selfhosting mail server on nixos

Self hosting email is a difficult business.

The main issue is that you must have a static IP and that IP needs to have a good mail reputation or you will be blacklisted in a few days.

Said so, Today there are pretty good selfhostable email stacks like stalwart

My solution, which has been running for over two decades, is bare metal with postfix, dovecot, opendkim, opendmarl, spamassassin and a few more poeces which are all absolutely mandatory. Plus a nice webmail and a few more optional pieces.

But on gentoo, not on nix

yeah, i checked some of the blacklists and my IP (static) seems to be ok. i'll check out the other services/app/executablees you mentioned, thanks!
- The risk is that the IP will get banned AFTER you start sending out mail from it because it has zero reputation... IT happened to me too and it took months, if not years, to get it definitely cleared. And if you neighbour with a similar IP get infected and start spamming, it's all over again. This is the main issue with residential IPs, it's a very real issue.
  
  To get around it, rent a VPS with a non residential IP and front the mail server there, with tunnels (wireguard+nft) back to your home mail server, so at least the public facing IP is good or has less risks or being blacklisted.

The one thing I'll never recommend anyone selfhost is email. It's just plain not worth it.

You can do literally everything right and still get cucked by spam filters because you're not a recognized email provider.

This seems to be a common point of view for email self hosting.

However, my own experience is a whole another thing. Sure, my hosts have been on every spam list imaginable, mostly with Microsoft, but just a week ago I migrated the whole setup to new VPS and while there's still a thing or two I'll need to iron out the emails are running just fine. Biggest issue was that I forgot to add IPv6 DNS records for the VPS and thus got blocked by gmail, but they gave a clear error why that was and once I fixed the problem it's been smooth sailing.

With current domains I've been running things since 2016 or 2018 and even commercially. It's mostly problem free and things just work, Microsoft being the bigest ass on to work with. For example last october/november they decided to reject everything from one of my servers but both their JMRP portal and support claimed that there's nothing wrong with our server. It took couple of days to clear without any definitive explanation. But beyond that, on various environments since 2009 (I think) it's been mostly problem free hosting.

Sure, hosting email for anyone requires at least some understanding on how things should work (both technically and ethically/legally) and the skillset needed is a bit more complex than hosting a web site to public internet, but it's still something practically anyone can do if they really want to.

And sure, there's a ton of stuff you need to get right. And then there's cases when you miss something and your 'Contact me' web form becomes a spammer heaven and your servers end up sending few million viagra ads around the net and your IP/domain is on every shitlist there is. It takes some persistence and time to clean that up and learn from the experience, but it's not the end of the world.

Self hosting your email is perfectly viable, it can be done regardless of google/microsoft, and I hightly recommend doing that. Email is one of the last "old" fronts to the net where everything is not centralized to a single/few actors. But you really need to know what you're doing. Copy'n'paste commands to set up whatever the latest hot stuff is on docker containers just isn't enough.
- i feel the same way, its a pain but once it works, it general stays working. i think i have a decent static IP so i should be good. i just havent done this for a long time and now i want to use nix instead of whatever i was using before.
Two things I never want to work with and will just pay someone else to deal with whenever possible:

Email

Printers

And that’s about it, almost everything else I’m fine doing myself.
- lmao bro I can't upvote this shit enough.

It's not Nix-specific, but I use Mailcow-dockerized and it is completely hassle-free, been using it for 4 or 5 years now without a bobble (though I've run my own mailserver for 30 years).

I would agree that a static IP is necessary, but I don't have one and I get by, even without a PTR record. That's probably due to a fairly small ISP with not many spammers having found it.

Make sure you set up your DKIM and DMARC right from the start and pay heed to the reports. But I've never had to fight to get off a blacklist, even with new domains I've added to it.

I run Postfix, Dovecot and rspamd on my server. The configuration is here: https://git.dblsaiko.net/systems/tree/configurations/polaris

There’s also the Simple NixOS Mailserver project which is an abstraction on top of these and has a few more things. I’ve never used it myself though.

Of course, you also have to set up all the standard email setup like DKIM, DMARC, SPF and so on here.

thanks, very helpful! i've done DKIM and DMARC before. thanks!

@ellyxir @selfhosted https://gitlab.com/simple-nixos-mailserver/nixos-mailserver

thanks! ive seen this before but lost the link, thanks!