On 29 December 2022 09:10:23 CET, Joachim Lindenberg <dovecot at
lindenberg.one> wrote:>Hello Andr?,
>thanks for the explanations, appreciated, and for sure publishing a
comparison would help users to make a decision, where to "shop", and
maybe also for enthusiast the opportunity to join forces on specific topics.
>I like that you support FDE, but my personal preference is to run *x as
virtual machines on Hyper-V with Bitlocker and Bitlocker Network Unlock. I
haven?t looked into Clevis & Tang yet in detail, which might be an
alternative.
>I decided for mailcow early 2018 where it met my requirements, but I am also
open to alternatives, especially if they are on par or close w.r.t.
functionality, ideally offering high availability via two replicating instances
(mailcow does this commercially only and didn?t offer a GDPR compliant
contract).
>Thanks,
>Joachim
>
>-----Urspr?ngliche Nachricht-----
>Von: Andr? Rodier <andre at rodier.me>
>Gesendet: Donnerstag, 29. Dezember 2022 08:44
>An: dovecot at dovecot.org; Joachim Lindenberg <dovecot at
lindenberg.one>
>Betreff: Re: Self hosting solution for Christmas
>
>On 27 December 2022 11:39:42 CET, Joachim Lindenberg <dovecot at
lindenberg.one> wrote:
>>I have to support Marc?s question. And also - what makes HomeBox
different from Mailcow (https://mailcow.email/)?
>>Thanks, Joachim
>>
>>-----Urspr?ngliche Nachricht-----
>>Von: dovecot <dovecot-bounces at dovecot.org> Im Auftrag von Marc
>>Gesendet: Dienstag, 27. Dezember 2022 11:25
>>An: Andre Rodier <andre at rodier.me>; dovecot at dovecot.org;
>>postfix-users at postfix.org; debian-user at lists.debian.org;
>>users-request at sogo.nu
>>Betreff: RE: Self hosting solution for Christmas
>>
>>>
>>> Here my present for Christmas: a new version of HomeBox, the self
>>> hosted email solution.
>>>
>>> Feel free to drop comments, create issues, update the docs, etc.
>>>
>>> I released this quickly before going on vacation, so you may find
>>> some issues. However, this is mostly stable, and the code is easy
to modify.
>>>
>>
>>That is why one should not be interested to much risk of lacking future
support. What if your wife gets pregnant and there is no update/release for 9
months? ;) Obviously I admire such open source efforts.
>>It is just such a pity to see so many projects initiated seemingly
without first trying to bundle forces. This is especially visible in crm all
these individual projects are 'shitty', I do not get why none of them
try and work together to create a few good ones.
>>
>>I used to always state that there is only one real distribution you
could use, and that is the centos one. Basically because you could always buy a
redhat license and get the support of a billion dollar company (now even IBM),
but with their stream direction this all becomes questionable. However most
projects do not even have an argument other than 'this is the distribution I
know'.
>>
>>The only long term alternative I see, is using containers that hardly
have any os dependency and behave more like micro services. So you focus on the
direct updates of suppliers.
>>
>>
>>
>>
>
>Hello, Joachim.
>
>Perhaps I need to rewrite the doc, and the readme, so I will clarify a few
points.
>
>Homebox is a set of Ansible scripts to install and configure an email stack
on Debian. Exactly like you would do it manually, but in an automated way.
>
>Once the play book has been run, you still have a Debian installed, without
any custom binary.
>
>Therefore, of you need any support, ask the relevant making lists, like
postfix, dovecot, sogo, Debian, clamav, rspamd, etc...
>
>Now, to answer your question, I had a look to mailcow, and I still prefer
Homebox to hosts my emails.
>
>The security of my primary concern. If you look the code carefully, you will
see a lot of decisions in this direction. From the list of authorised ciphers
and the enforced encryption, even internally, to the absence of PHP. Also, the
non-free and contrib sections are excluded.
>
>I also offers full disk encryption out of the box using Debian preseed with
remote drive unlocking.
>
>You will also see a lot of unit tests to ensure the whole stack is running
as expected.
>
>Finally, I trust a lot the Debian community security policies. I prefer to
use them than another community, especially with the unattended-upgrades
package.
>
>In terms of features, again, we're definitely not on the same line.
>
>Homebox does not support multiple domains, and will never.
>
>However, I use an LDAP server for authentication, which is used for other
services, like a Jabber server. The solution includes a Jabber server out of the
box, with files upload and server to server communication.
>
>Next year, I will start to include a Prometheus stack, with alerts sent by
xmpp.
>
>I am also planning to add more features i think can be useful to personal
hosting, still using Debian repositories. For instance, a WebDAV server to share
files across multiple devices.
>
>I don't pretend creating a better solution than X or Y, and I may add
mailcow in the list of other solutions. However, I think some people, like me,
just want to deploy a mail / xmpp server on Debian without third party packages.
This is why I created this project.
>
>Kind regards,
>Andr?.
>
>PS : for Marc's knowledge, I am very happy with the kids I already have.
I had a surgery to ensure I won't have more. Maybe an example to follow...
>
Hello, Joachim.
Yes, two replicating instances would be good, many options are available. I will
make a few tests next year, using some components, like drbd and gfs2, to name a
few. However, I am also looking into an NFS server.
For emails encryption, I will try to use dovecot native one, but I want to
decrypt the key on user login. However, GPG maybe guys as well.
One thing I forgot to mention in the features: DNSSEC is automatically
configured as well, using PowerDNS.
Kind regards,
Andr?.