I’d like to contest the assertion made made some, that it’s not prudent to install MIAB on a home based PC.
I’ve been sucessfully running MIAB on my dedicated server for well over a year. I thought I’d share how I believe it can be done safely and securely.
1/ Do not use your regular IP address. Find and switch to an ISP who’ll provide you a free additional IPv4 block of addresses
2/ Setup a firewall capable of securely separating your WAN, LAN and MIAB on a DMZ . I used a PC Engines box loaded with pfsense.
3/ Route your unique IPV4 block thro’ the firewall to your DMZ/MIAB
4/ Adjust the firewall settings to allow MIAB thro’
5/ Install MIAB on the server as per the installation instructions
Feel free to offer constructive critism or to ask for further details
The MiaB project is intended for relatively inexperienced users to configure their own mail server.
The ISP VPS presents a very predictable environment for MiaB, such that the project is making many assumptions, particularly in regards to networking, that the target user likely has no experience with recreating in their home network.
It is not PRUDENT mainly for the reasons mentioned in @openletter 's reply.
However, it has never been said that it was not possible. Anyone doing so will be on their own as it is outside the scope of this project. It is just NOT a configuration that we can support in addition to the official one. Nothing against hobbyists tinkering.
This is the biggest stumbling block for most users as North American ISP’s rarely will issue a static IP address to a residential customer, and if they do their ToS either explicitly prohibit email servers on their network, or they block port 25, or do not allow for rDNS to be set.
So, you may be in a part of the world where residential ISP’s have more lax rules, or possibly be blessed with an amazing ISP, but that is not the reality for many.
Quite franky, this is something I had been dreaming to do as well. I am sick and tired of paying for VPS providers to host my own mailserver. My problem is, even if we do have the skill level to do the necessary networking to host an MIAB, we are still unable to get our hands on a static IP from ISPs. I know they are available but they are really not cheap.
The internet has a huge amount of IPV6 addresses available. When would we ever start utilizing them? I heard there are IPV6 addresses to address every grain of sand on planet. Perhaps an exaggeration nevetheless, I dream of a day I can get my data away from VPS providers and host my own email from home.
Yes, I do agree with the points you raised. Reliable power and reliable energy seems two important aspects that we also pay a VP for. 5 dollars seems fair for all of that.
But my other concern is VPS providers snooping our emails to 3rd parties such as governments. They have no rights to snoop into our servers but I know it happens nevertheless. The privacy policies of VPS providers tell us clearly that they would not think twice before complying with law enforcement of residing country which they must. This is why hosting the MIAB from home is a great idea. This way, whoever who wants to take a peak at an inbox would have to take the trouble to physically come knock on the door and take a look at the disks. Doing so makes mass surveillance much challenging for government organizations. I have no problem complying with a warrant in a country I reside but mass surveillance.
Currently. I use GPG encryption whenever possible with K9. It helps to a great extent for emails that need not be read at rest.
Yes, of course. And this is sadly, a valid concern. It boils down to the specific provider and their ToS as well as how much you trust that provider.
I have often recommended BuyVM here. There are a multitude of reasons for this. One reason that I have never really addressed is that they take client privacy very seriously. How do I know this … by years of observation of how they operate. They will never enter a users files without the express permission of the user. The will not comply with any ‘requests’ from law enforcement which is not served with a valid court issued subpoena from the jurisdiction of the server.
BuyVM is one of the staunch defenders of absolute free speech. They are hated on by many because of their policies to defend free speech and the rights of their users using their services lawfully.
If you’d like to check them out please do me the honor of using my affiliate link:
There is also the option of colocation, but it likely only works if you have a local colo facility, and usually the monthly rate starts at $100, but that will be 2-6 rackspaces, depending, plus you have to buy server hardware, which even used isn’t cheap like consumer hardware.
For typical dedicated server from a hosting provider, you don’t know what is going on at the hardware level. If you construct your own hardware and configure all the things, including physical intrusion detection and mitigation, it is a level that cannot be achieved with hardware you never touch in a facility you can’t get access.
This of course is true. So the best option is indeed co-location of your own hardware. Reasonable colocation can be had for $50-70 per month though for a 1U server. There are less expensive colo providers out there as well.
I was surprised to see that the trend in colo is ever higher prices. The guys I talked to said they are being driven up by the new-ish trend of various cryptocurrency miners, whom I’m assuming want to put expensive servers in a secure facility, but this may vary by region.
I can remember when, if you needed the more powerful hardware, colo was the cheaper option, but when you include monthly expense plus hardware, it’s hard to beat a dedicated server on pricing level (unless you happen to already own the hardware) when the security issues aren’t a concern and you don’t need some crazy powerful server.