I was interested in hosting my own mail server that provides a similar level of privacy for users as Protonmail, ie the server admin cannot read any emails, even those which are not E2EE with PGP. Is there a self-hostable solution to this?

I’m aware the server admin can’t read emails that were sent encrypted using the user’s PGP key, but most emails I get are automated emails from companies/services/etc without the option to upload a public key to send the user encrypted email. If you’re with a service like Protonmail, the server admin still cannot read even these emails.

  • davidebro
    link
    fedilink
    English
    arrow-up
    4
    ·
    2 months ago

    I’m curious - do you use email aliases to help reduce spam or block specific senders more easily? I’ve found that aliases can make a big difference in managing privacy and limiting unwanted messages. Startmail, for example, offers aliases as a convenient option without the need for self-hosting.

    • mspencer712@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      2 months ago

      I do, and I agree about their utility. My users and aliases are in OpenLDAP but it’s pretty easy to add new ones.

      Separate accounts are preferable if you’re actually going to be responding to messages. I’ve had some embarrassing encounters where I’ve given an alias to a business that I didn’t realize was going to actually use it for real email conversations with a human. By default roundcube web mail lets you hit reply anyway and the reply goes out with your real address, which can lead to confusion.

      • davidebro
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        That’s a great point about alias use in roundcube. I can see how it could get confusing if you accidentally reply with your real address. This is where I think alias services that handle that automatically really shine. Have you ever run into other limitations or surprises with self-hosting, like with spam filtering or uptime? I imagine it could be quite time-consuming to keep up with all the configurations and updates, especially if you’re aiming to maintain strong privacy protections.

        • mspencer712@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          Not really, it’s been pretty effortless. Every couple months I have to make sure my renewed LetsEncrypt certs really got imported, but I don’t think I’ve had to intervene manually for anything in a long time.