For example, something that is too complex for your comfort level, a security concern, or maybe your hardware can’t keep up with the service’s needs?
You must log in or register to comment.
Tor exit node, public Lemmy instance.
Weirdly for extremely similar reasons
Yes these. Essentially anything that an unidentified user could push data to that would land me in regulatory trouble. I would want to host these things, but I don’t want to become a distributor of anything that would get me a search warrant.
Hosting an email server is pretty sure a magnet for half the Chinese IP range… So I would refrain from hosting that myself.
I figured email would be a common theme. I’m just starting to dip my toes into all of this, so an email server is not on my to-do list (and may never be).
Google and other large scale providers have intentionally made it very difficult to self host your own email. It’s generally not considered a wise move these days and is very difficult to maintain.
Why do you say so? I’m not an expert in the fields, but isn’t a mail server pretty much the same as 20 years ago plus DKIM and SPF?
Problem is, that most larger providers sort your mails to spam if the domain is not well known to them, which is not easy to achieve
Mmm…are you sure about that? I happen to buy some random domain and I’ve never had any problem sending email even right after the domain created.
There’s been a lot of write ups on this, such as this one: After self-hosting my email for twenty-three years I have thrown in the towel. The oligopoly has won.
But there are even people that still self host email server (have a look in the selfhosted subreddit for example). IP reputation is a thing, for sure, but I don’t feel that it’s been brought up by the big corp wickedly, it’s a good way to prevent spam to arrive to the server. There are thousands of email providers in the world that are not Google, Amazon, Microsoft or some other big corp. This means that is possible. Is it difficult? For me for sure!!! But I think that the rising difficulty has been a result of this fields over the years. Just my 2 cents.
With DKIM and SPF, I’ve had zero problems in the last 15 years of selfhosting, most recently with Mailcow Docker on a residential IP. I don’t even have a reverse PTR to my mailserver hostname, just a PTR provided by the ISP that can be resolved.
I’ve added a few fresh, un-reputed domains to the server and had no issues.
I think many people’s problems with running email servers are self-inflicted. I remember even before there were things like blacklists, etc with large providers, many people had problems keeping mailservers running. It’s just not an easy task for a variety of reasons completely unassociated with the mega’s blacklisting you. I’ve been running mailservers at various scales for 20+ years so maybe it’s just second nature to me now.
Thanks for sharing your experience with us. @MaggiWuerze@feddit.de , @body_by_make
ip-reputation is also important. Mailgun, an email service for mass mailing, is doing an „ip-warmup“ if you choose a dedicated ip. So, if you are self-hosting with dynamic-ip, i think you would have a very very low ip-reputation.
True, but this has nothing to do with Google and other, is a well done method to avoid spam.
so what else is a factor for reputation? Or is it like if you dont pay to get your mail-domain whitelisted we lower your reputation score?
No idea! I don’t run my own mail server. But if you read a bit up here, there’s a guy who runs his own mail server(s) since years. But the selfhosted world seems to be full (well…not so full) of people that self host their mail server.
I have an email server but it is not my main email account. I’m purely only using it to learn and to have email notifications sent out from a few services. I do not trust myself or my setup enough to have my main email account hosted on it
Gladly, fail2ban exists. :) Note that it’s not just smtp anyway. Anything on port 22 (ssh) or 80/443 (http/https) get constantly tested as well. I’ve actually set up fail2ban rules to ban anyone who is querying
/on my webserver, it catches of lot of those pests.This method supposedly works great too.
Om going to try that as well
I did host my email, but the problem wasn’t the spam but the bigger email providers. Best case was my mail was marked as spam. Worst case was that I was blocked until I jumped through hoops. Email hosting is unfortunately broken.
what’s that? a federated service isn’t immune from a corporate take over? colour me shocked.
Me too, I’ll never self host my email server. Too much time that I don’t have to set it up correctly, manage the antispam and other thing that I don’t even know . And if it goes down and I don’t have time to look into it (which would be the case 95% of the time 🙈), I’ll be without email for I don’t know how long.
I’ve been self-hosting a personal email server for about half a year now, and it was definitely challenging! But it also tought me quite a bit about how the system works, so I think it was worth it. There are solutions for everything, but you definitely need some time and patience.
Password manager like Bitwarden. I’d rather they take care of it for me. The consequences would be too great if I messed it up.
Smart move, unless you really know what you’re doing and have redundancy. When I first made the switch from Lastpass to Bitwarden I had tried to host the vault myself instead of using the cloud version, which worked fine right up until the moment I had a server outage and lost access to all my passwords.
I’ve managed to keep my KeePass database for almost 20 years going back as far as when I was a dumb teenager. Back then it was as simple as having a couple extra copies on usb drives and Google Drive, but now I keep proper backups.
My take is, I’d rather control it myself, I am responsible enough to take care of my data, and I actually wouldn’t trust someone else to do it. That’s a huge reason I selfhost in the first place, a lack of trust in others’ services. Also, online services are a bigger target because of the number of customers, and maybe even the importance of some of their customers, whereas I’m not a target at all. No one is going to go after me specifically.
I think that’s what’s kept me at KeePass rather than moving to something like Bitwarden. Since it’s file-level encryption, anything that can serve files can also serve my KeePass database. When I upgrade servers or change to different services, restoring my database is as simple as throwing the file into that new service and going on with my life.
Yeah, my recommendation is basically this:
Do you need to share passwords?
No - use KeePass
Yes - use Bitwarden
Eh, the clients all cache your vault. It shouldn’t be a huge issue for it to be down even for a few days.
But I do upload encrypted backups of the server every 6 hours to cloud storage
Same.
Plus, my instance is proxies through Clouflare and only IPs from my country are allowed.
Oh man, that’s actually really good advice! I recently switched to Vaultwarden, but you’re right: If my server goes down, I can’t even restart it, because the password for my account is in there! Damn! Close call!
Well with bitwarden/vaultwarden you can have a copy of your entire vault on your phone or computer or both… so even if your server was totally dead, you’d have access to your passwords. Solid backups is a must, I follow the 3-2-1 rule on super critical systems (like vaultwarden) and test that you can actually recover. Something as simple as spinning up a VPS, testing a restore, testing access, see if that could work in a pinch until you get your server back online, then tear it down. Linode is very cheap for this kind of testing, it’d only cost you a few pennies to run a “dr” test of your critical systems. Of course you still want to secure it, I’d recommend wireguard or tailscale instead of opening access to your DR node to the internet, but as a temporary test it’s probably fine if your running patched up to date versions of docker, vaultwarden, and I’d always recommend putting a reverse proxy in front like nginx.
Usually the password are also stored locally.
I can definitely access all my passwords offline with bitwarden
Bwoa, you can easily take json backups. It is pretty safe imo.
Anything that the family uses. Because when I cease to exist, my wife isn’t gonna take over self-hosting! So e-mail, chat, documents etc.
You know, I never thought about that
I hadn’t either until a few years ago. It’s something worth considering.
Dealing with the digital afterlife of a hacker - The Daily Dot
The main challenge was Michael’s tech footprint: His Gmail, Twitter, personal domains, rented servers, hosting business, home servers, and a huge collection of Apple tech.
“It was tough for Beth because she got home and she had a brand new phone and couldn’t even get on the Wi-Fi,” Kalat said. “Michael had done everything. Beth is very smart—she’s a scientist—but Michael had handled everything. A friend had to come over to reset the Wi-Fi password.”
Bitwarden has an option called emergency contact.
The emergency contact can request access to see all the saved passwords. If I don’t deny the request then the request is automatically approved after X days.
I feel like this would cover most of the issues in the article.
I told my wife when I die, she’s just going to have to throw it all away and start over.
We have separate email accounts and she knows how to get into my Keepass, so she should be able to get into whatever she needs to. I now have a daughter who is becoming interested in how these things work, so I’m hoping to slowly start training/handing off to her.
I have a router, switch and older access point preconfigured and ready to just plug in.
I have some basic documentation and a short list of folks to call, along with admin creds should anything need untangling.
But mostly it’s a rip and replace network. Ditch plex and get cable.
Google workspace is basically just gmail. You can pay someone to migrate it or abandon.
This guy has a good financial planner.
Mail. It’s almost impossible to find a server hoster that hasn’t yet been ip-range-banned from most mail gates, and I cannot host from my own house due to ISP terms and conditions.
I’ve managed to do it for my personal email and find it very rewarding. Sadly, I could never use it for my business. It’s just too risky and there may always be a few delivery problems here and there.
VPS hosting, BTW, not home.
I have setup a mail server for my employer, and doing it manually yourself is difficult. I didn’t want to do it for myself as well.
However I looked into mailcow, and tried that privately and it works great so far! However, i would dedicate a separate VPS for just that.
That, and the fact that Spam abatement is a terrible chore. Whackamole at its worst.
rspamd seems to do a fair job of it.
Mail, Bitwarden and Joplin. Too important stuff for my Raspberry Pi setup.
Second. I used to self-host Bitwarden. Then I realized it’d be too devistating to lose all my passwords, even with backups. So I moved to their cloud service and paid for my families accounts too.
Joplin tho, Joplin stays on the server with no backup. I should really, really make a backup this weekend.
I am hosting bitwarden myself (on a VPS) and I am not that concered about losing my passwords, because every device syncs all passwords locally regulary so that you don’t need internet to access them.
So to loose all your passwords not only do you have to loose your bitwarden server and all the backups, you also have to loose access to all your bitwarden clients synchroniously.
I really want to use Bitwarden and I pay for the premium as well, but it’s starting to bother me that a lot of basic stuff is missing despite years of user requests.
- An Auto-fill UI for the web interface
- Credit card auto-fill
- A way to refresh from the auto-fill menu on the Android UI
I just tried Proton Pass (I have unlimited anyway) and it’s not better, but at least they seem to be working on these.
all the features you listed are available though?
I’ve never heard of joplin but it looks just like what I need
Bitwarden actually. I was really split on this but ultimately I trust Bitwarden, the company, to run a secure server than myself.
Who has time to track CVE’s and react to them in a timely manner? I don’t. If something happened, I probably don’t have the infrastructure or know-how to even realize I had been breached.
- My own search engine (a meta search engine like searx-ng would be fine though)
- a tor exit node, because don’t want to deal with the legal hassle (i run snowflake on multiple machines though)
- a SMTP relay (recieving email is easy. Sending email is a pain in the ass)
Sending email is super easy as well. Making sure everyone can receive it is such a pain though.
A public Matrix server. Its just a never ending black-hole of ever increasing storage requirements and the software is too buggy to not become a maintenance hassle.
I do run a Synapse server for bridging purposes, so I am not just talking in theory.
XMPP is safer and lighter anyway
A social media platform where you can post or view images. I don’t wanna deal with CSAM.
not complicated or hard, just don’t care enough: music, spotify is fine, especially on the family plan.
I don’t self-host Nextcloud. I have a cheap cloud instance running it and it’s essentially my off-site backup for important documents. I don’t put just anything up there but I live in New Orleans so I feel like I should assume my home server won’t necessarily be online when I most need insurance documents and shit like that.
@Tinnitus@lemmy.world I would say in retrospective, email, but it is too late now.
While I do have self hosted backups, I also have offsite, paid copies as well, not sure if that can be considered “self hosting” though.
Email was one I figured I would get an answer for. I know plenty of people do it, but I’m not sure if I’d trust myself to do it right.
The paid offsite backups just seem like a good idea. Some might have the ability to also self-host that, whether it be in a friend/family members home, but if that isn’t an option, paying for a service could save your ass some day.
Email was one I figured I would get an answer for. I know plenty of people do it, but I’m not sure if I’d trust myself to do it right.
It’s not even about doing it right. It’s a PITA to manage when big players can just decide to block your server and then you’ll be jumping trough hoops with Microsofts spam filtering program and whatnot just go get your messages trough. It’s got very little to do if you’ve managed things right on your end, random issues with delivery just pop out of the thin air and it’s your job to monitor it, swear by your mothers name to the big players that you’ll play nicely and hope that their robotic overlords are satisfied with your time and effort.
And if you host email for anyone else it gets exponentially worse. I’ve been doing it long enough that apparently my server has a reputation now so those cases aren’t as frequent as they used to, but they still pop up now and then and it takes time to figure it out with no other reward than the issue goes away, until it returns without any way to really know why.
I did email for about a year. Sucked shit so I cut my losses and closed the thing down.
@SocialDoki@lemmy.blahaj.zone what do you use now?
Honestly I’ve got like 7 different addresses spread across 3 different providers. Email isn’t important enough for me to worry too much about privacy and control. It’s mostly just a place to collect spam for me these days.
I tried getting a music setup to work, but I couldn’t find a good solution for generated playlists with new song recommendations. The self-hosted music service just can’t add songs it doesn’t have yet, so it’s not really feasible. Plus I still have a very cheap YouTube Music subscription from the GPM days.
You can use Lidarr to subscribe to artists’ new album/singles. But you’d still need to have a workflow to add new artists every now and then to incorporate them into your library.
I want to be able to pick a song and say “give me a playlist of similar songs I don’t know yet”, and have that play immediately. That’s just not something a self-hosted setup can do. :/
Yeah I think the closest thing I’m aware of is Plex and album/track mood on smart playlist, and even then that’s kind of janky (ie: cannot shout into smart assistants to creat one on the fly). Music is so cheap now, even the free Amazon Music I get from Prime serves my needs, so I don’t even bother with it.
Minecraft. When I started out it was fine but when I began to get regular visitors I got DDOSed for days on end and people poking me for ssh access. Never again.
Why were people asking for SSH access?
They weren’t asking, I was getting spammed with attempts. I changed the ports and locked down my server. In the end I switched to VPS’s.
You get spammed with ssh attempts no matter what. Just set up fail2ban with harsh firewall rules, key-only auth, and live happy!
