MinuteButterfly

Author Archives: Régis B.

Self-hosted email

March 20, 2012 – 7:15 am

As I explained in a previous post, I have decided to move away from Google’s Gmail service for email management, and from third-party email hosting platforms in general. This isn’t really a great accomplishment, and I am not trying to brag about it, nor to convince anyone that they should make the same decision. But a handful of people have shown interest in the method and the attached costs. And in my close circle, a handful of people who show interest in computer stuff is an awful lot. So here we go.

Overview

My setup is composed of three main components:

A remote server that serves both as an SMTP server (for sending mail) and as a POP3 server. I pay 1€/month for this (see below for the financial details).
A server which I own that retrieves the emails from the POP3 server (with getmail) and stores them in a maildir. Dovecot is an IMAP server which can serve my email to just any client.
In particular, Dovecot serves my email to a webmail called Roundcube, also hosted on my server, and which serves as a replacement for Gmail’s web interface.

Remote SMTP/POP3 server

Friends had warned me that managing an SMTP server was a royal pain in the ass. In particular, you need to pay attention not to be blacklisted by any large email delivery platform, such as Gmail, Hotmail, etc. So I decided early on I was ready to pay for this service. It just happens that Regfish (which is also my domain name provider) sells some cheap email packages for just 1 euro per month. With this service come a couple pretty classic, but very useful services:

Catchall email addresses: that means that whatever gets sent to blabla12345@behmo.com (where behmo.com is my domain name) will land in my inbox. That allows me to never give the same email address to two different online services. As a result, I know who sold my email address to spammers and my identity cannot be cross-referenced by multiple service owners.
100Mb remote mailbox equipped with webmail. If, for any reason (fire, apocalypse, reboot), my own server falls and stops retrieving email, my emails will not be lost and will be stored in a reasonably sized (100Mb) email account. That is, until my POP3 client wakes up again and catches up with the lost time.

All in all, Regfish provide a reliable service. I have been one of their clients since 2005 and it has been a pretty uneventful ride since then (which is a good thing, as far as server and domain name hosting go).

Local Maildir/Dovecot (IMAP) server

Of course, the whole poin of this blog post is to demonstrate how you can self-host your emails, so it would not make much sense to keep them stored on the remote server, right? What moves them from Regfish’s servers to mine is a cronjob started every two minutes that makes a call to getmail. Getmail is a basic Unix utility to which you feed a simple cnfiguration file where you specify: the address and credentials of the remote POP3/IMAP server (in our case: POP3, as we don’t want the remote server to keep a copy of the emails), and the local folder where you want your emails to be stored. In this folder, each email is stored as a plain text file, and subfolders define labels. That also means that it becomes very easy to backup your emails, but this part will come in a later post.

Everything has been relatively easy until now :) No, seriously, getmail, the cronjob and maildir are all a piece of cake to configure. You can try them right away with any third-party email hosting platform that provide a POP3 interface, such as Gmail, Hotmail or Yahoo! Mail.

The Dovecot part is tricky though. Documentation is sparse, to say the least, and strongly depends on your Dovecot version. I think that wikis are just a poor choice when it comes to documenting software or code, but that’s just me. It’s too bad, really, because Dovecot is supposed to be the best of its breed. Anyway, I won’t be able to help you with the Dovecot configuraton, which strongly depends on our platform, but you should make it if you read carefully the documentation included with your configuration file.

Roundcube webmail

I like my emails in a browser, not in a program such as Thunderbird or Outlook. I have looked long and hard for an alternative to Gmail’s sleek interface (believe me, it has been long and it has been hard). Alas, the best solution I found is Roundcube, which is also the first result returned by Google when you search for “open source webmail”. It’s ugly, it’s slow, it was coded in PHP, it doesn’t support CardDAV for contact sync, but it works. Which is always better than most other solutions I tried. Install is easy, configuration and use too.

Conclusions

The whole thing works, and better: it is very robust and fault tolerant. The only critical moving part that may not be unplugged is the remote mail server. If it fails, I won’t even know it, except that certain mails will not arrive anymore. But that has never occurred until now. As I emphasised earlier, security of my email data is paramount and in this matter I have not been disappointed until now.

The only problems that I see with my setup are the lack of a dynamic, responsive webmail interface (I have even considered coding a better one myself), and of an integrated contact synchronization solution. Funambol works well in itself, but does not get along well with Roundcube. I keep looking.

Naturally, this installation has a financial cost. My personal server is a low-power computer that has been plugged at home 24/7 for the past year. Its construction cost was ~450€, but since I use it for may more things than just email, I consider that its cost has already been amortized. It draws ~30W, and in France that represents a recurring cost of about 3€/month. But then again, this server would stay on even if did not host my email. Finally, there is the cost of my Regfish email account: 1€/month. But now that I think of it, I could probably avoid it if I used my Free account that comes with my home internet connection.

Comment (1)

“Please give me your login and password”

February 27, 2012 – 11:20 pm

Apparently, custom police officers from several countries now take the liberty to search your computer for illegal files. I wonder: is it illegal to provide login credentials that will delete your sensitive data as soon as a certain user accesses his account? For example, a /home/fakeuser/deletescript script that would contain something like:

ssh -i /home/fakeuser/.ssh/no_pwd_key realuser@localhost \
  xargs "srm -r < /home/realuser/list && srm /home/realuser/list" && \
  srm /home/fakeuser/deletescript /home/fakeuser/.ssh/no_pwd_key

where no_pwd_key is a password-less ssh key to the realuser account and list is a file in which are listed sensitive files and folders that you would wish to remove whenever your computer is searched.

Edit: Ah yes, Vineus notes in the comments that rm is not a secure way to delete files. Disks keep traces of removed files and that means removed files can be retrieved back. So, you would rather use the srm utility from the secure-delete package. (apt-get install secure-delete). Post updated.

Comments (8)

Bye Bye Gmail

February 23, 2012 – 2:12 pm

Since a couple months ago, I have stopped using my regis.behmo@gmail.com address and have now replaced it entirely by my new one: regis@behmo.com. I think this is worth an explanation.

I own my address

First of all, I do not wish to be tied to an email address which I do not own. As a reminder, all @gmail.com addresses are owned not their users, but by Google. This increases the cost of switching email address: if your email account is disabled, you run the risk of losing contacts who are not aware of your address change. This is similar to changing your mobile phone number; usually, what you do is that you send your close friends your new phone number. Naturally, notifying all of my 2400 email contacts of an address change is not an option. So I decided to redirect all Gmail-incoming emails to my newly acquired @behmo.com address and to send all emails from this new address.

I own my data

But I also decided to move my data away from Gmail. This has been a tough decision, technically speaking. I was one of the very first Gmail users, back in 2004. My main Gmail address now hosts 6.2 Gb of emails. Around mid 2011, I realised how important to me was the content of my mailbox: it contains all my contacts, all of my intimate correspondence with my family, all of my love affairs, in-depth reflection with my advisors about my PhD, a lot of photography work, bank account coordinates, clear-text passwords from various websites, a small amount of illegal music files, professional correspondence with potential or actual employers, and much more. Losing all this data would be dreadful. And you know what? it happens. Worse, sometimes Google makes it happen: it has happened more and more frequently with the rise of Google’s social network Google+ and its requirement to make use of the user’s real name. And for different reasons, I do not want to use my real name on Google+. Losing the content of my mailbox was not, and still isn’t an option, so trusting Google with it has become less and less rational.

I have nothing to hide, but my friends might

For all these reasons, I am now self-hosting my email on my personal server, of which I make frequent backups. The technical and financial details of this move will be given in later posts. I would just like to mention one last argument which has been decisive in my choice of switching to a self-hosted email service: I am concerned not only by the safety of my data, but also of my friends’ and family’s. Suppose one of my friends commits a crime and, for one reason or another, tells me about it in an email. He might need help or just need to talk about it. This email becomes a piece of evidence which can be used against him. In the past, Google, Yahoo and Microsoft have all complied with police warrants from various countries to provide personal user data. This situation has made me more and more uncomfortable, if not downright anxious. They tell me I have nothing to fear if I have nothing to hide. Well, I know about me, but what about my friends?

Comments (6)

MinuteButterfly will blackout against SOPA

January 17, 2012 – 3:17 pm

SOPA and PIPA are heinous US bills that could, and will if passed, deprive you of some of your most fundamental rights of information. Any otherwise legitimate website that contains a single page that infringe, or seem to infringe, on the rights of any intellectual property rightsholder could be taken down.

Depending on who makes the request, the court order could include barring online advertising networks and payment facilitators, such as PayPal, from doing business with the allegedly infringing website, barring search engines from linking to such sites, and requiring Internet service providers to block access to such sites.

Source: Wikipedia.org

Think of what this would mean for user-generated content. Think Twitter, Tumblr and Wikipedia. This bill should not be made law. In protest of this bill, my website will go down for one day on Friday 18 January. Yes, I KNOW my website has about 30 visits per week and that no one cares.

Fore more information:

SOPA on Wikipedia.
La Quadrature du Net makes a statement (in French).
An analysis by the Electronic Frontier Foundation (EFF).

For the tech-inclined

The page that will be displayed instead of all pages will be this one: http://minutebutterfly.de/blackout.html.

The blackout page template was retrieved from this Github project. As recommended by SEO experts, the whole website will return a 503 status code. This will be achieved using the following .htaccess file:

ErrorDocument 503 /blackout.html
RewriteCond %{REQUEST_URI} !/blackout.html$  
RewriteCond %{TIME_MON} ^01$
RewriteCond %{TIME_DAY} ^18$
RewriteRule $ /blackout.html [R=503]

Feel free to copy and modify the files you need for your own use.

Comment (0)

What’s in my name?

January 13, 2012 – 5:50 pm

In Hebrew, Bekhmoharar, pronounced Bekhmoharash, signifies “son of our honored teacher and rabbi”. It was an honorific title granted to rabbi sons (obviously) and how it changed into a family name is actually an interesting story.

In 1722, Menahem Ashkenazi, son of rabbi Isaac, and rabbi himself, decided for some obscure reason, that he would rather not have a family name at all. But his son Mordechai inherited the honorific title nonetheless, and was thus known as Mordechai Bekhmoharar Menahem instead of the longer “Mordechai Bekhmoharar Menahem Ashkenazi”. For a loooong time after that, all rabbi sons X of Y were named “X Bekhmoharar Y”. This family was known as the Bekhmoharar, which was weird, but everyone was happy about it.

After a couple centuries, the family had a bunch of non-rabbi branches, and being called “X Bekhmoharar” was getting a little too weird. The family decided to keep the name of Shimeon, which was common to many family members. After that, “Bekhmoharar Shimeon” passed through a dozen countries and wars to change into Behmo. Hence my name.

I am not so big on genealogy myself, but some people are very interested in the history of the ancient roots of the Behmoiras family. That’s how I became the webmaster of the Erensia Behmoiras website. These guys are doing some terrific research work. If you are from the Behmoiras family, just send me an email asking for access credentials.

Comment (0)

Neal Stephenson on innovation

September 25, 2011 – 12:59 pm

This is so true:

(…) Most people who work in corporations or academia have witnessed something like the following: A number of engineers are sitting together in a room, bouncing ideas off each other. Out of the discussion emerges a new concept that seems promising. Then some laptop-wielding person in the corner, having performed a quick Google search, announces that this “new” idea is, in fact, an old one—or at least vaguely similar—and has already been tried. Either it failed, or it succeeded. If it failed, then no manager who wants to keep his or her job will approve spending money trying to revive it. If it succeeded, then it’s patented and entry to the market is presumed to be unattainable, since the first people who thought of it will have “first-mover advantage” and will have created “barriers to entry.” The number of seemingly promising ideas that have been crushed in this way must number in the millions. (…)

Comment (0)