My Blog

I have been a long time Google user. I was really a kid when I set up my first Google account, then others followed. Throughout the years I have managed my whole online life around two accounts at the same company, with a couple of other email accounts that I did not really communicate to everyone for various reasons.

These accounts held my personal calendar, my feed reader, and most importantly, my emails, both personal, and different spam I receive, although I try to keep regular email subscriptions down to a minimum.

While Google’s services try to comply with the needs of a geek, like being able to navigate using keyboard, all of these services have some shortcomings.

GMail, the most popular webmail interface, is indeed great, but doesn’t really work together with Pentadactyl, a Firefox plugin which provides me with Vim key bindings in my browser. Other than that, I became kind of tired of the interface and how I can’t customize it enough. I know I could have used mutt from the very beginning, yes.  I was lazy. I’m not even starting up on ads and such.

Google Reader is also a wonderful service, but it’s not really friendly towards Pentadactyl either. It also provided me with functionality I did not want to use, but ended up using anyway, making me develop a custom of starring feed items to read later — just to delete from the starred folder a couple of months later, when they piled up by the hundreds.

Google Calendar was the least-often used of the bunch, so I can’t really criticize the user interface — I checked it once in a month, maybe, since I use my calendar from my phone mainly.

To top it all off, I use an Android device which is then linked to my Google accounts. Through my device I use Google Maps, Google Play to download some applications, and naturally, synchronize all my contacts and emails and calendars and Google knows what with the Cloud. With a capital C.

I did not really read the revamped privacy policy, just some summaries.  I did not care. If Google wanted to do anything with my online personality, it could already have. But it did not. Really, why would it care apart from the ads? And what could possibly go wrong around Google? Right?

It bugged me, that all my personal data are stored on the servers of a company, and I have no control over what I delete and what I keep — and what others may see.

After having customized my desktop system to a point which some call insanity, I’ve decided I’m still not quite where I want to be with my environment. I want my own domain name, so that I have a cool email address, and, naturally, want to tinker with something. I subscribed to a VPS service at a friend’s hosting company, and started my exodus.

The Requirements

First off, I wanted a service that is secure. TLS only, with CACert certifications and a sophisticated authentication layer, that is unified across services for the ease of use and maintenance. Notice, that it is a single point of failure, so I have to make my choice carefully. Then again, the whole concept of my own personal cloud is a single point of failure.

What I wanted to create was a messaging centre. I needed IRC (and other IM services I use through Bitlbee) and email to be accessible from the same place, while having everything synchronized to my desktop as a backup, and available from my phone when on the go and/or without two hands.

I also wanted a webserver for my blog and whatnot, but that is secondary. Since some members of my family would be using it as well, I might need a webmail, but that is tertiary.

And I definitely don’t want to use SSH and tmux from a touch-screen device. That is just completely bollocks. I need the integration with the experience! (I actually like how companies bullshit like that.  Nevertheless, I need the integration with the experience.)

The Base System

I had to decide which software I will use. I wanted something modern, stable and reliable, with a focus on security and resource usage, because I only have 256MiB of RAM to fill.

Since I use Debian Sid on my laptop and am mostly happy with it, and since I use LTS Ubuntu systems at work, I was thinking hard which OS to install. Debian Stable is always old, but is reliable and proven.  Ubuntu is usually near the bleeding edge, has a great support and regular updates, but it is controlled by a company and doesn’t have the sick policies Debian has, which are usually pain in the ass on the desktop, but suddenly seem rather sane when dealing with a server that accesses the Internet. Debian Stable was pre-installed on the VPS, so that kind of solved my problem.

Mail Software

I knew that for IMAP I have to use either Dovecot or Courier. I have already used Dovecot, which is lightweight, easy to configure, very secure, has a good documentation, so it became my IMAP server.

Lamson, Exim and Postfix were my choices for the MTA. Lamson is an obvious overkill for just about anything that I wanted to do. I have spent long hours looking for clues whether Exim or Postfix would be more suitable for me, though. Consulting with Wikipedia and friends did not make my life easier: both are secure and performant. After reading the docs of Postfix, I could come up with a suitable configuration in a couple of hours as a complete noob, and I considered that a success.

For fighting with spam I chose BogoFilter, which needs to be trained to work at all, but after a couple of weeks I stopped receiving spam to my INBOX. The decision to use BogoFilter was pretty much like the one of Postfix. It is trivial to configure, and to script up, while does what I want it to do, and only that. I could have used SpamAssassin instead. Oh well.

Mail Configuration

I tried to keep configuration to the minimum. These tools have sane defaults, and there won’t be big load on the server, so I didn’t fine-tune for performance. I did go full-on nazi for encryption, where I saw the point.

Sadly, there are a couple of gotchas with email security. You basically can’t set always-on SSL/TLS for the SMTP client (note that an MTA is both a client and a server) because there are other SMTP servers that don’t support that, including huge multi-national companies. Google fortunately supports STARTTLS when delivering and receiving mail to or from another SMTP hosts.

I hooked up Dovecot’s SASL authenticator with Postfix’s SMTP server, keeping user management in one place. My SMTP can’t be used to send mails unless you authenticate, and use the dedicated port for this purpose. This is a logical move, of course, since spammers regularly test my box for such a “functionality”.

I also configured Postfix to be grumpy about receiving mail from others. I did not instanly enable BogoFilter. For a couple of weeks, the only trace of spam was in the syslog: Postfix rejected even the connection itself. I also received some HTTP GET requests to port 23.  That, I do not understand.

From the very beginning I used the dropper of Dovecot to deliver mail to my virtual users. Installing BogoFilter made it necessary to either pimp up the dropper configuration or switch to maildrop or procmail.  Since I did not want to dig into a new kind of obscure syntax for configuring something trivial, I opted for using Sieve that is supported by Dovecot.

Sieve is a language designed to filter emails. It can be complex, but it runs in a sandbox, and is not a general-purpose language, so I suppose I have nothing to be afraid of. Postfix uses BogoFilter to label the mails as either spam or ham and bounce them back to Postfix, which gives it to Dovecot’s dropper, which has a Sieve plugin. The Sieve script is then executed, and sorts the mail into place.

Thunderbird or Roundcube can manage Sieve scripts on the server using the ManageSieve protocol. A ManageSieve server can be enabled in Dovecot. I have shell access, so I prefer to write and place my scripts myself.

Mail Clients

I prefer command line tools, so I chose mutt as a mail client.  I synchronize my mail from the server using offlineimap to my laptop, but I also sometimes run mutt when I’m SSH’d into the server. On Android, K9Mail is a kick-ass mail client, with IMAP push support, so my phone beeps instantly when I hit the ‘Forgot my password’ button.  It can’t do IMAP search, but support should be on its way. I’m planning index my mail locally using notmuch, which can be integrated into mutt pretty easily, and trivial to hook up with offlineimap.

Transition

It’s been a couple of months that I’ve been using this mail setup, and it is pretty damn convenient. People say that running your own mail server is a PITA, but honestly, I had no problem whatsoever.

On the first stage of the transition, I set up the mail forwards from my Google accounts to the email addresses provided by my new shiny toy. After two weeks, on an over-caffeinated night I deleted one of my Google accounts, and the only thing that’s keeping me from deleting the other is the lack of time: lots of services use your email address, that you may seldom use, but they’re important when you need them. I really need to sort out the ones I need and the ones I don’t.

Next on: sync your contacts and calendars