Hacker News

xyzzy_plugh said 9 days ago:

I've had a lot of discussions with technical-minded peers about how the only real options for email on your own domain are fastmail or gsuite, which work out to about the same amount of money for a family of 5+, which is a surprisingly large amount (imo worth it).

This looks like something worth combining with alps[0] for easy self-hosted email. I might give it a go and ditch gsuite!

[0] https://git.sr.ht/~migadu/alps

RcrdBrt said 8 days ago:

I've been using a docker mail server[0] pre-configured for years without issues. I switched from DigitalOcean to Vultr and finally landed on Hetzner. Always had no issues delivering or receiving messages from/to the big guys. I'm also addicted to watchtower[1] to keep it automatically updated without hassle.

[0] https://github.com/tomav/docker-mailserver [1] https://github.com/containrrr/watchtower

Kwpolska said 8 days ago:

I moved from DigitalOcean to Hetzner, and Gmail started marking all my emails as spam, most likely due to bad IP reputation. I moved to Zoho Mail [0] (at €10.80/user/month), which doesn’t have problems like these, and requires less work to manage.

[0]: https://www.zoho.com/mail/

bierjunge said 7 days ago:

That's weird. I'm running a mail server at Hetzner for years now and never got a mail rejected. Maybe you just got bad luck with the IP, which could be flagged at Spamhaus, etc.

illuminated said 8 days ago:

With mailcow [0] it's pretty simple to setup your own email server in about half an hour with all the security included and having your email not being treated on reception as spam. It also ships with a webmail interface (SOGo [1]), rspamd UI and an admin interface for your server.

I used to be a Kolab [2] user and "promoter" for many years but the project seems stalled a bit recently and although it is still being worked on and developed, it is lacking documentation for the latest releases.

I have moved to mailcow recently and am amazed at how easy it is to setup and maintain as opposed to Kolab.

The thing I miss from Kolab in mailcow is the integrated LDAP storage and custom built UI (if anyone knows a good and reliable LDAP administration UI as a web app, please let me know!), which I got used to using for user authentication in other services. Luckily, there are some efforts in LDAP integration into mailcow [3], although, still not mature yet and not that tightly integrated.

[0] https://mailcow.email/ [1] https://sogo.nu/ [2] https://kolab.org/ [3] https://github.com/Programmierus/ldap-mailcow

1MachineElf said 8 days ago:

The recent addition of FIDO to mailcow seems pretty exciting! https://mailcow.email/2020/11/16/welcome-fido2-web-authentic...

beagle3 said 8 days ago:

There are a lot of smaller providers (but not fly-by-night, like dreamhost and 34sp which both have >20 years record) which will give you a domain with up to e.g. 100 emails for $5-$10/month, which is significantly cheaper than gsuite or fastmail.

Another good alternative is migadu (who sponsored the webmail you linked above, and IIRC are already using it). They do charge about $20/year for a micro plan that lets you have any number of addresses and domains , with some throughput limits, and $90/year for a full plan without those limits. Something similar to the micro plan was free until recently - personally, I'm on the $90 plan with a few domains and emails, which would have cost about 10 times on much on gsuite and fastmail.

jacob019 said 8 days ago:

I've been running a couple postfix mail servers on aws for about a decade for my ecommerce company, transactional messages only. It needs to be properly configured, which is non-trivial. Over the years it has been necessary to request IP unblocks from a few providers. Delivering mail to microsoft domains (hotmail, outlook, msn, live) has been problematic, so those messages only are now being delivered though SES. Incoming messages are forwarded to free gmail accounts. I spend 20 minutes a week blocking spam, we get very little now. We use about 15 rbl lists, but I also manually block client domains, sender domains, and do some header checks. Email is important to me and I enjoy doing it this way. It's super cheap, I can use several domains, and I have full control of the mail process.

foxcpp said 8 days ago:

alps was created by the same person who started maddy, by the way.

It is not me. Just wanted to give a little tribute to the amazing person who put a lot of work into email libraries for Go: https://github.com/emersion/

orware said 8 days ago:

Not sure if Maddy covers this use case specifically (I didn't see it covered in the documentation, but I figure it actually is possible).

I'm hoping to use a Golang-based application as a simple SMTP Relay, which also allows for ranges of IP addresses to be whitelisted to connect openly to it from within our campus network.

Basically, the scenario is as follows: a number of internal services are older and may not support the authenticated route so we can use Sendgrid directly and send emails securely, so instead we currently have them routed to an internal Windows server which is running an older piece of IIS functionality (it's an SMTP Server in Windows that can be turned on). That piece is configured to be open (so it can receive messages on Port 25) but is also limited to a set of IP address ranges that internal servers are using (so that it's not generally usable by just anyone inside our network) and is configured to send those received messages out using Sendgrid.

I found the following Goland project just a few months back that seemed promising: https://github.com/wiggin77/mailrelay

And I'll probably need to follow up with the developer again (or try and make the contribution back to the project on my own), but the main issue it had was that the IP range whitelisting wasn't available (and even whitelisting by specific IP addresses seemed problematic, so in my testing I had to keep it completely open for it to work as expected).

If Maddy can fulfill the need instead though I can give it a shot ;-).

foxcpp said 8 days ago:

There is no IP whitelisting feature in maddy. I believe it is possible to do it using whatever off-the-shelf firewall you have on your system. Could you elaborate on the reasons it is not a viable way for you?

e12e said 8 days ago:

If whitelisting is "application level" it's easier to diagnose with an "application (protocol) level" error.

That is rather than a timeout or connection refused, an smtp 550 or 530 error with exlenation (access/relay denied; client ip not in whitelist)?

pas said 8 days ago:

Haraka covers this. Though it's a NodeJS SMTP server.

lifty said 8 days ago:

Fantastic job to both of you! Really appreciate the high quality work you folks have been doing on maddy and the email libraries. Are you guys running migadu as well? I might just switch if you are related.

foxcpp said 8 days ago:

No, we are not running migadu. But you probably can give it a try anyway, they look pretty good.

mtlynch said 9 days ago:

Most people don't realize, but you can actually send email from a custom domain with a free Gmail account.[0] You have to go through a 5-minute process for each sender address, but I used it fine for ~10 years.

I recently switched to Fastmail, and one of the features I like about them is that they support wildcard sender aliases, so if I sign up for a service with someservice@mydomain.com, when I hit reply to any emails to that address, it automatically sends from someservice@mydomain.com even though I've never specifically registered that identity with Fastmail.

[0] https://thedigitalnonprofit.com/use-gmail-own-domain-free/

xyzzy_plugh said 9 days ago:

This is not the same thing. I agree with the link, in that it is most definitely a hack. This only works because your domain registrar is handling email for you to begin with, which is undesirable for many reasons.

Also, while aliases in gmail work generally, I find they leak the main gmail account address, which makes them significantly less desirable.

aarchi said 9 days ago:

Why do you say that it's undesirable for your registrar to handle mail? I've considered using Gandi's mail with my domains.

t0astbread said 8 days ago:

It depends on your threat model how undesirable it is but essentially you're adding a permanent MITM to your email.

OJFord said 8 days ago:

Not GP but that's a coupling I don't want - I want to be able to change registrar without worrying about email.

Kwpolska said 8 days ago:

There’s also Zoho Mail: https://www.zoho.com/mail/ — starting at €10.80/user/year.

mxuribe said 8 days ago:

I've been testing zoho mail for the last few months (in order to find a decent alternative to g suite, and not-so-expensive as fastmail)...and so far, zoho has been performing quite well. I certainly can not complain about the price; as i'm able to use their "lite" plan at $12 per user oer year.

krimpenrik said 7 days ago:

Considered proton?

mxuribe said 7 days ago:

As in protonmail? No, i have not considered them, as my understanding was that i could not use conventional mail clients (e.g. thunderbird, k9 mail, etc.). If i'm wrong, please let me know.

vbezhenar said 9 days ago:

I recently set up simple standard setup (postfix/dovecot/spamassassin) and it works fine. There's small amount of spam, like few mails per week, nothing to worry about. I can receive and send mail just fine.

Though I admit that for someone who did not tinker with UNIX for years, configuring this kind of setup might be daunting.

Personal mail could be solved by some kind of daemon which provides SMTP, IMAP, built-in spam detection, DNS checks, some simple administration web interface and works with 0 configuration for typical use-cases. Maddy could be this project, so I would be happy to replace all those daemons with a single binary. I hope that they'll implement spam detection, as rspamd is a separate daemon which requires redis, so in the end it's still a complex setup with lots of moving parts.

djsumdog said 8 days ago:

I've been running my own mail servers for ~15 years and yes you can run your own, but the biggest issue I've run into is other servers blocking me as spam:


I still prefer to host my own though.

superhawk610 said 8 days ago:

I've tried to self-host email for my domain a couple times over the past few years, and I always end up falling back to a paid host for this reason; I rarely use email these days, but when I do (or usually when I'm expecting an email from a recruiter or other business-related sender) I need some sense of confidence that it will go through correctly. The lack of ability to confidently send via self-hosted setup definitely feels intentional, which sucks.

Great article btw!

krageon said 7 days ago:

A lot of this is due to newness and perhaps bad IP reputation. You can fix the reputation by requesting your removal from blocklists. The newness should be fixed after a few years - have you run it on the same IPs for those 15 years? In my experience after a year or so the problems go away (admittedly this is on a much larger scale than personal email).

foxcpp said 8 days ago:

My current position is that spam filtering is a whole another problem space so I am not trying to address it now while Maddy is a "single man show".

P.S. As far as I am aware, redis is optional for rspamd. I certainly run it for @hexanet.dev email without having redis installed.

spc476 said 8 days ago:

Look into doing greylisting. I do that for my own setup, and I've found it easily cuts down on the spam by at least 50% and that's without even looking at the email.

andrewshadura said 8 days ago:

I’ve used greylisting for the last five years or so. I stopped doing so completely and moved to Fastmail. Greylisting delays, while unnoticeable with the contacts I frequently communicate with, were very annoying with new and one-off contacts, especially all sorts of confirmation emails from bank etc, which would often expire before greylisting allowed them in. Sometimes, emails were sent through cloud mailing systems, so coming from a different host each time they’d hit greylisting again and again and again.

andris9 said 8 days ago:

Rspamd falls back to sqlite if you do not have Redis configured

fgonzag said 9 days ago:

I pay $20/yr for unlimited accounts, 50GB of storage with mxroute. I've been quite happy with it. $30/yr for domain + email is worth it considering how important your address is for absolutely everything on the web

brightball said 9 days ago:

Why not Mail-In-A-Box?


gwbrooks said 9 days ago:

I love MIAB, but their insistence that the mail server is also the primary DNS server for any hosted domains is beyond irritating.

nulld3v said 8 days ago:

I don't think "insist" is the right word here. They certainly push for it but they also make using your own DNS really easy.

You can just head over to the "External DNS" page where MIAB will tell you what DNS entries you need and what each entry does. Then you just copy the DNS entries you need.

gwbrooks said 8 days ago:

You're right; I was being too broad in my critique.

Intellectually, I don't like domain DNS on the same box; practically speaking? It works and works well -- so well that it's often easier to disable per-domain DNS where my sites are hosted and just point A records over to the sites from MAIB.

fahrradflucht said 8 days ago:

It's interesting that you mentioned alps but don't consider migadu an option. Mind elaborating why?

eljimmy said 9 days ago:

I’ve been running my own mail server for years. It’s definitely a PITA to setup, but it’s not _that_ difficult.

getpost said 9 days ago:

Dreamhost offers email hosting for any number of addresses “free” (at no extra cost) in all plans except the starter plan, $4.95/mo.


berns said 8 days ago:

They also have email hosting for $ 2 per account per month. Do you know what's the difference? What's the advantage if you can have unlimited e-mail accounts with web hosting?

getpost said 7 days ago:

The advantage is you can have "unlimited" email accounts and "unlimited" domains for $5/mo. One domain registration is even included.

berns said 6 days ago:

Well, the question was why would anyone buy the e-mail offering...

getpost said 3 days ago:

EDIT: Oh, yes, I see, I am not sure why anyone would do this. Maybe someone who had an address or two they want to keep at the lowest possible cost. I'm not sure how email is managed for such accounts, but it's possible Dreamhost will take care of the setup, so maybe you don't have to interact with the web control panel, which might be intimidating for some users. Could also be a legacy arrangement for an older product offering.

Original reply:

Buying domain hosting gives you "unlimited" email addresses, so domain hosting is cheaper as soon as you need 3 or more addresses.

3 addresses x $2 = $6/mo for email vs $4.95/mo for any number of addresses. I have a friend who is married with 4 children. He pays $4.95/mo for 6 addresses. You don't have to actually host an http domain to get email hosting that comes with domain hosting.

"unlimited" in quotes because obviously there are some limits and service terms. You can't start a competitor to gmail with a $4.95/mo hosting account.

Youden said 8 days ago:

In what regards are Fastmail and Gsuite the only "real" options for email on your own domain?

There are tons of other options. Mailbox.org, Migadu, Protonmail, Tutanota and Mailfence for example.

cassianoleal said 8 days ago:

I've been using Posteo.de for a couple years now.

Great service, E2E for everything, including contacts and calendar, and it's quite cheap (I think I pay €12/year).

_frkl said 8 days ago:

You can't use your own domain though, AFAIK. Which means you won't be able to switch providers, which may or may not be a problem.

forest_dweller said 8 days ago:

I host my own mail. It runs on a VPS and ti took me an evening to figure it out. Deliverability is fine as well.

Fire-Dragon-DoL said 8 days ago:


This seems good, however for 5+ it becomes expensive too.

Is this service related to what you linked?

deathtrader666 said 8 days ago:

Doesn't Outlook support custom domains?

mcovalt said 9 days ago:

Replace phone number with encoded IPv6. Run mail server on your phone. Would solve a lot of issues.

petre said 8 days ago:

Not really. The phone is roaming into other networks with different prefixes.

krimpenrik said 7 days ago:

I use proton with my own domain.

optimalsolver said 9 days ago:

When I last looked into setting up my own email server, I read that your messages ending up in the spam folder was almost inevitable if the receiver is using a major host (Gmail, iCloud etc.)

Is that still an issue?

thaumaturgy said 9 days ago:

It's hit and miss. I've been running hosted mail services for years, both for myself and for a handful of other people and businesses.

SPF and DKIM are pretty much required now, as are TLS/SSL. From there, it turns into a dice roll. Gmail is terrible about this; they have a totally opaque and very frustrating engine that sometimes filters messages into a junk folder and sometimes doesn't. Outlook.com uses a somewhat more traditional internal RBL, but they are happy to block network segments and they don't offer any way to query their blacklist or request removal from it, so you could do everything right but a neighboring VPS or IP will get you blacklisted anyway. Comcast will simply accept delivery of messages and then disappear them depending on an arrangement of the stars that I haven't quite figured out yet. And those old sbcglobal/Yahoo services users... just, uggghh.

A popular solution is to rely on a third-party service to handle your outbounds. Sendgrid specifically is really bad, they carry way too much junk traffic, so don't go with them if you decide to try this out.

I have a post banging around in my head that's titled "Email is fractally broken", and getting outbound non-spam messages to reliably land in other people's inboxes would be a significant part of that writeup.

fastball said 8 days ago:

Anecdotally I have to disagree about Sendgrid. Have had no issues with them so far.

thaumaturgy said 8 days ago:

I happen to be running a test with them this week to see what deliverability looks like on their end. So far only 79% of their messages have been accepted for delivery by remote service providers. These are non-spam, non-transactional, typical business correspondence messages.

In their activity feed right now, SendGrid traffic is being blocked by comcast, GoDaddy, iCloud, and a cornucopia of smaller services.

Here's one of SendGrid's outbound IPs, listed on multiple RBLs used by other services: https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a167....

On the receiving end, I've had to deal with waves of spam from SendGrid for years, and it's especially difficult because they carry a mix of spam and legitimate traffic, so blocking them causes complaints and not blocking them also causes complaints.

edoceo said 8 days ago:

Please post it when you do

zertrin said 9 days ago:

I have been self hosting my emails for many years on cheap dedicated servers (previously kimsufi by OVH and now Hetzner).

Never had any issues with sending mail. But I've been careful with the initial setup and have all the expected requirements covered : no open relay, SPF, DKIM, reverse ip, TLS,...

Been using the tutorial at workaround.org as basis for building the stack (postfix, dovecot, rspamd,...) and, while the initial learning curve was high, once its been set up, its been a really very stable setup requiring practically no maintenance whatsoever.

Not saying that's for everyone, just saying it works for me.

I guess I was lucky at the dice roll mentioned by other comments.

Ah yeah, and testing your outgoing emails using a service like mail-tester.com is very very useful. I aimed for and reached a perfect score 10/10.

7kay said 9 days ago:

I run my own mail server and have never experienced such issues. The important thing is that your mail server is not an open relay and you set up DKIM and SPF. Oh, and never run a mail server with an ip originating in a residential area, you'll get blacklisted almost instantly by virtually any mail provider.

yokem55 said 9 days ago:

It isn't even necessarily 'residential' IP's. It's IP's that don't have a valid reverse dns, preferably one that is also forward resolvable. Most ISP's won't let you set your reverse DNS on 'residential' connections, so it ends up being a blocker. Now you could set up a vpn tunnel to a vps provider that lets you set your reverse dns, and then things get a bit easier.

So prereqs - 1) Valid reverse DNS on your sending IP. Preferably with a hostname that is also forward resolvable. 2) SPF Records 3) DKIM

7kay said 9 days ago:

You're right, that's the basic ingredient #1 I forgot to mention. Functional rDNS is essential. You don't want to have your mail server running at home anyhow. A friend of mine had a janky setup at home until I convinced him it's a bad idea.

krageon said 7 days ago:

> You don't want to have your mail server running at home anyhow

I do in fact want this. It may not be possible, but I definitely want it to be.

piaste said 8 days ago:

Anecdotally, I have a valid reverse DNS on my home ISP-provided static IP, and when I tried setting up a mail server I got blacklisted on the spot.

(I eventually went with a Tutanota account, fwiw)

jeffbee said 9 days ago:

These anecdotes are heartwarming but in the end useless as advice. If your mail is getting through it only means that there are no spammers on your network, i.e. you are lucky. Having an abusive mailer on your network (IP subnet, ASN, or even sharing your registrar) could happen at any time, with unknown impact to your IP reputation and deliverability of your mail.

codegladiator said 9 days ago:

I feel there is a lot of fear mongering around deliverability of emails all over the Internet which is helping the big companies to centralise a thing like email.

I have had my own email server sending emails which were not marked as spam. also I have had cases where email from Gmail addresses/ips would be actually spam.

I urge everyone to start using their own mail servers so the ecosystem around self hosting emails becomes super smooth.

why do receivers still rely on ip addresses when we have dkim and spf?

jeffbee said 8 days ago:

If it wasn't an effective feature for classifying spam, then people wouldn't use it. But, in reality, it's incredibly effective because the only people who want to use residential IPs and rent-a-server IPs for running mailers are criminals and a much smaller population of dorks.

codegladiator said 8 days ago:

I agree lists are definitely effective but its a cat and mouse game sort of with a lot of overhead. We can still use ip lists for accepting/rejecting mail but that should be the lowest priority check with very less weight.

Lists are like the DRM kind of tech, where the genuine user has the real headaches (pay a service to filter my mail, cant self host etc) while the spams are still flowing through.

petre said 8 days ago:

T-mobile also requires that you match your forward and reverse DNS and run a webserver with a posting address on the domain in order to whitelist your mail server.

LeonM said 8 days ago:

Yes and no. It certainly is possible to get good deliverability, but you gotta play by the rules (which is: all the RFCs). But when you do, there are also a lot of poorly configured email servers out there that don't comply to the RFCs at all, so email services need some tolerance to processing email from badly configured sources. It is almost always a compromise.

It is easy to get an email server running initially, but hard to get all the auxiliaries (SPF, DKIM, DMARC, MTA-STS, TLSRPT, BIMI, etc) set up correctly. It's even harder to debug deliverability issues, since there is 0 feedback on why your email is not being delivered. To a point where it inspired me to build an email hardening monitoring/validation service [0].

At the risk of being downvoted by people who are frustrated by email deliverability (and it is frustrating, I know): when you have email deliverability issues, it is almost always because you did something wrong on your end. Remember that false positives in spam detection hurts the $EVIL_BIG_CORP receiver as much as it does to you as a sender.

[0] https://www.mailhardener.com

mrobot said 8 days ago:

Thanks for the tool, i just used it to increase my grade.

ViViDboarder said 9 days ago:

As others have said, it depends. I’m running mine on Scaleway and it’s been working great for years now.

However, when I set up my first email server most emails were delivered just fine, however emails to a Microsoft domain (hotmail, outlook, etc) all were marked as Spam.

Then I switched to a new IP and since then everything has been great.

barryp said 9 days ago:

I’ve been able to send to gmail and iCloud ok, but outlook/office365/hotmail has been a no-go, even after going though their self-service system to open up your IP address.

sneak said 9 days ago:

It mostly depends on where you host.

Mayzie said 9 days ago:

Another email server like this one that I have used extensively is WildDuck[1] It's written in NodeJS, and is excellent and remarkably simple.

[1] https://github.com/nodemailer/wildduck

gclawes said 9 days ago:

Kinda disappointing there's no JMAP support. I understand why, though.

faitswulff said 9 days ago:

The relevant issue: https://github.com/foxcpp/maddy/issues/19

> Status update: JMAP is a big complex protocol that is not used by any popular clients and has no server libraries available for Go. IMAP is a big complex but also widespread protocol that is well-known, supported by any email client and has server library available for Go. Some of IMAP disadvantages come from incomplete client implementations, not protocol flaws, as JMAP developers want to convince you. I do not expect wide JMAP adoption in next several years, therefore the decision was made to prioritize improving IMAP implementation.

> If somebody insists on having JMAP, I recommend looking at Cyrus email server, perhaps write a Go library for its SASL delegation protocol so it could be used with maddy just as easy as Dovecot.

josephg said 9 days ago:

I just replied on the linked issue. If anyone wants to get started making a jmap server, about a year ago I pulled out the cyrus jmap email parsing code into a standalone C/wasm library:


Its a bit of a mess and it needs a write-up, but it should be a reasonable start to making more jmap servers. (This does not implement the jmap application protocol, but it does generate fantastic json from any email blob, incl attachments, snippets, html and text output. And thats crazy difficult to implement correctly.)

NetOpWibby said 8 days ago:

As soon as there’s an IMAP/JMAP module that’s useable I’m going work on my email client concept again. I got far enough, receiving and displaying mail but IMAP is super frustrating to deal with.

Maddy looks great though, I may start playing around with it.

andris9 said 8 days ago:

I had similar issues where I wanted to remove IMAP complexity from client app, so I created a daemon proxy that sits between client and an IMAP server and “translates” REST API requests to IMAP commands: https://github.com/andris9/imapapi

NetOpWibby said 8 days ago:

Oh! I had your repo starred already!

jijji said 9 days ago:

This server seems really promising as it integrates all required functionality into one application, where as compared with most other MTA's (postfix, sendmail, etc) its about a 20 step process to get it all setup correctly (dkim, spf, etc)

1vuio0pswjnm7 said 8 days ago:

Question to those running own mail servers:

Putting aside issues with sending mail to recipients using third party providers, have you been able to receive mail reliably from (a) senders using third party providers or (b) senders running their own SMTP.

edoceo said 8 days ago:

I've been able to receive nearly 100% from the big guys. For folks that run their own I run into less issues these days. I'm still on Postfix. Some of the client and header checks used to (c2005) be too strict. But! When it failed, there were logs I could see.

If you run your own, you'll want to get some log checking tools to make sure things are tidy.

illuminated said 8 days ago:

No issues at all. It comes down to the way they have set up their own mail servers. Incoming email is being checked for DKIM, DMARC, etc and then handled based on that. Logs are also super helpful in determining what went how in the reception process.

curiousfab said 8 days ago:

Yes, and yes, no problems ever with receiving mail on my self-hosted systems. exim4, self-signed cert. Sending is what may be difficult but personally I only had very minor trouble with that (VPS on a reputable provider, all set up properly).

Sylarr said 8 days ago:

Which VPS provider is that?

We send mail from a Linode VPS in Frankfurt, which works fine most of the time but a couple of times a year Microsoft puts us on a blacklist, most likely because of a neighbouring IP sending spam.

curiousfab said 8 days ago:

Hetzner. I once was blacklisted at MSFT and filled out their online form, which solved the problem within a day or two. The only provider that doesn't accept my mail (for years already) is AT&T but this is something I can live with (I rarely have to send something to AT&T, as I am only dealing with locals).

specialist said 8 days ago:

Hi @foxcpp.

Project site says "all-in-one" (one daemon) to replace postfix, etc. Like sendmail?

Please say more.

For 20+ plus years I've been advocating for postfix instead of sendmail style architectures.

I don't know what to call the "one task, one process" style of postfix. What's the opposite of monolithic?

This tension is replaying (again) in the web services vs monolithic architecture debate.

Ironically, I prefer monolithic web apps over web services based designs. Contradicting myself.

I'd like to better understand when each style is better suited to the task at hand.

foxcpp said 8 days ago:

>Please say more

Default configuration runs everything as a single daemon. This has been done to minimize any management overhead, avoid the complexity and performance overhead introduced by IPC.

It is definitely possible to split things apart though - this is not something of a hard design decision. This is what LMTP is for, right? maddy can work as both LMTP server and client and also supports both server and client parts of Dovecot's authentication delegation protocol.

So you can do something like that: 1. maddy instance running SMTP on port 25, running inbound filtering and then doing transparent LMTP forwarding to ... 2. maddy instance running LMTP on some unix socket, delivering to local storage and providing access to it via IMAP, authenticating users using ... 3. maddy instance running Dovecot auth's protocol on some unix socket providing authentication service using some DB. 4. maddy instance running Submission, managing queue of outbound messages, trying delivery by forwarding them to ... 5. maddy instance running LMTP on some Unix socket, actually attempting outbound delivery.

In fact, you can also put any of these on separate VMs/containers or even physical systems. And if we add some load-balancing capabilities to SMTP client then it can be used to scale message processing (though a single daemon can already handle quite a lot of emails and users without problems).

cmroanirgo said 8 days ago:

> What's the opposite of monolithic?

The web's answers for a suitable antonym seem inappropriate [0] (all referring to "small" rather than "many parts". I reckon megalithic is the way to go.

Although I've been hosting my own mail server (postfix/dovecot) for years I must admit that I treat most of its parts as a single black box. My head just doesn't grok the entirety of processes and the various sub components (spam, grey listing, filters).

I prefer monolithic every day. It's not hard to provide plugins that allow custom filtering/ spam etc, so the end result can easily be the same.

Especially for personal /small business servers, simplicity wins everytime IMHO.

[0] https://www.merriam-webster.com/thesaurus/monolithic

specialist said 7 days ago:

Heh. Small chuckle, thanks.

Mono - one, lithic - stone. "One stone". It's in the name, right?

pas said 8 days ago:

Postfix's architecture is the classic UNIX style of "do one thing and do it well", of composable processes.

So it's not a monolith, it's a composite. If that makes sense.

Sure, the components of postfix are not standalone tools, they are very much like systemd. One codebase (monorepo, yaay, old is new), sharing a lot of common internal code.

In the end multi-process composite (like oracle and postgresql RDBMSes) or a multi-threaded monolith (like MySQL or anything that runs on a JVM) is not that big of a difference nowadays. Both can be performant, both can be maintained well/efficiently by big teams and by a one-man-army (see how postfix is mostly maintained by Wietse Venema).

jeremy_wiebe said 8 days ago:

Is this a play on the name Caddy (the web server)?

foxcpp said 8 days ago:

Yes, it is. The project started as "Caddy for email".

skyfaller said 8 days ago:

As someone who uses and loves Caddy, I'm very excited about a mail server with a similar philosophy. I'm rooting for you!

That said, Caddy's killer feature for me was automatically configuring certs, that's what made me switch from Apache back when we were moving everything to HTTPS. I still don't fully understand how certs work, but fortunately I don't really need to. Until Maddy does this, it won't be a good comparison.

Also I would really appreciate some documentation for making this work with Caddy handling TLS certificates for me. I guess I'll file a bug about that.

nolok said 8 days ago:

Does anyone know of a mail server (imap) where the developper can be in control of the mail source? I wanted to expose one of our tool to mail clients, something that handles all the imap talk and gives you onread/onmark/ondelete/... events, but I found very little libraries or servers for that kind of usage

denysvitali said 8 days ago:

I strongly recommend looking into Chasquid: https://github.com/albertito/chasquid

Only SMTP though, for the IMAP part you need to use something else like Dovecot.

seqizz said 8 days ago:

One other all-in-one solution which I use (and love): SNM [0]

Obviously only usable for NixOS zealots, but just import the class with your desired parameters and good to go.

But Maddy-like consolidation seems like the way forward. Setting up 100 moving parts is not always easy.

[0]: https://gitlab.com/simple-nixos-mailserver/nixos-mailserver

modinfo said 8 days ago:

A fullstack but simple mail server (SMTP, IMAP, Antispam, Antivirus...). Only configuration files, no SQL database. https://github.com/tomav/docker-mailserver

passerby1 said 8 days ago:

What's the license for project? It's a bit odd to see a serious opensource project without any license specified as it prevents adoption for at least some of potensial users. I for example pay close attention to licensing as a personal user. It's just too risky to invest my time learning to use project which can any time in the future become paid or restricted in other way.

foxcpp said 8 days ago:

Currently the license is GPLv3, you can find it in the COPYING file.

There are some messy bits related to licensing because it was MIT licensed in the past (back then when I did not take this "little pet project" very seriously).

lifty said 8 days ago:

The license is clearly there. It’s GPLv3

0df8dkdf said 8 days ago:
jeffbee said 9 days ago:

There are no scarier words than "I wrote a mailer".

djsumdog said 8 days ago:

"I wrote a custom encryption library"

aeden said 8 days ago:

"I wrote a name server"

NetOpWibby said 8 days ago:

I’m actually interested in this

hu3 said 8 days ago:

I wrote a custom P2P serverless noSQL GraphQL database that compiles to WASM powered by Blockchain leveraging smart contracts and artificial intelligence to achieve webscale.

dhagz said 7 days ago:

You forgot IoT.

alimoeeny said 8 days ago:

can you elaborate? I mean it is not obvious to me what is wrong with writing a new mail server,

mattbee said 8 days ago:

I wrote a custom network block storage server.

said 9 days ago: