Chris ShireI have recently transitioned my email away from Google & Microsoft. I had been using a hotmail address since possibly the last time a member of the Bush family was President of the Unites States of America. With my new movements towards privacy I felt this could not go on!
Why not self-host email?
I had considered it a few times. However, it seems fairly intimidating at this point. Email really is a technology from another age. It is no longer simply a case of setting up a server and away you go. It seems like email is a constant battle with spam, intrusion attempts and mitigating the risk of being blacklisted by the major email providers. It all seems a bit much, and it’s about as far from set and forget as it appears you can get with self-hosting. I did also consider just running an SMTP server for outward notifications from my server. These get sent fairly regularly due to log files from backups, logwatch reports and disk errors.
I did mess about with postfix trying to get this to work, but I was ultimately unsuccessful. In reality, I really don’t want the hassle of self hosting mail of any kind. If my server were to suffer a security breach I would not want my ip address associated with a mass of spam email.
At about the time I was thinking about a send-only server, I realised that a different service might solve my issues anyway…
Secure Email
People are used to getting email for free. Indeed, the idea of paying for email would have been ridiculous even when I registered my first email account back in the 1990s. I remember fishing for invites to GMail when it was in Beta and offering 1gb of storage for free. This seemed immense at the time! However, it dawns on me now that the reason that companies offered a free email service back then are the same reasons that companies offer free online services now; they are simply not free! Storing your email on Google’s servers effectively allows them to scan your messages. What do companies like Google do with this data? Are they selling this data on? Are they using this to garner more information about me to add to the advertising profile they already have about me? The answer to these questions is largely irrelevant, I simply don’t want a company to be able to access my messages. This is especially he case if they are not necessarily encrypted and they are a high-profile target. Just ask Yahoo, where over 500 million accounts were reportedly compromised several years ago.
Enter Encrypted mail.
The benefits
The two market leaders is this sphere seem to be ProtonMail, based in Switzerland, and Tutanota based in Germany. Both services offer a free service, although in the case of ProtonMail, if you want access via programmes like Thunderbird you need to install a Bridge application. This is (currently) only accessible with a paid account. You also get a few other benefits with paid accounts with both. As far as a I can work out, Tutanota does not offer any kind of IMAP service integration with external software like MacOS Mail or Thunderbird by design. They offer their own applications for platforms and suggest this enables them to ensure that mail always remains encrypted, rather than being decrypted and downloaded by storage on a users machine with IMAP.
The two are fairly similar, although Tutanota is a little cheaper. I have opted to set myself up with ProtonMail (and paid for a year), whereas my girlfriend has opted for Tutanota. This is not a review of either service, but suffice to say once mail forwarding was set up from our old email addresses was done the services have both been fine to use. Each has its idiosyncrasies, but it seems a small price to pay knowing that we are off the grid with regards to the major providers.
Server notifications
As mentioned, I really rely on having my server send notifications on events like backups being run. However, I do not want to use Google’s SMTP server anymore - Just sending the log files in this way effectively gives Google a list of every file on my machine with it’s location! Given that I already now pay for ProtonMail, I got to thinking about how I might use their servers for outgoing mail. The issue is also the upside of using ProtonMail: the encryption. ProtonMail allows the use of its Bridge software, but the development of this seems a little stunted on Linux and a bit of a pain to run headless. Additionally, the Bridge only listens on a local interface. This would be an issue for me as I wanted to set up a separate container to act as a relay for other VMs and Containers on my network to send mail to.
The answer was an open source project called Hydroxide. This is a third-party solution designed to run headless. It also has the ability to listen on different interfaces so as to act as a mail relay.
As in the Github documentation, once the Go programming language and hydroxide is installed and authenticated with;
$ ./hydroxide auth <username>
it is as simply as running;
$ ./hydroxide smtp
to have an smtp server up and running.
However, this defaults to localhost and port 1025. Changing the port is not necessary, but to have hydroxide act as a relay for mail from the rest of the network it needs to listen on an external interface. The -smtp-host flag can be used here. Ideally you would have VLANs set up on your network, from which you can set which address range you want hydroxide to accept mail from. Alternatively you can opt to listen for connections from any machine. This is potentially a security risk, although you still have to connect to hydroxide with a username and password for it to send any mail out.
To do this run;
$ ./hydroxide -smtp-host <ip address of your machine> smtp
The downsides
This is not a perfect solution, and hydroxide comes with a couple of downsides. Firstly, if you are running hydroxide as a mail relay as I am, the messages sent to it are not encrypted. This is because TLS is not currently supported. In theory this means that anyone who has access to your network can potentially sniff the messages being sent to the forwarder.
Additionally Hydroxide does not seem to be able to handle attachments being sent. An issue has been raised with the author on Github, but I am unsure whether this will be addressed. This was the biggest hurdle for me as I have my server send log files as separate attachments. However, I have rewritten some of my scripts to append the logs to the body of the email being sent out and it seems to have solved the problem.
Conclusions
I felt like the difficulties of self-hosting email might be an impossible hurdle with regards to moving away from the big technology companies and their intrusive services. While I could be accused of just swapping out one service for another, the promise of encrypted email providers like ProtonMail and Tutanota is that they cannot physically decrypt your messages themselves. Effectively your password becomes your encryption key. This means that if you lose your password, you lose access to your messages and there is nothing that the company can do about it. Personally I feel the tradeoffs are worth it and I am happy with the performance of software like Hydroxide allowing me to extend the features of the service I pay for.