Suggestions for a more privacy conscious email provider

Rich Kulawiec rsk at gsp.org
Mon Dec 4 23:38:19 CST 2017


On Sun, Dec 03, 2017 at 09:48:02AM -0800, Michael S. Singh wrote:
> Will I also need a static IP address in order to connect to the server
> from anywhere in the world?

Yes.  And it will need to be located in an allocation that's known
to be static, i.e., a single static address in the midst of a large
block of dynamic addresses == trouble.  It'll also need to be on
a provider that that has scrupulously dealt with abuse issues; those
that don't may have large swaths of address space that's already
blacklisted.  One way to determine this is to ask them what address
they will assign *before* you sign up, then check that address
against various blacklists.

You'll also need matching A and PTR records: if the mail server
is mail-abc.example.com, then the PTR needs to match.  It's also
highly advisable to make it HELO as that same canonical name.

I also suggest running an instance of a nameserver on the same box.
Mail servers make a lot of DNS queries, so having one right there --
with a cache that will eventually be populated according to local
usage patterns -- is useful.  Just make sure it's not an open
resolver, i.e., make sure it only answers queries on 127.0.0.1

A Raspberry Pi can handle this.  Doubly so if you customize its defenses
specifically to your needs.  The more abuse you reject outright via
the onboard firewall and via MTA configuration, the less will make it
through to more computationally expensive steps.  Note that you'll
need enough storage if you really do plan to use it for the LKML;
I've seen roughly 50M in traffic on it since 11/28 and there are
times when it spikes (in terms of the number of messages and their
aggregate volume) quite a bit.

---rsk


More information about the NANOG mailing list