**BSD Mail Project Update!**
Hello everyone! I wanted to share some exciting updates about the development of BSD Mail, our privacy-focused email service designed with robustness, security, and transparency in mind. Here’s a deep dive into the technical choices I've made, focusing on my use of open source solutions and open protocols:
🌍 **Servers & Location**
- We're running on two physical servers:
- One hosted by OVH in France
- Another by Hetzner in Germany
- Both servers operate on FreeBSD with NVMe drives in a ZFS mirror configuration for speed and data integrity.
🔒 **Virtualization & Security**
- We utilize jails on both servers to ensure isolated environments for different services, managed via BastilleBSD. On one server, jails are set up directly on the hardware, whereas the other server employs nested jails.
- Each server hosts a bhyve VM running OpenBSD with OpenSMTPD for handling SMTP duties securely.
🔗 **Networking**
- A Wireguard setup connects the two servers, facilitating routing capabilities so that jails and VMs can communicate seamlessly, supporting both IPv4 and IPv6.
📧 **Email Services**
- **Dovecot** is configured for maildir replication across the servers using Dovecot sync, ensuring email availability and redundancy.
- **Rspamd** instances are tied to local KeyDB jails, set up in master-master replication for consistent and reliable spam detection and greylisting.
- **ClamAV** runs in corresponding jails for virus scanning, maintaining a high level of security.
- **SOGo** provides a web interface for email management, connected to MySQL databases in master-master replication to handle sessions and authentication smoothly.
💾 **Data Management**
- Email data is stored on separate, encrypted ZFS datasets to secure emails at rest.
- MySQL databases are used for storing credentials and managing sessions for SOGo, also in a master-master replication setup. Importantly, all passwords are securely hashed using bcrypt, ensuring they are salted and safe.
🔎 **Monitoring & Reliability**
- Our DNS is managed through BunnyNet, which continuously monitors our server status. Should one server—or a specific service—become unavailable, DNS configurations are dynamically adjusted to avoid directing users to the affected IP until full service is restored.
🌐 **Commitment to Open Source and Open Protocols**
- Every component of BSD Mail is built exclusively using open source software and open protocols. This commitment is crucial for ensuring data freedom and the reliability of the solutions we use.
This setup not only emphasizes our commitment to privacy and security but also our dedication to maintaining an open and transparent platform.
We're excited to bring you a service where your privacy, data integrity, and freedom are prioritized. Stay tuned for more updates!
#BSDMail #OpenSource #Privacy #FreeBSD #OpenBSD #EmailHosting #Email
gyptazy likes this.
reshared this
Harshad Sharma, It's Just Me, jhx and Graham Perrin reshared this.
jhx
in reply to Stefano Marinelli • • •cuddle
in reply to Stefano Marinelli • • •Kohan Ikin
in reply to Stefano Marinelli • • •If your focus is privacy & security, I'm not sure #Hetzner would be my choice.
Hetzner is known for collaborating with the Russian government to interfere with sites (see the Wiki page for more info, under "Incidents"):
https://en.wikipedia.org/wiki/Hetzner#Incidents
Hetzner also host the AfD website:
https://social.lyratris.com/@tfunken/112260340926617024
Consider if the people with physical access to your servers can be trusted!
That said, I genuinely wish you well, and I apologize for being a "reply guy". Good luck for the project!
German Dedicated Server, Cloud, Storage & Hosting Provider
Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)Stefano Marinelli
in reply to Kohan Ikin • • •The choice of Hetzner stems from having another not too expensive provider (at least for the initial part) on a platform where I already have some other servers. I don't exclude the possibility of moving to another European provider in the future (due to GDPR regulations, it's easier for me to stay in Europe).
However, I always want to use bare metal servers; I don't want to rely on shared 'cloud' storage for data.
Do you have any suggestions regarding this?
Kohan Ikin
in reply to Stefano Marinelli • • •Unfortunately I don't have a good alternative suggestion! Bare metal is definitely wise and staying in Europe certainly makes sense for regulations, but I don't actually know who I could recommend. (I even see malicious traffic here coming from OVH.) Your knowledge will be way ahead of me on technical hosting details.
Ugh, sorry for bringing you a problem without bringing a solution! I need to do more research myself.
But I love to see more BSD being used, yay!
Stefano Marinelli
in reply to Kohan Ikin • • •aCiReP
in reply to Stefano Marinelli • • •@kohan I don't have much experience with Hetzner but I can recommend Netcup and their Root servers (https://www.netcup.eu/vserver/).
Amazing performance, affordable pricing and very responsive and friendly support team.
I'm in no way affiliated with them, just a happy customer for many years now.
netcup GmbH - Root Server
netcupStefano Marinelli
in reply to aCiReP • • •The "Root servers" are actually VPS with dedicated cores. Perfect for many use cases, but for #BSDMail I don't want to use shared drives.
aCiReP
in reply to Stefano Marinelli • • •d4gli
in reply to Kohan Ikin • • •Kohan Ikin
in reply to d4gli • • •@d4gli I'm pretty sure Russia isn't an EU member, so I don't believe those were legal intercepts (in the same way that Australian government takedown notices are ignored in the EU, understandably).
However! It's possible I have misunderstood the culture of BSD Cafe. Apologies for my intrusion!
Stefano Marinelli
in reply to Kohan Ikin • • •❄️ freezr ❄️ likes this.
❄️ freezr ❄️
in reply to Stefano Marinelli • •@Stefano Marinelli @Kohan Ikin @d4gli
Mitico! 🥺
Graham Perrin
in reply to Stefano Marinelli • • •someone in the FreeBSD Discord lobby asked where to track progress. I assume:
— primarily <https://mastodon.bsd.cafe/tags/BSDMail>
— eventually <https://wiki.bsd.cafe/start#our_services>.
Star, if true. Thank you.
BSD.cafe Mastodon Portal
Mastodon hosted on bsd.cafeStefano Marinelli
in reply to Graham Perrin • • •