Nextcloud Mail Server

markc · March 4, 2019, 12:37am

I tried Mailcow a few years ago but rspamd was both too complex and heavy (700MB and lots of processes) much like spamd. The after-reboot ram usage of my SQLite based system is about 70MB in total with full control over running vhost websites and mailboxes (even PowerDNS.) There is even a script to install Nextcloud…

github.com

netserva/sh/blob/master/bin/addnc

#!/usr/bin/env bash
# .sh/bin/addnc 20180829 - 20180829
# Copyright (C) 1995-2018 Mark Constable <markc@renta.net> (AGPL-3.0)

[[ -z $1 || $1 =~ -h ]] && echo "Usage: addnc domain [path]" && exit 1

[[ $(id -u) -gt 0 ]] && echo "ERROR: must be root (use sudo -i)" && exit 2

source /root/.vhosts/$1 || exit 3

FPATH=${2:-''}

if [[ $FPATH ]]; then
    WPURL=https://$VHOST/$FPATH
    FPATH=$WPATH/$FPATH
else
    WPURL=https://$VHOST
    FPATH=$WPATH
fi

This file has been truncated. show original

Good point though. I should provide a LXD container image, and perhaps a docker image too if a full web stack make sense as a docker image.

Lars_M · March 4, 2019, 9:29pm

How much Ram do you have? I have 16 GB and no Problems. Running Mailcow since October last year.

Henkdt · October 29, 2019, 5:30pm

So after reading this conversation, just to be clear, nextcloud is a file server only (with some app integrations)? Meaning for businesses, office 365 is still needed for exchange like server features and collaboration? Which also means a lot of sensitive information will still sit in the cloud, and terabytes of storage with app integrations is included already in your office 365 subscription. Right?

h3rb3rt · October 31, 2019, 6:56am

Hi,

a Mail Server for NC could be nice, but honestly, I do not see any real benefit. Most people I know running a NC instance do this on a shared server or at home in their basement (as I do). This is fine for the internet connection I am using, with a dynamic IP (and dyndns) and the download and upload speed I have available.

The same setup would not work for mail, because of the fact how mail providers decide if you are trustworthy mail sender. This is heavily based on IP and a dynamic IP range is not going to work for this approach.

I the case, I am a business owner running NC, having a proper mail server setup next to NC should not be an issue, but for a home user spinning up a mail server on a standard home user ISP connection, this is not going to work in the Internet of this century.

Anyhow, what I did, was moving my whole family to a trusted and local mail provider and with NC Rainloop (because the NC Mail app sucks, sorry) I provide a nice and unified mail interface for the mail server running at a local provider.

This removes the hazzle of IP blacklisting for my mails, costs me a € per month for 20GB and 20 mail accounts in addition to my domain and for my NC users, there is no real difference. They just log in to NC and click on a button to read / write mails.

Paradox55 · October 31, 2019, 8:30am

The same setup would not work for mail, because of the fact how **mail providers decide if you are trustworthy mail sender**. This is heavily based on IP and a dynamic IP range is not going to work for this approach.

I the case, **I am a business owner** running NC, having a proper mail server setup next to NC should not be an issue, but for a home user spinning up a mail server on a standard home user ISP connection, **this is not going to work in the Internet of this century.**

tl;dr you don’t understand how email works.

Lesson of the day: Email servers have a lot of moving components. Components that can be spread across different providers.

You can host MX servers on cheap KVM’s. You can use free MX servers. You can host MX servers from home. You can use free smtp/email relays such as sendgrid to avoid blacklisting. You can use your own VPN to have your mailserver public and avoid dynamic ip address changes and also avoid blacklisting. There are so many different solutions to the problems you listed.

But yes, let’s continue the saying of “Don’t host email from home!” because… well, you said so.

Anyway, I’m quite happy knowing my email isn’t going to be forever deleted by the provider because of a lapsed payment or they go out of business. Learned that lesson the hard way with namecheap. One missed payment and they deleted 3+ years of email. I had backups but they didn’t have backups despite their terms of service saying they kept backups up to a month after termination and data could be restored. After that I just gave up on using other email providers.

h3rb3rt · October 31, 2019, 9:56am

hmm, thanks for your assumption that I do not understand how mail works.

tl;dr I am pretty sure I know

Mail itself works, you are right, the whole idea of mail is and always was a distributed system. But based on my assumption (which could be right or wrong, depending on your personal viewpoint), where a file server would just work a mail server would not work with the extra effort you were describing. And I am not saying the extra effort is installing just a mail system.

As you said right, you can do everything an make it work, but the actual problem with a NC integrated mail system would be, that people gonna wonder why their files a available but their mails are not being received on the other end.

The complexity and liability of running a mail environment is by far bigger than hosting NC, nowadays.

But also there, I hope that systems like mailcow, mail in a box, docker mail systems and all the other solutions to host a own mail server, do get used more often. This would bring mail back to its origins and not to what it is now (google and microsoft forcing the standards). I also hope that things like IPv6 would remove the IP Blacklisting databases and introduce new ways of identifying a trustworthy sender, or just push existing solutions to a broader use.

Anyhow, my solution was to move my mails to a local provider I trust for 14 years and get rid of my google MX, yours is to host it on your own. I hope, anytime soon, my mail system is also hosted locally, but setting up a working NC instance was/is by far easier - and a beginning to rebuild the Internet.

But I am also happy to discuss all of this with you on a private channel, because I am sure I could learn quite a lot from your setup.

Paradox55 · October 31, 2019, 12:43pm

Apologies, I was really tired and didn’t mean to be so snappy. I’m just tired of people saying email can’t be hosted from home.

Soooo here’s the thing. Email, especially with premade solutions like mailcow, is ridiculously easy to host from home. You don’t need a VPN and it can be hosted straight from home with the exception of your email relay. You would want to use something like sendgrid for that.

Even in the case of MX servers you can still host from home. All/most email servers will retry sending emails if your MX server is down for some time, so you likely won’t lose any email regardless even if you keep your computer off at night.

What you’re going to have issues with is inbound email on port 25. If your ISP is blocking inbound (not outbound) on that port then you’ll need either a reverse proxy offsite or a single MX server offsite configured to send email to your home network on another port.

Otherwise, it’s all point and click with mailcow and other all in one scripts!

h3rb3rt · October 31, 2019, 1:55pm

no worries, I am sure someone learns something out this discussion

You are right setting it up is quite easy, but as you mentioned, open SMTP needs to be checked, otherwise it gets a little tricky.
Using a relay to send emails is actually a good idea, but this is something I already considered and for me it is somehow once again destroying the original concept of mail. Because this relays do get lots of power the more people using them. As it is happening with MS and Google.

I would like to see more smaller Mail Servers running on their own IPs than smaller Mail Servers using one big companies IP they relay over to get their mails delivered.

I mean, would you like to use “Microsofts Unified File Storage” to get access to OneDrive and your files stored on your NAS, NextCloud, Dropbox etc? The data would once again pass through a service (eve) you tried to avoid at the beginning?

But we do get there (again) it just needs some time.
Its like the mainframe to powerfull destkop clients to cloud hosted and so on paradigm, the wheel is turning

Paradox55 · October 31, 2019, 2:01pm

But you don’t have to use popular relays. You could also setup your own relay with cheap KVM or OpenVZ servers. They cost less then two dollars in some instances.

For me, I’m running my own email server for peace of mind. If gmail is ever breached I don’t want my stuff all over the web. Also, I don’t have to deal with them using my email to create “personal advertisements”.

Inevitably google and other large email providers are going to get your email and see who sent you email, because 99.9% of the world (other then business) uses gmail/yahoo/etc. But at least my email won’t be centralized in one location on these big providers.

alfred · November 4, 2019, 1:00pm

You can use something like Kopano (it integrates even with Nextcloud to some extent and is FLOSS) instead of using Exchange/Office365.

Nemskiller · November 4, 2019, 10:01pm

I use mailcow.
It’s really nice. So much better than iRedMail.
My only complaint is that microsoft servers marks me as spam because i don’t use a Whitelisted IP (i’m on a VPS)

but as a mail server consume some Ram and cpu, it’s a bad idea to mix it with nextcloud on the same sever.

SupersonicWaffle · May 1, 2020, 12:16pm

There shouldn’t be a whitelist entry necessary on Microsoft’s part. It’s more likely you are missing appropiate sfp or ptr records. If you’re marked as SPAM it’s actually quite likely you’re gonna end up on a blocklist after a while and not even be able to deliver mail.

Nemskiller · May 1, 2020, 12:41pm

Not at all. I have a 10/10 mark
I use correct SPF DMIK and DMARC
The only problem is my IP Reputation for microsoft.

For Microsoft you are guilty by default then you can have better reputation and then don’t be treated as spam.
I don’t send enough mails a day for being seen as legitimate to them.
it’s a procedure to block private mails servers.
If i use OVH smtp mail servers IP i am not seen as spam.

There is a website where you can tell Microsoft : hey i have a private mail server, here is my ip …
But it does nothing. It’s a issue a lot of people complain about on the web.
Type MailCow Spam Microsoft servers you will see.

My problem is that my ip isn’t in a pool that Microsoft trust.

JimmyKater · May 4, 2020, 9:43am

and thats the common problem with homehosted emailservers (even worse with new ip-adresses every 24h) so almost everyone i know suggests to let the idea of homehosting email go… due to the marked-as-spam-problem. if you dont wanna be burdened with much more additional work than neccessary.

Nemskiller · May 4, 2020, 9:56am

I’m not home hosted, i am on a VPS that have a a static IP v4 and v6.
The problem is that the IP i got isn’t in the trusted pool of Microsoft.
Microsoft have in this trusted pool only the smtp IP pool from providers like Google, OVH, Yahoo, 1&1 etc…

The IP that OVH provide me for my VPS isn’t in the smtp pool of OVH (that is normal) so Microsoft treat me by default as SPAM and i have to gain reputation. But as my flow of emails to Microsoft servers are really few emails by day, i will never have the chance to be in good reputation.

h3rb3rt · May 4, 2020, 10:03am

I think the only good way to get rid of this problem is using a reliable relay server.
Just out of the blue, the Nextcloud GmbH could host such a relay, and offer this relay to NC installations. This IP could get good reputation over time but everyone should somehow “authenticate” against the NC Relay.
This could be done using a token (something like letsencrypt is doing with its certs) which would allow some control for this relay and would also allow server to be blocked.

This would also allow people to move away from the NC relay quite simple, because they already have the mail setup running and tested, and all they need to do is get rid of the relay setting.

But I also thing, this would not be worth the effort, and on the other hand, would create another centralized mail IP / relay combination, but it would be a good and more trusted alternative to the other solutions to get decentralized mail back again.

JimmyKater · May 4, 2020, 10:09am

prolly right. but why WOULD they like to do that?

h3rb3rt · May 4, 2020, 10:24am

For the same reason they started all of this
Give back power to the people!
Make the internet decentralized again!
Be a little rebel and disturb the big ones in their business.

JimmyKater · May 4, 2020, 10:57am

thats nice…
but sadly enough only a nice dream, i’m afraid

SupersonicWaffle · May 4, 2020, 3:20pm

I set up and maintain a few dozen on premises mail servers, none of them exhibit this issue with delivering mails to Microsoft. A few barely send e-mails anymore as the organization has moved on to different means of communication.

Quite possibly the IP has been put on a blacklist in the past while setting up the server or by the person who was assigned your IP before you. For some providers your reputation score will be bad long after the IP has been removed from blacklists. Requests to reset the reputation for an IP are taken care of within 24 hours in my experience.

Never was it necessary for me to contact Microsoft to be put on a Whitelist and I’d wager some money that this sort of behaviour would have killed Office 365 by now.