I use Zimbra with an external email gateway that only accepts authenticated email. Zimbra is pretty heavy (it’s intended to be a Microsoft Exchange replacement) but it at least has a huge amount of protection built-in to deal with spam and comes configured out of the box to not relay (well, outside of you setting up aliases and lists.)

That said, it’s not hard to find “incoming email only” configurations that deliver to local mailboxes only, for most email servers. The thing to avoid is having a single server configuration that tries to do both - accepting external email and sending locally originated email out. The configurations do exist to do that, but they’re confusing and tricky.

External email gateways… that bit is hard. I use a mail server I set up myself on a VPS. It does not listen on incoming port 25. It requires credentials. I did this largely because I was trying to send email out via Xfinity’s customer email relay, but the latter kept upping the authentication requirements until one day Zimbra just couldn’t be configured to use it any more. And each time they changed something, I wouldn’t find out until I noticed people had clearly not received the emails I’ve sent out.

VPSes are problematic as some IPs are blocked due to spam. There’s not much you can do about it if you’re stuck with a bad IP, so if you can find a way to send outgoing email via your ISP’s outgoing email server, do that. For Postfix, you can send out authenticated email using something like: in main.cf:

relayhost = [smtp.office365.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes

and in /etc/postfix/sasl_passwd:

[smtp.office365.com]:587 example@outlook.com:hunter2

So in summary:

• Consider an email-in-a-box solution like Zimbra, I understand the wish to go for something light but it might make sense if your aim is just to control your own email
• Regardless of whether you do or not, use separate servers for incoming/outgoing email.
• For incoming email, lock it down to accept local email down if you’re manually doing this rather than using an email-in-a-box solution like Zimbra.
• For outgoing email, use authentication and avoid it listening on port 25. Consider either directly using your ISPs, or if that’s not practical, configuring your outgoing email server to relay in turn to your ISP (see above for how to do this.)

Good luck.

Matrix is good, though I’ve been reconsidering it ever since I read this: https://telegra.ph/why-not-matrix-08-07

Also I’ve considered it less than perfect since they added encryption and managed to make it a hell to set up. If you can’t get people to understand Mastodon because “yOu hAvE To cHoOsE A SeRvEr” how the hell are you going to get them to set up a Matrix account when it involves downloading files and other crap that you need to keep with you when setting up all your clients.

Revolt looks nice but until it’s possible to use one account (and browser tab) to access multiple servers (in the computing sense, not the Discord sense), it’s not going to be ideal as a Discord replacement.

Or just mark the resource as private and only serve it to the user who created it until they associate a post with it.

You would probably need a separate server to stage images like this, as your main image server probably shouldn’t have a login wall, which probably slightly complicates things but not badly.

Yes. Section 230 has no requirements that someone needs to form a non-profit or anything like that. It applies to anyone who has responsibility for a website that accepts user submitted content, or more widely anything on the Internet not created by yourself. whether a private individual or a giant corporation.

https://www.eff.org/issues/cda230 describes it in more detail, but to give you an example, even forwarding an email from someone else to a mailing list has some protection (https://www.eff.org/issues/cda230/cases/batzel-v-smith)

Anyone in the US considering running a public Lemmy or Mastodon instance should check what their obligations are under the DMCA and Section 230 and do them.

Section 230’s protections and limitations are documented here: https://www.eff.org/issues/bloggers/legal/liability/230 - note that the limitations are not unlimited but generally if you act in good faith you’ll be covered for almost all of the non-copyright related situations you’re concerned about.

The DMCA requires you take action to protect your forum, notably registering an agent (which can be you!) with the Copyright Office, and posting contact information on your website. https://borgheselegal.com/news/44-internet-law/85-reducing-company-website-liability-steps-to-verify-dmca-safe-harbor-compliance has information on how to remain DMCA compliant, but basically it means responding to take down notices in a timely manner. It’s bureaucracy you don’t want to do, but it’ll protect your website from Sony if someone uploads the whole of Morbius to it.

Remember when you’re panicking about evil people posting to your website that there’s a whole host of websites everyone knows about such as the various American *chans that have never, to the best of my knowledge, been the subject of a raid.

I’m not directly familiar with either, but syncthing seems to be about backing up, so I’m not entirely surprised it’s file oriented, and jellyfin doesn’t look like it’s about user maintained content so much as being a server of content. So I’m not entirely surprised neither would support S3/Minio.

Yeah it took me a while to realize what S3 is intended to be too. But you’ll find “Blob storage” now a major part of most cloud providers, whether they support the S3 protocol (which is Amazon’s) or their own, and it’s to be used precisely the way we’re talking about: user data. Things clicked for me when I was reading the DoveCot manuals and found S3 was supported as a first class back-end storage system like maildir.

I’m old though, I’m used to this kind of thing being done (badly) by NFS et al…

It’s not always possible but it’s generally good practice to configure your applications to use external storage rather than file systems - MySQL/PostgreSQL for indexable data, and S3-clones like MinIO for blob storage.

One major reason for this is that these systems generally have data replication and fall over redundancy built-in. So you can have two or more physical servers, have an instance of each type of server on each, and have these stay synchronized. If one server goes down, the disks crash, or you need to upgrade, you can easily rebuild a set of redundant servers without downtime, and all you need to do is save the configurations (and take notes!)

Like I said, not always possible, but in general the more an application needs to store “user data”, the more likely it is it has the ability to use one of the above as a backend storage system. That will reduce, significantly, the amount of application servers that need to be backed up, and may reduce your need to consider using NFS etc to separate the data.

In all honesty, there’s nothing you can do with any VPS (or cloud - AWS, Azure, etc) provider to prevent them from accessing your server as you’re reliant on them to make sure there are no back doors in their images or hardware, and they have a vested interest (maintenance etc) in making sure they have at least some access. But it’s usually rare they do actually log in.

You can tighten up security a little bit by:

• Avoiding use of the console and logging out of it when AFK
• Checking /etc/passwd and /etc/shadow for passwords for accounts that should be inaccessible, and removing them.
• Verifying pam.conf doesn’t provide access to an external authentication system under the VPS operator’s control.

But those three still rely upon there being no back doors embedded deeper into the OS.

In the end, if it’s confidentiality you need, you’re better off setting the VPS up as a proxy to data that’s held on a server you have full control over (ie one that’s in your house), with no secrets kept on the VPS itself. That can be a tough one to set up and is beyond the scope of a simple Lemmy post…

Remember to log out of the console, as I’ve personal experience of seeing someone at Racknerd type commands into it (presumably by mistake but possibly because that’s SOP - this was shortly before they shut down the server claiming it was responsible for a networking issue after being hacked. Never found evidence it was hacked but Linux can glitch from time to time. So it’s possible they were taking advantage of the fact I was looking at the console at the time to see what the state of the machine was and then realized I was watching.)

Note I’m referring to the console here, not random ssh sessions. While there may be technical ways for them to hijack those, there’s not a lot of point in doing so, there are easier ways to gain access to VMs via, say, backdoor passwords.