Self-hosting Mail – Hurdles

Published by Arun Isaac on

Tags: selfhosting, internet

My troubles with self hosting a mail server. In the name of countering spam, mail has become such a quagmire of blacklisting, whitelisting, etc. – in other words – censorship. email is in danger of becoming gmail. email is such an elegant set of protocols with decentralization built into its heart. We must not let it become a victim to centralization.

Home email server

Figure 1: Home email server

I am big on self-hosting and decentralization of the Internet. So, I set up my own home server to host this blog around 2 years ago. Since then, I have set up and run several of my own services including ownCloud, GNU Social and XMPP. Mail was an important service I was missing. So, after several months of using the mail client mutt and familiarizing myself with how a mail stack is put together, I set up exim and dovecot on my server.

Internal mail, that is, mail between people on my own server, worked great and I delighted in the improved privacy and feeling of control. The people on my own mail server were the people I communicated with most often. So, even this by itself was a great improvement. Mail to other servers such as Gmail, Yahoo mail, IISc mail, etc. did not work. Their SMTP daemons just rejected my mail. My mail didn't even get through enough to reach an user's spambox.

My internet connection had a dynamic IP and this was obviously running afoul of Google's (and others') anti-spamming measures. My only choice was to get a static IP. I did not like being forced into it this way. Nevertheless, I got a static IP from my ISP, BSNL, for 2000 rupees per annum. But other servers still wouldn't accept my mail…

Meanwhile, I read about DKIM (DomainKeys Identified Mail). This was yet another anti-spamming technique, whereby mail servers use asymmetric key cryptography to sign their outgoing mail so that the destination mail server knows that the mail indeed came from where it claims to come from. An understandable precaution – I enabled it on exim, and published my public key through a DNS entry for my domain. But other servers still wouldn't accept my mail…

Google provides vague and unhelpful reasons such as this – the same unhelpful reason they gave me even when I had a dynamic IP. IISc's SMTP daemon, without beating around the bush, tells me quite plainly that my mail is rejected because my IP address has no reverse DNS entry.

Yahoo says my IP address is on the Spamhaus PBL, a list collectively maintained by ISPs world over indicating IP ranges not allowed to send mail. Apparently, there is a way to get my IP out of the Spamhaus PBL, but that still involves having a reverse DNS entry for my IP address pointing to my domain.

Quite contrary to what you might think, having a DNS entry for your domain pointing to your IP address does not automatically mean you have a reverse DNS entry. Indeed, doing a reverse lookup on the set of all DNS entries is going to be data intensive, and therefore having a separate table for reverse lookups makes sense. But, it turns out that you cannot create a reverse DNS entry for yourself on your own. Only your ISP, who gave you your IP address, can create a reverse DNS entry for it. In other words, unless I'm willing to engage in more bureaucracy with BSNL and probably paying them a good deal more than I already pay them, I'm not getting my reverse DNS entry. For starters, I doubt the people at the BSNL office even know what a reverse DNS entry is. All I can find about reverse DNS delegation with BSNL is this shady page. So no reverse DNS, and that means no mail!

Well, what am I to do about all this? All I wanted to do was set up and run my own mail server without having to sell my soul to the devil. True that you can justify everything as anti-spam. But whatever you say, I say this is censorship. What with so much machine learning put to use these days to profile people and invade their privacy, we can't develop a decent spam filter and need to depend on these vile techniques to counter spam? A shame, I say! Or a sham to keep people marginalized as mere consumers and keep those at the center in power!

<sigh> I guess I'm gonna have to sign up for one of those authenticated SMTP relay services, for now. Anyways, if you ever set up your own mail server, please take care to enforce only sane and reasonable anti-spam measures. Mail is such an elegant set of protocols with decentralization built into its heart. We must not let it be crushed under such draconian rules. Don't let email become gmail.

Image Credits

Home email server -- by Gerald_G, released into the public domain