| I have reviewed and read on this topic for a long time. It is extremely unrealistic to operate your own self-hosted emails. There are all kinds of problems with this direction. One is that it is very difficult to even find an app to do this. Then you have to set it up, which is very difficult. You have to always be updating your self-hosting, as it is a very much a security nightmare. Then you have to worry about blacklisting. Companies like Google or Yahoo might blacklist your self-hosted mail server for various reasons, like you are not up do date or listed with trusted email provider associations, and a whole bunch of other things - so basically, you cannot send or receive emails from the most popular email systems, so good luck with that. And then you have to somehow try to get unblocked from them, and welcome to that nightmare, right? It could take weeks and you won't be getting emails. Nobody should self-host unless they are crazy expert at it, and who even has the time to do that?' . . Here is what some people write about self-hosting: . The key to reliable delivery from your server is to go through a relay like Mailgun. You can accept email directly, that's not blocked, but sending out needs to go through a relay. So your stack will look something like dovecot, postifx, and spamassassin, maybe raindrop for the UI." So right - need dovecot, postifx, spamassasin and raindrop. What a nosebleed to learn all that. . Sender reputation and RBLs. Summary: Large providers spend a lot of effort fighting spam, and that includes tracking where email comes from and blacklisting untrusted sources. They use a combination of publicly available blacklists (the RBLs) and also their own secret algorithmic sauce and assign you (where "you" == your MTA's IP address and also your domain) a reputation score. If your score is too low, your email gets rejected and your recipients will never see it. There is often a complex process to try to get your email un-blacklisted—it means arguing with individual RBL maintainers, or begging Microsoft to please let your email through. Sender reputation is also affected by whether or not you're implementing a whole suite of other technologies in addition to SMTP—most importantly SPF and DKIM, and probably DMARC at this point as well. tl;dr - if you're writing your own smtp implementation, you almost certainly won't be able to email anyone at a major email provider. . The base protocol is simple, but the flexibility of configuration expected by real-world users is quite challenging and the scar tissue of dealing with broken or semi-broken clients and servers (e.g Microsoft Outlook) builds up over time. Virtual domains, rewriting rules, forwarding rules, see Postfix's wide variety of configuration options, lookup tables (and table backends) for just a small taste of the complexity. . A good starting point is being able to receive mail. Running an SMTP server that listens to the internet but only relays mail for your specific domain is fairly easy, and should work out of the box. That means, if you own example.com, and set up the correct MX record, and listen on port 25, people can send you emails immediately. Actually, even without an MX record, if you just have a standard A record, that is enough. In a pinch, I've done it. Perhaps it has gotten harder in the last few years. Tools like Docker and Ansible are great for setting things up quickly and reliably, but if you really want to understand, there are plenty of tutorials on setting up an MTA on Linux, or FreeBSD. And, if you want a simple "dropbox", there are modules for php and nodejs that will run a simple SMTP server that you can hook into. It can be useful for embedded devices. A long time ago I worked on an interactive installation where anyone was able to interact with by simple sending an email. The server portion was about 10 lines, after including the server module: https://www.npmjs.com/package/simplesmtp It was deep behind a firewall too, but I just used ssh with the -R option to a VPS on a public IP address pointed to by our domain name. . nstall postfix and configure main.cf and master.cf to use mandatory tls required. Set tlsa record and dane. Spf, dkim and test the server. And use firewall that bloks shitty country asn's. Also configure dovecot and set dnssec to domain. There is a online mail testers. It will work like a charm. . . So my take is: what a horrible nosebleed all of this is. Unless you are already an expert in it. But if not, who has the time to monkey around with this stuff? I have a degree in Computer Science, but I have better things to do with my life. Especially since there are so many other better options. |