330

we appear to be the first to write up the outrage coherently too. much thanks to the illustrious @self

you are viewing a single comment's thread
view the rest of the comments
[-] barsquid@lemmy.world 12 points 4 months ago

What's your alternative to the fake privacy company? I'm assuming the correct thing would be: if your threat model does not include governments, self hosted email, or if it does include governments, probably don't use email.

[-] Banshee@midwest.social 20 points 4 months ago

Self hosted email is its own can of worms. I wouldn't recommend it to anyone outside of experienced IT people. You'll end up blacklisted before you send your first email if you do anything wrong (and there's a lot that can go wrong), and it doesn't solve any security problems email has.

Anything sent over email just isn't private. That goes for Proton customers when they send or receive anything from a non-Proton address too. The one thing privacy email providers can actually do is keep your inbox from being scanned by LLMs and advertisers. That doesn't prevent the inboxes and outboxes of your contacts from being scanned, though.

If you use email, the best thing you can do is be mindful of what kinds of information you send through it. Use aliases via services like simple login or anonaddy when possible. Having a leaked email is a security vulnerability. Once bad actors have your email, they now have half of what they need to breach multiple accounts.

[-] dgerard@awful.systems 18 points 4 months ago* (last edited 4 months ago)

have been that sysadmin setting up a company email server. postfix is trivial to set up, absolutely the easiest experience. following that, though, was weeks of supplicant emails to MS to beg them please not to block us. My recommendation was never do this again, use a third-party outgoing email vendor, email is lost.

[-] Avatar_of_Self@lemmy.world -4 points 4 months ago* (last edited 4 months ago)

MS will send your mail straight to spam if you do not set up your domain keys and DMARC in DNS correctly and do not have a reject or quarantine RUA or the email(s) in your RUA bounce.

Sometimes you may get temporarily sent to spam if your IP is in a /28 of a known spammer IP.

That's about it.

[-] dgerard@awful.systems 8 points 4 months ago

plus the bit where you wait six weeks for a response to your request that they unblock you

none of this process is fucking simple

[-] Avatar_of_Self@lemmy.world -4 points 4 months ago* (last edited 4 months ago)

I've never had to ask MS to unblock me and it sure as hell doesn't take 6 weeks or even 3 days for them to automatically see if everything is right again.

I even set up a non traditional domain with a "non-generic" tld a couple of years ago and I think it was around 16 hours or so before my test emails were hitting outlook inboxes.

Additionally, I think Google still wants SPF setup though it is pretty useless now. And if your RUA was set up right, as I recall, you get an automated email from MS telling you why your mail went to spam (or was rejected), which is the point of it to begin with.

[-] dgerard@awful.systems 5 points 4 months ago

I guess if it worked for you it's perfect! Well done.

[-] Avatar_of_Self@lemmy.world -4 points 4 months ago

As a tip for next time, if you really want to host your email but you don't want to put up with dealing with emails being sent to spam boxes, you can just use an SMTP relay/proxy provider. Your email isn't hosted there but they do send it on and will be the 'source' mail server and is going to be much, much, much cheaper than paying someone to host your email for a bunch of users.

[-] self@awful.systems 6 points 4 months ago

as a tip for you next time, shut the fuck up when someone with experience tells you you’re giving shit advice

[-] froztbyte@awful.systems 5 points 4 months ago

I go have one rare afternoon nap and the (un)professional services posters come out on stage, smdh

[-] self@awful.systems 5 points 4 months ago

oh there’ll definitely be more

[-] dgerard@awful.systems 6 points 4 months ago

you didn't bother reading the thread first, did you

[-] ssm@lemmy.sdf.org -3 points 4 months ago* (last edited 4 months ago)

Self hosting on a bulletproof vps that actually deletes their logs and has a proven track record like buyvm is my preferred solution. I used this guide. It's not perfect, it doesn't set up encryption, and is a bit dated, but it's an okay starting point. I didn't bother setting up rspamd. You can also technically avoid setting up dovecot if you don't want to use IMAP/POP3, but really limits your selection of mail clients to basically mailx and friends. This setup will let you mail to major mail providers, but be wary of what TLD you buy, my .work TLD means I get autospammed. :(

[-] froztbyte@awful.systems 5 points 4 months ago* (last edited 4 months ago)

that’s…extremely off the beaten path, and incredibly very not how most people use / experience email

for the viewers at home: treat this as extremely niche through outright bad advice to follow if you ever want to try set up your own mail

(e: there are more than a few parts of it that are also laughably insufficient for what it aims to do, but this isn’t the place and it’s saturday on top; free tech support comes on other days)

[-] ssm@lemmy.sdf.org -5 points 4 months ago

smtpd.conf(5), pf.conf(5), and openssl(1) manpages and friends are your best resources for setting this up, I just provided that guide as examples as setting all this up can be daunting with just the manuals and no other context. The short guide provided in that blog is not going to teach you firewalling, filtering your maildir; and there's definitely stuff missing, like restarting daemons after certs expire, and setting up your outbound dkimsign filter (was not available at the time of writing)

[-] dgerard@awful.systems 8 points 4 months ago* (last edited 4 months ago)

oh my fucking god

you have defnitely never been the guy on the hook professionally for email working

[-] froztbyte@awful.systems 7 points 4 months ago
[-] ssm@lemmy.sdf.org -4 points 4 months ago* (last edited 4 months ago)

I'll eat as many downvotes as I'd like, though I don't really know what I said that attracted so much ire.

[-] self@awful.systems 8 points 4 months ago

you’re the type of reply guy who rattles off man page names when you’re out of your depth, and you’re reply guying about administrating email to people who professionally administrate email

I don’t expect you to have caught onto that last bit, mainly because you never fucking shut up long enough to catch onto anything at all

[-] froztbyte@awful.systems 5 points 4 months ago

who professionally administrate email

I take immense offense at this utterly spurious insult! I only unprofessionally administer email these days, having managed to get the fuck out of having to do anyone else's mail for money :D

[-] froztbyte@awful.systems 5 points 4 months ago

there is a(n early career) period of my CV that literally has "mailserver administrator" as the job title/description, though

it was kinda lol. apparently the guy who had the gig before me worked real, real hard (down to sometimes sleeping in the server room). I automated much of the role out with mairix, par2, a couple of extremely nasty shellscripts, and a bit of common sense. got pretty bored from month 4, and left a while after

[-] mawhrin@awful.systems 6 points 4 months ago* (last edited 4 months ago)

let me repeat something i wrote in another thread: bringing up the smtp daemon in basic configuration (and, by the way, my preferred one is exim) is trivial. managing working and usable mail service is not.

it's a process! you need to reserve time for that! you need to understand basic networking, you need to intimately know how dns works. you need to know how to use swaks. you need to know your RFCs, and the subtle breakages of the protocol that you need to introduce in order to reduce the amount of spam you're receiving. you need to understand why everything that SPF promises is a lie, but you'll be using it anyway. you need to know how DKIM works, and what is the true meaning of DMARC. you will learn that google wants you to use experimental features in order to be able to deliver your fucking mail to them. you need to understand that the anti-spam blacklists are managed by fucking racketeers, and that you can't avoid them. you need to understand the difference between sending mail and receiving it, and why a correctly configured MX record does absolutely nothing to improve the ability to deliver remote mail. you need to have time to deal with petty tyrants on a mission, and with oblivious bureaucracy of large providers, and learn to be happy if you can reach a human person on the other side at all.

and that's just the SMTP part.

[-] froztbyte@awful.systems 5 points 4 months ago

you need to understand why everything that SPF promises is a lie, but you’ll be using it anyway

fuckin' mood

and that’s just the SMTP part.

hi can I interest you in a serving of "you have 5 OSs and 25+ different versions of OS variants and even more client apps, please make autodiscovery work with" to go with that? no? how about a bit of caldav and carddav?

this post was submitted on 18 Jul 2024
330 points (100.0% liked)

TechTakes

1401 readers
232 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 1 year ago
MODERATORS