Stream: nixos

Topic: Self-hosting email

view this post on Zulip Srid (Mar 06 2024 at 18:07):

What does it take to self-host email in NixOS?

Pros and cons? Why would someone not want to do it?

view this post on Zulip Andreas (Mar 06 2024 at 19:11):

I guess generally email is one of the more challenging things to self-host because of all the trust issues involved for getting your little server accepted by big mail mammoths such as gmail or microsoft.

view this post on Zulip Andreas (Mar 06 2024 at 19:11):

That being said, having something like Mail-in-a-NixBox would be a nice thing

view this post on Zulip Andreas (Mar 06 2024 at 19:21):

If you check Mail-in-a-Box's Github

https://github.com/mail-in-a-box/mailinabox

you can see the main components are:

postfix for SMTP, Dovecot or IMAP, z-push for Exchange ActiveSync, Roundcube (if you want webmail), spamassassin and postgrey for getting rid of some stuff, then a lot of automated DNS stuff plus Let's Encrypt, and finally some backups via duplicity, some fail2ban and some monitoring via munin.

view this post on Zulip David Arnold (Mar 06 2024 at 19:40):

I'd use stalw.art - I'm playing with the idea for a while now. It is really well designed, however, the archiving of emails is hard to audit due to content hashing... a plain file backend would be desirable... Other than that, a premier choice.

view this post on Zulip Andreas (Mar 06 2024 at 19:55):

Yes, stalwart looks interesting. And more modern than the Ubuntu-based thingy that is Mail-in-a-Box. Even though I had this running once with a friend of mine. But it appears with stalwart you can run that with a single database backend such as PostgreSQL? Why would you say plain files is more desirable @David Arnold ?

view this post on Zulip David Arnold (Mar 06 2024 at 20:00):

This is just motivated by GAAP / Local-GAAP requirements which state that its first visual representation received by the counter party of any receipt underlying a business event must be stored for 10 years.

That's just best done by "tapping the wire", and with a file baked email, referencing and archiving becomes easy. Having a schema-bound storage mechanism is a significant accessibility hurdle over 10 years and for a smaller team.

view this post on Zulip Andreas (Mar 06 2024 at 20:07):

ah okay, so you would want to keep these for your business records essentially? I can't imagine there aren't some best practices for complying with these requirements. Maybe asking stalwart directly would be an idea how they'd handle this?

view this post on Zulip David Arnold (Mar 06 2024 at 20:15):

Yes, the easiest way to do this is to "tap" the wire: store everything that comes in and out. Using the FS as a backend has the advantage that its the oldest simplest and most stable storage metadata there is and therefore has very low maintenance burdon.

Obviously with many emails, the performance burdon becomes prohibitive and that's why the hash and shard them with blake..

It's still recoverable, but it immediatly and essentiatlly forces you to provision a kv store for the same ten years on a rolling basis.

Last updated: Nov 15 2024 at 13:04 UTC