does anyone have a good suggestion for running a mail server on my nixos box?
Self hosting email is a difficult business.
The main issue is that you must have a static IP and that IP needs to have a good mail reputation or you will be blacklisted in a few days.
Said so, Today there are pretty good selfhostable email stacks like stalwart
My solution, which has been running for over two decades, is bare metal with postfix, dovecot, opendkim, opendmarl, spamassassin and a few more poeces which are all absolutely mandatory. Plus a nice webmail and a few more optional pieces.
But on gentoo, not on nix
yeah, i checked some of the blacklists and my IP (static) seems to be ok. i’ll check out the other services/app/executablees you mentioned, thanks!
The risk is that the IP will get banned AFTER you start sending out mail from it because it has zero reputation… IT happened to me too and it took months, if not years, to get it definitely cleared. And if you neighbour with a similar IP get infected and start spamming, it’s all over again. This is the main issue with residential IPs, it’s a very real issue.
To get around it, rent a VPS with a non residential IP and front the mail server there, with tunnels (wireguard+nft) back to your home mail server, so at least the public facing IP is good or has less risks or being blacklisted.
The one thing I’ll never recommend anyone selfhost is email. It’s just plain not worth it.
You can do literally everything right and still get cucked by spam filters because you’re not a recognized email provider.
Two things I never want to work with and will just pay someone else to deal with whenever possible:
- Printers
And that’s about it, almost everything else I’m fine doing myself.
lmao bro I can’t upvote this shit enough.
It’s not Nix-specific, but I use Mailcow-dockerized and it is completely hassle-free, been using it for 4 or 5 years now without a bobble (though I’ve run my own mailserver for 30 years).
I would agree that a static IP is necessary, but I don’t have one and I get by, even without a PTR record. That’s probably due to a fairly small ISP with not many spammers having found it.
Make sure you set up your DKIM and DMARC right from the start and pay heed to the reports. But I’ve never had to fight to get off a blacklist, even with new domains I’ve added to it.
I run Postfix, Dovecot and rspamd on my server. The configuration is here: https://git.dblsaiko.net/systems/tree/configurations/polaris
There’s also the Simple NixOS Mailserver project which is an abstraction on top of these and has a few more things. I’ve never used it myself though.
Of course, you also have to set up all the standard email setup like DKIM, DMARC, SPF and so on here.
thanks, very helpful! i’ve done DKIM and DMARC before. thanks!
thanks! ive seen this before but lost the link, thanks!
