Running Jellyfin off of a VPS provider seems needlessly expensive. I guess server hardware has an upfront cost, but having real hardware to host it on at home will be far more cost effective long term, especially for storage.

Yeah, that’s my main concern. I believe the Immich developers have said they have no desire to implement it, though… Which is fair enough, it doesn’t work for my desired use case though.

I want all data to be encrypted before it even reaches the server. Yes, I don’t want to trust even my own server for my image backups :), particularly since I would want to use something like Immich to provide photo backups for friends and family and I don’t even want to technically have access to their unencrypted photos unless they explicitly share them. I kind of want the attack surface for my photos to be as small as practical too. It’s almost certainly worse to have them available on my device unencrypted than a dedicated server, but it’s worse to have them unencrypted on both (and I want photos available on device so, thems the breaks).

I get that a lot of people won’t care about this and that they’d rather be able to run the image recognition features of Immich on the server and stuff, but I don’t think it’s entirely unreasonable to want encryption for this. If nothing else I’d love to be able to back up photos for friends and family and legitimately be able to tell them that it’s encrypted and I can’t see any of it. It’d be even sweeter if they could do image recognition on device and sync that metadata (encrypted) to the server as well.

I’m kind of disappointed by the lack of encryption. It sounds great, but I don’t want to trust the server.

Seems like it might be fine: https://nextcloud.com/blog/nextclouds-push-notifications-for-ios-and-android/

I’ve had good luck on a couple of cheap providers. I think a lot of them block port 25 by default, unless you ask, which maybe gives you a better chance. Plus DKIM and stuff are starting to help. There’s probably always some stupid mail server that will block huge swaths of IPv4 if somebody farts in the neighborhood, but I think the situation is improving.

In my experience self hosting email it has pretty much been “set it and forget it”. I feel like there’s a lot of fud from people with misconfigured email servers (because there is a lot that can go wrong on setup). In every case I’ve seen where people are complaining about email deliverability I’ve found that they haven’t configured DKIM or rDNS properly. That doesn’t mean there can’t be issues, and I am sure it is technically possible to get sent to oblivion, but I feel like this issue might be somewhat overblown.

Smart TVs are god awful, and I hate the OS on our LG TV. That said there is finally a Jellyfin app on WebOS so it has that going for it now… I’m too cheap to buy a separate box for Jellyfin and stuff for the TV, so I guess it’s good enough… but in general I wish the TV OS got out of the way a little more.

Definitely. It’d be nice if there was more reporting when a provider drops your messages.

Hell yeah :). I’ve heard people have had problems with Linode’s IP blocks with MS… I’m glad to hear that Linode was actually able to help you resolve the problem. The biggest problem seems to be that you just might not realize if your e-mails are being dropped. Not sure if MS will notify you via DMARC if your IP block has been blacklisted, from the sounds of things they probably don’t and just silently drop things, so I guess you have to monitor the blacklists yourself?

I’ve never heard of anybody relaying just the Microsoft e-mails, but that’s a really funny spiteful solution.

Lately I’ve been able to send to outlook just fine (maybe it’s just dumb luck, who knows). I think I had troubles initially because they’re really picky about rDNS matching the MX exactly. I also signed up for SNDS just in case, but I don’t know if they factor that in…

May depend what you want and where (location can matter a little bit for latency critical stuff, but streaming video won’t care), and what operating system you would run on it. The Hetzner ARM servers are pretty cheap for what you get (and it looks like they include 20TB of bandwidth). I’ve been pretty happy with Lunanode. I think people often look here for deals: https://lowendbox.com/ they often recommend Racknerd boxes… I think there’s some affiliation with Racknerd and lowendbox.com, but I threw something on a Racknerd machine recently and have had a good experience so far. You may want to do some research if you want to send mail directly from these machines. Not everybody allows it (sometimes you just have to ask), and I hear tell that sometimes you can end up with an IP somebody spammed with before with a bad reputation.

I was considering a VPS! That said, if I’m say, accessing my jellyfin library externally through a VPS, wouldn’t that just end up costing ludicrous amounts of money?

Depends on your usage, but probably not? If you can transcode on your jellyfin server you’ll be able to serve lower quality versions remotely if you want to save bandwidth… But most VPS’s provide around a terabyte of bandwidth per month by default. If you use more it will cost more. I think it’s usually fairly cheap to get more, but if you’re the only one accessing it you’re probably not going to use that much. Like if you rip a blu-ray you might end up streaming a 50gb or so file for a movie, but that’s only a twentieth of the bandwidth allotted to you (roughly)… Plus if you reencode it to something smaller before putting it on your jellyfin server, or if your jellyfin server can transcode fast enough you can send a smaller video stream to your mobile devices or whatever.

I don’t use Arch btw ;)

I don’t either, that article was just what I found that mentioned setting up Tunnelbroker with a dynamic IP.

Glad it was helpful! I was worried I’d be a little off-topic talking about self-hosting e-mail instead of this Anon Addy thing. Hope you find a solution that works for you soon :).

And yeah… Unfortunately if you you’re behind CGNAT and don’t have a static IP I think doing this for free on your existing internet connection might be challenging. One thing that people in a similar position might be interested in is Hurricane Electric’s free Tunnelbroker service, but I think you might still be out of luck behind CGNAT.

• https://www.tunnelbroker.net/
• https://wiki.archlinux.org/title/IPv6_tunnel_broker_setup

You’ll be able to get public IPv6 addresses for free and can allocate them to your home network. You can set it up to dynamically update the IPv4 address on your end… But I think if you’re behind CGNAT you can’t do that, unfortunately. Another problem with this approach for something like a mail server is that not everything speaks IPv6… If a sender only supports IPv4 they won’t be able to send mail to you.

I think behind CGNAT pretty much your only option is to pay somebody for a real IP somewhere. Either a VPS somewhere where you set up wireguard (there are cheap options for this, and then you can run other things on the machine), or a VPN with a dedicated IP.

Oh god, yeah. I personally would not try to self host e-mail or any service that you need other people to be able to reliably connect to without a static IP. As to losing power… In theory mail servers are supposed to queue mail and resend later, and you can also set up a backup MX that will queue mail for you (senders will automatically switch to the backup mail server if they cannot connect to your primary one). There are even free services for backup MX http://www.junkemailfilter.com/spam/free_mx_backup_service.html (though they use this to train spam filters, so if you have privacy concerns you may want to avoid it). In the past I have had some prolonged downtime on my mail server and I have noticed that some senders will give up entirely and never send to that address anymore (which I think is poor form on their part, especially since somebody could register that email account later). I’ve since setup my own backup MX to avoid these issues, and it’s worked great when my primary has had network issues (needed a spare box for backup nameserver and stuff anyway, haha).

You absolutely can use an external mail service as a catchall with your own domain. For instance protonmail has support for this:

https://proton.me/support/catch-all

You’d have to look into the pricing and read the fine print, though. A lot of mail providers charge per inbox and I’m not sure if they’d charge extra for catchall services or not.

Relays do cost money, though I think some have a free tier for small volumes of mail. You might also see if your registrar or host provides anything for email.

The easiest way to do this is to start with just receiving email and not worrying about forwarding, though. You can host your own imap server and just have a catchall account that’s separate from your main email to start, and if you really want to forward you can worry about send later. Receiving email is easy, the thing that people struggle with for email is sending because there are a few requirements like dkim / spf / DMARC and reverse dns that you might not know about and may configure incorrectly and feedback is hard. Also if you have a residential ip I’ve heard it can be harder to send too. If you’re just forwarding to yourself, though, that’s probably a little easier because you can test more easily / mark yourself not spam. If this is your use case I wouldn’t worry about setting up a paid relay service. You don’t need it unless you really want to forward and have troubles making send work in your own.

With all that said maybe anon addy is easy to set up on your own and gives you what you want. I wouldn’t know! I’ve never used it before.

I have a catchall inbox so I can just make up any email I want and everything gets forwarded to the catchall inbox. It’s pretty easy to set up if you do host your own mail server (which is relatively easy for receiving mail). Obviously this doesn’t integrate with bitwarden or anything, though. If you want to forward emails to your main email account on a big provider you’re going to have to make sure your server can send emails you can potentially use a relay service for this, or just set it up yourself (you’ll mostly just need some DNS records for SPF / DMARC / DKIM).

Oh no! I’m sad to see that you’ve run into troubles :(.

There are other “fully put together” solutions like mailinabox and mailcow, that could be worth looking into for you. I haven’t used them personally, but you might find them worth looking into. I’d never heard of mailu before, actually.

Totally understand the desire to just move to a hosted solution after running into these problems, but even if you do that I think you should keep running a mail server in the back of your mind for the future — you’ve already learned a lot about it I’m sure, and maybe with a bit more experience you’ll be ready to tackle it again :).

I don’t actually use any of the fully assembled solutions like mailinabox, and I wonder if in the future it might be a good idea to try configuring everything manually. You already have some familiarity with how mail works at this point, and having more control over the setup and how everything fits together might actually work out for you. Personally I’m running an OpenSMTPD + Dovecot mailserver and having a great time. I’d recommend it.

https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/

Either way, I think you should keep using a custom domain for e-mail because then you have options in the future :).

They usually get it sorted out pretty well, but their response times can be a little slow. It’s potentially not a huge deal for you, and overall they’ve been okay… this is sort of understandable because they’re in New Zealand and seem to want to make sure their support staff are paid well (though they were bought by a larger company recently, so I’m not sure if this still holds, seems like it did as of 2019, though):

• https://iwantmyname.com/blog/making-customer-support-sustainable-with-a-small-team-based-on-a-tiny-island
• https://iwantmyname.com/blog/the-one-salary-experiment-ten-years-in

This makes them seem like a cool company, and I’d like to support them… But despite that I do feel a little disappointed paying more for a worse service, and I think they really need to invest in providing interfaces for some of the more advanced DNS settings, particularly if their customer support is going to be limited by their own admission.

They also have some blog posts about customer service that give me some weird vibes…

• https://iwantmyname.com/blog/how-to-become-the-customer-that-every-support-team-member-loves

Definitely in support of their customer service team in this example, and don’t want them to be treated poorly or sworn at or anything… But it’s a little weird to put this on blast like this and I think it’d be a better look to just leave it at “these are the things that would help us help you, we need to make sure accounts are secure so we can’t just ignore passwords, etc etc”

And it’s also a little weird that they have this post complaining about some web-hosts poor interface and customer service too:

• https://iwantmyname.com/blog/bad-documentation-is-bad-customer-service

Neither of these are particularly bad, but I guess it makes me a bit disappointed that I’ve run into similar problems with them, and I’m not sure they’re doing enough to address things on their end.

I don’t think I’d tell anybody not to use them because they have been good for the most part, but they’re not as fully featured as other registrars in my experience, and they’re more expensive.

It’s pretty common to be able to use your own nameservers. The only registrar that doesn’t allow this afaik is cloudflare. I’m sure there’s probably others that don’t allow this, but most that I have seen seem to allow you to use your own nameservers.

Why do you say you can only have 2 nameservers? I’m sure not all registrars / TLDs will support it, but you can certainly have more than that. I’ve personally had 5 before, but I’m pretty sure you can have even more.

I believe Hurricane Electric allows you to do zone transfers to their nameservers, so I think in theory you can use their nameservers as additional backups. The SOA records will match too because of this, but even if you did something crazy like manage RRs on different nameserver providers without zone transfers I don’t think this would be a problem (well, aside from it getting out of sync unless you’re really careful). The SOA records are mostly used for zone transfers afaik and resolvers won’t really care about them, so even if they don’t match everything should work, no?