You read the title: I am now running an email server, which I would consider to be one of my most ambitious projects yet. The area of email hosting is very dark, and prone to attackers, and thus I will be leaving out some details which I find unfortunate. Spammers (yes, this includes companies) are ruining the email protocol. I am extremely lucky to have a server with the ability to use port 25 and other mailing tools and ports, and have reverse DNS setup.
After around 10 hours of work, I completed it. There is a backend which runs all of the typical services such as IMAP and SMTP, and a frontend, which I can tell you, is Roundcube. Roundcube’s interface is extremely snappy and sending emails is almost instant. I have successfully gotten an almost perfect delivery rate, being able to make it into the main inbox of a Gmail user (that’s a quite good accomplishment, better than most companies).
However, this mail server isn’t for stupid mass marketing, at least I hope not. I am wary to add more users, or ideally make the server public, free, and open, as if one user’s account gets compromised, my IP range could be put on spam lists and my email being shut down in a few days. I am using it as a personal email for now, just emailing friends and interacting in various mailing lists.
This experience of setting up a mail server has taught me that triumph is important, though your experience can really reduce the amount of effort you have to dedicate to a task. While this required the support of others (mainly the amazing support rep who set me up with a reverse DNS record in a few minutes), which can sometimes be difficult for me, I was able to work with those people to deploy my solution.
I am debating on opening up registrations to only a couple people, and gradually expanding. Though, I will need a better email than one which is branded to my person.
This was a very interesting prompt, and made me decide to make it into a technology post as well. I would like to introduce you to my private home lab hosted in the cloud, which I have been working on for quite a while now. This article may include a lot of technical terms, so apologies in advance.
This article is part one.
The server itself is running Docker, with all of the data folders being nearly organized, and grouped with their docker-composr.yml files. NGINX Proxy Manager handles reverse proxies with my various domains, so everything can be accessed easily. Yes, it becomes a mess of ports, though I am still able to track down everything, and my workflow is still effective.
This whole server has taken about two days to setup. It works on a private network with VPN profiles routed through DigitalOcean. I’ve really focused on security with this project, more than others.
My server dashboard on the web
The base of the project all starts with my dashboard. This uses the Docker image “homepage,” with a custom background and theme, with different icons imported from my service in YAML config files.
The setup was more tedious than what I am used to, Homarr. However, pings were broken on Homarr, and some integrations worked poorly for me. Thus, I believe Homepage was a good alternative and has brought an even better UI.
My server’s Webmin home pageThe menu options in Webmin
Next, we have Webmin. Webmin is an amazing web server manager, which includes incredibly useful tools like iptables firewall management and upload/download from the server. These features have increased my workflow speed so much, and I have been a huge fan of Webmin for a while.
My server’s Portainer web dashboard
Another critical application running in the web is Portainer, which helps you easily manage your Docker containers. I especially love the easy access to the IP address of containers and looking at ports and mounts.
Portainer Community Edition has been great so far, and I don’t think anyone except a real company needs it.
I just finished editing the privacy policy for my blog, and I want you to read it. Why? It’s bigger than just my blog. I want you to help set the standard.
Now, I essentially wrote a “fair” privacy policy. However, this doesn’t mean much, and it really shouldn’t. What I determine as a “fair” policy may seem very extreme to you, overcontrolling, or even dangerous. I think about 99% of readers will find the policy extremely fair, though I want you to focus on your opinion.
I typically go through my day and pay close attention to the technology used. In the classroom, I’m watching the interfaces, which sometimes can lead to me not paying attention to what’s really important! Nevertheless, I notice how the little spying devices we have, as if permanently attached, are universally accepted in daily life. Our phones! Yes, we all agreed to that 200 page document of bullshit we don’t care about… or do we?
Online privacy is always a mess, albeit being the biggest part when trying to using the internet in a “safe” (more of a personal safety sense, especially in terms of data security and our PII) manner.
Let’s bring it back to the original point: my privacy policy. While writing the policy, I reflected on the ethics of “internet code.” No, not the code you see on movies with hackers using terminals that flash bright green lines of code on a pitch black screen. It’s the morals of the internet. There has always been a divide I noticed from “real life” and life on the internet. On the internet, it is perfectly acceptable to spout the most profane of phrases casually. On the note of privacy, it’s universally regarded that it’s fine that companies exploit us for data. Our data is free to us, and it keeps our services free, so who cares?
We must always ask ourselves, when dealing with money: do I need to make money? That is the question I asked myself on the creation of this blog. Do I need ads? The answer I came to was no. I found that by providing this content under the public domain that I am making people happy. In turn, I can recieve views, comments, and discussion. My opinions may become more relevant in the future, and I could help people feeling as lost as I am navigate their lives in less of a controlling way, and more in a “I want to give people advice” way.
In this process, I had to question if I wanted to profit off my viewers, as an extra source of income, but I was also the holder of power. Without an ad blocker, viewers of my website have no choice but to have their data sent back to Google’s servers to be analyzed further. I asked myself that question, and found that I have low server operating costs, money to cover it, and a passion that makes up for the money I “lose” from not adding adverts to my website.
So, what’s next? I want you to hear me out on what I wish big companies could operate, especially on getting back to the human aspect. It appears companies have lost their values of consent, both in the bedroom with CEO scandals (not having a particular one in mind) and on the web. Let’s dive in.
First, I propose a progress bar be added to the homepage of Google. Those design people at Google can make it look spectacular, seriously. What will that progress meter be of? That’s next!
Let’s stop AdSense and AdMob, and remove adverts completely from all of Google’s services. We’re even going to remove all of the tracking across services, because we no longer need to sell people’s data. Now, Google is left with little revenue to operate. Don’t forget: we still have Google Cloud and Google One subscriptions, as well as Android, the Play Store, and other micro-transactions and miscellaneous purchases you can make throughout Google. However, that’s not enough to run Google.
Going back to the progress bar, let’s allow Google to be more transparent about how much money they need to operate that month, in addition to quick access buttons that aren’t intrusive for supporting Google. Yes, let’s literally turn Google into Wikipedia. Google can even be a role model for the already-amazing friend of mine… the Wikimedia Foundation! Some fun ideas I had were making interactive advertisements and adding mini-games (especially social games and puzzles). I even thought about including a coin system, however I worry about the ethics of micro-transactions. Although Google may facilitate these types of payments through their services, I don’t believe it would be positive to introduce them in this theoretical system.
However, why does this matter? Why should Google improve their services? Why should other companies try to adapt these types of systems? Why does this connect to a privacy policy I wrote?
This theoretical system is a demonstration of care and remembering we are all humans living on one planet. Google should be a benefit to society, though that doesn’t mean they should aim to make exorbitant amounts of money. Can someone seriously explain to my why these people don’t just donate their excess income to a real charity?
There is still much I do not understand about this world, and much more to discover. Every day, I am noticing new patterns in life. Regardless, I still trust the validity of my ideas, and I don’t think I’m far off from a kinder solution. This doesn’t mean that system will ever be recognized, let alone be implemented, though it’s one positive ending among several other positive and negative endings. Google, among thousands of other internet companies, should remember the human when they make decisions.
Linux security works similarly. If a user doesn’t need permission, or in this case, Google does not need 30% of their advertizing revenue for it’s employees, higher-ups, and everyone in between to be happy. Thus, let’s release the power, and remove the permissions to that directory for that user. Let’s make the world feel more secure, much like a SysAdmin feels secure about their system after applying effective and secure permissions (gotta remember ’em).
By doing all of this, we can go back to our roots of trying to just make it through our lives, but aim for happiness in the end. The goal isn’t to become rich, I believe it’s aiming for feeling secure and happy in life, and the amount you see in your bank has a different reaction for different people. $20 to us Americans is much more in countries such as Turkey and Argentina. However, online privacy is universally valued. We try our hardest to balance our lives, while trying to keep ourselves safe. Whether it’s people locking their nudes in their Photos app or going through annoying cookie prompts, we do our best. Let’s try and get the companies to do the rest.
My privacy policy is something I’m proud of. I’m proud to join the other websites trying to aim for user experience over making money. If I write a tutorial post on my blog, I might actually earn an award for the first human published tutorial on a WordPress blog before. For those who don’t know, lots of recipe websites are copied from other websites and ran through algorithms to include in incredible amount of words that rank high in search ratings. Some people even do it manually! While I go through this good feeling of doing good for the few who stumble upon this page, I have found the inspiration for a better internet experience for humans.
Thanks for stopping by, and enjoy the rest of your day or night.
EDIT (same day):
I was recently going through the analytics settings on a plugin I use for WordPress for privacy-friendly analytics. Questioning the ethics of this… How is it going to be targeted towards privacy if I have the option to completely ignore user’s requests for privacy.
This post is not sponsored, nor will any of my posts be.
I tend to lean towards cloud over on-premises solutions when hosting just about everything, and thus I noticed Inmotion’s great deals on VPS servers. I made it out with an unmanaged server rocking an Intel CPU with 8 vCPUs, 16GB of RAM, and 260GB of SSD storage. This came out to a final total of $29.99 per month (billed monthly, however you can save more being billed annually). I would consider this as a high-end server, compared to what I was working with previously.
In terms of speed, I was not entirely impressed, though it’s performance comes in it’s ability to handle a lot of tasks. I have over 20 Docker containers running on it, with no noticeable lag (especially nice for Nextcloud when disk speeds count).
I have noticed several tradeoffs, especially with their control panel. I was quoted $12/month for my first month on WHM, then $20/month after first the month elapsed. Their free control panel comes with the essentials, and focuses on total control. Thus, firewalls are managed through iptables over a web dashboard. Additionally, there is a noticable 10+ second page load delays on their “backend” (as in their shop section provides amazing page load speeds, while their backend is slow as a turtle).
While there are many minor downsides, the deal itself is not something I would typically pass up, and thus I believe I will be hosting with them for a while.
