Self hosting solution for Christmas
André Rodier
andre at rodier.me
Thu Dec 29 09:07:08 UTC 2022
On 29 December 2022 09:10:23 CET, Joachim Lindenberg <dovecot at lindenberg.one> wrote:
>Hello André,
>thanks for the explanations, appreciated, and for sure publishing a comparison would help users to make a decision, where to "shop", and maybe also for enthusiast the opportunity to join forces on specific topics.
>I like that you support FDE, but my personal preference is to run *x as virtual machines on Hyper-V with Bitlocker and Bitlocker Network Unlock. I haven´t looked into Clevis & Tang yet in detail, which might be an alternative.
>I decided for mailcow early 2018 where it met my requirements, but I am also open to alternatives, especially if they are on par or close w.r.t. functionality, ideally offering high availability via two replicating instances (mailcow does this commercially only and didn´t offer a GDPR compliant contract).
>Thanks,
>Joachim
>
>-----Ursprüngliche Nachricht-----
>Von: André Rodier <andre at rodier.me>
>Gesendet: Donnerstag, 29. Dezember 2022 08:44
>An: dovecot at dovecot.org; Joachim Lindenberg <dovecot at lindenberg.one>
>Betreff: Re: Self hosting solution for Christmas
>
>On 27 December 2022 11:39:42 CET, Joachim Lindenberg <dovecot at lindenberg.one> wrote:
>>I have to support Marc´s question. And also - what makes HomeBox different from Mailcow (https://mailcow.email/)?
>>Thanks, Joachim
>>
>>-----Ursprüngliche Nachricht-----
>>Von: dovecot <dovecot-bounces at dovecot.org> Im Auftrag von Marc
>>Gesendet: Dienstag, 27. Dezember 2022 11:25
>>An: Andre Rodier <andre at rodier.me>; dovecot at dovecot.org;
>>postfix-users at postfix.org; debian-user at lists.debian.org;
>>users-request at sogo.nu
>>Betreff: RE: Self hosting solution for Christmas
>>
>>>
>>> Here my present for Christmas: a new version of HomeBox, the self
>>> hosted email solution.
>>>
>>> Feel free to drop comments, create issues, update the docs, etc.
>>>
>>> I released this quickly before going on vacation, so you may find
>>> some issues. However, this is mostly stable, and the code is easy to modify.
>>>
>>
>>That is why one should not be interested to much risk of lacking future support. What if your wife gets pregnant and there is no update/release for 9 months? ;) Obviously I admire such open source efforts.
>>It is just such a pity to see so many projects initiated seemingly without first trying to bundle forces. This is especially visible in crm all these individual projects are 'shitty', I do not get why none of them try and work together to create a few good ones.
>>
>>I used to always state that there is only one real distribution you could use, and that is the centos one. Basically because you could always buy a redhat license and get the support of a billion dollar company (now even IBM), but with their stream direction this all becomes questionable. However most projects do not even have an argument other than 'this is the distribution I know'.
>>
>>The only long term alternative I see, is using containers that hardly have any os dependency and behave more like micro services. So you focus on the direct updates of suppliers.
>>
>>
>>
>>
>
>Hello, Joachim.
>
>Perhaps I need to rewrite the doc, and the readme, so I will clarify a few points.
>
>Homebox is a set of Ansible scripts to install and configure an email stack on Debian. Exactly like you would do it manually, but in an automated way.
>
>Once the play book has been run, you still have a Debian installed, without any custom binary.
>
>Therefore, of you need any support, ask the relevant making lists, like postfix, dovecot, sogo, Debian, clamav, rspamd, etc...
>
>Now, to answer your question, I had a look to mailcow, and I still prefer Homebox to hosts my emails.
>
>The security of my primary concern. If you look the code carefully, you will see a lot of decisions in this direction. From the list of authorised ciphers and the enforced encryption, even internally, to the absence of PHP. Also, the non-free and contrib sections are excluded.
>
>I also offers full disk encryption out of the box using Debian preseed with remote drive unlocking.
>
>You will also see a lot of unit tests to ensure the whole stack is running as expected.
>
>Finally, I trust a lot the Debian community security policies. I prefer to use them than another community, especially with the unattended-upgrades package.
>
>In terms of features, again, we're definitely not on the same line.
>
>Homebox does not support multiple domains, and will never.
>
>However, I use an LDAP server for authentication, which is used for other services, like a Jabber server. The solution includes a Jabber server out of the box, with files upload and server to server communication.
>
>Next year, I will start to include a Prometheus stack, with alerts sent by xmpp.
>
>I am also planning to add more features i think can be useful to personal hosting, still using Debian repositories. For instance, a WebDAV server to share files across multiple devices.
>
>I don't pretend creating a better solution than X or Y, and I may add mailcow in the list of other solutions. However, I think some people, like me, just want to deploy a mail / xmpp server on Debian without third party packages. This is why I created this project.
>
>Kind regards,
>André.
>
>PS : for Marc's knowledge, I am very happy with the kids I already have. I had a surgery to ensure I won't have more. Maybe an example to follow...
>
Hello, Joachim.
Yes, two replicating instances would be good, many options are available. I will make a few tests next year, using some components, like drbd and gfs2, to name a few. However, I am also looking into an NFS server.
For emails encryption, I will try to use dovecot native one, but I want to decrypt the key on user login. However, GPG maybe guys as well.
One thing I forgot to mention in the features: DNSSEC is automatically configured as well, using PowerDNS.
Kind regards,
André.
More information about the dovecot
mailing list