[Novalug] Thunderbird

Stuart D. Gathman stuart@gathman.org
Mon Jun 24 10:16:53 EDT 2019


On Mon, 24 Jun 2019, Rich Kulawiec via Novalug wrote:

> On Sun, Jun 23, 2019 at 05:44:46PM -0400, Roger W. Broseus via Novalug wrote:
>> Since you are moving to T-bird, consider using IMAP instead of POP. Then,
>> email is saved on the server and available everywhere on other PCs.
>
> Years ago, I would advocated this as well.  Today?  No.  "Leaving mail on
> the server" means leaving it exposed to all the attacks that target that
> server, and there are a *lot* of those, including some very clueful ones.

Use IMAP with your *own* server (I use dovecot).  For just a few users,
it is cheaper than a VPS over about 5 years, not counting electricity
and internet (which you likely already have).

o Have 2 disk drives and use software RAID-1 (simplest and cheapest), make
regular backups onto a USB drive.

o If you are buying a new box (as opposed to recycling a PC or using
your rPi3), get one with dual power supplies.

o Get a UPS, and install NUT monitoring.

o If you aren't servicing smartphones (i.e. access your mail from a
smartphone), access via VPN.

o If you are servicing smartphones (meaning you have to allow logins
from any public IP4), run fail2ban to limit password guessing.

o If you have a home account with your ISP, you likely agreed to not run
a public server.  Since you are taking pains to allow only you and
family/friends to access your IMAP server, it is not a public server.

o Unless you have a business plan, your ISP likely blocks outgoing port
25.  This means you must use an outside SMTP service to send mail.

> We already know that some of those attacks have succeeded, and no doubt
> others have as well but either (a) the operators of those servers have
> declined to share that information or (b) they don't know.

Even without "attacks", mail operators like gmail already read and
analyze your emails for their own purposes.

Your laptop is just as vulnerable to remote attack as your home server.

===

Is there any interest in a Novalug talk on running your own mail
services?  There is a lot of supporting knowledge such as opening 
firewall ports (especially selectively so as to allow only for VPN).
If running your own MTA for receiving incoming mail, then you need
to deal with authentication (forged email), spam, and other nuisances.

There are excellent opensource packages for all these things - but I
am not aware of a package providing a fully integrated plug and play
home email service.  Partly, this is because there are so many
approaches - as seen in this thread.  You have many choices for MTA, MSA,
spam, SPF, DKIM, security, etc.

-- 
 	      Stuart D. Gathman <stuart@gathman.org>
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.



More information about the Novalug mailing list