It’s a bad title, but I’m trying to figure out how to describe what I want.
First, I got my photoprism working thru cloudflare. Now, on the same domain I would like an email address.
So mysite.com gets routed to 56.654.234.12 let’s say by cloudflare such that a global user never sees my ip. But mail.mysite.com that’s different, they don’t proxy email so if you do a reverse lookup you can find the origin IP.
I heard about tunnels so I stupidly signed up for that, only to learn that a tunnel just lets you into an internal network. So an SMTP server can’t get emails from outside that way.
Ideally, somehow I could setup one user at Gmail or proton mail, then somehow setup the same or different [email protected] and I could then use mailu, mailcow, mail docker to house my [email protected] which routes mail thru Gmail or protonmail. I know all this makes little sense because I don’t know the proper way, so that’s my question for you smart people who have done this twice over. Could someone point me to the best way of setting up a local mail server that routes thru cloudflare but is not easily reverse looked up? Is that even a problem at all?
Mail hosting is not that simple anymore. Your understanding of how it works is missing an entire world of complex issues that you need to solve outside of just hosting a mail server with an open SMTP port.
The biggest certainty is that just having an open port for an SMTP server dangling out there means you will 100% be attacked. Not just sometimes, non-stop. So you don’t want to host on a machine with anything else on it, cuz security. So you need a dedicated host for that portion, and a very capable and restrictive intrusion detection system (let’s say crowdsec), which is going to take some amount of resources to run, and stop your machine from toppling over.
Next, you need all your secondary record systems (SPF, DKIM, DMARC) pointing at a defined and unchanging record for your SMTP server, so you’ll need a static IP. If you don’t have that already, you’re kind of SOL.
Next, you’ll need to be running your own peer authentication system, then a spam filtering system (of which none of them work well without massive amounts of sample data, but you can use public lists to help block known bad actors), decent file threat scanning…you see where I’m going with this. It all takes a fair amount of resources, and even more if/when you get bad actors spamming the machine all the time.
Finally, you’ll probably want this machine completely segmented from the rest of your network, which isn’t really complicated, just costs a bit more money.
There’s a reason why mail hosts and forwarding services cost money, and still exist. It takes a large amount of effort to be somewhat secure, or at least to best of your efforts. With the added costs associated with hosting your own mail servers, most people just avoid the hell out of it. I certainly wouldn’t recommend it.
I’ve found some interesting options here, but everyone wants to own your data. Just put it all in our servers, c’mon! It’s free or low price, we’re you centric and not as centric…
Sure. But I want my stuff in my basement server and not in their basement server 😭.
You can just route your outgoing emails through a relay server. I‘ve hosted my own mail server with outgoing traffic going through aws simple email service for over a year now without any problems. You give some data to amazon but only outgoing mails and it is pretty cheap, like 10 cents per month.