mails stored. The MTA itself sends and receives a bit over 20 million E-mails annually, so the extra from that is probably from the mailing list I run on the same server (where each message only counts as 1 for statistical purposes)
How I prevent outgoing abuse is a black box, but I do it well enough that mail from my server almost never ends up in spam. But given that it's a free service I definitely don't have the budget to warm up and dynamically scatter mail across IP space to maximize deliverability. Cool technique, though!
Oh, btw, the easiest way to test ZoneMTA would probably be to install the WildDuck mail server to some empty VPS. The install script, amongst other things, installs and configures ZoneMTA https://github.com/nodemailer/wildduck/tree/master/setup
I ran my own mail server (a few VMs in the cloud) for about five years. It's fun as you have control over accounts, aliases, forwarding, sieve tricks as well as backups. It's good to know that your broker and doctor's mail is delivered directly to your server and not Google.
It sucks ass when your mail does not get through as GMail/Hotmail rejects a connection from the IP address your cloud company allocated for you, in spite of DKIM etc. Or they decide to mark your mail is "suspicious" and it goes into the recipient's Spam folder. Fighting these huge hosting companies is impossible as they don't want to talk to you.
Also constant tweaking Spamassassin is not fun. My setup worked well for for the first four years but then started letting more crafty junk through... So, I had to compromise by moving the mail to Fastmail.
> It sucks ass when your mail does not get through as GMail/Hotmail rejects a connection from the IP address your cloud company allocated for you, in spite of DKIM etc.
God, yes. Gmail, in particular, really enjoyed just dropping connections from my IPv6 addresses every few months. Sometimes it would return an error, something obtuse and wrong like maybe, "your forward and reverse DNS records do not match" even though they absolutely did and hadn't changed in years.
Outlook/Hotmail was far better and would always return a sane, yet sometimes inscrutable, error that bore some resemblance to reality. It still took them a week to get me off the hit list that I got dropped on for no discernible reason.
> Or they decide to mark your mail is "suspicious" and it goes into the recipient's Spam folder.
Gmail was the ABSOLUTE FUCKING WORST about this. My spouse's e-mail to Etsy customers who used Gmail--not spam, not newsletters, person-to-person e-mails INITIATED BY THE CUSTOMER--would work for the first couple of e-mails in a thread and then start going into spam. Or, even more fun, friends with whom either of us had e-mailed would send us a mail and then we'd reply and nope, into spam.
Gmail would do this for WEEKS and no amount of poking or begging or pleading would make it stop. And then it spontaneously would. So maybe the begging did work but was just delayed. I dunno. I tried signing up for Gmail's "Postmaster Tools" but no data was ever reported because "your mail volume is too low."
The ultimate ignominy? The final humiliation that sent me to Fastmail? I finally, through a couple of professional contacts, got to actually e-mail (via Gmail, of course, because they were blocking my personal domain again) with a real, live Gmail SMTP admin to ask why my latest round of e-mails were going into the bit bucket. Know what he said, even though my domain has been hosted on a server in the same colo facility with the same IP addresses for a decade? Something along the lines of "your domain reputation is coming back as too new."
> no data was ever reported because "your mail volume is too low."
That is fucking shameful indeed. Domains with tiny volume need postmaster tools the most…
But it seems like having a little conversation from your domain with a gmail address helps. Just send a mail to your google account, click not spam, reply, do a couple more back and forth replies.
Yes, dude, I feel you. I was there. I got the same shit. A few more examples of their wonderful software:
- GMail sometimes accepted mail from IPv4 but not IPv6.
- I rebuilt the VM running postfix, got a new IP address
and then mail was blocked due to "IP address is known
as dynamic end-user"
Worst of all, the mail does not always bounce... and when it does, this is no one to email and ask. What are mail admins supposed to do?
We chatted about it for a little more but he wasn't able to figure it out either, so I gave up and moved the three active users I had over to FastMail that evening. A handful of semi-used mailboxes are still on the other setup that I still keep trying to make work but not nearly with the same force and gusto as I used before.
Actually one fun way of doing it is to run your own email setup using one of the big ESPs as a "proxy". You can do it for both inbound and outbound.
You can have a domain registered with Gmail or Rackspace Mail or whatever, and use the SMTP credentials they give you for outbound, while keeping MX records point to your own SMTP for inbound. Or you can let them process the inbound as well (fighting spam for you) and you just forward everything (or sweep via IMAP) and put it into your own Dovecot.
This way you control what's important to you (email storage/backups/etc) but outsource delivery and spam filtering.
But then they can already read everything you send and receive. At that point it's better to just use IMAP if you want to have all the e-mails local and backupped...
> It's good to know that your broker and doctor's mail is delivered directly to your server and not Google.
That's only if your broker and doctor are not using Gmail or G Suite, otherwise your email (with them) is likely to be read by Alphabet regardless of your server setup.
My experience was quite the opposite (granted I'm an ops guy these days anyhow). I've been self-hosting mail for ages with a postfix + dovecot + cyrus + spamassassin + opendkim + dkimproxy + lets encrypt stack. Everything just works, although I'm going to move it into a jail sooner than later so I can rebuild it more easily.
The biggest pain is no longer having a static IP or reverse DNS (thanks Sonic!). Having reverse DNS setup and an IP address that doesn't map to a pool of dynamic IPs are the big things that will keep you off of spam lists.
Coming from sendmail I think postfix and dovecot have been a breath of fresh air. The defaults generally just work. Getting inbound (so spamassassin can check) and outbound dkim to work were the trickiest part. Aside from regular OS updates it's largely hands off.
> So you call it easy to configure together 7 different systems just to get a working mail server?
Yes, with the qualification that I brain farted on cyrus (not using that for mail) and you can just as easily skip the two dkim packages (which were a bit tedious to figure out).
Postfix works out of the box. Diffing the stock main.cf with mine the differences are: new additions that never made it into my main.cf, a few lines to enforce stronger TLS ciphers (optional), a manual blacklist (optional), virtual domain stuff (also optional), milter lines for dkim and spf (optional), a line to deliver to procmail instead of directly to a mailbox (optional), and a line to enable mail relay access to authenticated users (also optional). You could install postfix and have a good experience out of the box.
Dovecot: a line to enable verbose process names (optional), a stanza to enable the SASL backend (optional), a line to specify which keys to use for TLS (mandatory), a few lines to up per-user limits (optional). Setting up SSL is going to be the hardest part, and even that shouldn't be too bad.
Procmail: A couple lines to pipe everything to spamassassin and deliver to a mailbox or a spam folder. This may be considered tricky by some but procmail is ancient and, in my experience, examples abound.
Spamassassin: No changes. In fact I think I've ripped out most of my custom config except for some whitelist stuff.
Four packages and you'll have a working SMTP and IMAP server. No, I don't think that's difficult. Wrangling an OpenLDAP install, sure that's difficult. This? No. Scaling it out to hundreds or thousands of users is trickier, but not something the typical home user would need to bother with.
For everything above there's actually quite good documentation. What's difficult is figuring out which packages to install in the first place and deviating from the stock configurations for the little extras you may want, but even then the big challenge is in taking the time to read the documentation and figuring out which features you want. Maintenance is trivial, although I probably should update my postfix config to get it in line with the current config syntax.
Not Cyrus IMAP, but their SASL library. Actually, I just looked. Cyrus-sasl was pulled in as a dependency for mutt. I'm using Dovecot for postfix's SASL backend these days. This allows relaying mail for authenticated users only.
Dovecot uses PAM for authentication, and so any user with an account can log in and access their own mailbox and send mail out. The biggest downside is that because I'm deviating from the default FreeBSD configuration for postfix I'm on my own in terms of updates.
I should also clarify the above statement about moving it all into a jail -- I mean a jail managed by (in this case) ansible. Yes, if you just slap something together it will be brittle no matter what stack you choose. Ansible + Jenkins + Jails make it much easier to manage changes.
Edit: Oh yeah, and I've thrown procmail in there for good measure.
No. Let's Encrypt was a fairly new addition. Previously I was using self-signed certs that I'd install manually in the client.
But I've been self-hosting mail services for over a decade at this point. It's seen a variety of permutations including some with Sendmail, some with postgres backed lookup tables for virtual hosting, and so-on.
I recently moved off of Gmail and now run my own personal/family E-mail server, and I have to say so far it has been pretty pain free. I probably just haven't been doing it for long enough to run into trouble yet. Bog standard Debian install, Exim4 + dovecot + SpamAssassin. TLS, SPF, DKIM, and other acronyms all set up and working. The initial setup was a few days config file tweaking (why don't these things come working and secured out of the box?), but since then no issues--knock on wood. My only complaint is the spam filtering so far is not as good as Gmail's was, but I probably just need to better configure things. Bookmarking this guide for later!
Postfix has a very clear separation of concerns and least privledge in the use of lots of helper daemons. Exim4 doesn't not have this architecture and is less secure because of it.
Heh, I have had the exact opposite experience. My mail setup has been stable and reliable for years. (I'm a little bit afraid to report this because one possible explanation is that I simply have not been on any serious hacker's radar screen.) I'm not doing anything fancy: just postfix+dovecot, gray listing using a custom milter I wrote in Python, and Spam Sieve running client-side on my Mac.
I also am using opensmtpd, and have been for years. Even setting up starttls encryption and a DKIM proxy were simple. I have never had an issue with accidentally setting it up as an open relay or anything else that would place me on a blacklist.
Absolutely horrible – I tried to setup Postfix for my friends to hide Gmail behind their organization's domain.
Configurations were incredibly unfriendly and tedious. Despite all anti-spam measures, Microsoft was blocking their IP according to some private spam blacklists. Then they couldn't send emails to some ancient government server in Guatemala because of encoding incompatibilities.
I ended up moving them to the free MailGun plan. It took me 2 hours instead of 2 days.
I have to say, I've been running my own mail server without a single problem for years. OK, the way I do it is a stretch of the definition of "running my own web server" but I have full control.
What do I do?
Get a nice VPS from a company like GoDaddy. Setup whatever domains you need. Setup as many email accounts as needed. And off you go. No problem. I don't even have to think about email.
I thought about rolling my own on one of our Linode servers but every time I compare the no-brainer of doing the above to what it would take to run this ourselves on Linodes I can't justify the pain and aggravation.
What I don't like about the Gmail approach (other than it is Gmail and I do not trust Google to not shut down all of our accounts for some stupid reason) is the cost. I can spend a few bucks a month on a VPS and have a hundred email addresses. The same on Gmail would cost significantly more and you would be under their irrational thumb.
A few years ago I looked into running Zimbra on Linode. Back then it was so resource hungry it just didn't make any sense. I wonder if it has gotten any better over time? I really like the concept.
My use case is different, as I'm a Windows guy, but this is what I've got:
1. Custom MTA that handles incoming SMTP.
2. SpamAssassin that is called by the above MTA which flags email as spam/not-spam.
3. Custom MTA forwards not-spam to the users inbox.
4. Custom MTA forwards SPAM to postmaster (this bit needs significant re-working)
5. Main Mailserver is Microsoft Exchange run On-Premises.
6. All Mail clients are Outlook 2016, or Android Phones.
The reason I had to write my own MTA was so that I could leverage a 3rd party anti-spam solution, as Exchange doesn't come with one, and add-ons for Exchange are quite expensive.
Running your own mailserver is a complete nightmare. If I knew it would end up this complex 20+ years on, I'd have never done it in the first place.
Your custom MTA is impressive, but if you want to reduce the amount of custom code you need to maintain (and don't mind one third party service in the mix), you could use something like SpamHero. It's reasonably effective and fairly cheap. Postini was even better, before Google bought them and bastardized the product.
See, for me running my own mailserver removes one of the biggest weaknesses with third party mail servers: the helpdesk. How many mail exploits are simple social engineering attacks against the service provider? Probably more than half.
Of course I still have to worry about attacks at my domain provider level, but at least it removes one weak point. I'm waiting for the day that someone pretended to be me calls me to get me to reset my mail account password.
There's no reason it _has_ to be like this. I feel like it became common wisdom that you just shouldn't run a mail server too early and the cool kids all gave up working on mail servers. The author is right though about how terrifying it is that we've ceded running email to an advertising company
All the things that make running your own server hard are software problems, the protocol itself lends itself very well to running your own. We just need someone to build the [Caddy](https://caddyserver.com/) of mail servers. You have the right idea with your Haskell server, though I think in this day a Go project might be more successful.
The "Caddy of mail servers" should be a plugin to Caddy, since server types are pluggable. Caddy's HTTP, DNS, and TCP+UDP servers are all just plugins.
I typically don't recommend someone running their own mail server, but if they do, I wish there'd be a good one they can use, and that one would definitely be a Caddy plugin.
I'm entertaining the idea of running my own SMTP server for Spamnesty (https://spa.mnesty.com/) so I can at least cut down on some of the Mailgun invoice items. Would you still not recommend this if I were just sending mail to spammers?
Same experience here. Previously I maintained a Merak/IceWarp mail server. The "idea" was great, they provided a nice interface for a small organization (15ish people). But, it became an uphill battle very quickly.
I've been running postfix+dovecot for years on a virtual server and have never not once had to do anything to administer it once I got it up and running.
Edit: it's been so long that i forgot it was in fact postfix.
I wonder if cryptocurrencies could be used as an anti-spam prevention measure. In order to send you an email, maybe I have to send you 2 cents worth of cryptocurrency.
Everything old is new again, the bitcoin proof of work mining began life as a way to require people sending email to burn a second or two of cpu time see: http://www.hashcash.org/
Postfix, dovecot, fail2ban, spamassassin. I don't have a secondary; I just keep up to date image snapshots and regularly backup the disks. It's only for my personal communications so I try to keep things as simple as I can.
I run my own mail server, for several years now. A Mac Mini on Mac OS Server on a static IP address. It's been great, literally zero maintenance, but it completely hides everything about the underlying architecture.
Actually it's fine until it's not. Then your email doesn't work and you could be missing out on important communications. And then you're scrambling to figure out how the spammers managed to exploit your setup this time. And you have to learn a tonne of crap in order to manage it... and the text files! Configuration... configuration everywhere. Obscure configuration. Configuration that has real consequences and causes spooky action at a distance. Configuration that will soon be exploited in strange ways.
I was so frustrated the last time my mail server went down that I started writing an SMTP protocol handler in Haskell with the intent of writing a MTA with the goal of minimizing configuration and being secure and resistant to attacks by default. So that hopefully more people can run their own infrastructure without prematurely aging. I dunno how useful it will be to others but at least it will keep my gray hairs at bay, I hope, when it's ready for use.
Until then though we need more guides like this for us poor souls who do go down this route. There are way too many out-dated guides awash in the sea of information.