What does it take to self-host email in NixOS?
Pros and cons? Why would someone not want to do it?
I guess generally email is one of the more challenging things to self-host because of all the trust issues involved for getting your little server accepted by big mail mammoths such as gmail or microsoft.
That being said, having something like Mail-in-a-NixBox would be a nice thing
If you check Mail-in-a-Box's Github
https://github.com/mail-in-a-box/mailinabox
you can see the main components are:
postfix for SMTP, Dovecot or IMAP, z-push for Exchange ActiveSync, Roundcube (if you want webmail), spamassassin and postgrey for getting rid of some stuff, then a lot of automated DNS stuff plus Let's Encrypt, and finally some backups via duplicity, some fail2ban and some monitoring via munin.
I'd use stalw.art - I'm playing with the idea for a while now. It is really well designed, however, the archiving of emails is hard to audit due to content hashing... a plain file backend would be desirable... Other than that, a premier choice.
Yes, stalwart looks interesting. And more modern than the Ubuntu-based thingy that is Mail-in-a-Box. Even though I had this running once with a friend of mine. But it appears with stalwart you can run that with a single database backend such as PostgreSQL? Why would you say plain files is more desirable @David Arnold ?
This is just motivated by GAAP / Local-GAAP requirements which state that its first visual representation received by the counter party of any receipt underlying a business event must be stored for 10 years.
That's just best done by "tapping the wire", and with a file baked email, referencing and archiving becomes easy. Having a schema-bound storage mechanism is a significant accessibility hurdle over 10 years and for a smaller team.
ah okay, so you would want to keep these for your business records essentially? I can't imagine there aren't some best practices for complying with these requirements. Maybe asking stalwart directly would be an idea how they'd handle this?
Yes, the easiest way to do this is to "tap" the wire: store everything that comes in and out. Using the FS as a backend has the advantage that its the oldest simplest and most stable storage metadata there is and therefore has very low maintenance burdon.
Obviously with many emails, the performance burdon becomes prohibitive and that's why the hash and shard them with blake..
It's still recoverable, but it immediatly and essentiatlly forces you to provision a kv store for the same ten years on a rolling basis.
Last updated: Jan 18 2025 at 04:45 UTC