TechOpsGuys.com Diggin' technology every day

August 9, 2011

How hard is it to run a mail server

Filed under: Random Thought — Tags: — Nate @ 11:23 pm

I read slashdot quite often, mostly for the comments, I post (as AC) maybe once every 3 years, but find the discussions interesting on occasion.

One such discussion was here, where someone was asking for advice as to how best to migrate off of gmail onto their own hosted platform. To me it seemed simple enough, but honestly I could not believe the negative response towards running your own mail server.

First off I’ll say I haven’t run a “corporate” mail server for almost a decade now, I have run several mail relays for companies for applications and stuff. I have been running my own mail server for my own personal (and some family) use for more than a decade, and I run another mail server that has maybe a dozen people on it, left overs from when I ran a small ISP in Washington.

So nothing major. I didn’t get the impression that the poster on slashdot was asking for anything major. But I was seeing people talk about massive headaches with blacklisting, anti spam, having to worry about disaster recovery, data replication, and the constant hand holding and patching of the system to keep it running.

I just didn’t get it. I mean sure it took some effort to set up the system I have which is pretty basic, it really requires minimal maintenance, I have never been blacklisted, really have minimal spam problems (very manageable anyways for me).

My setup is basic as I mentioned:

  • Postfix for SMTP – I setup quite a bit of anti spam stuff many, many years ago but really haven’t touched it much at all since.
  • SpamAssassin – for – duh – spam. I took some time to integrate this into incoming postfix email and it flags messages as **** SPAM ****  in the subject when something hits the spam filter, I have server side mail filters that move that to a dedicated folder. In all my years I have never noticed a false positive and have never had anyone complain that they can’t email me for a reason related to Spam Assassin flagging their email as Spam. My biggest potential issue with Spam Assasin is I probably get 150 spam (that get past the filters) for every real email I get (I don’t get a lot of email at home excluding mailing lists that I occasionally participate in). So I don’t have much “ham” to train SA with. I haven’t recently tried to determine how much spam is blocked at the various levels but last time I did (many years ago) it was quite a bit.
  • Anomy Sanitizer – this does quite a few things such as stripping HTML email, stripping bad attachments etc. I’m sure it goes overboard in a lot of cases, and most users probably wouldn’t like it, stripping HTML email probably causes the most usability issues for me as some emails don’t come in with plain text as well as HTML, so some times I  get email that says “Hey click on this link to unsubscribe (or do some other action – e.g. rate Netflix quality back when I used their stuff)” only to find Sanitizer stripped the html so there is no link to click on, and no url I can copy/paste to the browser. But IMO at least it’s a small price to pay
  • Cyrus IMAP 2.1 for IMAP – I started using Cyrus back in 2000 when I migrated a company off of UW IMAP onto Cyrus because it had some more advanced functionality vs Courier at the time (don’t remember what). I’ve stuck to it because it seems to work for me. I create different email addresses for pretty much every organization I deal with and have those go to dedicated IMAP folders (server side – not using filtering, postfix delivers directly to the mailbox), so most of the time I am unsubscribed to 85% of the IMAP “user accounts”, and only subscribe when I need to, email collects silently in the background in the meantime. User accounts is in quotes because I use a single account to access all of the other IMAP accounts (which can be problematic for some email clients because they make certain assumptions that don’t apply to me)
  • Squirrelmail for webmail – The UI is basic, hasn’t really changed much since – you guessed it – about 2000 when I first started using it, I have, on occasion looked for alternatives but have not found one (until this slashdot discussion that is) that looked interesting enough to try. One big feature I like about squirrelmail is the ability to have many, many “From” email addresses, and select them from a drop down box. I have upwards of 100 different email accounts(view from the outside world – from my view it’s a single account), I maybe need to send mail “From” from maybe 10-20. So when I compose an email I select which email address to send “From”. Squirrelmail is smart enough if I hit reply on an email someone sent, say to my linkedin@ address, the mail client will automatically select the right “From” email address to use without me having to think about it. Since Sanitizer strips out html from emails I don’t believe I have to worry about XSS bugs in Squirrelmail because it’s all stripped out (but I could be wrong I’m not sure). As a result I haven’t upgraded in eons..

The last time I did major changes to my system was probably 5-6 years ago, those were introducing Spam Assassin to the system, and the more painful process of upgrading from Cyrus 1.x to 2.x (it was an ugly upgrade process).

I don’t use anti virus, never needed it(I integrated anti virus with Sendmail at the one company that I did manage the corporate email servers for back in 2000-2002). A lot of my habits and practices were set up a long time ago and there may very well be better ways to go about things these days(one thing would be to investigate using spamd for anti spam instead of spawning a separate SA process for each message), but what I have works, it doesn’t cause issues, I just don’t understand what some of those people were complaining about when running their own personal mail server.

I also don’t do any sort of calendaring system – never really needed it for personal use.

Sure it requires some setup, and you need to be smart (forward & reverse DNS, you want clean IPs that aren’t blacklisted (easy ways to check that are out there). I saw one guy say the person should get a block of 30-40 IPs and put the mail server in the middle of the block! I mean are you kidding me?

Even back when I ran an ISP with maybe 50-60 users (yes it was a small ISP – back in late 90s mostly), we never had blacklisting or spam problems. Maybe we were lucky I don’t know.

I just couldn’t believe the experiences some of these people were posting. Sure I can understand having those kinds of issues if your running a big mail system for a lot of users, but the impression I got was the original poster was looking to run a setup sort of like mine – a small number of users – or maybe just themselves.

I’ve even gone through the process of migrating my mail system from:

  • Office with dedicated T1 lines to..
  • Home with DSL connection to ..
  • Temporary office with T1 lines while my DSL is moved to ..
  • Home with DSL connection to ..
  • Co-location to..
  • Terremark Cloud (where it runs now) and this weekend to..
  • Co-location

And all of the DNS changes and stuff associated with it, for the most part the migrations are pretty painless.

A couple of my users were wondering how I went about moving all of their data and stuff from Washington to Miami in a matter of minutes without them noticing anything, it takes some moderate planning but in the grand scheme of things it’s not that difficult from a technical perspective. Next weekend I’ll be migrating them again from Miami to California – their data resides on a different system from mine.

I just wanted to write about my experience – sure it does take some work – depending on how much functionality  you want  – to initially set  up the system. But in my experience once it is setup, the amount of work to maintain it is minimal.

I like the privacy and control I get with running my own stuff. I sure as hell don’t trust google with my data, they could pay me $100/mo for hosting my email with them and I wouldn’t do it. But for others it may be a good option.

I did use Gmail at the last company I worked at, their corp email was Gmail. I really didn’t like it – but what surprised me the most was how slow the search was. I was expecting anything I searched for would be returned in a fraction of a second but it took much longer (not forever but 10-20x longer than I was originally expecting). I never got used to how they organize their mail, with the tags and stuff. Even after using it for ~8 months I never warmed up to it, probably because there was mini demons in the back of my head screaming at me not to like it because I don’t trust Google, I’m sure that had something to do with it.

But for others maybe it’s the best way, or hotmail, or yahoo, or whatever.. I’ve been hosting my own email for so long I never really used anything else.

The most annoying problem I think I ever came across running my own mail system was not granting Spam Assassin enough memory – sometimes it would puke causing the email to get garbled – it would happen maybe once every 150,000 emails or something (which means maybe 2-3 times per year), I ignored it for a few years finally decided to look into it and found that SA was running out of memory so I gave it more(I think I went from something like granting it 32MB to 128MB), hasn’t happened since.

Do I have disaster recovery? No – don’t need it. If my server goes down for a few hours or a day or whatever, mail is likely queued at the other end (mail is often queued for up to what – 5 days before being dropped from the queue?). What happens if I lose an email? Really not the end of the world. I have had a few times when people say my system rejected their message – and sometimes it does, I wrote (again a long time ago) a lot of regular expression checks to try to detect spam, and sometimes it gets a false positive, so I fix it and move on, it’s rare though(again a few times a year at most). If the email is THAT CRITICAL then if they really can’t get through to me they’ll call. And if I don’t answer(or don’t return the call) and it’s THAT CRITICAL – they’ll call again later.

Of course my co-location/cloud stuff doesn’t run just email – it runs this blog, my basic web sites, DNS, and my new co-location serves as my off site backup with ~3.5TB of usable disk space on the system, I brought the system home last weekend and sync’d up 1.7TB of data to it.

Moral of the story is – if you really want to run your own mail system, don’t be afraid – it’s not THAT hard.

6 Comments

  1. Interesting summary.
    How often do you patch one of the mail-related tools?
    Whose DNS servers do you use?

    Comment by Daniel Bowers — August 10, 2011 @ 2:13 pm

  2. I patch them with the rest of the system – which runs Debian 5.0 at the moment – typically a couple times a month I’ll login and run the “aptitude update; aptitude -y safe-upgrade”, sometimes more often. I could enable auto updates but don’t feel comfortable doing that. In general I haven’t seen any security things of concern in these mail tools in several years, I don’t have a high profile system so am not as tempting of a target as some others. Well squirrelmail is different, that is not tied into the package system, it’s been a few years since that was upgraded. If the time stamps on the files are right it’s been the same version since 2007.

    As for DNS – I run my own there as well – BIND 9 on a pair of virtual machines (right now in Terremark, soon to be at my colo again). I have thought about in the past of using a 3rd party host to be my slave – so if the primary goes down I still have DNS resolution – but in my case it doesn’t make much difference because even if someone can resolve the name – if the hardware running the services are all down they won’t be able to use it anyways (I can’t remember the last time I had hard downtime due to hardware fault if it’s ever happened I don’t think it has – I have taken my services down on occasion for major OS upgrades — of which I have another one coming soon Debian 6.0).

    thanks for the comment!

    Comment by Nate — August 10, 2011 @ 2:34 pm

  3. it’s stupid easy. start with virtualmin free….it takes care of everything.

    Comment by William — August 10, 2011 @ 2:42 pm

  4. there’s another free way too. install centos 5 in base install…then install vmware’s zimbra free version. anti-spam, a/v, email, calendaring..aka outlook and exchange all in a standards compliant web interface for nothing. I’ve already set a few of those up too..not as stupid easy as virtualmin but much more functionality for the same price all in one package.

    Comment by William — August 12, 2011 @ 4:51 pm

  5. The thing is you make a point that you have 150 spam messages for every 1 good message. Thats okay? I ran a small hosting company 3 years ago. We no more then 500 email accounts to manage. I can’t remember the exact amount but if our users got more then 5 to 10 emails a day that were spam in their inbox not the spam folder, they would leave us. Blacklisting was never an issue for us but spam was all was a pain in the ass. We updated our spam blacklists every day and ran all sorts of tools to prevent spam. We did manage to block a large majority of the spam. Most users never saw a single spam email in their inbox. Still it took about a 6 months to get it all dialed in. We used Kerio mailserver as a replacement to exchange for the Microsoft customers and that was easier to dial in but we still received a lot of spam initially. We ran a cluster of mail servers and 1 kerio mail server. I personally wouldn’t recommend someone run their own email server for business or large amounts of email. If they wanted to for personal use, and want to play with a server, then its a great idea! I use Google Apps for business and gmail for personal email and I have 0 complaints. Not sure why everyone is so worried about trusting their data to Google. I have nothing to hide so my thoughts are why should I care what Google knows about me. Its not like I’m a celebrity or anything major. Just some random guy. But you see a reason why not to trust them, oh well.

    Comment by John — April 19, 2013 @ 1:37 pm

  6. Hey John! Yes I agree running a larger mail setup (500 users to me would be fairly hefty – from a corporate standpoint more than double the size of any company I have worked for). Things can be more complicated there. This blog post is so old I had to go try to refresh my memory on it.

    The point I think I was trying to make is if your running a small server – say less than 10 users, which sounds like what the article on slashdot that I was responding to was talking about. My own personal mail server is about 3 users, I have a 2nd mail server that has about a dozen(some of them former customers that the people in my former organization have not sent a bill to in about a decade — they don’t cause a problem so I just let them coast – I give no promises as to availability or anything in return).

    So I agree with your view — if you have a decent number of subscribers — outsourcing that whether to google or perhaps hosted exchange if your a corporate shop may make sense. The slashdot person was already in google and wanted to get out.

    thanks for the comment!

    Comment by Nate — April 19, 2013 @ 2:05 pm

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress