It has been over a year since I stopped running my own email server for me and a few friends. I had been doing so for over two decades!
Why run your own?
Email was and remains a ubiquitous communications mechanism, both for people and automation. When I started running my own server there were very few providers, and they had very low limits. There would be restrictions on attachment sizes and formats, and developer emails would often be rejected as spam. There was little in the way of configurability of incoming email.
Running my own email server let me remove all the restrictions. I accepted emails up to a gigabyte in size because sometimes that was necessary in the days before Dropbox. I was able to have whatever processing rules I wanted, and had full insight into all of the details that were going on.
What do you need?
You need to have an entire system with several configurations and components all working together.
- Static firewall
- You can filter out countries, internet service providers, cloud providers etc that aren't worth even accepting connections from
- Dynamic firewall
- A second layer of filtering based on observed undesirable behaviour. For example IP addresses sending you spam can be filtered for a time period.
- Spam control (generic)
- Various techniques are used to stop spam no matter which user it is going to. For example greylisting is very effective, dcc and rbl tell you if other systems have seen the same message. I also filtered all messages through a virus scanner.
- Spam control (user specific)
- Spamassassin has many rules with weighting added together to come up with a per message score. It includes how similar the email is to previous emails you received, which you have classified as good or spam, plus many other rules.
- Filtering rules
- You want to make messages matching various criteria be placed in folders, forwarded, rejected etc using per user scriptable rules.
- IMAP server
- To actually read the email using email clients or the programs builtin to various desktop and mobile devices you need one of these.
- Webmail
- And sometimes you want to use a browser, so you need something that presents a web front end.
- Mail transfer
- This component receives incoming email, and sends outgoing.
- Other
- You need to ensure there are backups, have authentication, logging, monitoring, DNS records, SSL/TLS certificates etc. Some of the components can use or even require database servers.
Over time there have been open source software projects that address these needs, including more integrated ones that address many at once. There are a nice variety each in different sweet spots.
Exit review
It is a positive experience having to construct a working system. You are exposed to several components that have to work together, read lots of documentation, create configuration, and deal with upgrades and improvements. Seeing how others have addressed that makes you better at them too. I had a working system all those decades that served us very well.
The reality though is you are really running a spam detection and rejection system. There was a new attempt every 3 seconds never ending. Each one results in your system logging what happened and why, and you are acutely aware that overall you are putting more effort into controlling each spam message than the senders put into the message.
I've since switched to Fastmail (obligatory affiliate link). They have done all the work listed above, but I can still see what is happening as though it was my system. For example they too use Spamassassin. What is noticeable is just how many and how large the headers are on each message, almost all generated in the service of detecting spam. It is nice that it is someone else's duty to maintain now.