view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Fortunately I started this endeavor back before Microsoft even knew what a mail server was, so I've been at it awhile. Some changes have been reactionary to attacks, other changes have been simply keeping up with practices where I could. I do what I can though.
Yeah someone else mentioned whitelisting but with connections like your cell phone picking up IPs all over the place, while simultaneously being the source of other attacks, it's just not as feasible for this. Of course I do have blocklists against spam sources and such, plus a dedicated firewall in front of everything, but I somehow missed blocking the easy targets against compromised accounts.
As for my friend... yeah it wasn't even happening from his laptop, it was just the fact that he had logged in to his account and the virus recorded his password. After that first moment of rage (assuming he fell for a phishing attack), I scrambled his password, flushed all the emails from the queue, and then started cleaning things up. So far it looks like I was only temporarily blacklisted, and those cleared up about an hour after I shut down the spam. Now I'm just keeping a close eye on things to make sure nobody else comes through on that account.
Oof yeah. You’re well into admin territory here.
I mean I’m just some layman on the internet, but I would look at tying in some authentication layer to get your 2FA, although it would inconvenience your users users.
Do your users use this service for srs business?
I don’t know if I have anything else to add to this discussion. It’s gotten more complex than what “just an email server” can provide imo
No worries and thanks for the comments. I'll figure out something, I always do, I just thought it would be nice to see what route others have taken with their own servers. I'm really annoyed but it seems like more people are just turning their email over to big corporations. Hell the place I work turned their email over to Microsoft and we've had nothing but non-stop spam, phishing attacks, outages, and the constant push of "oh if you're not going to use a Microsoft product (on my linux machine) then we're won't even talk to you" in the years since then, and literally everybody in my department complains about it.
Yeah for sure. Sorry I don't have a good answer
Just wanna share that my experience does not mirror this. I pay them $6/ user per month (which is just me, for me personally, to be fair), which gets me that hosted exchange server 365 thing. I only rarely, if ever, need to use the other office products, and I do so in my browser. In the 2ish years so far I've had no complaints. I don't require any of the features that are locked behind full-installation variants of their products - and besides that I've had no problem with spam email especially.
Im not sure I would recommend that you tell your friends to authenticate with your own Active directory instance necessarily, but ultimately at the end of the day if you're dealing with
users
you'll need some kind of authentication layer (imo)Been hosting my email about as long, thinking about turning it in, or at least only making smtp exposed.
The address argument is a cop out, Wireguard works fine always on now, even in your home wlan if you're fine with hairpin nat. Ios and android handle it well.
I block China and Russia, tempted to add a few others but those are easy outs (haven't been to China in years, will figure it out if I am).