I feel like most commenters here haven’t understood what you’re proposing.

I’ve thought about doing this, I’ve seen other commenters say they’re doing it. It’s not a terrible idea. I haven’t done it myself because … it’s just not a priority and I’m not sure it ever will be. Anyway …

If you’re willing to set up and self host your own email stack like mail-in-a-box or whatever, then configuring a separate outbound SMTP server is fairly trivial in comparisson.

If you already had your own stack set up to be self hosted you would ordinarily be using the SMTP server there-with to send emails.

Firstly configure your client to use whatever other SMTP server you have access to. I think it’s possible to use mailgun or one of those API transactional senders. You could get a cheap plan with mxroute or any other email host and just use the SMTP server.

Suppose your client is Thunderbird and you set up your account like smtp.mxroute.com for outbound and imap.myserver.com for email storage. When you send an email tbird transmits it through mxroute and then stores it on your imap server at myserver.com in your sent folder.

The potentially complex part is configuring spf & DKIM records on your domain.

SPF

I’m not sure if I’ll be able to explain this clearly but… suppose a recipient’s spam service receives an email purportedly from marauding_giberish@myserver.com but transmitted by smtp.mxroute.com. That spam service will look up the DNS records for myserver.com and inspect the records for the spf record. This record pretty much lists which servers are authorised to transmit email from addresses ending in myserver.com. So with a more typical set up an spf record might be:

“v=spf1 include:myserver.com -all”

This would indicate that only the smtp server at myserver.com can transmit email from your domain.

You would edit that to include the mxroute smtp server like this:

“v=spf1 include:mxroute.com include:myserver.com -all”

This way, recipients can confirm that the owner of myserver.com domain has formally designated mxroute as an authorised recipient.

DKIM

Your SMTP server will have a public & private key pair which it uses to sign outbound messages. Recipients can use the public key to confirm the signature and thereby confirm that the message has not been altered in flight.

Whatever SMTP server you use will tell you the public key and instruct you to add that to the DNS records of your custom domain.

That’s the one that looks like this:

“v=DKIM1; k=rsa; p=MIIBIj [ … it’s a long key … ] op3Nbzgv35kzrPQme+uhtVcJP”

Once this is in place recipients of your emails can query the DNS for myserver.com and find this public key, and use it to confirm that the signature on the email they received is authentic.

Article says revenue from this won’t fund firefox.

Well, you don’t need containers for wireguard the same way you don’t need containers for anything.

I personally prefer docker containers for everything that can be containerised because it provides a consistent abstraction layer. As in, I always know how to find configurations and paths and manage network infrastructure for anything that resides in a container.

In the case I outlined above with the wireguard containers, I’m more confident I’m not going to upset any other services on my server, and I understand the configuration.

Maybe it’s a bit like using ufw to manage iptables rules, unnecessary but helpful.

Of course, I freely admit that my way is not necessarily the best way and if someone wants to run wireguard on the host then great.

Sure mate.

I’ve been playing around with networks for decades. I’ll happily admit that my understanding is rudimentary at best, but configuring routing rules with IP tables or whatever so your device will act as a NAT seems a few levels beyond “basic networking”.

that’s why you chimed in with your comment. Stupid me.

The honest to god reason I chimed in was because your response seemed derisive, and I thought I might be able to soften a bit by either showing my own ineptitude or challenging your solution.

So in summary you have your device A and services running on B, you connect to a vpn service using A, and you want the services running on B to use the same vpn connection?

I encountered this problem with torrenting and private trackers.

I solved it the other way around, by having the remote connect to the vpn and routing traffic from my device through that remote.

• get a mullvad subscription because they do wireguard
• create wireguard-outbound container on server and connect to mullvad
• create wireguard-inbound container on server and attach it to the network stack of wireguard-outbound
• attach any other containers on the server you want using the vpn to the network stack of wireguard-outbound
• install wireguard on your various devices instead of connecting to mullvad directly just connect to your wireguard-inbound container

For bonus points you can create a squid (proxy service) container and attach that to wireguard-outbound, then create a firefox profile that connects to that proxy. That way your device isn’t routing all traffic through the vpn, only the traffic from that firefox profile.

I’ve had this set up for several years now and for the most part it works very well. Occasionally I have to restart the containers but for the most part it’s great.

IDK anything about “routing” but I don’t think it can solve this problem without additional services.

If my laptop is A and I want all outbound connections to go through server B then B needs to be running some kind of service whether it’s merely a NAT router or VPN or proxy.

In this case OP actually want’s B’s outbound connections to go through A but it’s the same problem.

I don’t use an “alias provider”.

I just don’t use aliases for companies I need to send emails to. There are very few.

Sorry to be that guy but replicating / syncing isn’t really backing up.

You need snap shots or versioning.

It looks like there’s several distinct components to gpodder which confuse things.

Firstly gpodder seems to be a desktop podcast client.

Secondly there’s the sync service / protocol. Gpodder.net provides this for free but according to antennapod doesn’t have adequate resources and causes errors in your client (which I can confirm). There are other containers available which are not from the gpodder team but emulate the protocol.

Finally there’s the recommendation / discovery service apparently provided by gpodder.net. I haven’t been able to get this to work because my client hasn’t been able to sync yet, despite 12 hours of trying.

In my own case, I already have a client (antennapod) and I’m not really interested in sync because I only use the one device. The recommendation / discovery service would’ve been cool but it seems broken for the moment.

Hah. It was IBM that was running the shitshow in Queensland too.

Yeah, as you’ve said it’s not the complexity that’s the problem, it’s that dunning Kruger style overconfidence that you’re smarter than everyone else and can manage data better than these silly accountants.

I’m daily driving debian on a lenovo t490.

Can get one for a few hundred. With a dock and 2x 1920 monitors its just beautiful.

It’s not a case of “seeing the code isn’t perfect” but rather, not understanding the myriad problems the code is solving or mitigating.

I’m reminded of this shitshow:

https://en.m.wikipedia.org/wiki/2010_Queensland_Health_payroll_system_implementation

Queensland is a state of about 3m people in Australia. Their health service employs about 100k people. They ended up spending about 900m USD to develop their payroll software and fix the fuck ups it caused.

I’m an accountant by trade, there’s a classic “techbro does accounting” style of development we see a lot. Like if you hadn’t spent a career learning how complex accounting can be, it would be easy to look at a payroll system and conclude “it’s just a database with some rules”.

Oh wow. I’d seen the gpodder thing in antennapod subscriptions but never realised it was a kind of discovery / recommendation service.

I wonder if the recommendation stuff works with a self hosted instance?

This. It’s unnecessary but it’s another layer.

100% agreed.

Every time I bring this up I get accused for gatekeeping or something.

I’m not averse to new users coming to lemmy, that’s great, no problem.

I am resistant however to the idea that lemmy needs more users and that those users should come from reddit.

Lemmy could do with more content, but a huge influx of users probably wouldn’t be great.

Email is a poor analogy because that’s direct communication.

As an aside, I work as a consultant and clients are getting scammed via email all the time. Email is responsible for a lot of heart ache and heavy losses.

Regardless, you might be able to filter newsletters from bills in your email inbox but how do you filter out Russian disinformation farms from reddit?

I think the idea that the internet might usher in a new information age is dead. Long dead. The internet solved the problem of access to information but now we just produce lots of bad information.

I don’t think the SPF / DKIM / DMARC stuff is overly complex nor the core of the problem.

In my case it was recipients with bonkers microsoft exchange servers that just had weird ideas about who should be sending them emails.

For example, one thing that tripped me up forever ago was grey listing. Apparently the receiving server just wouldn’t acknowledge the sending server for an arbitrary period of time, say 12 hours or so. Spam senders would usually give up long before then, while a legit server would keep trying because it’s legitimately trying to deliver an actual email.

So my email-in-a-box type self hosted set up was fine really. Compliant you might say. But to send emails to this one in a thousand recipient I had to investigate what was going on and reconfigure things to ensure their server would interact with mine.

Another thing that can happen is that spammers just put your email address in the “from” field and fire off a few million emails. Obviously the DKIM signatures and SPF won’t match but it still just makes your future legitimate emails look spammy. Having the credibility of a larger organisation goes a long way in this type of instance.

I’m absolutely in the “don’t self-host email” camp. That said, I think it could be done reliably if you wanted to use someone else’s SMTP server and let them worry about deliverability. As in, have your mx records on your domain route to your MTA and dovecot, but set your DKIM and SPF records to match a third party SMTP server. You could use mxroute as an SMTP server very cheaply. There are others like the email API type services. I still can’t think of why I’d want to self host with all this drama but just an idea I’ve heard.

Yeah it really was pathetic.

Like they took a stand while it was cool, but then capitulated rather than face removal.