[tor-talk] Private mail server (Was: i saw your response on the Tor talk list)

Julian Yon julian at yon.org.uk
Sat Nov 17 18:38:24 UTC 2012


On Sat, 17 Nov 2012 19:06:32 +0100
Andreas Krey <a.krey at gmx.de> wrote:

> On Sat, 17 Nov 2012 17:41:12 +0000, Julian Yon wrote:
> ...
> > or dedicated server, or colocate a machine of your own in a
> > datacentre. While in theory you could run a server off a cable or
> > DSL line, I wouldn't recommend it. Even if your ISP is friendly
> > towards the idea they're unlikely to guarantee you the uptime you
> > need for a reliable service.
> 
> Don't think that regular colo/VPS server promise much more. The main
> problem on cable/DSL is the usual lack of an actually fixed address.

Yes, that's also a problem. Not unsolvable, but irritating. Here, DSL
providers typically offer no SLA at all, certainly on residential lines.
So even if you only get a three nines promise on your colo, you're
winning.

> > at your server. If you only have the one server, then you'll only
> > need one record, but if your server is down or unreachable then
> > other servers will probably either bounce or blackhole incoming
> > mail.
> 
> Servers doing the former deserve to be walked away from (to another
> provider), and admins of servers doing the latter are criminals,
> at least in my local jurisdiction.

If your jurisdiction is .de (as per your address) then I can't comment
on that. But trust me as somebody who has banged his head against many
SMTP shaped walls (including such larks as persistent dictionary attacks
pushing loadavgs up to over 3000 - another problem you have to deal
with if you run your own server), this is the way things work in
reality, at least at some ISPs.

> > They're under no obligation to queue it for you.
> 
> Yes, they are. At least that is what every sane mail server does.
> (Given the insane state of the world this doesn't say much.)

Email isn't a guaranteed delivery service. I've spent enough of my life
trying to drum that into people :( Whatever the rules in your own
jurisdiction, that doesn't affect the behaviour of servers elsewhere.

> [Actually, the server whose obligation to queue in case my MX is down
>  is being paid for by the person sending the mail.]

How long do you think they're obliged to queue it for? Eternity?
There's a dead simple DoS straight away. Sooner or later it'll be
dropped or bounced. If you don't have a backup MX (even if it just
queues it to pass onto your main one later), you will be losing mail at
some point.

> ...
> > Would I recommend it? No. Unless you want to do so for the learning
> > experience. SMTP is insecure by design;
> 
> Well yes; I still like my mail directly appear in my inbox (even
> though I admin that I need to poll this address).

Hmm. Didn't think to mention fetchmail/procmail/etc. It is of course
possible to construct more interesting architectures pulling and
pushing mail around, but I assumed the OP was asking about a “normal”
mailserver setup.


Julian

-- 
3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012 at jry.me>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20121117/f8d5395c/attachment.pgp>


More information about the tor-talk mailing list